discover.owa-postmaster.al-adha.org.my Open in urlscan Pro
202.75.41.117 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xe.forumsmaroc.com/faraguas-r2xebe-x2in-x2-x1-x2-v8m
Effective URL:
https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Submission Tags: falconsandbox
Submission: On December 23 via api (December 23rd 2021, 3:15:58 pm UTC) from US — Scanned from DE

Summary HTTP 23 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 7 IPs in 5 countries across 7 domains to perform 23 HTTP transactions. The main IP is 202.75.41.117, located in Malaysia and belongs to TMVADS-AP TM-VADS DC Hosting, MY. The main domain is discover.owa-postmaster.al-adha.org.my.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 13th 2021. Valid for: 3 months.

This is the only time discover.owa-postmaster.al-adha.org.my was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	149.47.136.154 149.47.136.154	62729 (ASMALLORA...) (ASMALLORANGE1)
1 2	202.75.41.117 202.75.41.117	17971 (TMVADS-AP...) (TMVADS-AP TM-VADS DC Hosting)
11	152.199.23.37 152.199.23.37	15133 (EDGECAST) (EDGECAST)
1	20.190.159.132 20.190.159.132	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.157.4.48 108.157.4.48	16509 (AMAZON-02) (AMAZON-02)
1	2603:1026:c03... 2603:1026:c03:680e::2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2606:4700:303... 2606:4700:3036::6815:f6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a02:26f0:6c0... 2a02:26f0:6c00:2bb::753	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
23	7

1 149.47.136.154 (United States) 1 redirects

ASN62729 (ASMALLORANGE1, US)
PTR: useast6.myserverhosts.com

xe.forumsmaroc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 202.75.41.117 (Malaysia) 1 redirects

ASN17971 (TMVADS-AP TM-VADS DC Hosting, MY)
PTR: tujuhbelas.pelayanweb.com

discover.owa-postmaster.al-adha.org.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 152.199.23.37 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.159.132 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.48 (United States)

ASN16509 (AMAZON-02, US)

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:c03:680e::2 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

outlook.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3036::6815:f6c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.xebecinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
xebecinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00:2bb::753 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

r4.res.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	msftauth.net aadcdn.msftauth.net	238 KB
8	office365.com outlook.office365.com r4.res.office365.com	692 KB
2	xebecinc.com 1 redirects www.xebecinc.com xebecinc.com	791 B
2	al-adha.org.my 1 redirects discover.owa-postmaster.al-adha.org.my	16 KB
1	clearbit.com logo.clearbit.com	31 KB
1	live.com login.live.com
1	forumsmaroc.com 1 redirects xe.forumsmaroc.com	346 B
23	7

	Domain	Requested by
11	aadcdn.msftauth.net	discover.owa-postmaster.al-adha.org.my
7	r4.res.office365.com	outlook.office365.com
2	discover.owa-postmaster.al-adha.org.my	1 redirects
1	xebecinc.com	discover.owa-postmaster.al-adha.org.my
1	www.xebecinc.com	1 redirects
1	outlook.office365.com	discover.owa-postmaster.al-adha.org.my
1	logo.clearbit.com	discover.owa-postmaster.al-adha.org.my
1	login.live.com	discover.owa-postmaster.al-adha.org.my
1	xe.forumsmaroc.com	1 redirects
23	9

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
discover.owa-postmaster.al-adha.org.my cPanel, Inc. Certification Authority	`2021-12-13` - `2022-03-13`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2021-05-13` - `2022-05-13`	a year	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2021-11-25` - `2022-11-25`	a year	crt.sh
clearbit.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
outlook.com DigiCert Cloud Services CA-1	`2020-07-02` - `2022-07-02`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
*.res.outlook.com Microsoft RSA TLS CA 02	`2021-01-20` - `2022-01-20`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Frame ID: 33BA3D9FA8ED20BD86DE74A289CC27AC
Requests: 14 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx
Frame ID: 4E7E393BFB773618854CF58B0EA7530C
Requests: 8 HTTP requests in this frame

