login.0ffice365.bw-group.com
Open in
urlscan Pro
61.14.35.33
Malicious Activity!
Public Scan
Effective URL: http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Submission: On October 23 via manual from IN
Summary
This is the only time login.0ffice365.bw-group.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 61.14.35.33 61.14.35.33 | 3300 (BT) (BT) | |
2 4 | 207.241.233.214 207.241.233.214 | 7941 (INTERNET-...) (INTERNET-ARCHIVE - Internet Archive) | |
7 | 2 |
ASN7941 (INTERNET-ARCHIVE - Internet Archive, US)
PTR: wwwb-front4.us.archive.org
web.archive.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
archive.org
2 redirects
web.archive.org |
285 KB |
1 |
bw-group.com
login.0ffice365.bw-group.com |
3 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
4 | web.archive.org |
2 redirects
login.0ffice365.bw-group.com
|
1 | login.0ffice365.bw-group.com | |
7 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
www.microsoft.com |
privacy.microsoft.com |
login.microsoftonline.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.archive.org Go Daddy Secure Certificate Authority - G2 |
2016-12-19 - 2020-02-21 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://login.0ffice365.bw-group.com/?rid=kgV1aXW
Frame ID: 3BAE655A9EB549361B1B805EE5873F5D
Requests: 7 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Create one!
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://web.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d HTTP 302
- https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
- https://web.archive.org/web/20180531235315/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0 HTTP 302
- https://web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
login.0ffice365.bw-group.com/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Converged_v21033.css
61.14.35.33/static/ |
92 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
61.14.35.33/static/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_white.svg
61.14.35.33/static/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey.svg
61.14.35.33/static/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0-small.jpg
web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/ Redirect Chain
|
3 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.jpg
web.archive.org/web/20180601025728/https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/ Redirect Chain
|
277 KB 279 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.0ffice365.bw-group.com
web.archive.org
207.241.233.214
61.14.35.33
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
48cf1d1a5c2f6e1eb854538157df30d2dca1ee1a242068a9bd9be9a80a2be75c
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
d89ef7a00e8aaafc34e2e56f9a5dcf024557d1c33af53a266aa70fffde4f7927
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea