indoorbee.com Open in urlscan Pro
35.209.244.35 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://messagecenterdelivery.com/#s.stomberg@f5.com
Effective URL:
https://indoorbee.com/wur/
Submission: On April 27 via manual (April 27th 2020, 4:22:07 am UTC) from IN

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 35.209.244.35, located in Mountain View, United States and belongs to GOOGLE-2, US. The main domain is indoorbee.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 22nd 2020. Valid for: 3 months.

This is the only time indoorbee.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	119.18.62.202 119.18.62.202	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
1 7	35.209.244.35 35.209.244.35	19527 (GOOGLE-2) (GOOGLE-2)
2	152.199.23.72 152.199.23.72	15133 (EDGECAST) (EDGECAST)
8	2

1 119.18.62.202 (India) 1 redirects

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)

messagecenterdelivery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.209.244.35 (Mountain View, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 35.244.209.35.bc.googleusercontent.com

indoorbee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 152.199.23.72 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	indoorbee.com 1 redirects indoorbee.com	307 KB
2	msauthimages.net aadcdn.msauthimages.net	139 KB
1	messagecenterdelivery.com 1 redirects messagecenterdelivery.com	246 B
8	3

	Domain	Requested by
7	indoorbee.com	1 redirects indoorbee.com
2	aadcdn.msauthimages.net
1	messagecenterdelivery.com	1 redirects
8	3

This site contains no links.

Subject Issuer	Validity	Valid
indoorbee.com Let's Encrypt Authority X3	`2020-04-22` - `2020-07-21`	3 months	crt.sh
aadcdn.msauthimages.net Microsoft IT TLS CA 1	`2018-12-07` - `2020-12-07`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://indoorbee.com/wur/
Frame ID: D573E8781E5EA8582015883CBD64B239
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://messagecenterdelivery.com/ HTTP 301
https://indoorbee.com/wur HTTP 301
https://indoorbee.com/wur/ Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

