I noticed that whenever I checked my Noscript’s list of blocked domains soon after opening my browser, this domain appeared in it:
https://onerm-staging.azurewebsites.net/
While I had no idea where did that link come from, via quick Googling it seemed that it belonged to Microsoft’s Azura application, and when I checked my Outlook indox which is my browser’s home page, and that domain appeared as blocked in there. However, before that I checked Vriustotal entry for that domain, and it showed up with one suspicious and one malicious blacklist:
You know what happened lately through the workings of IoT-dDos-botnets, but yours was a phishing mail,
just as it has been described in Jérôme Segura’s report (see above link).
Website errors and warnings could be a sign the website has been compromitted: https://asafaweb.com/Scan?Url=onerm-staging.azurewebsites.net
Custom-error fail - wrongly configured.
It looks like a cookie is being set without the “HttpOnly” flag being set (name : value):
TiPMix : 36.7282663177365
I haven’t actually recieved phisning (or any email for that matter) to my Outlook indox for a long time, at least none that haven’t gone straight into spam folder. Probably there will be no issues if I simply leave the link unblocked with Noscript?
Oh, MS, you cannot really be doing this to us :o being vulnerable to MiM-attacks on cloudapp dot net!
And more insecurity for that waws-prod-bay-003.cloudapp.net certificate: You have 1 error
Wrong certificate installed.
The domain name does not match name or SAN. The certificate commoData is protected, but exchanging personal or financial information is not recommended on *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net
So we see the underlying infrastructure is insecure and this creates possibilities for abuse.