urlscan.io logo urlscan.io
SecurityTrails logo

outlook-update.hexat.com Open in urlscan Pro
54.36.158.42  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://outlook-update.hexat.com/index
Submission: On June 07 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 17 HTTP transactions. The main IP is 54.36.158.42, located in France and belongs to OVH, FR. The main domain is outlook-update.hexat.com.
This is the only time outlook-update.hexat.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
2 54.36.158.42 16276 (OVH)
6 203.16.41.161 10148 (UNIMELB-A...)
5 178.33.123.218 16276 (OVH)
1 91.228.74.140 27281 (QUANTCAST)
1 2 2600:9000:200... 16509 (AMAZON-02)
1 91.228.74.249 27281 (QUANTCAST)
17 7
2    54.36.158.42 (France)

ASN16276 (OVH, FR)
PTR: lb.xtgem.com
outlook-update.hexat.com
6    203.16.41.161 (Australia)

ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU)
PTR: outlook.rch.org.au
outlook.rch.org.au
5    178.33.123.218 (France)

ASN16276 (OVH, FR)
PTR: d2.xtgem.com
xtgem.com
enif.images.xtstatic.com
cif.images.xtstatic.com
1    91.228.74.140 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)
edge.quantserve.com
2    2600:9000:200c:800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
rules.quantcount.com
1    91.228.74.249 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)
pixel.quantserve.com
Domain Requested by
6 outlook.rch.org.au outlook-update.hexat.com
3 xtgem.com outlook-update.hexat.com
2 rules.quantcount.com 1 redirects outlook-update.hexat.com
2 outlook-update.hexat.com outlook-update.hexat.com
1 pixel.quantserve.com outlook-update.hexat.com
1 cif.images.xtstatic.com outlook-update.hexat.com
1 enif.images.xtstatic.com outlook-update.hexat.com
1 edge.quantserve.com outlook-update.hexat.com
17 8

This site contains links to these domains. Also see Links.

Domain
xtgem.com
Subject Issuer Validity Valid
outlook.rch.org.au
DigiCert SHA2 High Assurance Server CA		 2017-03-20 -
2020-05-13		 3 years crt.sh

1970-01-01 -
1970-01-01		 a few seconds crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2018-10-16 -
2019-10-21		 a year crt.sh

This page contains 4 frames:

Primary Page: http://outlook-update.hexat.com/index
Frame ID: 685F984616033087D70FF47EBFACBF72
Requests: 14 HTTP requests in this frame

Frame: http://enif.images.xtstatic.com/tp.gif
Frame ID: 79CBDADF0B4C79972019DED8BB3BF7FF
Requests: 1 HTTP requests in this frame

Frame: http://cif.images.xtstatic.com/tp.gif
Frame ID: F18F9CC3FB84DF68FD712049807CF54B
Requests: 1 HTTP requests in this frame

Frame: http://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9vdXRsb29rLXVwZGF0ZS5oZXhhdC5jb21cL2luZGV4IiwibG9nZ2VkX2luIjpmYWxzZSwiZG9tYWluIjoib3V0bG9vay11cGRhdGUuaGV4YXQuY29tIiwicG9zaXRpb24iOnsiYWJzb2x1dGUiOiJmaXhlZCJ9fQ==
Frame ID: B1FCB5CC9153515C4A937C853616CB60
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • env /^IsOwaPremiumBrowser$/i
Overall confidence: 50%
Detected patterns
  • env /^IsOwaPremiumBrowser$/i
Overall confidence: 100%
Detected patterns
  • env /^IsOwaPremiumBrowser$/i
Overall confidence: 50%
Detected patterns
  • env /^IsOwaPremiumBrowser$/i
Overall confidence: 100%
Detected patterns
  • script /edge\.quantserve\.com\/quant\.js/i
  • env /^quantserve$/i

Page Statistics

17
Requests

41 %
HTTPS

17 %
IPv6

6
Domains

8
Subdomains

7
IPs

4
Countries

64 kB
Transfer

82 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • http://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js HTTP 301
  • https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set index
outlook-update.hexat.com/ 		21 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
0f6e9f9cb32e555089d6d31e38263c0ada27c41420fd7de0c281e0de954c9a41

