urlscan.io logo urlscan.io
SecurityTrails logo

auth.advantageresourcing.com Open in urlscan Pro
199.107.36.111  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.myconnect.today/en/resource-center
Effective URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Submission: On June 01 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 199.107.36.111, located in Dedham, United States and belongs to ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US. The main domain is auth.advantageresourcing.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 25th 2017. Valid for: 3 years.
This is the only time auth.advantageresourcing.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

IP Address AS Autonomous System
2 2 199.107.36.112 17231 (ATT-CERFN...)
2 20 199.107.36.111 17231 (ATT-CERFN...)
18 1
Apex Domain
Subdomains		 Transfer
20 advantageresourcing.com
auth.advantageresourcing.com
178 KB
2 myconnect.today
www.myconnect.today
578 B
18 2
Domain Requested by
20 auth.advantageresourcing.com 2 redirects auth.advantageresourcing.com
2 www.myconnect.today 2 redirects
18 2

This site contains no links.

Subject Issuer Validity Valid
*.advantageresourcing.com
Go Daddy Secure Certificate Authority - G2		 2017-08-25 -
2020-08-25		 3 years crt.sh

This page contains 1 frames:

Primary Page: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Frame ID: A89491171D3ED7AC13794C011785749E
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.myconnect.today/en/resource-center HTTP 302
    https://www.myconnect.today/en/resource-center HTTP 302
    https://auth.advantageresourcing.com/cgi/tm?dN2g6PNi0yqcOD2XQYNyoBcjUbPgpFl9BEIo6Gty8o78tPLBOoTEqiJZpYnPI8hEMCHF9... HTTP 302
    https://auth.advantageresourcing.com/vpn/tmindex.html HTTP 302
    https://auth.advantageresourcing.com/vpn/myconnect_logon.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

18
Requests

89 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

177 kB
Transfer

171 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.myconnect.today/en/resource-center HTTP 302
    https://www.myconnect.today/en/resource-center HTTP 302
    https://auth.advantageresourcing.com/cgi/tm?dN2g6PNi0yqcOD2XQYNyoBcjUbPgpFl9BEIo6Gty8o78tPLBOoTEqiJZpYnPI8hEMCHF9Ni7rWJR%2F9PxTx%2BaA8gZKIG5wiw0wfu4FCMF9min55G9Ch%2BEOwglAc6VedlXITkGEndKmeknD9JcbagNyNssZhtTDFpiex209G53DAk%3D%26sign%3DSpdXighB3fAWTXfxO96S%2BwFqvFE%3D HTTP 302
    https://auth.advantageresourcing.com/vpn/tmindex.html HTTP 302
    https://auth.advantageresourcing.com/vpn/myconnect_logon.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request myconnect_logon.html
auth.advantageresourcing.com/vpn/
Redirect Chain
  • http://www.myconnect.today/en/resource-center
  • https://www.myconnect.today/en/resource-center
  • https://auth.advantageresourcing.com/cgi/tm?dN2g6PNi0yqcOD2XQYNyoBcjUbPgpFl9BEIo6Gty8o78tPLBOoTEqiJZpYnPI8hEMCHF9Ni7rWJR%2F9PxTx%2BaA8gZKIG5wiw0wfu4FCMF9min55G9Ch%2BEOwglAc6VedlXITkGEndKmeknD9Jcbag...
  • https://auth.advantageresourcing.com/vpn/tmindex.html
  • https://auth.advantageresourcing.com/vpn/myconnect_logon.html
9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
ec452d80151f8f99c26e3568c2ab54d5931e07e22171e3505a3859d70238d318
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
auth.advantageresourcing.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A89491171D3ED7AC13794C011785749E

Response headers

Age
1
Date
Fri, 01 Jun 2018 15:14:34 GMT
Connection
Keep-Alive
Via
NS-CACHE-10.0: 106
ETag
"c11-246d-56c6c7662af80"
Server
Apache
Last-Modified
Thu, 17 May 2018 20:13:02 GMT
Accept-Ranges
bytes
Content-Length
9325
X-Frame-Options
SAMEORIGIN
Keep-Alive
timeout=15, max=100
Content-Type
text/html

