login.serv010.com
Open in
urlscan Pro
185.224.129.207
Malicious Activity!
Public Scan
Effective URL: https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On September 21 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 30th 2023. Valid for: 3 months.
This is the only time login.serv010.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.186.19.27 54.186.19.27 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 192.185.94.61 192.185.94.61 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
3 5 | 185.224.129.207 185.224.129.207 | 62068 (SPECTRAIP...) (SPECTRAIP SpectraIP B.V.) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 2606:4700::68... 2606:4700::6811:2b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-19-27.us-west-2.compute.amazonaws.com
weda.member365.com |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 16creativo.com
equacio.com |
ASN62068 (SPECTRAIP SpectraIP B.V., NL)
PTR: hosted-by.spectraip.net
login.serv010.com | |
www.serv010.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
serv010.com
3 redirects
login.serv010.com www.serv010.com |
5 KB |
4 |
cloudflare.com
1 redirects
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410 challenges.cloudflare.com — Cisco Umbrella Rank: 5309 |
39 KB |
2 |
equacio.com
1 redirects
equacio.com |
12 KB |
1 |
member365.com
1 redirects
weda.member365.com |
700 B |
6 | 4 |
Domain | Requested by | |
---|---|---|
4 | login.serv010.com |
2 redirects
equacio.com
login.serv010.com |
3 | challenges.cloudflare.com |
1 redirects
login.serv010.com
challenges.cloudflare.com |
2 | equacio.com | 1 redirects |
1 | www.serv010.com | 1 redirects |
1 | cdnjs.cloudflare.com |
login.serv010.com
|
1 | weda.member365.com | 1 redirects |
6 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.equacio.com R3 |
2023-09-19 - 2023-12-18 |
3 months | crt.sh |
login.serv010.com R3 |
2023-08-30 - 2023-11-28 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2023-08-18 - 2024-08-17 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638309193972349422.YzdlMjRmNjgtZTAzMi00OWQ2LTkxYWItMzI0YWUxZTI0ODUxOWNiYWIxYzgtNzk2ZC00ODY1LWFkNDUtNTZiMmFmYjAxZTVj&ui_locales=de-DE&mkt=de-DE&client-request-id=73ffe83e-7c5c-47df-a6c3-18f20ab71600&state=2oF7ae1GC-zPpMvaKcKOGFPq3V4LI8uN_1pM8ybH31ofKHmuZHzlkSjzGLw7hZCjYyomszoT5d8q2OORQl0FIKu4aZJ4Dv5xUzfFE3QvSYKRLnyekjuQBlwKTjLovMHSsxVJhZVk8gZA7_B0_LA9bMHYTf2LzgqfY_SyEli9b45-Qi5H2EAOeh_NXudvw6fYRSbACOw9KCPB5_YJnNv-7Y-5b5Xtn-eQIDDuhpKx-A6iPvDWVFEa-C9tqS6akiqF1LlFD9TwMc6wGvvj7QcN2Q&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0
Frame ID: 7A46D19A411F4592669640983012BA32
Requests: 6 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5mrfj/1x00000000000000000000BB/light/normal
Frame ID: 4E81397B9DC2C463A709BF761F52D8A9
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=htt...
HTTP 307
https://equacio.com/r HTTP 301
https://equacio.com/r/ Page URL
- https://login.serv010.com/kcoFAeyp Page URL
-
https://login.serv010.com/kcoFAeyp?D=u78ZGco
HTTP 302
https://login.serv010.com/ HTTP 302
https://www.serv010.com/login HTTP 302
https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL
Detected technologies
CodeIgniter (Web Frameworks) ExpandDetected patterns
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fequacio.com%2Fr
HTTP 307
https://equacio.com/r HTTP 301
https://equacio.com/r/ Page URL
- https://login.serv010.com/kcoFAeyp Page URL
-
https://login.serv010.com/kcoFAeyp?D=u78ZGco
HTTP 302
https://login.serv010.com/ HTTP 302
https://www.serv010.com/login HTTP 302
https://login.serv010.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638309193972349422.YzdlMjRmNjgtZTAzMi00OWQ2LTkxYWItMzI0YWUxZTI0ODUxOWNiYWIxYzgtNzk2ZC00ODY1LWFkNDUtNTZiMmFmYjAxZTVj&ui_locales=de-DE&mkt=de-DE&client-request-id=73ffe83e-7c5c-47df-a6c3-18f20ab71600&state=2oF7ae1GC-zPpMvaKcKOGFPq3V4LI8uN_1pM8ybH31ofKHmuZHzlkSjzGLw7hZCjYyomszoT5d8q2OORQl0FIKu4aZJ4Dv5xUzfFE3QvSYKRLnyekjuQBlwKTjLovMHSsxVJhZVk8gZA7_B0_LA9bMHYTf2LzgqfY_SyEli9b45-Qi5H2EAOeh_NXudvw6fYRSbACOw9KCPB5_YJnNv-7Y-5b5Xtn-eQIDDuhpKx-A6iPvDWVFEa-C9tqS6akiqF1LlFD9TwMc6wGvvj7QcN2Q&x-client-SKU=ID_NET6_0&x-client-ver=6.30.1.0 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://weda.member365.com/ecommunication/api/click/V1EaB7MEUaXFULf4jfJz1g/-7_OD-5-xiwzyPtHi15TsA?r=https%3A%2F%2Fequacio.com%2Fr HTTP 307
- https://equacio.com/r HTTP 301
- https://equacio.com/r/
- https://challenges.cloudflare.com/turnstile/v0/api.js?&onload=onloadTurnstileCallback HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/b/8370c0b3/api.js?&onload=onloadTurnstileCallback
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
equacio.com/r/ Redirect Chain
|
37 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kcoFAeyp
login.serv010.com/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/b/8370c0b3/ Redirect Chain
|
30 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5mrfj/1x00000000000000000000BB/light/ Frame 4E81 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.serv010.com/common/oauth2/v2.0/ Redirect Chain
|
16 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
weda.member365.com/ | Name: ci_session Value: a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229c35d07d7deb47b4a24668a22e000903%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A10%3A%2210.0.13.71%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A115%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F117.0.5938.88+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1695322589%3B%7D8c40317c882aa0832a703c0fa4395bec |
|
.serv010.com/ | Name: uVkj Value: 3a0959ce750e74a588c0a7eb2efdbdda882fd4c6fa3b6722c83ac906576b3613 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
challenges.cloudflare.com
equacio.com
login.serv010.com
weda.member365.com
www.serv010.com
185.224.129.207
192.185.94.61
2606:4700::6811:190e
2606:4700::6811:2b8
54.186.19.27
3909f8548c1125847c1d9434b37c8d9e5699a13d28bd2b36a94c87c3239e8851
9ac682c39b402814b13d3f36ebe988e36cdbf0d2e2cb285d268385df8c94c32f
a00f7ed35be5bfea9cbbdcbeca07f536d9db6fb6391ca55ad38790eecb01ffeb
e97df57582d1c0d675bfa288d010cd6d6bd0e8d00de5a52affc0e731f453f53f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d