Request headers

Host
outlook-update.hexat.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:12 GMT
Vary
Host,Accept-Encoding
Set-Cookie
_xta_uid=b8bc12ab0c062a11920fa569e29a6b05; expires=Sun, 06-Jun-2021 08:48:13 GMT; Max-Age=63072000; path=/; domain=.hexat.com; httponly _xta_vid=f4573082fb9449238ba6493a577546f7-1559897293; expires=Fri, 07-Jun-2019 09:18:13 GMT; Max-Age=1800; path=/; domain=.hexat.com; httponly
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Pragma
no-cache
Expires
Wed, 17 Sep 1975 21:32:10 GMT
Content-Encoding
gzip
Content-Length
5803
Content-Type
text/html; charset=utf-8
X-App-Server
bk-xtgem/w3
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
Connection
close
logon.css
outlook.rch.org.au/owa/auth/15.0.847/themes/resources/ 		10 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://outlook.rch.org.au/owa/auth/15.0.847/themes/resources/logon.css
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
203.16.41.161 , Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU),
Reverse DNS
outlook.rch.org.au
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
3c56a7d6987506e5f6717b38a93d8eef986cc2ffb9b590cb393e1310972d91cc

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:14 GMT
ETag
"050875422ecf1:0"
Last-Modified
Thu, 20 Feb 2014 06:09:36 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
text/css
Cache-Control
public,max-age=2592000
Accept-Ranges
bytes
request-id
75dcee0b-288a-4120-98d5-b209dc597d8a
Content-Length
10174
flogon.js
outlook.rch.org.au/owa/auth/15.0.847/scripts/premium/ 		15 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://outlook.rch.org.au/owa/auth/15.0.847/scripts/premium/flogon.js
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
203.16.41.161 , Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU),
Reverse DNS
outlook.rch.org.au
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
19c90326f386496efc6fa59724f5cbd579c069c3cbfdab55dcb2ddad541e65dd

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:14 GMT
ETag
"050875422ecf1:0"
Last-Modified
Thu, 20 Feb 2014 06:09:36 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
application/javascript
Cache-Control
public,max-age=2592000
Accept-Ranges
bytes
request-id
069dd340-cd3f-4445-96ae-db7e5c1ed2f3
Content-Length
15416
olk_logo_white.png
outlook.rch.org.au/owa/auth/15.0.847/themes/resources/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://outlook.rch.org.au/owa/auth/15.0.847/themes/resources/olk_logo_white.png
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
203.16.41.161 , Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU),
Reverse DNS
outlook.rch.org.au
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:14 GMT
ETag
"050875422ecf1:0"
Last-Modified
Thu, 20 Feb 2014 06:09:36 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=2592000
Accept-Ranges
bytes
request-id
99e4772d-0876-4d62-ad39-4e4f80a13b27
Content-Length
2503
olk_logo_white_small.png
outlook.rch.org.au/owa/auth/15.0.847/themes/resources/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://outlook.rch.org.au/owa/auth/15.0.847/themes/resources/olk_logo_white_small.png
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
203.16.41.161 , Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU),
Reverse DNS
outlook.rch.org.au
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:14 GMT
ETag
"050875422ecf1:0"
Last-Modified
Thu, 20 Feb 2014 06:09:36 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=2592000
Accept-Ranges
bytes
request-id
e4243dbb-81f2-4b82-9621-defc8e377b06
Content-Length
3595
owa_text_blue.png
outlook.rch.org.au/owa/auth/15.0.847/themes/resources/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://outlook.rch.org.au/owa/auth/15.0.847/themes/resources/owa_text_blue.png
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
203.16.41.161 , Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU),
Reverse DNS
outlook.rch.org.au
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
ETag
"050875422ecf1:0"
Last-Modified
Thu, 20 Feb 2014 06:09:36 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=2592000
Accept-Ranges
bytes
request-id
8ff6ece4-4382-4a89-8680-9b3dc0f18f7d
Content-Length
5856
Sign_in_arrow.png
outlook.rch.org.au/owa/auth/15.0.847/themes/resources/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://outlook.rch.org.au/owa/auth/15.0.847/themes/resources/Sign_in_arrow.png
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
203.16.41.161 , Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU),
Reverse DNS
outlook.rch.org.au
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:14 GMT
ETag
"050875422ecf1:0"
Last-Modified
Thu, 20 Feb 2014 06:09:36 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=2592000
Accept-Ranges
bytes
request-id
fed4d649-7782-4f35-8eb6-55f6f565c365
Content-Length
1441
xtgem-forums.jpg
xtgem.com/images/forum/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://xtgem.com/images/forum/xtgem-forums.jpg
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
, ,
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash
12af88849dcd3b09838185efbbaa7eae7231159ace07004afc5793d80378c34f

