exhange-online-msrsoft.github.io

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 185.199.111.153, located in United States and belongs to ,. The main domain is exhange-online-msrsoft.github.io.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on June 27th 2018. Valid for: 2 years.

This is the only time exhange-online-msrsoft.github.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	111.90.150.231 111.90.150.231	45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd)
6	185.199.111.153 185.199.111.153	54113 () ()
6	1

1 111.90.150.231 (Rwanda) 1 redirects

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)

8763727rri093.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.199.111.153 (United States)

ASN54113 (,)

exhange-online-msrsoft.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	github.io exhange-online-msrsoft.github.io	623 KB
1	8763727rri093.ml 1 redirects 8763727rri093.ml	351 B
6	2

	Domain	Requested by
6	exhange-online-msrsoft.github.io	exhange-online-msrsoft.github.io
1	8763727rri093.ml	1 redirects
6	2

This site contains no links.

Subject Issuer	Validity	Valid
www.github.com DigiCert SHA2 High Assurance Server CA	`2018-06-27` - `2020-06-20`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404
Frame ID: 81D9F1D52A79902D19BBE05CCA23A801
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

https://8763727rri093.ml/prawn.php HTTP 302
https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&quest... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

623 kB
Transfer

713 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://8763727rri093.ml/prawn.php HTTP 302
https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request rev-owa.html Show response
exhange-online-msrsoft.github.io/socket/
Redirect Chain

https://8763727rri093.ml/prawn.php
https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404

4 KB
2 KB

120ms
119ms

Document
text/html

185.199.111.153

General

Check archive.org

Show headers Download Go to

Full URL

https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.111.153 , United States, ASN54113 (,),

Reverse DNS

Software

GitHub.com /

Resource Hash

1ed993e1668671546d37016547baaed25b3959312f5b1f446fd2336d65d59aae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

:method: GET
:authority: exhange-online-msrsoft.github.io
:scheme: https
:path: /socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
server: GitHub.com
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31556952
last-modified: Mon, 20 May 2019 05:22:02 GMT
etag: W/"5ce2397a-fd7"
access-control-allow-origin: *
expires: Tue, 21 May 2019 18:08:46 GMT
cache-control: max-age=600
content-encoding: gzip
x-github-request-id: 3220:21A1:46CE36:5D1A0B:5CE43C7D
accept-ranges: bytes
date: Tue, 21 May 2019 17:59:26 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-hhn1520-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1558461566.162753,VS0,VE104
vary: Accept-Encoding
x-fastly-request-id: bae69b515f5ff26c41029e3908ac6e04d4d989e6
content-length: 1592

Redirect headers

Date: Tue, 21 May 2019 17:59:25 GMT
Server: Apache
Location: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 shief.css
exhange-online-msrsoft.github.io/socket/brand/ 7 KB
2 KB 121ms
117ms Stylesheet
text/css 185.199.111.153

General

Check archive.org

Show headers Download Go to

Full URL

https://exhange-online-msrsoft.github.io/socket/brand/shief.css

Requested by

Host: exhange-online-msrsoft.github.io
URL: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.111.153 , United States, ASN54113 (,),

Reverse DNS

Software

GitHub.com /

Resource Hash

0da05a87776a2a88519999048df16c3ca5c61724a1d2a89da0380b6a01dc7a17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: 0ab034af9e50c5aae7a854d5ddae662e77b423e0
strict-transport-security: max-age=31556952
content-encoding: gzip
age: 0
x-cache: MISS
status: 200
date: Tue, 21 May 2019 17:59:26 GMT
x-cache-hits: 0
content-length: 2242
via: 1.1 varnish
x-served-by: cache-hhn1520-HHN
last-modified: Mon, 20 May 2019 05:22:02 GMT
server: GitHub.com
x-github-request-id: 7CDA:4CE0:14FD671:1B530D9:5CE43C30
x-timer: S1558461566.292087,VS0,VE101
etag: W/"5ce2397a-1cdb"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
expires: Tue, 21 May 2019 18:08:08 GMT

GET
H2 200 jquery.min.js Show response
exhange-online-msrsoft.github.io/socket/js/ 85 KB
30 KB 118ms
116ms Script
application/javascript 185.199.111.153

General

Check archive.org

Show headers Download Go to

Full URL

https://exhange-online-msrsoft.github.io/socket/js/jquery.min.js

Requested by

Host: exhange-online-msrsoft.github.io
URL: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.111.153 , United States, ASN54113 (,),

Reverse DNS

Software

GitHub.com /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: cc6fc97cb76cac3f798aa7ec3346b6d3e539f1c2
strict-transport-security: max-age=31556952
content-encoding: gzip
age: 0
x-cache: MISS
status: 200
date: Tue, 21 May 2019 17:59:26 GMT
x-cache-hits: 0
content-length: 30544
via: 1.1 varnish
x-served-by: cache-hhn1520-HHN
last-modified: Mon, 20 May 2019 05:22:02 GMT
server: GitHub.com
x-github-request-id: 17F2:0FB4:13DB36D:19DD937:5CE43C30
x-timer: S1558461566.292078,VS0,VE100
etag: W/"5ce2397a-1538f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
expires: Tue, 21 May 2019 18:08:08 GMT

GET
H2 200 bootstrap.min.js Show response
exhange-online-msrsoft.github.io/socket/js/ 37 KB
10 KB 114ms
112ms Script
application/javascript 185.199.111.153

General

Check archive.org

Show headers Download Go to

Full URL

https://exhange-online-msrsoft.github.io/socket/js/bootstrap.min.js

Requested by

Host: exhange-online-msrsoft.github.io
URL: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.111.153 , United States, ASN54113 (,),

Reverse DNS

Software

GitHub.com /

Resource Hash

909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: 94598838c6acaa879523d84b5f81e19421d5ed46
strict-transport-security: max-age=31556952
content-encoding: gzip
age: 0
x-cache: MISS
status: 200
date: Tue, 21 May 2019 17:59:26 GMT
x-cache-hits: 0
content-length: 10098
via: 1.1 varnish
x-served-by: cache-hhn1520-HHN
last-modified: Mon, 20 May 2019 05:22:02 GMT
server: GitHub.com
x-github-request-id: A2F6:189D:1332627:18D553D:5CE43C30
x-timer: S1558461566.292161,VS0,VE97
etag: W/"5ce2397a-92e8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
expires: Tue, 21 May 2019 18:08:08 GMT

GET
H2 200 dust.svg
exhange-online-msrsoft.github.io/socket/brand/ 4 KB
2 KB 128ms
126ms Image
image/svg+xml 185.199.111.153

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exhange-online-msrsoft.github.io/socket/brand/dust.svg

Requested by

Host: exhange-online-msrsoft.github.io
URL: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.111.153 , United States, ASN54113 (,),

Reverse DNS

Software

GitHub.com /

Resource Hash

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: 13751a588170b5a6e160b90da7e9ad9ebed651be
strict-transport-security: max-age=31556952
content-encoding: gzip
age: 0
x-cache: MISS
status: 200
date: Tue, 21 May 2019 17:59:26 GMT
x-cache-hits: 0
content-length: 1448
via: 1.1 varnish
x-served-by: cache-hhn1520-HHN
last-modified: Mon, 20 May 2019 05:22:02 GMT
server: GitHub.com
x-github-request-id: 74A0:5361:993FAC:C84BE8:5CE43C30
x-timer: S1558461566.292065,VS0,VE111
etag: W/"5ce2397a-e43"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
expires: Tue, 21 May 2019 18:08:02 GMT

GET
H2 200 1ite.jpg
exhange-online-msrsoft.github.io/socket/brand/ 577 KB
577 KB 118ms
117ms Image
image/jpeg 185.199.111.153

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://exhange-online-msrsoft.github.io/socket/brand/1ite.jpg

Requested by

Host: exhange-online-msrsoft.github.io
URL: https://exhange-online-msrsoft.github.io/socket/rev-owa.html?app=&=d&source=product.landing_search&locale=en_US&question_box=404

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.111.153 , United States, ASN54113 (,),

Reverse DNS

Software

GitHub.com /

Resource Hash

9b2a6effeb54d57a267b0211f0b5571b70c64e4d2436b0be559883cbc23b4bcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://exhange-online-msrsoft.github.io/socket/brand/shief.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: 3cf29a70de80e50645ab744d7fa405e5c6fb9edc
strict-transport-security: max-age=31556952
via: 1.1 varnish
age: 0
x-cache: MISS
status: 200
date: Tue, 21 May 2019 17:59:26 GMT
x-cache-hits: 0
content-length: 590546
x-served-by: cache-hhn1520-HHN
last-modified: Mon, 20 May 2019 05:22:02 GMT
server: GitHub.com
x-github-request-id: 3A4C:21A3:1324CA3:18FB455:5CE43C30
x-timer: S1558461566.443480,VS0,VE103
etag: "5ce2397a-902d2"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
expires: Tue, 21 May 2019 18:08:02 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://exhange-online-msrsoft.github.io/socket/js/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property '1' of null
console-api	warning	URL: https://exhange-online-msrsoft.github.io/socket/js/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property '1' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556952

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8763727rri093.ml
exhange-online-msrsoft.github.io
111.90.150.231
185.199.111.153
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0da05a87776a2a88519999048df16c3ca5c61724a1d2a89da0380b6a01dc7a17
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1ed993e1668671546d37016547baaed25b3959312f5b1f446fd2336d65d59aae
909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4
9b2a6effeb54d57a267b0211f0b5571b70c64e4d2436b0be559883cbc23b4bcc

exhange-online-msrsoft.github.io Open in urlscan Pro 185.199.111.153 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

623 kBTransfer

713 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

exhange-online-msrsoft.github.io Open in urlscan Pro
185.199.111.153 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

623 kB
Transfer

713 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!