www.gwenet.org
Open in
urlscan Pro
66.175.58.9
Malicious Activity!
Public Scan
Submission: On April 28 via automatic, source openphish — Scanned from CA
Summary
This is the only time www.gwenet.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 66.175.58.9 66.175.58.9 | 30447 (INFB2-AS) (INFB2-AS) | |
2 | 66.175.41.113 66.175.41.113 | 30447 (INFB2-AS) (INFB2-AS) | |
5 | 13.107.213.38 13.107.213.38 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 13.107.6.156 13.107.6.156 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
18 | 4 |
ASN30447 (INFB2-AS, CA)
PTR: wiredminds.carrierzone.com
count.carrierzone.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
gwenet.org
1 redirects
www.gwenet.org |
304 KB |
5 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com — Cisco Umbrella Rank: 15288 |
226 KB |
2 |
microsoftonline.com
portal.microsoftonline.com — Cisco Umbrella Rank: 30644 |
|
2 |
carrierzone.com
count.carrierzone.com — Cisco Umbrella Rank: 108485 |
36 KB |
18 | 4 |
Domain | Requested by | |
---|---|---|
10 | www.gwenet.org |
1 redirects
www.gwenet.org
|
5 | secure.aadcdn.microsoftonline-p.com |
www.gwenet.org
|
2 | portal.microsoftonline.com |
www.gwenet.org
|
2 | count.carrierzone.com |
www.gwenet.org
|
18 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
account.live.com |
passwordreset.microsoftonline.com |
login.live.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.carrierzone.com Sectigo RSA Domain Validation Secure Server CA |
2023-06-29 - 2024-06-28 |
a year | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft Azure RSA TLS Issuing CA 08 |
2024-02-27 - 2025-02-21 |
a year | crt.sh |
portal.office.com Microsoft Azure RSA TLS Issuing CA 08 |
2024-02-16 - 2025-02-10 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://www.gwenet.org/office/
Frame ID: 419144887DF20DD84769709B136D4ACB
Requests: 16 HTTP requests in this frame
Frame:
https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Frame ID: 62B75DFAB7F97AB6089534F2FCB04A74
Requests: 1 HTTP requests in this frame
Frame:
https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Frame ID: E64CDEE0FD21890976C844A2DFB448C2
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
http://www.gwenet.org/office
HTTP 307
https://www.gwenet.org/office HTTP 307
http://www.gwenet.org/office HTTP 301
http://www.gwenet.org/office/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Personal account
Search URL Search Domain Scan URL
Title: Work or school account
Search URL Search Domain Scan URL
Title: Sign in with a Microsoft account
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.gwenet.org/office
HTTP 307
https://www.gwenet.org/office HTTP 307
http://www.gwenet.org/office HTTP 301
http://www.gwenet.org/office/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.gwenet.org/office/ Redirect Chain
|
44 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
www.gwenet.org/office/index_files/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_hover.css
www.gwenet.org/office/index_files/ |
89 B 333 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
www.gwenet.org/office/index_files/ |
108 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aad.js
www.gwenet.org/office/index_files/ |
174 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration.jpg
www.gwenet.org/office/index_files/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo.png
www.gwenet.org/office/index_files/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
www.gwenet.org/office/index_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
count.js
count.carrierzone.com/app/count_server/ |
35 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/ |
89 B 460 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watson.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/ |
9 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Prefetch.aspx
portal.microsoftonline.com/Prefetch/ Frame 62B7 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
watson
www.gwenet.org/common/handlers/ |
21 B 173 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ctin.php
count.carrierzone.com/track/ |
42 B 610 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon_a.ico
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/images/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Prefetch.aspx
portal.microsoftonline.com/Prefetch/ Frame E64C |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)58 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B boolean| isTouch string| cssId object| head object| link undefined| msViewportStyle function| $ function| jQuery function| pageOnReady object| MSLogin object| proxy object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info object| EmailDiscovery function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| MSLogout object| ThirdPartyCookieStates object| PostType object| LoginOption object| Post object| TenantBranding object| users object| Tiles object| $Api object| jQuery1112014410239219185095 object| StrongAuthCheck object| Util object| WindowsBrowserSso object| body function| click_track function| getClick object| wm_indiv_stats object| wiredminds string| wm_custnum string| wm_page_name string| wm_group_name string| wm_campaign_key string| wm_track_alt2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.gwenet.org/office | Name: testcookie Value: testcookie |
|
portal.microsoftonline.com/ | Name: s.SessID Value: da076dcd-8a00-409c-92e1-7cda2fb6a172 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
count.carrierzone.com
portal.microsoftonline.com
secure.aadcdn.microsoftonline-p.com
www.gwenet.org
13.107.213.38
13.107.6.156
66.175.41.113
66.175.58.9
5b27cb8a843da7b4f70f68d669798596541491654185df0bd45867d951a31947
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
9b5900571285ad0f6198cbf9fe92d81e9c5ed6f49cfd816d2a762d64d6ab6e14
b0db1f296444aebe3a63778e7c7ceb68d90abb4a8583538649c392479f11322e
b5ea0ffbe39f577651336a1aba7746881cf235b9f7ccc1c51b151162b3da4feb
d422d055fc7e99b9a2356023659180e91ee818697425f9f488a103a9c10b38e6
d6a6e3533a3a8f1ca99259152a54a7ace6f0f0f6a8ba53e0a5443f05ce55d47a
d9c500706bcdb6d8e2ba4de1a6ea3d30d87417b79aa26e51fa2b9b9f4ff37e5f
f418e6b5416f03cbc22b24f481582e2d55ee0f7ca6989c562b59f12c9229214e
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603