urlscan.io logo urlscan.io
SecurityTrails logo

trubus-online.co.id Open in urlscan Pro
69.16.216.138  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://account-activedirectory.trubus-online.co.id/.auth/login.php
Effective URL: https://trubus-online.co.id/.auth/login.php
Submission: On November 09 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 6 domains to perform 13 HTTP transactions. The main IP is 69.16.216.138, located in Lansing, United States and belongs to LIQUIDWEB, US. The main domain is trubus-online.co.id.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 30th 2020. Valid for: 3 months.
This is the only time trubus-online.co.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 3 69.16.216.138 32244 (LIQUIDWEB)
7 152.199.23.37 15133 (EDGECAST)
1 143.204.215.89 16509 (AMAZON-02)
1 40.90.137.125 8075 (MICROSOFT...)
1 2620:1ec:a92:... 8068 (MICROSOFT...)
1 2620:1ec:bdf::10 8068 (MICROSOFT...)
13 6
3    69.16.216.138 (Lansing, United States)

ASN32244 (LIQUIDWEB, US)
PTR: host.trubus-server.com
account-activedirectory.trubus-online.co.id
trubus-online.co.id
7    152.199.23.37 (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
1    143.204.215.89 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-89.fra53.r.cloudfront.net
logo.clearbit.com
1    40.90.137.125 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
1    2620:1ec:a92::156 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.office.com
1    2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msftauthimages.net
Domain Requested by
7 aadcdn.msftauth.net trubus-online.co.id
2 trubus-online.co.id trubus-online.co.id
1 aadcdn.msftauthimages.net trubus-online.co.id
1 www.office.com trubus-online.co.id
1 login.live.com trubus-online.co.id
1 logo.clearbit.com trubus-online.co.id
1 account-activedirectory.trubus-online.co.id 1 redirects
13 7

This site contains links to these domains. Also see Links.

Domain
passwordreset.microsoftonline.com
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
trubus-online.co.id
cPanel, Inc. Certification Authority		 2020-10-30 -
2021-01-28		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2020-07-09 -
2021-07-09		 a year crt.sh
clearbit.com
Amazon		 2020-05-20 -
2021-06-20		 a year crt.sh
login.live.com
DigiCert SHA2 Secure Server CA		 2020-10-07 -
2021-10-07		 a year crt.sh
portal.office.com
GlobalSign Organization Validation CA - SHA256 - G3		 2020-05-29 -
2022-05-30		 2 years crt.sh
aadcdn.msftauthimages.net
Microsoft Azure TLS Issuing CA 05		 2020-09-03 -
2021-08-29		 a year crt.sh

This page contains 2 frames:

Primary Page: https://trubus-online.co.id/.auth/login.php
Frame ID: 56A97AC911D13BA571C37C735A884A8E
Requests: 12 HTTP requests in this frame

Frame: https://www.office.com/prefetch/prefetch
Frame ID: 1EBB7FF9746F7141DAC203A871E4E2FF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://account-activedirectory.trubus-online.co.id/.auth/login.php HTTP 302
    https://trubus-online.co.id/.auth/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /Unix/i
Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

7
Subdomains

6
IPs

1
Countries

404 kB
Transfer

963 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://account-activedirectory.trubus-online.co.id/.auth/login.php HTTP 302
    https://trubus-online.co.id/.auth/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set login.php
trubus-online.co.id/.auth/
Redirect Chain
  • http://account-activedirectory.trubus-online.co.id/.auth/login.php
  • https://trubus-online.co.id/.auth/login.php
34 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trubus-online.co.id/.auth/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.216.138 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
host.trubus-server.com
Software
Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 / PHP/5.4.45
Resource Hash
11be729c4904c8754e034d829048b4f5c29e7d59c2d3deb9408d1a383cbf9517

Request headers

Host
trubus-online.co.id
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 09 Nov 2020 15:52:26 GMT
Server
Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9
X-Powered-By
PHP/5.4.45
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=152b1bb4115949c32229ef713a04a0cc; path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Content-Length
10191
Keep-Alive
timeout=2, max=500
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Mon, 09 Nov 2020 15:52:25 GMT
Server
Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9
Location
https://trubus-online.co.id/.auth/login.php
Content-Length
227
Keep-Alive
timeout=2, max=500
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
trubus-online.co.id/.auth/css/ 		106 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://trubus-online.co.id/.auth/css/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.16.216.138 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
host.trubus-server.com
Software
Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 /
Resource Hash
a96b2b12489a80eafe62cc4bcc04cb367e2b54efc3039e484211c7deec12c0b8

Request headers

Origin
https://trubus-online.co.id
Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 09 Nov 2020 15:52:26 GMT
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Mon, 12 Oct 2020 06:04:26 GMT
Server
Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9
ETag
"4268ca-1a716-5b1731210ce80-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=499
Content-Length
19754
OldConvergedLogin_PCore_kHhxXOwRKOBKL9wP7RdDrw2.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		609 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/OldConvergedLogin_PCore_kHhxXOwRKOBKL9wP7RdDrw2.js
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F2A) /
Resource Hash
367bb7199a0cbbddf42d0577f33f6ee494111fcdf3317c8d974f5242e75ebcc7

Request headers

Origin
https://trubus-online.co.id
Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
content-encoding
gzip
content-md5
szrfbgOqdDwCjLR4q271nQ==
age
6045202
x-cache
HIT
status
200
content-length
158447
x-ms-lease-status
unlocked
last-modified
Thu, 27 Aug 2020 23:52:20 GMT
server
ECAcc (frc/8F2A)
etag
0x8D84AE43D039067
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7f53690c-f01e-0012-4cb5-7f6cc0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		37 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FB1) /
Resource Hash
fff0b1c545c2119a2855b9028567640f4145c079eff9b48da0ddf66dc8d92f6c

Request headers

Origin
https://trubus-online.co.id
Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
content-encoding
gzip
content-md5
5Zw7HraGKmMzSIoAiA15xA==
age
7686649
x-cache
HIT
status
200
content-length
11322
x-ms-lease-status
unlocked
last-modified
Wed, 12 Aug 2020 03:06:16 GMT
server
ECAcc (frc/8FB1)
etag
0x8D83E6CAD740F66
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
0b78ed37-601e-0091-54c7-7067e5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
/
logo.clearbit.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logo.clearbit.com/
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.89 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-89.fra53.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 		513 B
753 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F6C) /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
content-encoding
gzip
content-md5
TjUQkZ0p0Y7rbj6LJofS9Q==
age
20335413
x-cache
HIT
status
200
content-length
276
x-ms-lease-status
unlocked
last-modified
Thu, 16 Jan 2020 00:32:45 GMT
server
ECAcc (frc/8F6C)
etag
0x8D79A1B9B05915D
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
a8475ca4-f01e-009e-49bd-fd5806000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 		915 B
415 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F30) /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
content-encoding
gzip
content-md5
HMwsHhNXdtrfirQDkzcqMA==
age
20389109
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Thu, 16 Jan 2020 00:32:52 GMT
server
ECAcc (frc/8F30)
etag
0x8D79A1B9F32D8F1
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
fa26e396-b01e-0074-3d40-fd08f2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 		915 B
415 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F20) /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
content-encoding
gzip
content-md5
/a3y/mpA+HRaVAiPACrsog==
age
20389109
x-cache
HIT
status
200
content-length
263
x-ms-lease-status
unlocked
last-modified
Thu, 16 Jan 2020 00:32:51 GMT
server
ECAcc (frc/8F20)
etag
0x8D79A1B9EFFAEA1
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
44624c4a-b01e-0053-4440-fd6e6f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.90.137.125 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F4B) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
content-encoding
gzip
content-md5
/7H4IR1YAHBHDqgAZw2T1Q==
age
7082969
x-cache
HIT
status
200
content-length
19750
x-ms-lease-status
unlocked
last-modified
Tue, 18 Aug 2020 21:44:03 GMT
server
ECAcc (frc/8F4B)
etag
0x8D843BFD37E3E8A
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
5ef3684b-001e-0081-6644-76d8cd000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
11 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FB1) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
content-encoding
gzip
content-md5
5Zw7HraGKmMzSIoAiA15xA==
age
7686649
x-cache
HIT
status
200
content-length
11322
x-ms-lease-status
unlocked
last-modified
Wed, 12 Aug 2020 03:06:16 GMT
server
ECAcc (frc/8FB1)
etag
0x8D83E6CAD740F66
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
0b78ed37-601e-0091-54c7-7067e5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
prefetch
www.office.com/prefetch/ Frame 1EBB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.office.com/prefetch/prefetch
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:a92::156 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.office.com
:scheme
https
:path
/prefetch/prefetch
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://trubus-online.co.id/.auth/login.php
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://trubus-online.co.id/.auth/login.php

