urlscan.io logo urlscan.io
SecurityTrails logo

www.gwenet.org Open in urlscan Pro
66.175.58.9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.gwenet.org/office/
Submission: On February 25 via api from LU — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 66.175.58.9, located in Canada and belongs to INFB2-AS, CA. The main domain is www.gwenet.org.
This is the only time www.gwenet.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 10 66.175.58.9 30447 (INFB2-AS)
2 66.175.41.113 30447 (INFB2-AS)
4 13.107.253.40 8075 (MICROSOFT...)
2 13.107.6.156 8068 (MICROSOFT...)
17 4
Apex Domain
Subdomains		 Transfer
10 gwenet.org
www.gwenet.org
304 KB
4 microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com — Cisco Umbrella Rank: 14951
209 KB
2 microsoftonline.com
portal.microsoftonline.com — Cisco Umbrella Rank: 31180
3 KB
2 carrierzone.com
count.carrierzone.com — Cisco Umbrella Rank: 102824
36 KB
17 4
Domain Requested by
10 www.gwenet.org 1 redirects www.gwenet.org
4 secure.aadcdn.microsoftonline-p.com www.gwenet.org
2 portal.microsoftonline.com www.gwenet.org
2 count.carrierzone.com www.gwenet.org
17 4
Subject Issuer Validity Valid
*.carrierzone.com
Sectigo RSA Domain Validation Secure Server CA		 2023-06-29 -
2024-06-28		 a year crt.sh
secure.aadcdn.microsoftonline-p.com
Microsoft Azure RSA TLS Issuing CA 04		 2023-12-05 -
2024-11-29		 a year crt.sh
portal.office.com
Microsoft Azure RSA TLS Issuing CA 08		 2024-02-16 -
2025-02-10		 a year crt.sh

This page contains 3 frames:

Primary Page: http://www.gwenet.org/office/
Frame ID: EA38DA6A0EB43C97F75A50E046F73E07
Requests: 15 HTTP requests in this frame

Frame: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Frame ID: 5FBF83322875088F906B21292AA23D4E
Requests: 1 HTTP requests in this frame

Frame: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Frame ID: D3EBCE959E1D2B7F4F27E6D28AA42E51
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

  1. http://www.gwenet.org/office HTTP 301
    http://www.gwenet.org/office/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

41 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

551 kB
Transfer

801 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.gwenet.org/office HTTP 301
    http://www.gwenet.org/office/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.gwenet.org/office/
Redirect Chain
  • http://www.gwenet.org/office
  • http://www.gwenet.org/office/
44 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
b0db1f296444aebe3a63778e7c7ceb68d90abb4a8583538649c392479f11322e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sun, 25 Feb 2024 18:53:57 GMT
Last-Modified
Tue, 12 May 2020 12:04:42 GMT
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
237
Content-Type
text/html; charset=iso-8859-1
Date
Sun, 25 Feb 2024 18:53:57 GMT
Location
http://www.gwenet.org/office/
login.css
www.gwenet.org/office/index_files/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.gwenet.org/office/index_files/login.css
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
b5ea0ffbe39f577651336a1aba7746881cf235b9f7ccc1c51b151162b3da4feb

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/office/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 18:53:58 GMT
Content-Encoding
gzip
Last-Modified
Sat, 11 Mar 2017 12:45:10 GMT
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
login_hover.css
www.gwenet.org/office/index_files/ 		89 B
333 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.gwenet.org/office/index_files/login_hover.css
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/office/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Content-Type
text/css
Date
Sun, 25 Feb 2024 18:53:58 GMT
Cache-Control
max-age=315360000
Last-Modified
Sat, 11 Mar 2017 12:45:10 GMT
Connection
keep-alive
Content-Length
89
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.js
www.gwenet.org/office/index_files/ 		108 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.gwenet.org/office/index_files/jquery.js
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
d9c500706bcdb6d8e2ba4de1a6ea3d30d87417b79aa26e51fa2b9b9f4ff37e5f

Request headers

Referer
http://www.gwenet.org/office/
Origin
http://www.gwenet.org
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 18:53:58 GMT
Content-Encoding
gzip
Last-Modified
Sat, 11 Mar 2017 12:45:10 GMT
ETag
W/"1ae50-54a73d93e8180"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
aad.js
www.gwenet.org/office/index_files/ 		174 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.gwenet.org/office/index_files/aad.js
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
d422d055fc7e99b9a2356023659180e91ee818697425f9f488a103a9c10b38e6