Frame: https://xebecinc.com/
Frame ID: A79155E070175B84E1496DBEED161EC3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Xebecinc Security and Compliance Portal

Page URL History Show full URLs

http://xe.forumsmaroc.com/faraguas-r2xebe-x2in-x2-x1-x2-v8m HTTP 302
https://discover.owa-postmaster.al-adha.org.my/quarantine/?client-request-id=ZmFyYWd1YXNAeGViZWNpbmMuY29t HTTP 302
https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php Page URL

Page Statistics

23
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

9
Subdomains

7
IPs

5
Countries

976 kB
Transfer

3510 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/en-GB/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-GB/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xe.forumsmaroc.com/faraguas-r2xebe-x2in-x2-x1-x2-v8m HTTP 302
https://discover.owa-postmaster.al-adha.org.my/quarantine/?client-request-id=ZmFyYWd1YXNAeGViZWNpbmMuY29t HTTP 302
https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://www.xebecinc.com/ HTTP 301
https://xebecinc.com/

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
discover.owa-postmaster.al-adha.org.my/quarantine/
Redirect Chain

http://xe.forumsmaroc.com/faraguas-r2xebe-x2in-x2-x1-x2-v8m
https://discover.owa-postmaster.al-adha.org.my/quarantine/?client-request-id=ZmFyYWd1YXNAeGViZWNpbmMuY29t
https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php

50 KB
16 KB

736ms
372ms

Document
text/html

202.75.41.117
TMVADS-AP TM-VADS...

General

Check archive.org

Show headers Download Go to

Full URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 202.75.41.117 , Malaysia, ASN17971 (TMVADS-AP TM-VADS DC Hosting, MY),
Reverse DNS: tujuhbelas.pelayanweb.com
Software: Apache /
Resource Hash: cbce41a42ea8c0124eaf7945a2a76c844361b7bf522cb58c7b2232bc317d0035

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Thu, 23 Dec 2021 15:15:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15726
Connection: close
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Thu, 23 Dec 2021 15:15:51 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: login.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H2 200 converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 105 KB
19 KB 62ms
26ms Stylesheet
text/css 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FDF) /
Resource Hash: 1b31b0ffabf72e2545aaad397417ba58f66eb3d57a232e115085136a497ffb34

Request headers

Referer: https://discover.owa-postmaster.al-adha.org.my/
Origin: https://discover.owa-postmaster.al-adha.org.my
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
content-md5: 77s7HX/qO+HbHX0PjIhH1A==
age: 15601911
x-cache: HIT
content-length: 19615
x-ms-lease-status: unlocked
last-modified: Thu, 11 Feb 2021 19:27:28 GMT
server: ECAcc (frc/8FDF)
etag: 0x8D8CEC311CB1846
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 1499ce03-d01e-0006-1229-6a3844000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ConvergedLogin_PCore_5xSFkxCybJ66PCkQYoQCtQ2.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/ 431 KB
118 KB 47ms
11ms Script
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_5xSFkxCybJ66PCkQYoQCtQ2.js
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FAE) /
Resource Hash: 194b80ca3d4d40425984bb7900c623a05d932fd2b7d42f99f4071a2e9c85b292

Request headers

Referer: https://discover.owa-postmaster.al-adha.org.my/
Origin: https://discover.owa-postmaster.al-adha.org.my
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
content-md5: COGKTwgRt/V6czGbYK/rJw==
age: 16285772
x-cache: HIT
content-length: 120419
x-ms-lease-status: unlocked
last-modified: Thu, 18 Mar 2021 08:32:22 GMT
server: ECAcc (frc/8FAE)
etag: 0x8D8E9E85A12EF66
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 44567b69-201e-0038-54f1-6338d3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js Show response
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 42 KB
12 KB 61ms
26ms Script
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8E91) /
Resource Hash: 10a120d27978a7f702f7700ada4c265f5e0aa0564b3b50aa542a611a7217fcf1

