urlscan.io logo urlscan.io
SecurityTrails logo

login.serv010.com Open in urlscan Pro
185.224.129.207  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fequacio.c...
Effective URL: https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On September 21 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 185.224.129.207, located in Amsterdam, Netherlands and belongs to SPECTRAIP SpectraIP B.V., NL. The main domain is login.serv010.com.
TLS certificate: Issued by R3 on August 30th 2023. Valid for: 3 months.
This is the only time login.serv010.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 54.186.19.27 16509 (AMAZON-02)
1 2 192.185.94.61 19871 (NETWORK-S...)
3 5 185.224.129.207 62068 (SPECTRAIP...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 3 2606:4700::68... 13335 (CLOUDFLAR...)
6 5
1    54.186.19.27 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-19-27.us-west-2.compute.amazonaws.com
weda.member365.com
2    192.185.94.61 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 16creativo.com
equacio.com
5    185.224.129.207 (Amsterdam, Netherlands)

ASN62068 (SPECTRAIP SpectraIP B.V., NL)
PTR: hosted-by.spectraip.net
login.serv010.com
www.serv010.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2606:4700::6811:2b8 (United States)

ASN13335 (CLOUDFLARENET, US)
challenges.cloudflare.com
Apex Domain
Subdomains		 Transfer
5 serv010.com
login.serv010.com
www.serv010.com
5 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410
challenges.cloudflare.com — Cisco Umbrella Rank: 5309
39 KB
2 equacio.com
equacio.com
12 KB
1 member365.com
weda.member365.com
700 B
6 4
Domain Requested by
4 login.serv010.com 2 redirects equacio.com
login.serv010.com
3 challenges.cloudflare.com 1 redirects login.serv010.com
challenges.cloudflare.com
2 equacio.com 1 redirects
1 www.serv010.com 1 redirects
1 cdnjs.cloudflare.com login.serv010.com
1 weda.member365.com 1 redirects
6 6

This site contains no links.

Subject Issuer Validity Valid
*.equacio.com
R3		 2023-09-19 -
2023-12-18		 3 months crt.sh
login.serv010.com
R3		 2023-08-30 -
2023-11-28		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3		 2023-08-18 -
2024-08-17		 a year crt.sh

This page contains 2 frames:

Primary Page: https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638309193972349422.YzdlMjRmNjgtZTAzMi00OWQ2LTkxYWItMzI0YWUxZTI0ODUxOWNiYWIxYzgtNzk2ZC00ODY1LWFkNDUtNTZiMmFmYjAxZTVj&ui_locales=de-DE&mkt=de-DE&client-request-id=73ffe83e-7c5c-47df-a6c3-18f20ab71600&state=2oF7ae1GC-zPpMvaKcKOGFPq3V4LI8uN_1pM8ybH31ofKHmuZHzlkSjzGLw7hZCjYyomszoT5d8q2OORQl0FIKu4aZJ4Dv5xUzfFE3QvSYKRLnyekjuQBlwKTjLovMHSsxVJhZVk8gZA7_B0_LA9bMHYTf2LzgqfY_SyEli9b45-Qi5H2EAOeh_NXudvw6fYRSbACOw9KCPB5_YJnNv-7Y-5b5Xtn-eQIDDuhpKx-A6iPvDWVFEa-C9tqS6akiqF1LlFD9TwMc6wGvvj7QcN2Q&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0
Frame ID: 7A46D19A411F4592669640983012BA32
Requests: 6 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5mrfj/1x00000000000000000000BB/light/normal
Frame ID: 4E81397B9DC2C463A709BF761F52D8A9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=htt... HTTP 307
    https://equacio.com/r HTTP 301
    https://equacio.com/r/ Page URL
  2. https://login.serv010.com/kcoFAeyp Page URL
  3. https://login.serv010.com/kcoFAeyp?D=u78ZGco HTTP 302
    https://login.serv010.com/ HTTP 302
    https://www.serv010.com/login HTTP 302
    https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