Response headers

status
200
cache-control
no-store,no-cache
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
set-cookie
OH.SID=50aa8c44-84ab-4e51-aeb2-a7c003e35119; path=/; secure; samesite=none; httponly OH.DCAffinity=OH-wuk; path=/; secure; samesite=none; httponly MUID=3BA86847D531685A0FCA673AD44A69A3; path=/; secure; expires=Sat, 04-Dec-2021 15:52:26 GMT; domain=office.com
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge,chrome=1
x-msedge-ref
Ref A: 223DFDB761094407B4222F7B48E2E718 Ref B: AM3EDGE0819 Ref C: 2020-11-09T15:52:26Z
date
Mon, 09 Nov 2020 15:52:26 GMT
illustration
aadcdn.msftauthimages.net/dbd5a2dd-sd-nd0bb-0hqs6piuad8-tfrvahzicjpconfdlg07ry/logintenantbranding/0/ 		174 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-sd-nd0bb-0hqs6piuad8-tfrvahzicjpconfdlg07ry/logintenantbranding/0/illustration?ts=636111043621904566
Requested by
Host: trubus-online.co.id
URL: https://trubus-online.co.id/.auth/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
5939c16ae9476e3d5b389db734a4a8d88e3dcb95c53e409a7841269790a97586

Request headers

Referer
https://trubus-online.co.id/.auth/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Nov 2020 15:52:26 GMT
x-azure-ref-originshield
0LdKoXwAAAAD6im9F9LE+Q7DzIWCTgzSDTE9OMjFFREdFMDEwNwA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk=
content-md5
GZ3FHLUsdGUGQKSHUY8trg==
x-cache
TCP_HIT
status
200
content-length
178228
x-ms-lease-status
unlocked
last-modified
Mon, 03 Oct 2016 15:12:43 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D3EB9FB975CBD1
x-azure-ref
0umWpXwAAAACtGA/kCangQJtzERTZTdtvRlJBMzFFREdFMDQyMQA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk=
content-type
image/*
x-ms-request-id
a3c54135-601e-00e3-3931-b6016b000000
cache-control
public, max-age=86400
x-ms-version
2009-09-19

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| webpackJsonp object| StringRepository object| PROOF boolean| __

5 Cookies

Domain/Path Name / Value
outlook.office365.com/ Name: OIDC
Value: 1
outlook.office365.com/ Name: ClientId
Value: 0BBDC45E674F4CFCA3D8FE32B1642F39
www.office.com/ Name: OH.DCAffinity
Value: OH-wuk
www.office.com/ Name: OH.SID
Value: 50aa8c44-84ab-4e51-aeb2-a7c003e35119
trubus-online.co.id/ Name: PHPSESSID
Value: 152b1bb4115949c32229ef713a04a0cc