Domain

windows.net

First seen Feb 22, 2026

Suspicious

No SSL certificate
37 community reports from users

Campaign Intelligence

This cluster centers on 1 connected domains identified through shared infrastructure and registration patterns. Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov. This campaign was identified through automated analysis of threat intelligence feeds and entity relationship mapp...

Part of: Domain Campaign2/22/2026

This cluster centers on 2764 connected domains tagged as BeaverTail, Kaiji, fbf543. 645 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1132 phone numbers (7638857447, 8664372914, 2157987305) with 10266 FTC complaints; 146 companies (JPMORGAN CHASE & CO., Advanced Resolution Services Inc., EVERBANK, NATIONAL ASSOCIATION) with 8616274 CFPB complaints; 298 email addresses (xxxxxxxxxxxxxxxxxxxxxxxx@vm...

Part of: Reducing your debt (credit cards, mortgage, student loans) Robocall Campaign3/26/2026

This cluster centers on 2874 connected domains tagged as QuasarRAT, StealitStealer, pw-k53mv9bc. 652 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1375 phone numbers (2157987305, 2025069230, 2028641298) with 14635 FTC complaints; 160 companies (JPMORGAN CHASE & CO., Advanced Resolution Services Inc., EVERBANK, NATIONAL ASSOCIATION) with 8680419 CFPB complaints; 299 email addresses (abuse@fb.com, ...

Part of: Other Robocall Campaign3/27/2026

This cluster centers on 1486 connected domains tagged as None, keylogger. 5 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. The connected infrastructure includes 1364 phone numbers (3124141737, 3163966869, 8553892999) with 17909 FTC complaints; 170 companies (EQUIFAX, INC., TRANSUNION INTERMEDIATE HOLDINGS, INC., BANK OF AMERICA, NATIONAL ASSOCIATION) with 8747332 CFPB complaints; 187 email addresses (xxxxxxxxxxxxxxxxxxxxxxxx@vmh5.grup...

Part of: No Subject Provided Robocall Campaign3/28/2026

Details

Registrar

MarkMonitor, Inc.

Registration Date

8/10/1995

First Seen

2/22/2026

Related Domains

domain

phishing.web.core.windows.net

reported together domain

securethelogs.com

reported together domain

crixerox-secondary.z15.web.core.windows.net

same infrastructure domain

phishing.web.core.windows.net

same infrastructure domain

citizensbank.com

same infrastructure domain

blogs.msdn.com

same infrastructure

Community Reports

Phishing.web.core.windows.net Hey guys, I’ve recently seen an increase of abuse of the Windows.net domain when dealing with Phishing emails. Seems to bypass O365 controls due to its trust. Thought I’d share. Hope it’s of use 😁 https://securethelogs.com/2020/05/14/phishing-web-core-windows-net/

2143 days ago8 upvotes

Scammers are now using Windows.net to host these Phishing pages, most users will think it is authentic and from Microsoft since it is Windows.net

2391 days ago11 upvotes

Share Your Experience

What's Your Exposure?

Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.

Proton VPN — Block malicious sites and encrypt your connection

Proton VPN routes your traffic through encrypted servers and blocks known malware domains. Free plan available.

Get Proton VPNAffiliate link. We may earn a commission.