40 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

51 kB
Transfer

176 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fequacio.com%2Fr HTTP 307
    https://equacio.com/r HTTP 301
    https://equacio.com/r/ Page URL
  2. https://login.serv010.com/kcoFAeyp Page URL
  3. https://login.serv010.com/kcoFAeyp?D=u78ZGco HTTP 302
    https://login.serv010.com/ HTTP 302
    https://www.serv010.com/login HTTP 302
    https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638309193972349422.YzdlMjRmNjgtZTAzMi00OWQ2LTkxYWItMzI0YWUxZTI0ODUxOWNiYWIxYzgtNzk2ZC00ODY1LWFkNDUtNTZiMmFmYjAxZTVj&ui_locales=de-DE&mkt=de-DE&client-request-id=73ffe83e-7c5c-47df-a6c3-18f20ab71600&state=2oF7ae1GC-zPpMvaKcKOGFPq3V4LI8uN_1pM8ybH31ofKHmuZHzlkSjzGLw7hZCjYyomszoT5d8q2OORQl0FIKu4aZJ4Dv5xUzfFE3QvSYKRLnyekjuQBlwKTjLovMHSsxVJhZVk8gZA7_B0_LA9bMHYTf2LzgqfY_SyEli9b45-Qi5H2EAOeh_NXudvw6fYRSbACOw9KCPB5_YJnNv-7Y-5b5Xtn-eQIDDuhpKx-A6iPvDWVFEa-C9tqS6akiqF1LlFD9TwMc6wGvvj7QcN2Q&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fequacio.com%2Fr HTTP 307
  • https://equacio.com/r HTTP 301
  • https://equacio.com/r/
Request Chain 4
  • https://challenges.cloudflare.com/turnstile/v0/api.js?&onload=onloadTurnstileCallback HTTP 302
  • https://challenges.cloudflare.com/turnstile/v0/b/8370c0b3/api.js?&onload=onloadTurnstileCallback

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
equacio.com/r/
Redirect Chain
  • https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fequacio.com%2Fr
  • https://equacio.com/r
  • https://equacio.com/r/
37 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://equacio.com/r/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.94.61 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
16creativo.com
Software
Apache /
Resource Hash
9ac682c39b402814b13d3f36ebe988e36cdbf0d2e2cb285d268385df8c94c32f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
11745
content-type
text/html; charset=UTF-8
date
Thu, 21 Sep 2023 18:56:30 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

content-length
230
content-type
text/html; charset=iso-8859-1
date
Thu, 21 Sep 2023 18:56:30 GMT
location
https://equacio.com/r/
server
Apache
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a00f7ed35be5bfea9cbbdcbeca07f536d9db6fb6391ca55ad38790eecb01ffeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type
image/png
kcoFAeyp
login.serv010.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.serv010.com/kcoFAeyp
Requested by
Host: equacio.com
URL: https://equacio.com/r/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.224.129.207 Amsterdam, Netherlands, ASN62068 (SPECTRAIP SpectraIP B.V., NL),
Reverse DNS
hosted-by.spectraip.net
Software
/
Resource Hash
e97df57582d1c0d675bfa288d010cd6d6bd0e8d00de5a52affc0e731f453f53f

Request headers

Referer
https://equacio.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Type
text/html
Transfer-Encoding
chunked
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: login.serv010.com
URL: https://login.serv010.com/kcoFAeyp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://login.serv010.com/
Origin
https://login.serv010.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 18:56:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1191287
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
28007
last-modified
Thu, 22 Jun 2023 11:06:06 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64942b1e-6d67"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r34STZmZ9fbfSMApfpwSAPl6%2FhuIPaLI0lxRFSgo6SPD9TLFzHyFKhxqlOGLQYaUJ2JU7TlyYAx2xWENV52g3l%2FSSyL6d0SVlabcITFAb8ia%2Fy65q8bcSvk9WLf0nC5TYkYnSj%2BPhcmyBiUi0Rv27OCr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
80a48765d84f3809-FRA
expires
Tue, 10 Sep 2024 18:56:34 GMT
api.js
challenges.cloudflare.com/turnstile/v0/b/8370c0b3/
Redirect Chain
  • https://challenges.cloudflare.com/turnstile/v0/api.js?&onload=onloadTurnstileCallback
  • https://challenges.cloudflare.com/turnstile/v0/b/8370c0b3/api.js?&onload=onloadTurnstileCallback
30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/b/8370c0b3/api.js?&onload=onloadTurnstileCallback
Requested by
Host: login.serv010.com
URL: https://login.serv010.com/kcoFAeyp
Protocol
H2
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3909f8548c1125847c1d9434b37c8d9e5699a13d28bd2b36a94c87c3239e8851

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.serv010.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 18:56:34 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
80a48765ebf19a2a-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 21 Sep 2023 18:56:34 GMT
server
cloudflare
vary
accept-encoding
access-control-allow-origin
*
location
/turnstile/v0/b/8370c0b3/api.js?&onload=onloadTurnstileCallback
cache-control
max-age=300, public
cf-ray
80a48765dbca9a2a-FRA
alt-svc
h3=":443"; ma=86400
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5mrfj/1x00000000000000000000BB/light/ Frame 4E81 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5mrfj/1x00000000000000000000BB/light/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/api.js?&onload=onloadTurnstileCallback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:2b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Referer
https://login.serv010.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
80a487663e388ff5-FRA
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Thu, 21 Sep 2023 18:56:34 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
Primary Request authorize
login.serv010.com/common/oauth2/v2.0/
Redirect Chain
  • https://login.serv010.com/kcoFAeyp?D=u78ZGco
  • https://login.serv010.com/
  • https://www.serv010.com/login
  • https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openi...
16 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638309193972349422.YzdlMjRmNjgtZTAzMi00OWQ2LTkxYWItMzI0YWUxZTI0ODUxOWNiYWIxYzgtNzk2ZC00ODY1LWFkNDUtNTZiMmFmYjAxZTVj&ui_locales=de-DE&mkt=de-DE&client-request-id=73ffe83e-7c5c-47df-a6c3-18f20ab71600&state=2oF7ae1GC-zPpMvaKcKOGFPq3V4LI8uN_1pM8ybH31ofKHmuZHzlkSjzGLw7hZCjYyomszoT5d8q2OORQl0FIKu4aZJ4Dv5xUzfFE3QvSYKRLnyekjuQBlwKTjLovMHSsxVJhZVk8gZA7_B0_LA9bMHYTf2LzgqfY_SyEli9b45-Qi5H2EAOeh_NXudvw6fYRSbACOw9KCPB5_YJnNv-7Y-5b5Xtn-eQIDDuhpKx-A6iPvDWVFEa-C9tqS6akiqF1LlFD9TwMc6wGvvj7QcN2Q&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0
Requested by
Host: login.serv010.com
URL: https://login.serv010.com/kcoFAeyp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.224.129.207 Amsterdam, Netherlands, ASN62068 (SPECTRAIP SpectraIP B.V., NL),
Reverse DNS
hosted-by.spectraip.net
Software
/
Resource Hash

Request headers

Referer
https://login.serv010.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Type
text/html; charset=utf-8
Date
Thu, 21 Sep 2023 18:56:36 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Dns-Prefetch-Control
on
X-Ms-Clitelem
1,0,0,,
X-Ms-Ests-Server
2.1.16368.8 - NEULR1 ProdSlices
X-Ms-Request-Id
5e855125-3db9-4aea-8fc2-c96b0b020800

Redirect headers

Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Thu, 21 Sep 2023 18:56:36 GMT
Location
https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638309193972349422.YzdlMjRmNjgtZTAzMi00OWQ2LTkxYWItMzI0YWUxZTI0ODUxOWNiYWIxYzgtNzk2ZC00ODY1LWFkNDUtNTZiMmFmYjAxZTVj&ui_locales=de-DE&mkt=de-DE&client-request-id=73ffe83e-7c5c-47df-a6c3-18f20ab71600&state=2oF7ae1GC-zPpMvaKcKOGFPq3V4LI8uN_1pM8ybH31ofKHmuZHzlkSjzGLw7hZCjYyomszoT5d8q2OORQl0FIKu4aZJ4Dv5xUzfFE3QvSYKRLnyekjuQBlwKTjLovMHSsxVJhZVk8gZA7_B0_LA9bMHYTf2LzgqfY_SyEli9b45-Qi5H2EAOeh_NXudvw6fYRSbACOw9KCPB5_YJnNv-7Y-5b5Xtn-eQIDDuhpKx-A6iPvDWVFEa-C9tqS6akiqF1LlFD9TwMc6wGvvj7QcN2Q&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0
Referrer-Policy
strict-origin-when-cross-origin
Request-Context
appId=
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Cache
CONFIG_NOCACHE
X-Msedge-Ref
Ref A: FDBC7FC3193146ECA9D2E524001DEE4C Ref B: AMS231032604027 Ref C: 2023-09-21T18:56:37Z
X-Ua-Compatible
IE=edge,chrome=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Domain/Path Name / Value
weda.member365.com/ Name: ci_session
Value: a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229c35d07d7deb47b4a24668a22e000903%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A10%3A%2210.0.13.71%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A115%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F117.0.5938.88+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1695322589%3B%7D8c40317c882aa0832a703c0fa4395bec
.serv010.com/ Name: uVkj
Value: 3a0959ce750e74a588c0a7eb2efdbdda882fd4c6fa3b6722c83ac906576b3613