Comment by varun_ch

12 days ago

Microsoft is really bad with this. Login might be live.com or microsoftonline.com or maybe onmicrosoft.com. I went to report a vulnerability to their security portal this week and it redirected me to b2clogin.com.

OneDrive email attachments link to, I kid you not, 1drv.ms, or maybe it was 1drv.com…

Not to mention, they use .ms as if it’s their personal TLD, but obviously anyone can register a .ms domain. It’s like they want people to get phished.

16 comments

varun_ch

Retr0id 12 days ago

Until this moment I assumed .ms was a Microsoft TLD, but indeed it is not https://en.wikipedia.org/wiki/.ms

amiga386 12 days ago
Handy tip: all two-letter TLDs are country code TLDs. Doesn't matter if they're trendy in website names (.nu, .cc, .io, .co, .it, .at, .cx, youtu.be and so on)
In fact, here we have the ma.tt website, where the ".tt" is Trinidad and Tobago. Is Matt Mullenweg from Trinidad? No!
- mayoff 11 days ago
  
  It's kind of crazy that the IRS (among other United States government agencies) uses ID.me for account management. The .me domain belongs to Montenegro.
  
  1 reply →
- the_mitsuhiko 12 days ago
  
  Though not all country codes point to a country. See .eu, .ac .su as different examples of stuff that breaks the rules.
  
  8 replies →
RGamma 12 days ago

They also use .microsoft now (e.g. for the M365 admin portal).

anon7000 11 days ago

We’re talking about the company who owns npm, one of the most hacked package registries in recent history. Can’t say I’m shocked, but this is so bad