Redirect headers

Location
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Connection
close
Cache-Control
no-cache
Pragma
no-cache
caxtonstyle.css
auth.advantageresourcing.com/vpn/myconnect/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/caxtonstyle.css
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
96a28b4205c19f78f540869e96818637b61222b8b2533e698080579bb8495a9a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"bfe-4d42-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=83
Content-Length
19778
presources.js
auth.advantageresourcing.com/vpn/myconnect/ 		18 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/presources.js
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
f05a0830e2bf398a58f2f552aff8a5205930e89497723e86536f07f41399f0f0
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c01-4661-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=82
Content-Length
18017
pnsshare.js
auth.advantageresourcing.com/vpn/myconnect/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/pnsshare.js
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
3bd68b5cc3f9d1284c6617e0b32e971836644b491145acedd2e1fb6bedde835c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"bff-451d-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=81
Content-Length
17693
plogin.js
auth.advantageresourcing.com/vpn/myconnect/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/plogin.js
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
181e154fe8e50e332a9c4f8a73fe4b7a3eadcf92cce84b28ab04f75385bb532b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c00-b8e-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
2958
topleft.gif
auth.advantageresourcing.com/vpn/myconnect/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/topleft.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
3314a75adb99fae7c179679eab4491732e64aca4989b3fbec58d986d5d4e5b58
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"bfd-135e-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=87
Content-Length
4958
topright.gif
auth.advantageresourcing.com/vpn/myconnect/ 		581 B
925 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/topright.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c06-245-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
581
LoginButtonRolloverGlow.gif
auth.advantageresourcing.com/vpn/myconnect/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/LoginButtonRolloverGlow.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
7d66a471480ec7319436a5cb6fdaebffcf4a06c5759b09bdeecb2ef731e8d218
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c0b-6e3-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=80
Content-Length
1763
leftmid.gif
auth.advantageresourcing.com/vpn/myconnect/ 		290 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/leftmid.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c0c-122-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
290
rightmid.gif
auth.advantageresourcing.com/vpn/myconnect/ 		306 B
650 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/rightmid.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c09-132-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=97
Content-Length
306
Bottomleft.gif
auth.advantageresourcing.com/vpn/myconnect/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/Bottomleft.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c10-245f-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=79
Content-Length
9311
Bottomright.gif
auth.advantageresourcing.com/vpn/myconnect/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/Bottomright.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c0d-958-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=78
Content-Length
2392
config.xml
auth.advantageresourcing.com/vpn/resources/ 		280 B
630 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.advantageresourcing.com/vpn/resources/config.xml
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect/presources.js
Protocol
HTTP/1.1
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
6b06b78c51a0dde1f08ae84769e7215b24302c75d578700bc7b3478d5aa30df1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:35 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Sat, 03 Feb 2018 20:29:53 GMT
Server
Apache
Age
1
ETag
"513-118-56454b0fdb240"
X-Frame-Options
SAMEORIGIN
Content-Type
application/xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=91
Content-Length
280
en.xml
auth.advantageresourcing.com/vpn/resources/ 		48 KB
49 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.advantageresourcing.com/vpn/resources/en.xml
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect/presources.js
Protocol
HTTP/1.1
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
92260f7fc226c7ce698e5b86c2f4a7e0c817f8969e7e494e8ea68c5fb482b309
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:36 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Sat, 03 Feb 2018 20:29:53 GMT
Server
Apache
Age
1
ETag
"515-c14a-56454b0fdb240"
X-Frame-Options
SAMEORIGIN
Content-Type
application/xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=90
Content-Length
49482
CenterBlueBkg.jpg
auth.advantageresourcing.com/vpn/images/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/images/CenterBlueBkg.jpg
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect/plogin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
89c4330cc79930bfd75dfd67d508b8018c52a7b6c71508946115a15dfb3ebfca
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect/caxtonstyle.css
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect/caxtonstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:36 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Sat, 03 Feb 2018 20:29:53 GMT
Server
Apache
Age
1
ETag
"4cf-8fef-56454b0fdb240"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=89
Content-Length
36847
Bottommid.gif
auth.advantageresourcing.com/vpn/myconnect/ 		276 B
620 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/Bottommid.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect/plogin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:36 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c0e-114-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=76
Content-Length
276
midmid.gif
auth.advantageresourcing.com/vpn/myconnect/ 		856 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/midmid.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect/plogin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
aefe7b8bd3a84edf8201793cbd03527e4a39ed13f3734ac349570b86ec7a0c52
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:36 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c0a-358-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
856
topmid.gif
auth.advantageresourcing.com/vpn/myconnect/ 		58 B
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.advantageresourcing.com/vpn/myconnect/topmid.gif
Requested by
Host: auth.advantageresourcing.com
URL: https://auth.advantageresourcing.com/vpn/myconnect/plogin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.107.36.111 Dedham, United States, ASN17231 (ATT-CERFNET-BLOCK - AT&T Enhanced Network Services, US),
Reverse DNS
Software
Apache /
Resource Hash
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
auth.advantageresourcing.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
Cookie
NSC_TASS=aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D
Connection
keep-alive
Cache-Control
no-cache
Referer
https://auth.advantageresourcing.com/vpn/myconnect_logon.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Fri, 01 Jun 2018 15:14:36 GMT
Via
NS-CACHE-10.0: 106
Last-Modified
Thu, 17 May 2018 20:10:32 GMT
Server
Apache
Age
1
ETag
"c07-3a-56c6c6d71de00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=96
Content-Length
58

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| ResourceManager function| _ object| Resources function| CreateMainTable function| CreateBannerI function| CreateBannerII function| AddHeaderAndBar function| AddHeaderAndBarForTM function| AddHeaderAndBarForCitrix function| AddFooter function| AddBanner boolean| suitable_browser_to_use_png function| canShowPNGWell function| documentWriteGlowBoxUpper function| documentWriteGlowBoxLower function| documentWriteActionPane function| DialogueBodyTop function| DialogueBodyBottom function| DialogInclude function| DialogueBodyI function| DialogueBodyII function| TransferInclude function| TransferOnesessBodyI function| TransferMultsessBodyI function| TransferBodyII function| __get_aa_location number| minWindowHeight function| __aa_add_onload function| __aa_getElementsByClass function| __aa_load_handler function| __invokeAA function| __getContentHolder function| __getWindowHeight function| __getObjectPosition boolean| loginPrefilled function| UnsetCookie function| ns_check function| ns_disperrmsg function| ns_getcookie function| ns_fillName function| loginFieldCheck function| clean_name_cookie function| ns_showpwd function| __aa_pwcnt function| changePage function| setFocus number| begin

1 Cookies

Domain/Path Name / Value
auth.advantageresourcing.com/ Name: NSC_TASS
Value: aHR0cHM6Ly93d3cubXljb25uZWN0LnRvZGF5L2VuL3Jlc291cmNlLWNlbnRlciZjc3JmPTAyNTc0Zjk4NzE0OTA0OTU%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN