indomei-rebus.net Open in urlscan Pro
162.144.38.197 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25
Effective URL:
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6...
Submission: On August 17 via manual (August 17th 2018, 9:08:49 am UTC) from US

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 162.144.38.197, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is indomei-rebus.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 16th 2018. Valid for: 3 months.

This is the only time indomei-rebus.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
3 5	162.144.38.197 162.144.38.197	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
4	2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:6c0... 2a02:26f0:6c00:283::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2603:1026:208... 2603:1026:208:1::2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
9	4

5 162.144.38.197 (Provo, United States) 3 redirects

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-144-38-197.unifiedlayer.com

indomei-rebus.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:29f::34ef (European Union)

ASN20940 (AKAMAI-ASN1, US)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:283::34ef (European Union)

ASN20940 (AKAMAI-ASN1, US)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:208:1::2 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

outlook.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gfx.ms auth.gfx.ms	301 KB
5	indomei-rebus.net 3 redirects indomei-rebus.net	36 KB
1	office365.com outlook.office365.com
9	3

	Domain	Requested by
6	auth.gfx.ms	indomei-rebus.net
5	indomei-rebus.net	3 redirects indomei-rebus.net
1	outlook.office365.com	indomei-rebus.net
9	3

This site contains links to these domains. Also see Links.

Domain
signup.live.com
login.live.com

Subject Issuer	Validity	Valid
indomei-rebus.net Let's Encrypt Authority X3	`2018-08-16` - `2018-11-14`	3 months	crt.sh
msagfx.live.com Microsoft IT TLS CA 4	`2017-07-27` - `2019-07-17`	2 years	crt.sh
outlook.com DigiCert Cloud Services CA-1	`2017-09-13` - `2018-09-13`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: 5DA40D91BDD30910C0DB7EE084E4C99A
Requests: 8 HTTP requests in this frame

Frame: https://outlook.office365.com/owa/prefetch.aspx?id=292841&mkt=EN-US
Frame ID: 23BDA657F6F381A4AED516A70055A195
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25 HTTP 301
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/ HTTP 302
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f5... HTTP 301
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f5... Page URL
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f5... Page URL

Detected technologies

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

9
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

336 kB
Transfer

410 kB
Size

3
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1527522617&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=434CFE518172E886&bk=1527522618&uiflavor=web&uaid=8db683bf78e7431a99265db7c238af4e&mkt=EN-US&lc=1033
Title: Create one!

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25 HTTP 301
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/ HTTP 302
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6 HTTP 301
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/ Page URL
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25 HTTP 301
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/ HTTP 302
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6 HTTP 301
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/
Redirect Chain

https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6
https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/

673 B
952 B

204ms
204ms

Document
text/html

162.144.38.197
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.144.38.197 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 162-144-38-197.unifiedlayer.com
Software: Apache/2.4.34 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4 /
Resource Hash: e1ef23347ce7e8aba55dca96f181b47a7ca0f01aed99311f461972deab3aa2b4

Request headers

Host: indomei-rebus.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 5DA40D91BDD30910C0DB7EE084E4C99A

Response headers

Date: Fri, 17 Aug 2018 09:08:37 GMT
Server: Apache/2.4.34 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Fri, 17 Aug 2018 09:08:37 GMT
Server: Apache/2.4.34 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4
Location: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/
Content-Length: 464
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Primary Request Login.php Show response
indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/ 34 KB
34 KB 199ms
198ms Document
text/html 162.144.38.197
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Requested by: Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.144.38.197 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: 162-144-38-197.unifiedlayer.com
Software: Apache/2.4.34 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4 /
Resource Hash: 3477dd33264a33c92e997c47a638eeff52618736964b25a37fb29f1fd89ac62a

Request headers

Host: indomei-rebus.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 5DA40D91BDD30910C0DB7EE084E4C99A
Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/

Response headers

Date: Fri, 17 Aug 2018 09:08:37 GMT
Server: Apache/2.4.34 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Converged_v21033.css
auth.gfx.ms/16.000.27773.2/ 92 KB
18 KB 27ms
6ms Stylesheet
text/css 2a02:26f0:6c00:29f::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.gfx.ms/16.000.27773.2/Converged_v21033.css
Requested by: Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 4e9e7c1c2df9e91cf271a7afe529360d199cdff23a721473062ee1ebabd6821f

Request headers

Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 17 Aug 2018 09:08:37 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 May 2018 19:45:20 GMT
PPServer: PPV: 30 H: BAYIDSPRTS3G004 V: 0
ETag: "08461a4ee2d31:0"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=353766
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17584
Server: Microsoft-IIS/8.5

GET
H/1.1 200
OK microsoft_logo.svg
auth.gfx.ms/16.000.27773.2/images/ 4 KB
2 KB 675ms
674ms Image
image/svg+xml 2a02:26f0:6c00:29f::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27773.2/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd
Requested by: Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 17 Aug 2018 09:08:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 May 2018 19:41:48 GMT
PPServer: PPV: 30 H: BAYIDSPRTS3G004 V: 0
ETag: "066e99b4de2d31:0"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1435
Server: Microsoft-IIS/8.5

GET
H/1.1 200
OK ellipsis_white.svg
auth.gfx.ms/16.000.27773.2/images/ 915 B
667 B 676ms
664ms Image
image/svg+xml 2a02:26f0:6c00:283::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27773.2/images/ellipsis_white.svg?x=5ac590ee72bfe06a7cecfd75b588ad73
Requested by: Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:283::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 17 Aug 2018 09:08:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 May 2018 19:41:48 GMT
PPServer: PPV: 30 H: BL2IDSPRTS1C002 V: 0
ETag: "066e99b4de2d31:0"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 263
Server: Microsoft-IIS/8.5

