A suspicious website was reported and it was rather convincing. The website was impersonating Microsoft and with Microsoft’s latest Windows 10 pushes, it did not seem implausible. Part of the disguise was the fact that the site was running with an Microsoft Azure subdomain. Even with a little bit of research, you might be convinced that the site is legitimate and belongs to Microsoft.
Looking at the source code, you could find several examples where the code is not up to Microsoft’s standards and there are suspicious sections commented out. Further, if you visit the site from a Mac, the website looks different and recommends MacKeeper, an “antivirus” loaded with suspicious add-in for macOS computers.
Now that we have identified that the site is malicious, how do we report it to Microsoft so they can take it down and save others from reaching the site? To report a security incident or abuse on a Microsoft server, use the website https://cert.microsoft.com/ The website is a simple form to provide your contact information, the domain/IP address, a timestamp, and a description.
This form is to report suspected security issues or abuse of Microsoft Online Services, such as Bing, Hotmail, Windows Live, Windows Azure, and Office 365. This includes malicious network activity originating from a Microsoft IP address. It also includes distribution of malicious content or other illicit or illegal material through a Microsoft Online Service.
I filled out the form and submitted it. Hopefully Microsoft will investigate the issue promptly, confirm it, and remove the site according to their processes, preventing anybody else from becoming a victim to the malware that the site is spreading.