![](/screenshots/dde3b483-8acf-4ae6-8bc3-8c5bfbafee36.png)
m365privilege.serv00.net
Open in
urlscan Pro
128.204.223.70
Malicious Activity!
Public Scan
Submission: On June 24 via api from US — Scanned from PL
Summary
TLS certificate: Issued by R3 on April 4th 2024. Valid for: 3 months.
This is the only time m365privilege.serv00.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 128.204.223.70 128.204.223.70 | 57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-) | |
8 | 1 |
ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web3.serv00.com
m365privilege.serv00.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
serv00.net
m365privilege.serv00.net |
36 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | m365privilege.serv00.net |
m365privilege.serv00.net
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.serv00.net R3 |
2024-04-04 - 2024-07-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://m365privilege.serv00.net/new-privilegescIient786457457/
Frame ID: B937E357892116C86CD11FF76D54485E
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
m365privilege.serv00.net/new-privilegescIient786457457/ |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
m365privilege.serv00.net/new-privilegescIient786457457/assets/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
m365privilege.serv00.net/new-privilegescIient786457457/assets/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
question.png
m365privilege.serv00.net/new-privilegescIient786457457/assets/ |
412 B 533 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
key.png
m365privilege.serv00.net/new-privilegescIient786457457/assets/ |
727 B 849 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
back.png
m365privilege.serv00.net/new-privilegescIient786457457/assets/ |
231 B 352 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
m365privilege.serv00.net/new-privilegescIient786457457/assets/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
m365privilege.serv00.net/new-privilegescIient786457457/assets/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| getUrlParameter function| fillEmailIntoInput string| recipientEmail boolean| pwdVal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
m365privilege.serv00.net
128.204.223.70
197c76c1a2269a85ae84d0b33d64e0381d0cca1f4651f81a2a15476c9f3919f9
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9544ddb6da88ebc30123e76df5610a692d2b468c837be047edcd87ce2ba0cdd8
c216028bb884c8afe7be694463b2f90345c8c223107d06c1bb27b5aeacd9085a
e8d06c0a072a671e5843de9a12f4cd826ca5e17bbeb4c57ee9c410ee878998e8