GET
H/1.1 404
Not Found ellipsis_grey.svg
auth.gfx.ms/16.000.27773.2/images/ 0
208 B 671ms
658ms Image
text/plain 2a02:26f0:6c00:283::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27773.2/images/ellipsis_grey.svg?x=2b5d393db04a5e6e1f739cb266e65b4c
Requested by: Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:283::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 17 Aug 2018 09:08:38 GMT
PPServer: PPV: 30 H: BAYIDSPRTS3G001 V: 0
Connection: keep-alive
Content-Length: 0
Server: Microsoft-IIS/8.5

GET
H/1.1 200
OK Cookie set prefetch.aspx
outlook.office365.com/owa/ Frame 23BD 0
0 140ms
61ms Document
text/html 2603:1026:208:1::2
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://outlook.office365.com/owa/prefetch.aspx?id=292841&mkt=EN-US

Requested by

Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1026:208:1::2 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Host: outlook.office365.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 5DA40D91BDD30910C0DB7EE084E4C99A
Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015

Response headers

Cache-Control: private, no-store
Content-Length: 1240
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
request-id: ae169ee8-a53c-4804-8012-a84b63d2a42e
X-CalculatedFETarget: HE1PR05CU004.internal.outlook.com
X-BackEndHttpStatus: 200 200
Set-Cookie: ClientId=6F647969BBC34C498418298996BB6F4C; expires=Sat, 17-Aug-2019 09:08:37 GMT; path=/; secure ClientId=6F647969BBC34C498418298996BB6F4C; expires=Sat, 17-Aug-2019 09:08:37 GMT; path=/; secure OIDC=1; expires=Sun, 17-Feb-2019 09:08:37 GMT; path=/; secure; HttpOnly OWAPF=v:16.2500.10.2596764&l:mouse; path=/
X-FEProxyInfo: HE1PR05CA0152.EURPRD05.PROD.OUTLOOK.COM
X-CalculatedBETarget: HE1PR05MB3500.eurprd05.prod.outlook.com
X-RUM-Validated: 1
X-Content-Type-Options: nosniff
X-BeSku: WCS5
X-OWA-Version: 15.20.1059.21
X-OWA-DiagnosticsInfo: 1;0;0
X-BackEnd-Begin: 2018-08-17T09:08:37.926
X-BackEnd-End: 2018-08-17T09:08:37.928
X-DiagInfo: HE1PR05MB3500
X-BEServer: HE1PR05MB3500
X-UA-Compatible: IE=EmulateIE7
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-FEServer: HE1PR05CA0152 AM6PR0502CA0005
X-Powered-By: ASP.NET
Date: Fri, 17 Aug 2018 09:08:37 GMT

GET
H/1.1 200
OK 0.jpg
auth.gfx.ms/16.000.27773.2/images/Backgrounds/ 277 KB
277 KB 19ms
6ms Image
image/jpeg 2a02:26f0:6c00:29f::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0
Requested by: Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 17 Aug 2018 09:08:37 GMT
Last-Modified: Wed, 02 May 2018 19:41:48 GMT
PPServer: PPV: 30 H: BL2IDSPRTS1C002 V: 0
ETag: "066e99b4de2d31:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=305984
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 283351
Server: Microsoft-IIS/8.5

GET
H/1.1 200
OK 0-small.jpg
auth.gfx.ms/16.000.27773.2/images/Backgrounds/ 3 KB
3 KB 18ms
6ms Image
image/jpeg 2a02:26f0:6c00:29f::34ef
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
Requested by: Host: indomei-rebus.net
URL: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:29f::34ef , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer: https://indomei-rebus.net/!@%23%23$%5e$%25%23&%25%23&@%25/!@%23%23$%5e$%25%23&%25%23&@%25/18b9ae1606f53151ff96c20dc2ba21f6/Login.php?wa=wsignin1.0&rpsnv=13&ct=1527523723&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dc3d04782-2ab8-dc60-d301-99253415a0af&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 17 Aug 2018 09:08:37 GMT
Last-Modified: Wed, 02 May 2018 19:41:48 GMT
PPServer: PPV: 30 H: BL2IDSPRTS1C004 V: 0
ETag: "066e99b4de2d31:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=358041
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3006
Server: Microsoft-IIS/8.5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
outlook.office365.com/	1969-12-31 23:59:59	Name: OWAPF Value: p:11111111&v:16.2500.10.2596764&l:mouse&
outlook.office365.com/	1970-01-18 22:39:54	Name: OIDC Value: 1
outlook.office365.com/	1970-01-19 03:00:32	Name: ClientId Value: 6F647969BBC34C498418298996BB6F4C

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
indomei-rebus.net
outlook.office365.com
162.144.38.197
2603:1026:208:1::2
2a02:26f0:6c00:283::34ef
2a02:26f0:6c00:29f::34ef
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
3477dd33264a33c92e997c47a638eeff52618736964b25a37fb29f1fd89ac62a
4e9e7c1c2df9e91cf271a7afe529360d199cdff23a721473062ee1ebabd6821f
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
e1ef23347ce7e8aba55dca96f181b47a7ca0f01aed99311f461972deab3aa2b4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

indomei-rebus.net Open in urlscan Pro 162.144.38.197 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

75 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

336 kBTransfer

410 kBSize

3 Cookies

3 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

3 Cookies

Indicators

indomei-rebus.net Open in urlscan Pro
162.144.38.197 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

336 kB
Transfer

410 kB
Size

3
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!