urlscan.io logo urlscan.io
SecurityTrails logo

login.0ffice365.bw-group.com Open in urlscan Pro
61.14.35.33  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Effective URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Submission: On October 23 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 61.14.35.33, located in United States and belongs to BT, NL. The main domain is login.0ffice365.bw-group.com.
This is the only time login.0ffice365.bw-group.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
5 61.14.35.33 3300 (BT)
2 4 207.241.233.214 7941 (INTERNET-...)
7 2
Apex Domain
Subdomains		 Transfer
4 archive.org
web.archive.org
285 KB
1 bw-group.com
login.0ffice365.bw-group.com
3 KB
7 2
Domain Requested by
4 web.archive.org 2 redirects login.0ffice365.bw-group.com
1 login.0ffice365.bw-group.com
7 2

This site contains links to these domains. Also see Links.

Domain
signup.live.com
www.microsoft.com
privacy.microsoft.com
login.microsoftonline.com
Subject Issuer Validity Valid
*.archive.org
Go Daddy Secure Certificate Authority - G2		 2016-12-19 -
2020-02-21		 3 years crt.sh

This page contains 1 frames:

Primary Page: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Frame ID: 3BAE655A9EB549361B1B805EE5873F5D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

7
Requests

29 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

308 kB
Transfer

386 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://web.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d HTTP 302
  • https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
Request Chain 5
  • https://web.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0 HTTP 302
  • https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
login.0ffice365.bw-group.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Protocol
HTTP/1.1
Server
61.14.35.33 , United States, ASN3300 (BT, NL),
Reverse DNS
Software
/
Resource Hash
48cf1d1a5c2f6e1eb854538157df30d2dca1ee1a242068a9bd9be9a80a2be75c

Request headers

Host
login.0ffice365.bw-group.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
Date
Wed, 23 Oct 2019 21:59:11 GMT
Transfer-Encoding
chunked
Converged_v21033.css
61.14.35.33/static/ 		92 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://61.14.35.33/static/Converged_v21033.css
Requested by
Host: login.0ffice365.bw-group.com
URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Protocol
HTTP/1.1
Server
61.14.35.33 , United States, ASN3300 (BT, NL),
Reverse DNS
Software
/
Resource Hash
d89ef7a00e8aaafc34e2e56f9a5dcf024557d1c33af53a266aa70fffde4f7927

Request headers

Referer
http://login.0ffice365.bw-group.com/?rid=kgV1aXW
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 23 Oct 2019 21:59:11 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 26 Aug 2019 09:55:00 GMT
Accept-Ranges
bytes
Transfer-Encoding
chunked
Content-Type
text/css; charset=utf-8
microsoft_logo.svg
61.14.35.33/static/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://61.14.35.33/static/microsoft_logo.svg
Requested by
Host: login.0ffice365.bw-group.com
URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Protocol
HTTP/1.1
Server
61.14.35.33 , United States, ASN3300 (BT, NL),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
http://login.0ffice365.bw-group.com/?rid=kgV1aXW
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 23 Oct 2019 21:59:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 26 Aug 2019 09:55:00 GMT
Accept-Ranges
bytes
Content-Length
1399
Vary
Accept-Encoding
Content-Type
image/svg+xml
ellipsis_white.svg
61.14.35.33/static/ 		915 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://61.14.35.33/static/ellipsis_white.svg
Requested by
Host: login.0ffice365.bw-group.com
URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Protocol
HTTP/1.1
Server
61.14.35.33 , United States, ASN3300 (BT, NL),
Reverse DNS
Software
/
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
http://login.0ffice365.bw-group.com/?rid=kgV1aXW
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 23 Oct 2019 21:59:11 GMT
Last-Modified
Mon, 26 Aug 2019 09:55:00 GMT
Accept-Ranges
bytes
Content-Length
915
Vary
Accept-Encoding
Content-Type
image/svg+xml
ellipsis_grey.svg
61.14.35.33/static/ 		915 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://61.14.35.33/static/ellipsis_grey.svg
Requested by
Host: login.0ffice365.bw-group.com
URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Protocol
HTTP/1.1
Server
61.14.35.33 , United States, ASN3300 (BT, NL),
Reverse DNS
Software
/
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
http://login.0ffice365.bw-group.com/?rid=kgV1aXW
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 23 Oct 2019 21:59:11 GMT
Last-Modified
Mon, 26 Aug 2019 09:55:00 GMT
Accept-Ranges
bytes
Content-Length
915
Vary
Accept-Encoding
Content-Type
image/svg+xml
0-small.jpg
web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/
Redirect Chain
  • https://web.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
  • https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
Requested by
Host: login.0ffice365.bw-group.com
URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.241.233.214 , United States, ASN7941 (INTERNET-ARCHIVE - Internet Archive, US),
Reverse DNS
wwwb-front4.us.archive.org
Software
nginx/1.15.8 /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org

Request headers

Referer
http://login.0ffice365.bw-group.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 23 Oct 2019 21:59:12 GMT
x-archive-orig-last-modified
Wed, 02 May 2018 19:41:48 GMT
x-app-server
wwwb-app57
x-cache-key
httpsweb.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0dDE
x-location
All
x-archive-orig-server
Microsoft-IIS/8.5
status
200
memento-datetime
Fri, 01 Jun 2018 02:57:28 GMT
x-archive-orig-connection
close
x-archive-orig-ppserver
PPV: 30 H: BAYIDSPRTS3G004 V: 0
x-archive-src
liveweb-20180601024316/live-20180601022122-wwwb-app11.us.archive.org.warc.gz
x-ts
200
x-archive-orig-etag
"066e99b4de2d31:0"
x-archive-orig-access-control-allow-origin
*
x-archive-orig-accept-ranges
bytes
server
nginx/1.15.8
x-archive-orig-cache-control
max-age=191079
content-type
image/jpeg
cache-control
max-age=1800
x-page-cache
MISS
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org
x-archive-orig-date
Fri, 01 Jun 2018 02:57:28 GMT
x-archive-orig-content-length
3006
link
<https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="original", <https://web.archive.org/web/timemap/link/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="timemap"; type="application/link-format", <https://web.archive.org/web/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="timegate", <https://web.archive.org/web/20180514220156/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="first memento"; datetime="Mon, 14 May 2018 22:01:56 GMT", <https://web.archive.org/web/20180529032509/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="prev memento"; datetime="Tue, 29 May 2018 03:25:09 GMT", <https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="memento"; datetime="Fri, 01 Jun 2018 02:57:28 GMT", <https://web.archive.org/web/20180604194855/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="next memento"; datetime="Mon, 04 Jun 2018 19:48:55 GMT", <https://web.archive.org/web/20181003160413/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d>; rel="last memento"; datetime="Wed, 03 Oct 2018 16:04:13 GMT"
x-archive-guessed-content-type
image/jpeg

Redirect headers

x-ts
302
server
nginx/1.15.8
x-app-server
wwwb-app58
x-cache-key
httpsweb.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0dDE
date
Wed, 23 Oct 2019 21:59:12 GMT
status
302
content-type
text/plain; charset=utf-8
location
https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
x-page-cache
MISS
content-length
0
x-location
All
x-archive-redirect-reason
found capture at 20180601025728
0.jpg
web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/
Redirect Chain
  • https://web.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0
  • https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0
277 KB
279 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0
Requested by
Host: login.0ffice365.bw-group.com
URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
207.241.233.214 , United States, ASN7941 (INTERNET-ARCHIVE - Internet Archive, US),
Reverse DNS
wwwb-front4.us.archive.org
Software
nginx/1.15.8 /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org

Request headers

Referer
http://login.0ffice365.bw-group.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 23 Oct 2019 21:59:13 GMT
x-archive-orig-last-modified
Wed, 02 May 2018 19:41:48 GMT
x-app-server
wwwb-app12
x-cache-key
httpsweb.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0DE
x-location
All
x-archive-orig-server
Microsoft-IIS/8.5
status
200
memento-datetime
Fri, 01 Jun 2018 02:57:28 GMT
x-archive-orig-connection
close
x-archive-orig-ppserver
PPV: 30 H: BAYIDSPRTS3G004 V: 0
x-archive-src
liveweb-20180601024316/live-20180601023604-wwwb-app14.us.archive.org.warc.gz
x-ts
200
x-archive-orig-etag
"066e99b4de2d31:0"
x-archive-orig-access-control-allow-origin
*
x-archive-orig-accept-ranges
bytes
server
nginx/1.15.8
x-archive-orig-cache-control
max-age=593922
content-type
image/jpeg
cache-control
max-age=1800
x-page-cache
MISS
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org
x-archive-orig-date
Fri, 01 Jun 2018 02:57:28 GMT
x-archive-orig-content-length
283351
link
<https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="original", <https://web.archive.org/web/timemap/link/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="timemap"; type="application/link-format", <https://web.archive.org/web/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="timegate", <https://web.archive.org/web/20180514220156/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="first memento"; datetime="Mon, 14 May 2018 22:01:56 GMT", <https://web.archive.org/web/20180529032509/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="prev memento"; datetime="Tue, 29 May 2018 03:25:09 GMT", <https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="memento"; datetime="Fri, 01 Jun 2018 02:57:28 GMT", <https://web.archive.org/web/20180602172154/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="next memento"; datetime="Sat, 02 Jun 2018 17:21:54 GMT", <https://web.archive.org/web/20181003160413/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0>; rel="last memento"; datetime="Wed, 03 Oct 2018 16:04:13 GMT"
x-archive-guessed-content-type
image/jpeg

Redirect headers

x-ts
302
server
nginx/1.15.8
x-app-server
wwwb-app31
x-cache-key
httpsweb.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0DE
date
Wed, 23 Oct 2019 21:59:12 GMT
status
302
content-type
text/plain; charset=utf-8
location
https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0
x-page-cache
MISS
content-length
0
x-location
All
x-archive-redirect-reason
found capture at 20180601025728

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies