![](/screenshots/c260346b-6dcb-4bef-8e72-ff85f00d7768.png)
0.gloveryforredwine.com
Open in
urlscan Pro
185.177.94.108
Malicious Activity!
Public Scan
Effective URL: https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron
Submission: On June 11 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 1st 2022. Valid for: 3 months.
This is the only time 0.gloveryforredwine.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 192.185.33.203 192.185.33.203 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 4 | 101.99.95.147 101.99.95.147 | 201133 (VERDINA) (VERDINA) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:592::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 185.177.94.108 185.177.94.108 | 39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS) | |
15 | 5 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: mail.thinkbituae.com
religie.ordevansintjacob.org |
ASN201133 (VERDINA, BZ)
PTR: vps.euromeds.to
track.greengoplatform.com | |
front.greengoplatform.com |
ASN20940 (AKAMAI-ASN1, NL)
secure.aadcdn.microsoftonline-p.com |
ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-108.ah-server.com
gloveryforredwine.com | |
0.gloveryforredwine.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ordevansintjacob.org
religie.ordevansintjacob.org |
37 KB |
4 |
greengoplatform.com
2 redirects
track.greengoplatform.com — Cisco Umbrella Rank: 388263 front.greengoplatform.com — Cisco Umbrella Rank: 371935 Failed |
2 KB |
2 |
gloveryforredwine.com
gloveryforredwine.com — Cisco Umbrella Rank: 671218 Failed 0.gloveryforredwine.com |
30 KB |
1 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com — Cisco Umbrella Rank: 10182 |
2 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
5 | religie.ordevansintjacob.org |
religie.ordevansintjacob.org
|
3 | front.greengoplatform.com |
religie.ordevansintjacob.org
|
1 | 0.gloveryforredwine.com |
religie.ordevansintjacob.org
|
1 | gloveryforredwine.com |
front.greengoplatform.com
|
1 | secure.aadcdn.microsoftonline-p.com |
religie.ordevansintjacob.org
|
1 | track.greengoplatform.com |
religie.ordevansintjacob.org
|
15 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
transportgoline.com R3 |
2022-06-05 - 2022-09-03 |
3 months | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft RSA TLS CA 02 |
2021-11-18 - 2022-11-18 |
a year | crt.sh |
front.greengoplatform.com R3 |
2022-06-05 - 2022-09-03 |
3 months | crt.sh |
0.di08.biz R3 |
2022-06-01 - 2022-08-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron
Frame ID: E2B2AA84FD36CCF170A167795D4E7C34
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/c260346b-6dcb-4bef-8e72-ff85f00d7768.png)
Page Title
captchaPage URL History Show full URLs
- http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd... Page URL
-
https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733
HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Page URL
- https://gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL
- https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://religie.ordevansintjacob.org/TO/authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp?data=Ym9iQGJvYi5jb20= Page URL
-
https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733
HTTP 302
https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 HTTP 302
https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853 Page URL
- https://gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL
- https://0.gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733 HTTP 302
- https://front.greengoplatform.com/go.php?sid=6856&pid=9954&cid=347853 HTTP 302
- https://front.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
authorize_client_id:ay7bpokt-vjab-80jp-idle-pavru637h1z4_t8xc765pzbf3awgd9knor01e4ihumyqsl2vjbonlg6jh4ywqruxv209f1zt7mi3skcp8eda59xo6j8f12divyreku3lmwh0cb5z7tq4ngasp
religie.ordevansintjacob.org/TO/ |
13 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
smile.js
track.greengoplatform.com/ |
4 KB 1016 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
religie.ordevansintjacob.org/TO/css/ |
94 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_left.svg
religie.ordevansintjacob.org/TO/images/ |
513 B 758 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enterpass.png
religie.ordevansintjacob.org/TO/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
firstmsg1.png
religie.ordevansintjacob.org/TO/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
forgpass.png
religie.ordevansintjacob.org/TO/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ellipsis_white.svg
religie.ordevansintjacob.org/TO/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ellipsis_grey.svg
religie.ordevansintjacob.org/TO/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
go.php
front.greengoplatform.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
back.php
front.greengoplatform.com/ Redirect Chain
|
870 B 620 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
gloveryforredwine.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
gloveryforredwine.com/ |
18 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
0.gloveryforredwine.com/ |
12 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
748 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
378 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
377 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- religie.ordevansintjacob.org
- URL
- http://religie.ordevansintjacob.org/TO/images/forgpass.png
- Domain
- religie.ordevansintjacob.org
- URL
- http://religie.ordevansintjacob.org/TO/images/ellipsis_white.svg
- Domain
- religie.ordevansintjacob.org
- URL
- http://religie.ordevansintjacob.org/TO/images/ellipsis_grey.svg
- Domain
- front.greengoplatform.com
- URL
- https://front.greengoplatform.com/go.php?lid=3337&pid=9646&cid=114733
- Domain
- gloveryforredwine.com
- URL
- https://gloveryforredwine.com/?p=mvqtsylggu5gi3bpg4ytqmy&sub1=luceee&sub2=dextron
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| urlB64ToUint8Array2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.gloveryforredwine.com/ | Name: uuid Value: 96088e61-17da-4220-aa8f-f21497b15408 |
|
.0.gloveryforredwine.com/ | Name: uuid Value: 96088e61-17da-4220-aa8f-f21497b15408 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0.gloveryforredwine.com
front.greengoplatform.com
gloveryforredwine.com
religie.ordevansintjacob.org
secure.aadcdn.microsoftonline-p.com
track.greengoplatform.com
front.greengoplatform.com
gloveryforredwine.com
religie.ordevansintjacob.org
101.99.95.147
185.177.94.108
192.185.33.203
2a02:26f0:3500:592::35c1
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1cf4b3ad7abf3189e78c1b3bd07308c92a03fa795fdbc5821fcde24030cfead0
1fdc2a4b056e0ded3ead97b7469a8d67b74208451496d4341007f5200e0dc1ef
322e12e00bfe8534969a03d8815893b4c9f2e69b6f183c7f838f036831d21598
6935876b0112bb2bb5aa7e27c0fdf9be86e190d47a0fbff8eb8e67e25d11f68d
9f2407325a9ea969c54abe49367c6e5a3e9d390f1e607444004d8347cdab4bab
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23
c819c26d250eca704e7832cdc334abd0c2c2229ef14a4478551872630e0d4d7c
f9077e9ffe52966b3a279d70797b41c4eba4e6d3928471fe755fcc3856ac4b3e