secure.proficiency.org
Open in
urlscan Pro
168.62.224.13
Malicious Activity!
Public Scan
Submission: On July 11 via manual from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 3rd 2019. Valid for: a year.
This is the only time secure.proficiency.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 168.62.224.13 168.62.224.13 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
6 | 52.85.182.101 52.85.182.101 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
18 | 2 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: waws-prod-ch1-001.cloudapp.net
secure.proficiency.org |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-182-101.fra50.r.cloudfront.net
d2i2wahzwrm1n5.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
proficiency.org
secure.proficiency.org |
345 KB |
6 |
cloudfront.net
d2i2wahzwrm1n5.cloudfront.net |
92 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
12 | secure.proficiency.org |
secure.proficiency.org
|
6 | d2i2wahzwrm1n5.cloudfront.net |
secure.proficiency.org
|
18 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
secure.gcmtotalsolutions.com Go Daddy Secure Certificate Authority - G2 |
2019-06-03 - 2020-06-03 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2018-10-08 - 2019-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://secure.proficiency.org/customers/default.aspx?cID=1&logoff=true
Frame ID: C454B8AB84B4BE582BE8668EFC1221FF
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- url /\.aspx?(?:$|\?)/i
- html /<input[^>]+name="__VIEWSTATE/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- url /\.aspx?(?:$|\?)/i
- html /<input[^>]+name="__VIEWSTATE/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- url /\.aspx?(?:$|\?)/i
- html /<input[^>]+name="__VIEWSTATE/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
default.aspx
secure.proficiency.org/customers/ |
13 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
customer.css
secure.proficiency.org/includes/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
23 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
1 KB 1001 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
22 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebResource.axd
secure.proficiency.org/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Telerik.Web.UI.WebResource.axd
secure.proficiency.org/ |
140 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Core.js
d2i2wahzwrm1n5.cloudfront.net/ajaxz/2017.3.913/Common/ |
67 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MaterialRippleScripts.js
d2i2wahzwrm1n5.cloudfront.net/ajaxz/2017.3.913/Common/MaterialRipple/ |
12 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RadInputScript.js
d2i2wahzwrm1n5.cloudfront.net/ajaxz/2017.3.913/Input/TextBox/ |
60 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQuery.js
d2i2wahzwrm1n5.cloudfront.net/ajaxz/2017.3.913/Common/ |
94 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jQueryPlugins.js
d2i2wahzwrm1n5.cloudfront.net/ajaxz/2017.3.913/Common/ |
12 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RadButtonScripts.js
d2i2wahzwrm1n5.cloudfront.net/ajaxz/2017.3.913/Button/ |
104 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CustomerPage-Background.jpg
secure.proficiency.org/includes/images/ |
277 KB 277 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)65 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| OnKeyPress object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events object| commonScripts object| Telerik object| $telerik object| TelerikCommonScripts undefined| $ undefined| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d2i2wahzwrm1n5.cloudfront.net
secure.proficiency.org
168.62.224.13
52.85.182.101
04883a88645d4a6f541c7b5d649a8780cb88e51c7e4e412ace2a1118ca8b542f
072de0984ec31d0e022ee49bb6913881b74ac821ec4f73ba03a1365fdb83c02c
0e6361c652546e8dc9a2ac9b90e7c38a2ef2061cf530f894b822c4013878fdf6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
419f5efc478dfbf45830d4b84ce0d064601688349194ecd0ff68d8c77fc9a9d9
4c7cb6c3c4be6580aa49c0bf23a13c2b0402e266e7be45c40a82f41a9f04cae3
5ec7c72cb0357bbec894977ecd2bdc6fbd453995682be5f3b028c69176656f92
a7310b56e3575a7d16ce7d66e36ba262d266d54a2cd53ba5581dc64d59930ac2
b5923a6611f288633d8d94245df1da583e8cee46a3d72f0a5d4b29a0b7605541
cc49c0ec309f1e68bdefade6456183700278be6e4cc30897d4bbf87eaf2b4db8
d1093de22dddbd83426ed457d3029d430770571ff71f083576333509a9b0e6d9
d436f4ca07b11e9071da3685d057b6028ca5d7d3b67fe29ec9e1e2f935fe6ff4
e7c85dc88b397cac9022dc5673579971d0aa5a2d253dab47b77b860832851f1a
ecf1a29eec5818834c98c75115f6e983f1bcd80bbe64c25d35debf2932f41f1a
fbac1766ac672c1852a114032584b8d3351c735b11e52b310368ccdaee7f78e0
fddcc6ba29cdc40d1b81b139d2ad7bc0f79aaf8250e9266d944ecc5791bfe6f5
fe26902a4218fd6b98354a363fb5c7aea313de70cf5486f5aa3e63916b52627f