445 kB
Transfer

582 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://messagecenterdelivery.com/ HTTP 301
https://indoorbee.com/wur HTTP 301
https://indoorbee.com/wur/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response indoorbee.com/wur/ Redirect Chain https://messagecenterdelivery.com/ https://indoorbee.com/wur https://indoorbee.com/wur/	5 KB 4 KB	1317ms 1317ms	Document text/html	35.209.244.35 GOOGLE-2
General Check archive.org Show headers Download Go to Full URL https://indoorbee.com/wur/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.209.244.35 Mountain View, United States, ASN19527 (GOOGLE-2, US), Reverse DNS 35.244.209.35.bc.googleusercontent.com Software nginx / Resource Hash `9d422ea9ac9ced7258fdb38a45bec6f8ca46879225b1bd5358f14e843863e2ee` Request headers :method GET :authority indoorbee.com :scheme https :path /wur/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Response headers status 200 server nginx date Mon, 27 Apr 2020 04:21:32 GMT content-type text/html; charset=UTF-8 content-length 3901 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache set-cookie toxic_hydra=52ac3327f396278c2878d18b47339dffbc8227f4; expires=Mon, 27-Apr-2020 06:21:32 GMT; Max-Age=7200; path=/; HttpOnly vary Accept-Encoding content-encoding gzip referrer-policy no-referrer-when-downgrade alt-svc quic=":443"; ma=86400; v="43,39" host-header b7440e60b07ee7b8044761568fab26e8 x-proxy-cache MISS Redirect headers status 301 server nginx date Mon, 27 Apr 2020 04:21:31 GMT content-type text/html; charset=iso-8859-1 content-length 234 location https://indoorbee.com/wur/ cache-control max-age=15552000 expires Sat, 24 Oct 2020 04:21:31 GMT alt-svc quic=":443"; ma=86400; v="43,39" host-header b7440e60b07ee7b8044761568fab26e8 x-proxy-cache MISS
GET H2	200	D65DEEBDDC87C70B.css indoorbee.com/wur/ASSETS-73430/_css/	7 KB 2 KB	465ms 464ms	Stylesheet text/css	35.209.244.35 GOOGLE-2
General Check archive.org Show headers Download Go to Full URL https://indoorbee.com/wur/ASSETS-73430/_css/D65DEEBDDC87C70B.css Requested by Host: indoorbee.com URL: https://indoorbee.com/wur/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.209.244.35 Mountain View, United States, ASN19527 (GOOGLE-2, US), Reverse DNS 35.244.209.35.bc.googleusercontent.com Software nginx / Resource Hash `42187e8f846f2e1c3c0ce8142a63693f295625404d3f6eb27291b7a3f22b9449` Request headers Referer https://indoorbee.com/wur/ User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Response headers pragma no-cache date Mon, 27 Apr 2020 04:21:33 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade server nginx vary Accept-Encoding content-type text/css; charset=UTF-8 status 200 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate host-header b7440e60b07ee7b8044761568fab26e8 alt-svc quic=":443"; ma=86400; v="43,39" content-length 1823 x-proxy-cache MISS
GET H2	200	D5338C7D894D193E.js Show response indoorbee.com/wur/ASSETS-73430/_js/	184 KB 56 KB	611ms 610ms	Script text/javascript	35.209.244.35 GOOGLE-2
General Check archive.org Show headers Download Go to Full URL https://indoorbee.com/wur/ASSETS-73430/_js/D5338C7D894D193E.js Requested by Host: indoorbee.com URL: https://indoorbee.com/wur/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.209.244.35 Mountain View, United States, ASN19527 (GOOGLE-2, US), Reverse DNS 35.244.209.35.bc.googleusercontent.com Software nginx / Resource Hash `6b045fc533c6aaf0590a2acdf82263388bbf2b1f7695c944b167ff6bd79bc404` Request headers Referer https://indoorbee.com/wur/ User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Response headers pragma no-cache date Mon, 27 Apr 2020 04:21:33 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade server nginx vary Accept-Encoding content-type text/javascript; charset=UTF-8 status 200 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate host-header b7440e60b07ee7b8044761568fab26e8 alt-svc quic=":443"; ma=86400; v="43,39" x-proxy-cache MISS
GET H2	200	bg.jpg indoorbee.com/wur/ASSETS-73430/_img/	243 KB 239 KB	462ms 461ms	Image image/jpeg	35.209.244.35 GOOGLE-2
General Check archive.org Show headers Download Go to Show image Full URL https://indoorbee.com/wur/ASSETS-73430/_img/bg.jpg Requested by Host: indoorbee.com URL: https://indoorbee.com/wur/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.209.244.35 Mountain View, United States, ASN19527 (GOOGLE-2, US), Reverse DNS 35.244.209.35.bc.googleusercontent.com Software nginx / Resource Hash `ee49f9d87dcf1773bc95ce7df2d9e4edfe068f6be41a7c1117d9b78f9c49f043` Request headers Referer https://indoorbee.com/wur/ASSETS-73430/_css/D65DEEBDDC87C70B.css User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Response headers date Mon, 27 Apr 2020 04:21:34 GMT content-encoding gzip status 200 content-transfer-encoding binary content-disposition filename=bg.jpg; host-header b7440e60b07ee7b8044761568fab26e8 alt-svc quic=":443"; ma=86400; v="43,39" pragma no-cache referrer-policy no-referrer-when-downgrade last-modified Mon, 27 Apr 2020 04:21:34 GMT server nginx vary Accept-Encoding content-type image/jpeg cache-control no-store, no-cache, must-revalidate x-proxy-cache MISS expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	l.png indoorbee.com/wur/ASSETS-73430/img/	5 KB 4 KB	181ms 180ms	Image image/png	35.209.244.35 GOOGLE-2
