m365privilege.serv00.net Open in urlscan Pro
128.204.223.70 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://m365privilege.serv00.net/new-privilegescIient786457457/
Submission: On June 24 via api (June 24th 2024, 4:43:44 am UTC) from US — Scanned from PL

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 128.204.223.70, located in Poland and belongs to ECO-ATMAN-PL ECO-ATMAN-, PL. The main domain is m365privilege.serv00.net.
TLS certificate: Issued by R3 on April 4th 2024. Valid for: 3 months.

This is the only time m365privilege.serv00.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
8	128.204.223.70 128.204.223.70		57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-)
8	1

8 128.204.223.70 (Poland)

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web3.serv00.com

m365privilege.serv00.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	serv00.net m365privilege.serv00.net	36 KB
8	1

	Domain	Requested by
8	m365privilege.serv00.net	m365privilege.serv00.net
8	1

This site contains no links.

Subject Issuer	Validity	Valid
*.serv00.net R3	`2024-04-04` - `2024-07-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://m365privilege.serv00.net/new-privilegescIient786457457/
Frame ID: B937E357892116C86CD11FF76D54485E
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft account

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

36 kB
Transfer

35 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response m365privilege.serv00.net/new-privilegescIient786457457/	7 KB 7 KB	196ms 61ms	Document text/html	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `9544ddb6da88ebc30123e76df5610a692d2b468c837be047edcd87ce2ba0cdd8` Request headers Accept-Language pl-PL,pl;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes content-length 7122 content-type text/html date Mon, 24 Jun 2024 04:43:39 GMT etag "6601afe0-1bd2" last-modified Mon, 25 Mar 2024 17:09:52 GMT server nginx
GET H2	200	app.css m365privilege.serv00.net/new-privilegescIient786457457/assets/	5 KB 5 KB	67ms 67ms	Stylesheet text/css	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/assets/app.css Requested by Host: m365privilege.serv00.net URL: https://m365privilege.serv00.net/new-privilegescIient786457457/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `197c76c1a2269a85ae84d0b33d64e0381d0cca1f4651f81a2a15476c9f3919f9` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://m365privilege.serv00.net/new-privilegescIient786457457/ Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 04:43:39 GMT last-modified Mon, 25 Mar 2024 15:13:04 GMT server nginx accept-ranges bytes etag "66019480-152a" content-length 5418 content-type text/css
GET H2	200	logo.png m365privilege.serv00.net/new-privilegescIient786457457/assets/	1 KB 1 KB	67ms 66ms	Image image/png	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Show image Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/assets/logo.png Requested by Host: m365privilege.serv00.net URL: https://m365privilege.serv00.net/new-privilegescIient786457457/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://m365privilege.serv00.net/new-privilegescIient786457457/ Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 04:43:39 GMT last-modified Mon, 25 Mar 2024 15:13:28 GMT server nginx accept-ranges bytes etag "66019498-578" content-length 1400 content-type image/png
GET H2	200	question.png m365privilege.serv00.net/new-privilegescIient786457457/assets/	412 B 533 B	66ms 66ms	Image image/png	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Show image Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/assets/question.png Requested by Host: m365privilege.serv00.net URL: https://m365privilege.serv00.net/new-privilegescIient786457457/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `e8d06c0a072a671e5843de9a12f4cd826ca5e17bbeb4c57ee9c410ee878998e8` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://m365privilege.serv00.net/new-privilegescIient786457457/ Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 04:43:39 GMT last-modified Mon, 25 Mar 2024 15:13:36 GMT server nginx accept-ranges bytes etag "660194a0-19c" content-length 412 content-type image/png
GET H2	200	key.png m365privilege.serv00.net/new-privilegescIient786457457/assets/	727 B 849 B	66ms 65ms	Image image/png	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Show image Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/assets/key.png Requested by Host: m365privilege.serv00.net URL: https://m365privilege.serv00.net/new-privilegescIient786457457/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://m365privilege.serv00.net/new-privilegescIient786457457/ Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 04:43:39 GMT last-modified Mon, 25 Mar 2024 15:13:26 GMT server nginx accept-ranges bytes etag "66019496-2d7" content-length 727 content-type image/png
GET H2	200	back.png m365privilege.serv00.net/new-privilegescIient786457457/assets/	231 B 352 B	66ms 66ms	Image image/png	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Show image Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/assets/back.png Requested by Host: m365privilege.serv00.net URL: https://m365privilege.serv00.net/new-privilegescIient786457457/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://m365privilege.serv00.net/new-privilegescIient786457457/ Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 04:43:39 GMT last-modified Mon, 25 Mar 2024 15:13:06 GMT server nginx accept-ranges bytes etag "66019482-e7" content-length 231 content-type image/png
GET H2	200	app.js Show response m365privilege.serv00.net/new-privilegescIient786457457/assets/	4 KB 4 KB	65ms 65ms	Script application/javascript	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/assets/app.js Requested by Host: m365privilege.serv00.net URL: https://m365privilege.serv00.net/new-privilegescIient786457457/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `c216028bb884c8afe7be694463b2f90345c8c223107d06c1bb27b5aeacd9085a` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://m365privilege.serv00.net/new-privilegescIient786457457/ Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 04:43:39 GMT last-modified Mon, 25 Mar 2024 15:13:04 GMT server nginx accept-ranges bytes etag "66019480-e11" content-length 3601 content-type application/javascript
GET H2	200	favicon.ico m365privilege.serv00.net/new-privilegescIient786457457/assets/	17 KB 17 KB	62ms 62ms	Other image/x-icon	128.204.223.70 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://m365privilege.serv00.net/new-privilegescIient786457457/assets/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.70 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web3.serv00.com Software nginx / Resource Hash `90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://m365privilege.serv00.net/new-privilegescIient786457457/ Accept-Language pl-PL,pl;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 24 Jun 2024 04:43:39 GMT last-modified Mon, 25 Mar 2024 15:13:24 GMT server nginx accept-ranges bytes etag "66019494-4316" content-length 17174 content-type image/x-icon

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://m365privilege.serv00.net/new-privilegescIient786457457/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

m365privilege.serv00.net
128.204.223.70
197c76c1a2269a85ae84d0b33d64e0381d0cca1f4651f81a2a15476c9f3919f9
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9544ddb6da88ebc30123e76df5610a692d2b468c837be047edcd87ce2ba0cdd8
c216028bb884c8afe7be694463b2f90345c8c223107d06c1bb27b5aeacd9085a
e8d06c0a072a671e5843de9a12f4cd826ca5e17bbeb4c57ee9c410ee878998e8

m365privilege.serv00.net Open in urlscan Pro 128.204.223.70 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

36 kBTransfer

35 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

m365privilege.serv00.net Open in urlscan Pro
128.204.223.70 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

36 kB
Transfer

35 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!