Request headers

Referer: https://discover.owa-postmaster.al-adha.org.my/
Origin: https://discover.owa-postmaster.al-adha.org.my
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
content-md5: 3NbIbf1MJFrM7z7J3e4PDw==
age: 12233805
x-cache: HIT
content-length: 12553
x-ms-lease-status: unlocked
last-modified: Fri, 12 Mar 2021 23:09:47 GMT
server: ECAcc (frc/8E91)
etag: 0x8D8E5ABEE379310
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 73b27239-201e-0019-4bcb-88b88f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 convergedlogin_ppassword_a2ba3dd02980047bb0fe.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 18 KB
6 KB 43ms
7ms Script
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_a2ba3dd02980047bb0fe.js
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FED) /
Resource Hash: ea6a8d0d2d04007d289d2718d82411cbae6472b6a34a3469eff1e86840a59452

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
content-md5: wToX8VpzufoyU07HST4W1Q==
age: 13610403
x-cache: HIT
content-length: 5157
x-ms-lease-status: unlocked
last-modified: Fri, 12 Feb 2021 23:42:16 GMT
server: ECAcc (frc/8FED)
etag: 0x8D8CFAFD4695F99
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 7127a872-d01e-0021-3c46-7c5ed9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H/1.1 200
OK Me.htm
login.live.com/ 0
0 468ms
100ms Other
text/html 20.190.159.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://login.live.com/Me.htm?v=3
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.190.159.132 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 xebecinc.com
logo.clearbit.com/ 30 KB
31 KB 78ms
13ms Image
image/png 108.157.4.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logo.clearbit.com/xebecinc.com
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: envoy /
Resource Hash: 9031f200532a0a65a7d17ad7808c3785f5e45b9af85d5432767aefa1e54890a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 11:31:55 GMT
via: 1.1 9f88eecf68d9192420b110f5f3f14fd7.cloudfront.net (CloudFront)
server: envoy
age: 531838
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: qizcPgWJgg6XH4DXiJGTXIwkASq1QxD2Ui8b2yq_LOYZjHiCmrcW8w==

GET
H2 200 arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 513 B
441 B 7ms
7ms Image
image/svg+xml 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F6C) /
Resource Hash: 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
content-md5: TjUQkZ0p0Y7rbj6LJofS9Q==
age: 18009108
x-cache: HIT
content-length: 276
x-ms-lease-status: unlocked
last-modified: Thu, 16 Jan 2020 00:32:45 GMT
server: ECAcc (frc/8F6C)
etag: 0x8D79A1B9B05915D
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: c711e8bd-e01e-0094-3b45-547244000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
19 KB 11ms
10ms Other
text/css 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FDF) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
content-md5: 77s7HX/qO+HbHX0PjIhH1A==
age: 15601911
x-cache: HIT
content-length: 19615
x-ms-lease-status: unlocked
last-modified: Thu, 11 Feb 2021 19:27:28 GMT
server: ECAcc (frc/8FDF)
etag: 0x8D8CEC311CB1846
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 1499ce03-d01e-0006-1229-6a3844000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
12 KB 14ms
13ms Other
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8E91) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
content-md5: 3NbIbf1MJFrM7z7J3e4PDw==
age: 12233805
x-cache: HIT
content-length: 12553
x-ms-lease-status: unlocked
last-modified: Fri, 12 Mar 2021 23:09:47 GMT
server: ECAcc (frc/8E91)
etag: 0x8D8E5ABEE379310
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 73b27239-201e-0019-4bcb-88b88f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H/1.1 200
OK prefetch.aspx Show response
outlook.office365.com/owa/ Frame 4E7E 3 KB
3 KB 96ms
19ms Document
text/html 2603:1026:c03:680e::2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://outlook.office365.com/owa/prefetch.aspx

