ong-portal.ro Open in urlscan Pro
2606:4700:30::681b:b2d1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ong-portal.ro/windstream/
Effective URL:
https://ong-portal.ro/windstream/loginAuthState.html
Submission: On September 16 via manual (September 16th 2019, 1:16:46 pm UTC) from US

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2606:4700:30::681b:b2d1, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is ong-portal.ro.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 30th 2019. Valid for: a year.

This is the only time ong-portal.ro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Windstream Communications (Telecommunication) Generic (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 3	2606:4700:30:... 2606:4700:30::681b:b2d1		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
10	64.8.70.75 64.8.70.75		36271 (SYNACOR-C...) (SYNACOR-CLUSTER - Synacor)
12	2

3 2606:4700:30::681b:b2d1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ong-portal.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 64.8.70.75 (United States)

ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US)
PTR: auth-gateway.net

windstream.auth-gateway.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	auth-gateway.net windstream.auth-gateway.net	114 KB
3	ong-portal.ro 1 redirects ong-portal.ro	5 KB
12	2

	Domain	Requested by
10	windstream.auth-gateway.net	ong-portal.ro
3	ong-portal.ro	1 redirects ong-portal.ro
12	2

This site contains links to these domains. Also see Links.

Domain
sam.windstream.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-01-30` - `2020-01-30`	a year	crt.sh
*.auth-gateway.net DigiCert SHA2 High Assurance Server CA	`2016-08-24` - `2019-10-02`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://ong-portal.ro/windstream/loginAuthState.html
Frame ID: 23DFF35CF93E0DF2434A2D3C07DBED45
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ong-portal.ro/windstream/ HTTP 302
https://ong-portal.ro/windstream/loginAuthState.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

html /<div[^>]+class="g-recaptcha"/i

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

119 kB
Transfer

321 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://sam.windstream.com/selfcare/selfcare/SelfCareMain.jsp
Title: Trouble Logging In?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ong-portal.ro/windstream/ HTTP 302
https://ong-portal.ro/windstream/loginAuthState.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request loginAuthState.html Show response
ong-portal.ro/windstream/
Redirect Chain

https://ong-portal.ro/windstream/
https://ong-portal.ro/windstream/loginAuthState.html

12 KB
3 KB

88ms
88ms

Document
text/html

2606:4700:30::681b:b2d1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:b2d1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f1ccb813f8f3f4d2612095160f2fd5509de2410ee47645c39a0247664c5acdc

Request headers

:method: GET
:authority: ong-portal.ro
:scheme: https
:path: /windstream/loginAuthState.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
cookie: __cfduid=df341671f66a252c732f5cbf61bd2c1331568639788; PHPSESSID=rb3991r7509reucas2p8g5s2q5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Mon, 16 Sep 2019 13:16:29 GMT
content-type: text/html
last-modified: Thu, 07 Jun 2018 10:16:06 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 51731d79b9f9cbc4-VIE
content-encoding: br

Redirect headers

status: 302
date: Mon, 16 Sep 2019 13:16:29 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=df341671f66a252c732f5cbf61bd2c1331568639788; expires=Tue, 15-Sep-20 13:16:28 GMT; path=/; domain=.ong-portal.ro; HttpOnly PHPSESSID=rb3991r7509reucas2p8g5s2q5; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
location: loginAuthState.html
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 51731d784d88cbc4-VIE

GET
H/1.1 200
OK bootstrap.min.css
windstream.auth-gateway.net/bootstrap/css/ 103 KB
17 KB 551ms
203ms Stylesheet
text/css 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/bootstrap/css/bootstrap.min.css
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: b095c14e576cb3c64990abce12a5efb2e319999721456f2258e7c362834b673d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:35 GMT
Server: nginx
Age: 409
ETag: "19dd4-590b47c270bc0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 556862355 558075773
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 17052

GET
H/1.1 200
OK social.css
windstream.auth-gateway.net/css/default/ 7 KB
2 KB 458ms
111ms Stylesheet
text/css 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/css/default/social.css
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 82aa8220b0b10115902bf05d352ad727a2c21a7af61b20ae05dff5ff061de65c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:35 GMT
Server: nginx
Age: 404
ETag: "1c7b-590b47c270bc0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 532611938 529239590
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1929

GET
H/1.1 200
OK social_responsive.css
windstream.auth-gateway.net/css/default/ 1 KB
982 B 459ms
111ms Stylesheet
text/css 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/css/default/social_responsive.css
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 34e7485254321247359d42d049d1e880f0c54c3a6e9232ee99ccf9c17622b67f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:35 GMT
Server: nginx
Age: 24
ETag: "5da-590b47c270bc0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 789072817 804552915
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 540

GET
H/1.1 200
OK social_login.css
windstream.auth-gateway.net/css/default/ 2 KB
1 KB 459ms
111ms Stylesheet
text/css 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/css/default/social_login.css
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 678142bea0f875f9140575b7643f9f76486cf2139270371acd1543f063c93ec1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:35 GMT
Server: nginx
Age: 277
ETag: "7ec-590b47c270bc0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 553357152 558042500
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 809

GET
H/1.1 200
OK modernizr.js Show response
windstream.auth-gateway.net/js/ 12 KB
6 KB 462ms
110ms Script
text/javascript 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/js/modernizr.js
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:36 GMT
Server: nginx
Age: 520
ETag: "3048-590b47c364e00"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 553357154 553292441
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 5261

GET
H/1.1 200
OK jquery.min.js Show response
windstream.auth-gateway.net/js/ 91 KB
33 KB 661ms
203ms Script
text/javascript 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/js/jquery.min.js
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:36 GMT
Server: nginx
Age: 287
ETag: "16a79-590b47c364e00"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 527634858 533954825
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 33186

GET
H/1.1 200
OK federated_login.css
windstream.auth-gateway.net/css/client/69187/ 362 B
614 B 460ms
112ms Stylesheet
text/css 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/css/client/69187/federated_login.css
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: c6313f7ab660bb2f0a094bbe679a886ccfc6bde3b9617e5265fc6a5a28bb2965

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:35 GMT
Server: nginx
Age: 0
ETag: "16a-590b47c270bc0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 556862357
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 183

GET
H/1.1 200
OK windstream_communications_1024px.png
windstream.auth-gateway.net/images/windstream/ 33 KB
34 KB 204ms
204ms Image
image/png 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windstream.auth-gateway.net/images/windstream/windstream_communications_1024px.png
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 9ede253ad81b10b8a12be3d72bfbaaf4158405b1539be2e27528f2e31e2a2d12

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Via: 1.1 varnish
Last-Modified: Thu, 22 Aug 2019 13:15:36 GMT
Server: nginx
Age: 182
ETag: "84e8-590b47c364e00"
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Cache-Control: max-age=600, public
X-Varnish: 805470575 802098794
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 34024

GET
H2 200 email-decode.min.js Show response
ong-portal.ro/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
845 B 15ms
14ms Script
application/javascript 2606:4700:30::681b:b2d1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://ong-portal.ro/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:b2d1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Sep 2019 13:16:29 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 04 Sep 2019 13:11:56 GMT
server: cloudflare
etag: W/"5d6fb81c-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
cf-ray: 51731d7a5bebcbc4-VIE
expires: Wed, 18 Sep 2019 13:16:29 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
windstream.auth-gateway.net/bootstrap/js/ 28 KB
8 KB 110ms
110ms Script
text/javascript 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/bootstrap/js/bootstrap.min.js
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: 7470f9d78491838f5cc3ee51d4ed4d8a232f6c80ae80706dff96c062d3d663b6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Aug 2019 13:15:35 GMT
Server: nginx
Age: 133
ETag: "6f7a-590b47c270bc0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 559745223 554537515
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 7519

GET
H/1.1 200
OK s_code.js Show response
windstream.auth-gateway.net/saml/resources/omniture/ 30 KB
12 KB 115ms
115ms Script
text/javascript 64.8.70.75
Synacor

General

Check archive.org

Show headers Download Go to

Full URL: https://windstream.auth-gateway.net/saml/resources/omniture/s_code.js
Requested by: Host: ong-portal.ro
URL: https://ong-portal.ro/windstream/loginAuthState.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.8.70.75 , United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS: auth-gateway.net
Software: nginx /
Resource Hash: f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://ong-portal.ro/windstream/loginAuthState.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 16 Sep 2019 13:16:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Jun 2019 18:25:39 GMT
Server: nginx
Age: 469
ETag: "7723-58bb15b318ec0"
Vary: Accept-Encoding
P3P: CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Via: 1.1 varnish
Cache-Control: max-age=600, public
X-Varnish: 554602095 553032954
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 12208

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Windstream Communications (Telecommunication) Generic (Online)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| antiClickjack object| html5 object| Modernizr function| yepnope function| $ function| jQuery string| handler object| now number| can_submit_by boolean| completed_captcha function| enableSubmit function| updateTracking object| jQuery181009014400655056498 string| s_account object| s string| s_code undefined| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| $elements string| $escaped

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ong-portal.ro
windstream.auth-gateway.net
2606:4700:30::681b:b2d1
64.8.70.75
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
34e7485254321247359d42d049d1e880f0c54c3a6e9232ee99ccf9c17622b67f
678142bea0f875f9140575b7643f9f76486cf2139270371acd1543f063c93ec1
7470f9d78491838f5cc3ee51d4ed4d8a232f6c80ae80706dff96c062d3d663b6
7f1ccb813f8f3f4d2612095160f2fd5509de2410ee47645c39a0247664c5acdc
82aa8220b0b10115902bf05d352ad727a2c21a7af61b20ae05dff5ff061de65c
9ede253ad81b10b8a12be3d72bfbaaf4158405b1539be2e27528f2e31e2a2d12
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d
b095c14e576cb3c64990abce12a5efb2e319999721456f2258e7c362834b673d
c6313f7ab660bb2f0a094bbe679a886ccfc6bde3b9617e5265fc6a5a28bb2965
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd
fd413a60f3084fd9f633f1fcdf7ba4cb0a53f5eadc42ec0272d9a0fb9c439a50