General Check archive.org Show headers Download Go to Show image Full URL https://indoorbee.com/wur/ASSETS-73430/img/l.png Requested by Host: indoorbee.com URL: https://indoorbee.com/wur/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.209.244.35 Mountain View, United States, ASN19527 (GOOGLE-2, US), Reverse DNS 35.244.209.35.bc.googleusercontent.com Software nginx / W3 Total Cache/0.9.7.4 Resource Hash `f5a6c424ceebb1207b1bf6183240bc298bf5e212a6ee66fb94f233c37ad66695` Request headers Referer https://indoorbee.com/wur/ASSETS-73430/_css/D65DEEBDDC87C70B.css User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Response headers date Mon, 27 Apr 2020 04:21:34 GMT content-encoding gzip x-powered-by W3 Total Cache/0.9.7.4 status 200 host-header b7440e60b07ee7b8044761568fab26e8 alt-svc quic=":443"; ma=86400; v="43,39" content-length 4115 pragma public referrer-policy no-referrer-when-downgrade last-modified Tue, 10 Mar 2020 01:58:26 GMT server nginx etag "1227-5a07674941480-gzip" vary Accept-Encoding content-type image/png expires Tue, 27 Apr 2021 04:21:33 GMT cache-control max-age=31536000, public accept-ranges bytes x-proxy-cache MISS
POST H2	200	background Show response indoorbee.com/wur/API-20845/	603 B 675 B	1214ms 1214ms	XHR text/html	35.209.244.35 GOOGLE-2
General Check archive.org Show headers Download Go to Full URL https://indoorbee.com/wur/API-20845/background Requested by Host: indoorbee.com URL: https://indoorbee.com/wur/ASSETS-73430/_js/D5338C7D894D193E.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.209.244.35 Mountain View, United States, ASN19527 (GOOGLE-2, US), Reverse DNS 35.244.209.35.bc.googleusercontent.com Software nginx / Resource Hash `5613e1f6d172954658dd902fa139267bb39b597640fbf56d169e11662331eea2` Request headers Accept application/json, text/plain, / Referer https://indoorbee.com/wur/ User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryyBRzX1mYgz9MJCcF Response headers pragma no-cache date Mon, 27 Apr 2020 04:21:40 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade server nginx status 200 vary Accept-Encoding content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate host-header b7440e60b07ee7b8044761568fab26e8 alt-svc quic=":443"; ma=86400; v="43,39" content-length 360 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	illustration aadcdn.msauthimages.net/dbd5a2dd-lifo0147vhlvjo1bzrqqkoazftgiku-lr1idk11xknu/logintenantbranding/0/	132 KB 132 KB	161ms 37ms	Image image/*	152.199.23.72 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauthimages.net/dbd5a2dd-lifo0147vhlvjo1bzrqqkoazftgiku-lr1idk11xknu/logintenantbranding/0/illustration?ts=637092765629558180 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.72 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (waw/057D) / Resource Hash `b2b4ee9a0db73d5046f3ed10295d21b5f5ee2577caa5eaa19a80a3b56b3a8c34` Request headers Referer https://indoorbee.com/wur/ User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Response headers x-ms-blob-type BlockBlob date Mon, 27 Apr 2020 04:21:40 GMT content-md5 gY3/vt+Kj7mNe+27//BYzQ== age 62830 x-cache HIT status 200 content-length 134820 x-ms-lease-status unlocked last-modified Wed, 13 Nov 2019 21:16:03 GMT server ECAcc (waw/057D) etag 0x8D7687EB0EBB42C content-type image/* x-ms-request-id 41a9b516-e01e-002f-1cb9-1b0163000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	bannerlogo aadcdn.msauthimages.net/dbd5a2dd-lifo0147vhlvjo1bzrqqkoazftgiku-lr1idk11xknu/logintenantbranding/0/	6 KB 7 KB	158ms 35ms	Image image/*	152.199.23.72 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauthimages.net/dbd5a2dd-lifo0147vhlvjo1bzrqqkoazftgiku-lr1idk11xknu/logintenantbranding/0/bannerlogo?ts=637092765649921743 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.23.72 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (waw/0540) / Resource Hash `77b4a251a0ef51dd377ef46150833f62ce0d6ff94227f7eca07425bf820c6a77` Request headers Referer https://indoorbee.com/wur/ User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Response headers x-ms-blob-type BlockBlob date Mon, 27 Apr 2020 04:21:40 GMT content-md5 7kggxRoydMQS0isGKZp0jQ== age 62830 x-cache HIT status 200 content-length 6647 x-ms-lease-status unlocked last-modified Wed, 13 Nov 2019 21:16:05 GMT server ECAcc (waw/0540) etag 0x8D7687EB1FA6EB0 content-type image/* x-ms-request-id 11e42558-c01e-00dd-32b9-1bd3f7000000 cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			indoorbee.com/	1970-01-19 09:06:08	Name: toxic_hydra Value: 9a7c0057540848f358f9a0b87a63b96cce6902ee

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauthimages.net
indoorbee.com
messagecenterdelivery.com
119.18.62.202
152.199.23.72
35.209.244.35
42187e8f846f2e1c3c0ce8142a63693f295625404d3f6eb27291b7a3f22b9449
5613e1f6d172954658dd902fa139267bb39b597640fbf56d169e11662331eea2
6b045fc533c6aaf0590a2acdf82263388bbf2b1f7695c944b167ff6bd79bc404
77b4a251a0ef51dd377ef46150833f62ce0d6ff94227f7eca07425bf820c6a77
9d422ea9ac9ced7258fdb38a45bec6f8ca46879225b1bd5358f14e843863e2ee
b2b4ee9a0db73d5046f3ed10295d21b5f5ee2577caa5eaa19a80a3b56b3a8c34
ee49f9d87dcf1773bc95ce7df2d9e4edfe068f6be41a7c1117d9b78f9c49f043
f5a6c424ceebb1207b1bf6183240bc298bf5e212a6ee66fb94f233c37ad66695

indoorbee.com Open in urlscan Pro 35.209.244.35 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

445 kBTransfer

582 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

indoorbee.com Open in urlscan Pro
35.209.244.35 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

445 kB
Transfer

582 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!