trubus-online.co.id
Open in
urlscan Pro
69.16.216.138
Malicious Activity!
Public Scan
Effective URL: https://trubus-online.co.id/.auth/login.php
Submission: On November 09 via manual from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 30th 2020. Valid for: 3 months.
This is the only time trubus-online.co.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 69.16.216.138 69.16.216.138 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
7 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
1 | 143.204.215.89 143.204.215.89 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 40.90.137.125 40.90.137.125 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2620:1ec:a92:... 2620:1ec:a92::156 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2620:1ec:bdf::10 2620:1ec:bdf::10 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
13 | 6 |
ASN32244 (LIQUIDWEB, US)
PTR: host.trubus-server.com
account-activedirectory.trubus-online.co.id | |
trubus-online.co.id |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-89.fra53.r.cloudfront.net
logo.clearbit.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msftauthimages.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
msftauth.net
aadcdn.msftauth.net |
199 KB |
3 |
trubus-online.co.id
1 redirects
account-activedirectory.trubus-online.co.id trubus-online.co.id |
31 KB |
1 |
msftauthimages.net
aadcdn.msftauthimages.net |
175 KB |
1 |
office.com
www.office.com |
|
1 |
live.com
login.live.com |
|
1 |
clearbit.com
logo.clearbit.com |
|
13 | 6 |
Domain | Requested by | |
---|---|---|
7 | aadcdn.msftauth.net |
trubus-online.co.id
|
2 | trubus-online.co.id |
trubus-online.co.id
|
1 | aadcdn.msftauthimages.net |
trubus-online.co.id
|
1 | www.office.com |
trubus-online.co.id
|
1 | login.live.com |
trubus-online.co.id
|
1 | logo.clearbit.com |
trubus-online.co.id
|
1 | account-activedirectory.trubus-online.co.id | 1 redirects |
13 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.microsoftonline.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
trubus-online.co.id cPanel, Inc. Certification Authority |
2020-10-30 - 2021-01-28 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2020-07-09 - 2021-07-09 |
a year | crt.sh |
clearbit.com Amazon |
2020-05-20 - 2021-06-20 |
a year | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2020-10-07 - 2021-10-07 |
a year | crt.sh |
portal.office.com GlobalSign Organization Validation CA - SHA256 - G3 |
2020-05-29 - 2022-05-30 |
2 years | crt.sh |
aadcdn.msftauthimages.net Microsoft Azure TLS Issuing CA 05 |
2020-09-03 - 2021-08-29 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://trubus-online.co.id/.auth/login.php
Frame ID: 56A97AC911D13BA571C37C735A884A8E
Requests: 12 HTTP requests in this frame
Frame:
https://www.office.com/prefetch/prefetch
Frame ID: 1EBB7FF9746F7141DAC203A871E4E2FF
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://account-activedirectory.trubus-online.co.id/.auth/login.php
HTTP 302
https://trubus-online.co.id/.auth/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
UNIX (Operating Systems) Expand
Detected patterns
- headers server /Unix/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Forgot my password
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://account-activedirectory.trubus-online.co.id/.auth/login.php
HTTP 302
https://trubus-online.co.id/.auth/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
login.php
trubus-online.co.id/.auth/ Redirect Chain
|
34 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
trubus-online.co.id/.auth/css/ |
106 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OldConvergedLogin_PCore_kHhxXOwRKOBKL9wP7RdDrw2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
609 KB 155 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
37 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
logo.clearbit.com/ |
0 0 |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
513 B 753 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
915 B 415 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
915 B 415 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 19 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 11 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prefetch
www.office.com/prefetch/ Frame 1EBB |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
illustration
aadcdn.msftauthimages.net/dbd5a2dd-sd-nd0bb-0hqs6piuad8-tfrvahzicjpconfdlg07ry/logintenantbranding/0/ |
174 KB 175 KB |
Image
image/* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| webpackJsonp object| StringRepository object| PROOF boolean| __5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outlook.office365.com/ | Name: OIDC Value: 1 |
|
outlook.office365.com/ | Name: ClientId Value: 0BBDC45E674F4CFCA3D8FE32B1642F39 |
|
www.office.com/ | Name: OH.DCAffinity Value: OH-wuk |
|
www.office.com/ | Name: OH.SID Value: 50aa8c44-84ab-4e51-aeb2-a7c003e35119 |
|
trubus-online.co.id/ | Name: PHPSESSID Value: 152b1bb4115949c32229ef713a04a0cc |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
aadcdn.msftauthimages.net
account-activedirectory.trubus-online.co.id
login.live.com
logo.clearbit.com
trubus-online.co.id
www.office.com
143.204.215.89
152.199.23.37
2620:1ec:a92::156
2620:1ec:bdf::10
40.90.137.125
69.16.216.138
11be729c4904c8754e034d829048b4f5c29e7d59c2d3deb9408d1a383cbf9517
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
367bb7199a0cbbddf42d0577f33f6ee494111fcdf3317c8d974f5242e75ebcc7
5939c16ae9476e3d5b389db734a4a8d88e3dcb95c53e409a7841269790a97586
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
a96b2b12489a80eafe62cc4bcc04cb367e2b54efc3039e484211c7deec12c0b8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fff0b1c545c2119a2855b9028567640f4145c079eff9b48da0ddf66dc8d92f6c