0.gloveryforredwine.com Open in urlscan Pro
185.177.94.108 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vj...
Effective URL:
https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron
Submission: On June 11 via automatic, source openphish (June 11th 2022, 1:12:09 pm UTC) — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 15 HTTP transactions. The main IP is 185.177.94.108, located in Amsterdam, Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is 0.gloveryforredwine.com.
TLS certificate: Issued by R3 on June 1st 2022. Valid for: 3 months.

This is the only time 0.gloveryforredwine.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
5	192.185.33.203 192.185.33.203	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2 4	101.99.95.147 101.99.95.147	201133 (VERDINA) (VERDINA)
1	2a02:26f0:350... 2a02:26f0:3500:592::35c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	185.177.94.108 185.177.94.108	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
15	5

5 192.185.33.203 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: mail.thinkbituae.com

religie.ordevansintjacob.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 101.99.95.147 (Malaysia) 2 redirects

ASN201133 (VERDINA, BZ)
PTR: vps.euromeds.to

track.greengoplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
front.greengoplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:592::35c1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.177.94.108 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-108.ah-server.com

gloveryforredwine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gloveryforredwine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	ordevansintjacob.org religie.ordevansintjacob.org	37 KB
4	greengoplatform.com 2 redirects track.greengoplatform.com — Cisco Umbrella Rank: 388263 front.greengoplatform.com — Cisco Umbrella Rank: 371935 Failed	2 KB
2	gloveryforredwine.com gloveryforredwine.com — Cisco Umbrella Rank: 671218 Failed 0.gloveryforredwine.com	30 KB
1	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com — Cisco Umbrella Rank: 10182	2 KB
15	4

	Domain	Requested by
5	religie.ordevansintjacob.org	religie.ordevansintjacob.org
3	front.greengoplatform.com	religie.ordevansintjacob.org
1	0.gloveryforredwine.com	religie.ordevansintjacob.org
1	gloveryforredwine.com	front.greengoplatform.com
1	secure.aadcdn.microsoftonline-p.com	religie.ordevansintjacob.org
1	track.greengoplatform.com	religie.ordevansintjacob.org
15	6

This site contains no links.

Subject Issuer	Validity	Valid
transportgoline.com R3	`2022-06-05` - `2022-09-03`	3 months	crt.sh
secure.aadcdn.microsoftonline-p.com Microsoft RSA TLS CA 02	`2021-11-18` - `2022-11-18`	a year	crt.sh
front.greengoplatform.com R3	`2022-06-05` - `2022-09-03`	3 months	crt.sh
0.di08.biz R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron
Frame ID: E2B2AA84FD36CCF170A167795D4E7C34
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

captcha

Page URL History Show full URLs

http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd... Page URL
https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Page URL
https://gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL
https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL

Page Statistics

15
Requests

33 %
HTTPS

25 %
IPv6

4
Domains

6
Subdomains

5
IPs

4
Countries

70 kB
Transfer

151 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20= Page URL
https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Page URL
https://gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL
https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853

15 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp Show response
religie.ordevansintjacob.org/TO/ 13 KB
7 KB 2265ms
1924ms Document
text/html 192.185.33.203
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=
Protocol: HTTP/1.1
Server: 192.185.33.203 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.thinkbituae.com
Software: Apache /
Resource Hash: c819c26d250eca704e7832cdc334abd0c2c2229ef14a4478551872630e0d4d7c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 7086
Content-Type: text/html; charset=UTF-8
Date: Sat, 11 Jun 2022 13:12:01 GMT
Keep-Alive: timeout=5, max=75
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding

GET
H/1.1 200
OK smile.js Show response
track.greengoplatform.com/ 4 KB
1016 B 492ms
364ms Script
text/plain 101.99.95.147
VERDINA

General

Check archive.org

Show headers Download Go to

Full URL: https://track.greengoplatform.com/smile.js?v=1.1.1
Requested by: Host: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ),
Reverse DNS: vps.euromeds.to
Software: nginx /
Resource Hash: 9f2407325a9ea969c54abe49367c6e5a3e9d390f1e607444004d8347cdab4bab

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://religie.ordevansintjacob.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 11 Jun 2022 13:12:04 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8

GET
H/1.1 200
OK style.css
religie.ordevansintjacob.org/TO/css/ 94 KB
24 KB 292ms
292ms Stylesheet
text/css 192.185.33.203
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://religie.ordevansintjacob.org/TO/css/style.css
Requested by: Host: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=
Protocol: HTTP/1.1
Server: 192.185.33.203 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.thinkbituae.com
Software: Apache /
Resource Hash: 1cf4b3ad7abf3189e78c1b3bd07308c92a03fa795fdbc5821fcde24030cfead0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 11 Jun 2022 13:12:03 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jun 2022 22:56:58 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=74

GET
H/1.1 200
OK microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ 4 KB
2 KB 55ms
11ms Image
image/svg+xml 2a02:26f0:3500:592::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd

Requested by

Host: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:3500:592::35c1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 11 Jun 2022 13:12:04 GMT
Content-Encoding: gzip
Last-Modified: Sat, 18 May 2019 23:35:05 GMT
Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=110612
Strict-Transport-Security: max-age=31536000
Content-Length: 1435

GET
H/1.1 200
OK arrow_left.svg
religie.ordevansintjacob.org/TO/images/ 513 B
758 B 132ms
132ms Image
image/svg+xml 192.185.33.203
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://religie.ordevansintjacob.org/TO/images/arrow_left.svg
Requested by: Host: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=
Protocol: HTTP/1.1
Server: 192.185.33.203 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.thinkbituae.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 11 Jun 2022 13:12:04 GMT
Last-Modified: Mon, 06 Jun 2022 22:56:58 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=73
Content-Length: 513