Requested by

Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1026:c03:680e::2 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

36272ae7b486b3c244ca212942e943f763a561b3b786fd5a502f0e71e2c97a31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/

Response headers

Cache-Control: private, no-store
Content-Length: 1235
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
request-id: 70494f3e-db33-a8dc-90a4-776dc9b107a0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443",h3-29=":443"
X-CalculatedBETarget: AM5PR0601MB2644.eurprd06.prod.outlook.com
X-BackEndHttpStatus: 200
X-RUM-Validated: 1
X-Content-Type-Options: nosniff
X-BeSku: Gen9
X-OWA-Version: 15.20.4823.19
X-OWA-DiagnosticsInfo: 1;0;0
X-IIDs: 0
X-BackEnd-Begin: 2021-12-23T15:15:53.515
X-BackEnd-End: 2021-12-23T15:15:53.517
X-DiagInfo: AM5PR0601MB2644
X-BEServer: AM5PR0601MB2644
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=DHR"}],"include_subdomains":true}
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-Proxy-BackendServerStatus: 200
X-FirstHopCafeEFZ: DHR
X-FEServer: AS9PR06CA0334
Date: Thu, 23 Dec 2021 15:15:52 GMT

GET
H2

200

/
xebecinc.com/ Frame A791
Redirect Chain

https://www.xebecinc.com/
https://xebecinc.com/

0
0

320ms
310ms

Document
text/html

2606:4700:3036::6815:f6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xebecinc.com/

Requested by

Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:f6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/

Response headers

date: Thu, 23 Dec 2021 15:15:54 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
last-modified: Thu, 23 Dec 2021 06:25:12 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
vary: Accept-Encoding,User-Agent
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vYfcMgAhsy5XR%2Bl7VUB57Ud8eTBM4T4upC93sLGTABx716n%2FcXV6cfqSK7tkZk55LWIRK6KOtfnMyhPv95B4bRwVntphQ35OL5jzbaHNDRw3pR1JQELouvsLhx3rCEiWEFlUuc2SaKZBISI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c228c47e9494aa3-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Thu, 23 Dec 2021 15:15:54 GMT
content-type: text/html; charset=UTF-8
location: https://xebecinc.com/
expires: Thu, 23 Dec 2021 16:15:54 GMT 0
cache-control: max-age=3600 no-cache, no-store, must-revalidate
x-redirect-by: WordPress
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
vary: User-Agent,Accept-Encoding
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sC5AxPRWMnHgrLZgsBs1FWmhotwp7vbgVfsbG3fempkxaaU4srUYaih3KomZ7pGeB7qAvTlctC3XpqT9GF6fNBTeTJRcyVdSBnichyLG1%2FHHw72fuUkZenqZkEyBVzPBzCnBHKZ%2BV1rvUVf6uXAA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c228c449b694aa3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/ 987 B
1 KB 10ms
9ms Image
image/jpeg 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FB0) /
Resource Hash: 8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-md5: 5YqvyYBhSpzXeWvqe16o8A==
age: 153578
x-cache: HIT
content-length: 987
x-ms-lease-status: unlocked
last-modified: Fri, 27 Mar 2020 19:42:36 GMT
server: ECAcc (frc/8FB0)
etag: 0x8D7D287001BC861
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: a9d731eb-901e-0088-3daa-f601ef000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 49_7916a894ebde7d29c2cc29b267f1299f.jpg
aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/ 17 KB
17 KB 13ms
12ms Image
image/jpeg 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8E98) /
Resource Hash: d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:53 GMT
content-md5: eRaolOvefSnCzCmyZ/Epnw==
age: 14713132
x-cache: HIT
content-length: 17453
x-ms-lease-status: unlocked
last-modified: Fri, 27 Mar 2020 19:42:36 GMT
server: ECAcc (frc/8E98)
etag: 0x8D7D2870015D3DE
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: c036cf72-a01e-003d-643f-722d72000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.4823.14/scripts/ Frame 4E7E 648 KB
176 KB 70ms
7ms Stylesheet
application/x-javascript 2a02:26f0:6c00:2bb::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.4823.14/scripts/boot.worldwide.0.mouse.js