Request headers

Referer
http://www.gwenet.org/office/
Origin
http://www.gwenet.org
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 18:53:58 GMT
Content-Encoding
gzip
Last-Modified
Sat, 11 Mar 2017 12:45:10 GMT
ETag
W/"2b87f-54a73d93e8180"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
heroillustration.jpg
www.gwenet.org/office/index_files/ 		199 KB
199 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.gwenet.org/office/index_files/heroillustration.jpg
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/office/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 18:53:58 GMT
Last-Modified
Sat, 11 Mar 2017 12:45:10 GMT
ETag
"31a1e-54a73d93e8180"
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
203294
Expires
Thu, 31 Dec 2037 23:55:55 GMT
bannerlogo.png
www.gwenet.org/office/index_files/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.gwenet.org/office/index_files/bannerlogo.png
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/office/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 18:53:58 GMT
Last-Modified
Sat, 11 Mar 2017 12:45:10 GMT
ETag
"11e9-54a73d93e8180"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4585
Expires
Thu, 31 Dec 2037 23:55:55 GMT
microsoft_logo.png
www.gwenet.org/office/index_files/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.gwenet.org/office/index_files/microsoft_logo.png
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/office/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 18:53:58 GMT
Last-Modified
Sat, 11 Mar 2017 12:45:10 GMT
ETag
"410-54a73d93e8180"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1040
Expires
Thu, 31 Dec 2037 23:55:55 GMT
count.js
count.carrierzone.com/app/count_server/ 		35 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://count.carrierzone.com/app/count_server/count.js
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.175.41.113 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
wiredminds.carrierzone.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
f418e6b5416f03cbc22b24f481582e2d55ee0f7ca6989c562b59f12c9229214e

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 18:53:53 GMT
Last-Modified
Fri, 08 Jun 2012 10:17:02 GMT
Server
Apache/2.2.15 (CentOS)
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=100
Content-Length
36029
login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/ 		89 B
573 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/login_hover.min.css
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.253.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Sun, 25 Feb 2024 18:53:57 GMT
content-encoding
gzip
last-modified
Sat, 18 May 2019 08:00:57 GMT
x-azure-ref-originshield
0xozbZQAAAABtbml294BkSLEX4VrCugdbTU5aMjIxMDYwNjEyMDM3ADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-md5
k+LdzPr5J17LuCAOBMVTBQ==
etag
0x8D6DB66F5ECA244
x-azure-ref
0xozbZQAAAABv2Zd7KISET7pLeKF4L8h3TU5aMjIxMDYwNjE0MDQ3ADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
x-cache
TCP_REMOTE_HIT
content-type
text/css
x-ms-request-id
966395a3-501e-003a-0731-658bc3000000
cache-control
public, max-age=604800
x-ms-version
2009-09-19
content-length
82
watson.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.5623.13/content/cdnbundles/watson.min.js
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.253.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9b5900571285ad0f6198cbf9fe92d81e9c5ed6f49cfd816d2a762d64d6ab6e14

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Sun, 25 Feb 2024 18:53:57 GMT
content-encoding
gzip
last-modified
Sat, 18 May 2019 08:00:43 GMT
x-azure-ref-originshield
0jW7TZQAAAACKH9noW2WVTpRwclzros6sTU5aMjIxMDYwNjEyMDMxADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-md5
2Gsh6ZEsKdg5iZrrjTfhqA==
etag
0x8D6DB66ED4BE3DF
x-azure-ref
0xozbZQAAAADWvMW+K28AQLbHDWGMmXFnTU5aMjIxMDYwNjE0MDQ3ADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
x-cache
TCP_HIT
content-type
application/x-javascript
x-ms-request-id
8784cdc5-401e-00ed-3141-63daf6000000
cache-control
public, max-age=604800
x-ms-version
2009-09-19
content-length
4076
Prefetch.aspx
portal.microsoftonline.com/Prefetch/ Frame 5FBF 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.6.156 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.gwenet.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache
content-length
1245
content-type
text/html
date
Sun, 25 Feb 2024 18:53:58 GMT
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-msedge-ref
Ref A: BFAEFE778FAA4E1AB7F7F95B8DED5492 Ref B: EWR311000104039 Ref C: 2024-02-25T18:53:58Z
x-ua-compatible
IE=Edge
watson
www.gwenet.org/common/handlers/ 		21 B
173 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://www.gwenet.org/common/handlers/watson
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/index_files/jquery.js
Protocol
HTTP/1.1
Server
66.175.58.9 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
hostedc38.carrierzone.com
Software
/
Resource Hash
d6a6e3533a3a8f1ca99259152a54a7ace6f0f0f6a8ba53e0a5443f05ce55d47a

Request headers

accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
client-request-id
0786de24-8d9f-4b28-a873-b34d27a67ddd
canary
AQABAAAAAADRNYRQ3dhRSrm-4K-adpCJqrp2-UHGX2Lav-bHusaZ5AWWTdpMRUb6WocX9TLNhQwBk_0iNrtuwCrdt7DiLezMPnSIbNGbDIVPTeZzHsTx9GAdgn_VF2NwmgeHegX7RaA-AccDhDt23Hl5ZTS_97J9oeNq86xMW2AzcX_-Cm4cWOZl4aibxruDwg5ZFhx5yRTjDReCNscp5KufKphAjgxuOmIM4UUA_BIQbrO1FxDqziAA
Content-Type
application/json; charset=UTF-8
hpgid
1002
Accept
application/json
Referer
http://www.gwenet.org/office/
X-Requested-With
XMLHttpRequest
hpgact
2101

Response headers

Date
Sun, 25 Feb 2024 18:53:58 GMT
Connection
keep-alive
Content-Length
21
Content-Type
text/html; charset=iso-8859-1
ctin.php
count.carrierzone.com/track/ 		42 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://count.carrierzone.com/track/ctin.php?t=1708887238593&custnum=88d8c7091eaea901&sname=www.gwenet.org&pagename=index.html&group=%2Fservices%2Fwebpages%2Fg%2Fw%2Fgwenet.org%2Fpublic%2Foffice&version=%24Rev%3A%207840%20%24&js=1&jv=0&resolution=1600x1200&color_depth=24&campaign=&referrer=&page_url=http%253A%252F%252Fwww.gwenet.org%252Foffice%252F&plugins=Chrome%20PDF%20Plugin%3BChrome%20PDF%20Viewer%3BNative%20Client%3B
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
HTTP/1.1
Server
66.175.41.113 , Canada, ASN30447 (INFB2-AS, CA),
Reverse DNS
wiredminds.carrierzone.com
Software
Apache/2.2.15 (CentOS) / PHP/5.2.17
Resource Hash
5b27cb8a843da7b4f70f68d669798596541491654185df0bd45867d951a31947

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 25 Feb 2024 18:53:53 GMT
Last-Modified
Sun, 25 Feb 2024 18:53:53 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.2.17
P3P
CP="NOI NID ADMa OUR IND UNI COM NAV"
Content-Type
image/gif
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=10, max=100
Content-Length
42
Expires
Thu, 01 Jan 1970 01:23:45 GMT
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.253.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 25 Feb 2024 18:53:58 GMT
x-azure-ref-originshield
0xozbZQAAAAAyh0DNmGEtRKZceezp3lpMTU5aMjIxMDYwNjExMDIxADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-md5
nwmifU9ps1V8dDNXSinXJg==
x-cache
TCP_MISS
content-length
4585
x-ms-lease-status
unlocked
last-modified
Wed, 03 Apr 2019 22:28:44 GMT
etag
0x8D6B883BBB9ACF7
x-azure-ref
0xozbZQAAAABzGycFdNeqQ5GlgdW5GESjTU5aMjIxMDYwNjE0MDQ3ADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-type
image\jpeg
access-control-allow-origin
*
x-ms-request-id
5c8b86f9-c01e-0015-231b-6810e0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ 		199 KB
199 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration?ts=635974776187911809
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.253.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://www.gwenet.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 25 Feb 2024 18:53:58 GMT
x-azure-ref-originshield
0xozbZQAAAAC+HxpDxBIURLzo3kHII+pzTU5aMjIxMDYwNjEyMDM5ADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-md5
ZSg7Ej6yNeYXaumMAqxbHA==
x-cache
TCP_MISS
content-length
203294
x-ms-lease-status
unlocked
last-modified
Wed, 03 Apr 2019 22:28:45 GMT
etag
0x8D6B883BC0FF82B
x-azure-ref
0xozbZQAAAADKtMQ0wiUcQaJJQrV74gPLTU5aMjIxMDYwNjE0MDQ3ADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-type
image\jpeg
access-control-allow-origin
*
x-ms-request-id
13e6b7e8-601e-000c-5c1b-68905b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
Prefetch.aspx
portal.microsoftonline.com/Prefetch/ Frame D3EB 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Requested by
Host: www.gwenet.org
URL: http://www.gwenet.org/office/index_files/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.6.156 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.gwenet.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.46 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache
content-length
1245
content-type
text/html
date
Sun, 25 Feb 2024 18:53:59 GMT
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-msedge-ref
Ref A: C88578AD36694A83863A97F4FBD32C64 Ref B: EWR311000104039 Ref C: 2024-02-25T18:53:59Z
x-ua-compatible
IE=Edge

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B boolean| isTouch string| cssId object| head object| link undefined| msViewportStyle function| $ function| jQuery function| pageOnReady object| MSLogin object| proxy object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info object| EmailDiscovery function| origHide function| origShow function| origAddClass function| origRemoveClass object| Support object| MSLogout object| ThirdPartyCookieStates object| PostType object| LoginOption object| Post object| TenantBranding object| users object| Tiles object| $Api object| jQuery111209091765641237313 object| StrongAuthCheck object| Util object| WindowsBrowserSso object| body function| click_track function| getClick object| wm_indiv_stats object| wiredminds string| wm_custnum string| wm_page_name string| wm_group_name string| wm_campaign_key string| wm_track_alt

2 Cookies

Domain/Path Name / Value
www.gwenet.org/office Name: testcookie
Value: testcookie
portal.microsoftonline.com/ Name: s.SessID
Value: ea240009-ac15-4d93-8580-e9b18a69d222

6 Console Messages

Source Level URL
Text
network error URL: http://www.gwenet.org/common/handlers/watson
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other warning URL: http://www.gwenet.org/office/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: http://www.gwenet.org/office/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: http://www.gwenet.org/office/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Message:
Failed to load resource: the server responded with a status of 404 ()