GET
H/1.1 200
OK enterpass.png
religie.ordevansintjacob.org/TO/images/ 1 KB
2 KB 172ms
172ms Image
image/png 192.185.33.203
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://religie.ordevansintjacob.org/TO/images/enterpass.png
Requested by: Host: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=
Protocol: HTTP/1.1
Server: 192.185.33.203 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.thinkbituae.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 11 Jun 2022 13:12:04 GMT
Last-Modified: Mon, 06 Jun 2022 22:56:58 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=75
Content-Length: 1446

GET
H/1.1 200
OK firstmsg1.png
religie.ordevansintjacob.org/TO/images/ 3 KB
4 KB 132ms
131ms Image
image/png 192.185.33.203
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://religie.ordevansintjacob.org/TO/images/firstmsg1.png
Requested by: Host: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=
Protocol: HTTP/1.1
Server: 192.185.33.203 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.thinkbituae.com
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 11 Jun 2022 13:12:04 GMT
Last-Modified: Mon, 06 Jun 2022 22:56:58 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=72
Content-Length: 3372

GET forgpass.png
religie.ordevansintjacob.org/TO/images/ 0
0

GET ellipsis_white.svg
religie.ordevansintjacob.org/TO/images/ 0
0

GET ellipsis_grey.svg
religie.ordevansintjacob.org/TO/images/ 0
0

GET go.php
front.greengoplatform.com/ 0
0

GET
H/1.1

200
OK

back.php
front.greengoplatform.com/
Redirect Chain

https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853

870 B
620 B

41ms
41ms

Document
text/html

101.99.95.147
VERDINA

General

Check archive.org

Show headers Download Go to

Full URL: https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853
Requested by: Host: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 101.99.95.147 , Malaysia, ASN201133 (VERDINA, BZ),
Reverse DNS: vps.euromeds.to
Software: nginx /
Resource Hash

Request headers

Referer: http://religie.ordevansintjacob.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 417
Content-Type: text/html; charset=UTF-8
Date: Sat, 11 Jun 2022 13:12:04 GMT
Server: nginx
Vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 11 Jun 2022 13:12:04 GMT
Location: https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853
Server: nginx

GET /
gloveryforredwine.com/ 0
0

GET
H2 200 / Show response
gloveryforredwine.com/ 18 KB
18 KB 344ms
21ms Document
text/html 185.177.94.108
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron

Requested by

Host: front.greengoplatform.com
URL: https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.177.94.108 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

ip-185-177-94-108.ah-server.com

Software

nginx /

Resource Hash

322e12e00bfe8534969a03d8815893b4c9f2e69b6f183c7f838f036831d21598

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://front.greengoplatform.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sat, 11 Jun 2022 13:12:04 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 Primary Request / Show response
0.gloveryforredwine.com/ 12 KB
12 KB 289ms
25ms Document
text/html 185.177.94.108
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.177.94.108 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

ip-185-177-94-108.ah-server.com

Software

nginx /

Resource Hash

1fdc2a4b056e0ded3ead97b7469a8d67b74208451496d4341007f5200e0dc1ef

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://gloveryforredwine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sat, 11 Jun 2022 13:12:05 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
DATA 200
OK truncated
/ 748 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 378 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6935876b0112bb2bb5aa7e27c0fdf9be86e190d47a0fbff8eb8e67e25d11f68d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 377 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9077e9ffe52966b3a279d70797b41c4eba4e6d3928471fe755fcc3856ac4b3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/images/forgpass.png

Domain: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/images/ellipsis_white.svg

Domain: religie.ordevansintjacob.org
URL: http://religie.ordevansintjacob.org/TO/images/ellipsis_grey.svg

Domain: front.greengoplatform.com
URL: https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733

Domain: gloveryforredwine.com
URL: https://gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.gloveryforredwine.com/	1970-01-20 04:25:45	Name: uuid Value: 96088e61-17da-4220-aa8f-f21497b15408
			.0.gloveryforredwine.com/	1970-01-20 04:25:45	Name: uuid Value: 96088e61-17da-4220-aa8f-f21497b15408

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gloveryforredwine.com
front.greengoplatform.com
gloveryforredwine.com
religie.ordevansintjacob.org
secure.aadcdn.microsoftonline-p.com
track.greengoplatform.com
front.greengoplatform.com
gloveryforredwine.com
religie.ordevansintjacob.org
101.99.95.147
185.177.94.108
192.185.33.203
2a02:26f0:3500:592::35c1
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1cf4b3ad7abf3189e78c1b3bd07308c92a03fa795fdbc5821fcde24030cfead0
1fdc2a4b056e0ded3ead97b7469a8d67b74208451496d4341007f5200e0dc1ef
322e12e00bfe8534969a03d8815893b4c9f2e69b6f183c7f838f036831d21598
6935876b0112bb2bb5aa7e27c0fdf9be86e190d47a0fbff8eb8e67e25d11f68d
9f2407325a9ea969c54abe49367c6e5a3e9d390f1e607444004d8347cdab4bab
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23
c819c26d250eca704e7832cdc334abd0c2c2229ef14a4478551872630e0d4d7c
f9077e9ffe52966b3a279d70797b41c4eba4e6d3928471fe755fcc3856ac4b3e

0.gloveryforredwine.com Open in urlscan Pro 185.177.94.108 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

33 %HTTPS

25 %IPv6

4 Domains

6 Subdomains

5 IPs

4 Countries

70 kBTransfer

151 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

2 Cookies

Indicators

0.gloveryforredwine.com Open in urlscan Pro
185.177.94.108 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

33 %
HTTPS

25 %
IPv6

4
Domains

6
Subdomains

5
IPs

4
Countries

70 kB
Transfer

151 kB
Size

2
Cookies

15 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!