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2bb::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

b38f629ae1244687d1f439360e6e8d424faa53e4ce5cf17c47a2615213d67cd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
last-modified: Sat, 18 Dec 2021 04:39:07 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *
content-length: 179693

GET
H2 200 boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.4823.14/scripts/ Frame 4E7E 644 KB
160 KB 7ms
7ms Stylesheet
application/x-javascript 2a02:26f0:6c00:2bb::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.4823.14/scripts/boot.worldwide.1.mouse.js

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2bb::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

f0d6feacd8911f9a8c38b0d1c2f584f7803f7ace8088119a419595e019bd0980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
last-modified: Sat, 18 Dec 2021 04:39:08 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *
content-length: 163084

GET
H2 200 boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.4823.14/scripts/ Frame 4E7E 647 KB
166 KB 7ms
7ms Stylesheet
application/x-javascript 2a02:26f0:6c00:2bb::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.4823.14/scripts/boot.worldwide.2.mouse.js

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2bb::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

557fa9a7d1bc7434bccfb9ffe81b0c98de52072b9009d2f3d3b61f7c65e76842

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
last-modified: Sat, 18 Dec 2021 04:39:10 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *
content-length: 169702

GET
H2 200 boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.4823.14/scripts/ Frame 4E7E 645 KB
143 KB 8ms
8ms Stylesheet
application/x-javascript 2a02:26f0:6c00:2bb::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.4823.14/scripts/boot.worldwide.3.mouse.js

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2bb::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

da7187b61fadf4e0e0b27f91028b6ed2cee4712524e1b6536c1ece2e24abac98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
last-modified: Sat, 18 Dec 2021 04:39:12 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *
content-length: 145619

GET
H2 200 sprite1.mouse.png
r4.res.office365.com/owa/prem/15.20.4823.14/resources/images/0/ Frame 4E7E 132 B
336 B 7ms
7ms Stylesheet
image/png 2a02:26f0:6c00:2bb::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.4823.14/resources/images/0/sprite1.mouse.png

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2bb::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:15:53 GMT
last-modified: Sat, 18 Dec 2021 06:13:22 GMT
server: AkamaiNetStorage
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
accept-ranges: bytes
timing-allow-origin: *
content-length: 132

GET
H2 200 sprite1.mouse.css
r4.res.office365.com/owa/prem/15.20.4823.14/resources/images/0/ Frame 4E7E 994 B
512 B 7ms
7ms Stylesheet
text/css 2a02:26f0:6c00:2bb::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.4823.14/resources/images/0/sprite1.mouse.css

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2bb::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
last-modified: Sat, 18 Dec 2021 05:39:03 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *
content-length: 288

GET
H2 200 boot.worldwide.mouse.css
r4.res.office365.com/owa/prem/15.20.4823.14/resources/styles/0/ Frame 4E7E 227 KB
43 KB 7ms
7ms Stylesheet
text/css 2a02:26f0:6c00:2bb::753
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://r4.res.office365.com/owa/prem/15.20.4823.14/resources/styles/0/boot.worldwide.mouse.css

Requested by

Host: outlook.office365.com
URL: https://outlook.office365.com/owa/prefetch.aspx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2bb::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://outlook.office365.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 23 Dec 2021 15:15:53 GMT
content-encoding: gzip
last-modified: Sat, 18 Dec 2021 05:39:35 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-age=630720000, s-maxage=630720000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
timing-allow-origin: *
content-length: 44144