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
X-Ngz
1
Last-Modified
Mon, 11 Dec 2017 13:05:49 GMT
Age
0
ETag
"20c8-5601031744540"
X-Cache
MISS
Content-Type
image/jpeg
Cache-Control
max-age=2592000
X-Cache-Hits
0
Connection
close
Accept-Ranges
bytes
X-App-Server
bk-creator/w3
Content-Length
8392
Expires
Sun, 07 Jul 2019 08:48:15 GMT
quant.js
edge.quantserve.com/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://edge.quantserve.com/quant.js
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
, ,
Server
91.228.74.140 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software
QS /
Resource Hash
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
Content-Encoding
gzip
Last-Modified
Fri, 07-Jun-2019 08:48:15 GMT
Server
QS
ETag
M0-e2b9884a
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=604800
Connection
keep-alive
Content-Length
5456
Expires
Fri, 14 Jun 2019 08:48:15 GMT
tp.gif
enif.images.xtstatic.com/ Frame 79CB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://enif.images.xtstatic.com/tp.gif
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash

Request headers

Host
enif.images.xtstatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://outlook-update.hexat.com/index
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://outlook-update.hexat.com/index

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
Last-Modified
Mon, 11 Dec 2017 13:05:49 GMT
ETag
"2a-5601031744540"
Content-Length
42
Cache-Control
max-age=2592000
Expires
Sun, 07 Jul 2019 08:48:15 GMT
Content-Type
image/gif
X-App-Server
bk-xtstatic-int/w4
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
Connection
close
tp.gif
cif.images.xtstatic.com/ Frame F18F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://cif.images.xtstatic.com/tp.gif
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash

Request headers

Host
cif.images.xtstatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://outlook-update.hexat.com/index
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://outlook-update.hexat.com/index

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
Last-Modified
Mon, 11 Dec 2017 13:05:49 GMT
ETag
"2a-5601031744540"
Content-Length
42
Cache-Control
max-age=2592000
Expires
Sun, 07 Jul 2019 08:48:15 GMT
Content-Type
image/gif
X-App-Server
bk-xtstatic-int/w4
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
Connection
close
bg_gradient_login.png
outlook-update.hexat.com/owa/auth/15.0.847/themes/resources/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://outlook-update.hexat.com/owa/auth/15.0.847/themes/resources/bg_gradient_login.png
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
, ,
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
fc0d7caa36e3501250c6adf0446ec8171304a33792ab430d24b0915b9bd179a1

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
X-Ngz
1
Age
0
X-Cache
MISS
Content-Type
text/html; charset=UTF-8
Connection
close
X-App-Server
bk-xtgem/d2
Content-Length
1311
X-Cache-Hits
0
segoeui-regular.ttf
outlook.rch.org.au/owa/auth/15.0.847/themes/resources/ 		0
0
Cookie set __xt_authbar
xtgem.com/ Frame B1FC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9vdXRsb29rLXVwZGF0ZS5oZXhhdC5jb21cL2luZGV4IiwibG9nZ2VkX2luIjpmYWxzZSwiZG9tYWluIjoib3V0bG9vay11cGRhdGUuaGV4YXQuY29tIiwicG9zaXRpb24iOnsiYWJzb2x1dGUiOiJmaXhlZCJ9fQ==
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash

Request headers

Host
xtgem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://outlook-update.hexat.com/index
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://outlook-update.hexat.com/index

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
session=d2~meefsp5cf5j6gjnighn27t3pd6; expires=Sat, 08-Jun-2019 08:48:15 GMT; Max-Age=86400; path=/; domain=.xtgem.com; httponly __template=web; expires=Sun, 07-Jul-2019 08:48:15 GMT; Max-Age=2592000; path=/ __lang=us; expires=Sun, 07-Jul-2019 08:48:15 GMT; Max-Age=2592000; path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
2799
Content-Type
text/html; charset=UTF-8
X-App-Server
bk-creator/d2
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
Connection
close
close2.png
xtgem.com/images/ 		564 B
931 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://xtgem.com/images/close2.png?v=0.01
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
, ,
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
X-Ngz
1
Last-Modified
Mon, 11 Dec 2017 13:05:49 GMT
Age
0
ETag
"234-5601031744540"
X-Cache
MISS
Content-Type
image/png
Cache-Control
max-age=2592000
X-Cache-Hits
0
Connection
close
Accept-Ranges
bytes
X-App-Server
bk-creator/d2
Content-Length
564
Expires
Sun, 07 Jul 2019 08:48:15 GMT
rules-p-0cfM8Oh7M9bVQ.js
rules.quantcount.com/
Redirect Chain
  • http://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
  • https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
3 B
339 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:200c:800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 07 Jun 2019 04:26:03 GMT
via
1.1 bd785324d865b594e6f1838b58cb0dae.cloudfront.net (CloudFront)
last-modified
Sat, 04 Mar 2017 19:40:53 GMT
server
AmazonS3
age
15749
etag
"8a80554c91d9fca8acb82f023de02f11"
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
3
x-amz-cf-id
70H913e9DqF4HqWMOjSuG0h37qXY0F969ixRmT9WCc5XEHc1QD-mCQ==

Redirect headers

Date
Fri, 07 Jun 2019 08:48:15 GMT
Via
1.1 7c2d73d3cd46e357090188fa2946f746.cloudfront.net (CloudFront)
Server
CloudFront
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
Connection
keep-alive
Content-Length
183
X-Amz-Cf-Id
nEfGdlA5alq0jcu_OO7D0TJLmK-42gaao2eki2KwW8KL3nyHP7dcqg==
pixel;r=468179785;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Foutlook-update.hexat.com%2Findex;fpan=1;fpa=P0-1489238270-1559897295643;ns=0;ce=1;qjs=1;qv=4c19192-20180628134937;cm=;ref=;je=0;sr=1600x120...
pixel.quantserve.com/ 		35 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.quantserve.com/pixel;r=468179785;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Foutlook-update.hexat.com%2Findex;fpan=1;fpa=P0-1489238270-1559897295643;ns=0;ce=1;qjs=1;qv=4c19192-20180628134937;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=0;et=1559897295642;tzo=0;ogl=
Requested by
Host: outlook-update.hexat.com
URL: http://outlook-update.hexat.com/index
Protocol
HTTP/1.1
Security
, ,
Server
91.228.74.249 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software
QS /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer
http://outlook-update.hexat.com/index
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 Jun 2019 08:48:15 GMT
Server
QS
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
Fri, 04 Aug 1978 12:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
outlook.rch.org.au
URL
https://outlook.rch.org.au/owa/auth/15.0.847/themes/resources/segoeui-regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| initLogon function| redir function| shw function| hd function| clkExp function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr object| mainLogonDiv boolean| showPlaceholderText string| mainLogonDivClassName function| setPlaceholderText function| showPasswordClick object| _qevents boolean| cookies number| len function| quantserve function| __qc object| ezt object| _qoptions

1 Cookies

Domain/Path Name / Value
outlook-update.hexat.com/ Name: cookieTest
Value: 1