GET
H2 200 converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
19 KB 8ms
7ms Other
text/css 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kb8fbtudybay5t8ts3k87g2.css
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8FDF) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:54 GMT
content-encoding: gzip
content-md5: 77s7HX/qO+HbHX0PjIhH1A==
age: 15601912
x-cache: HIT
content-length: 19615
x-ms-lease-status: unlocked
last-modified: Thu, 11 Feb 2021 19:27:28 GMT
server: ECAcc (frc/8FDF)
etag: 0x8D8CEC311CB1846
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 1499ce03-d01e-0006-1229-6a3844000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
12 KB 8ms
8ms Other
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_dy6zu1br07b27dynemrfsg2.js
Requested by: Host: discover.owa-postmaster.al-adha.org.my
URL: https://discover.owa-postmaster.al-adha.org.my/quarantine/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8E91) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://discover.owa-postmaster.al-adha.org.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 23 Dec 2021 15:15:54 GMT
content-encoding: gzip
content-md5: 3NbIbf1MJFrM7z7J3e4PDw==
age: 12233806
x-cache: HIT
content-length: 12553
x-ms-lease-status: unlocked
last-modified: Fri, 12 Mar 2021 23:09:47 GMT
server: ECAcc (frc/8E91)
etag: 0x8D8E5ABEE379310
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 73b27239-201e-0019-4bcb-88b88f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
discover.owa-postmaster.al-adha.org.my/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0e5be6c1d21046f70a653fa53d780dd4
outlook.office365.com/	1970-01-20 08:23:28	Name: ClientId Value: 255805DF6AC64217B5E5353236AF5D49
outlook.office365.com/	1970-01-20 03:59:57	Name: OIDC Value: 1
.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: ac9b37055d894346876a5612bcd25b21
.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1640272553&co=1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://xebecinc.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
discover.owa-postmaster.al-adha.org.my
login.live.com
logo.clearbit.com
outlook.office365.com
r4.res.office365.com
www.xebecinc.com
xe.forumsmaroc.com
xebecinc.com
108.157.4.48
149.47.136.154
152.199.23.37
20.190.159.132
202.75.41.117
2603:1026:c03:680e::2
2606:4700:3036::6815:f6c
2a02:26f0:6c00:2bb::753
10a120d27978a7f702f7700ada4c265f5e0aa0564b3b50aa542a611a7217fcf1
194b80ca3d4d40425984bb7900c623a05d932fd2b7d42f99f4071a2e9c85b292
1b31b0ffabf72e2545aaad397417ba58f66eb3d57a232e115085136a497ffb34
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
36272ae7b486b3c244ca212942e943f763a561b3b786fd5a502f0e71e2c97a31
37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
557fa9a7d1bc7434bccfb9ffe81b0c98de52072b9009d2f3d3b61f7c65e76842
6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
9031f200532a0a65a7d17ad7808c3785f5e45b9af85d5432767aefa1e54890a2
b38f629ae1244687d1f439360e6e8d424faa53e4ce5cf17c47a2615213d67cd1
cbce41a42ea8c0124eaf7945a2a76c844361b7bf522cb58c7b2232bc317d0035
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
da7187b61fadf4e0e0b27f91028b6ed2cee4712524e1b6536c1ece2e24abac98
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea6a8d0d2d04007d289d2718d82411cbae6472b6a34a3469eff1e86840a59452
f0d6feacd8911f9a8c38b0d1c2f584f7803f7ace8088119a419595e019bd0980

discover.owa-postmaster.al-adha.org.my Open in urlscan Pro 202.75.41.117 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

23 Requests

100 %HTTPS

38 %IPv6

7 Domains

9 Subdomains

7 IPs

5 Countries

976 kBTransfer

3510 kBSize

5 Cookies

2 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

5 Cookies

1 Console Messages

Indicators

discover.owa-postmaster.al-adha.org.my Open in urlscan Pro
202.75.41.117 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

9
Subdomains

7
IPs

5
Countries

976 kB
Transfer

3510 kB
Size

5
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!