secured-logn.net
Open in
urlscan Pro
54.86.39.20
Malicious Activity!
Public Scan
Effective URL: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
Submission: On June 06 via manual from US
Summary
TLS certificate: Issued by Amazon on June 5th 2018. Valid for: a year.
This is the only time secured-logn.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.72.175.22 52.72.175.22 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
3 | 54.86.39.20 54.86.39.20 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
3 | 2.20.23.219 2.20.23.219 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
7 | 3 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-175-22.compute-1.amazonaws.com
addto.password.land |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-86-39-20.compute-1.amazonaws.com
secured-logn.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-23-219.deploy.static.akamaitechnologies.com
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
205 KB |
3 |
secured-logn.net
secured-logn.net |
793 KB |
1 |
password.land
1 redirects
addto.password.land |
500 B |
0 |
googleapis.com
Failed
ajax.googleapis.com Failed |
|
7 | 4 |
Domain | Requested by | |
---|---|---|
3 | secure.aadcdn.microsoftonline-p.com |
secured-logn.net
|
3 | secured-logn.net |
secured-logn.net
|
1 | addto.password.land | 1 redirects |
0 | ajax.googleapis.com Failed |
secured-logn.net
|
7 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
secured-logn.net Amazon |
2018-06-05 - 2019-07-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
Frame ID: 602F7CCE553CE8701DDDF7C05677D53D
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://addto.password.land/XcmVWjaXBpZWy50X2lkPTPM1NDY5UiNTk3HNiZjYW1waYWFlnbl9ydW5faWQ9MTI2pNDAwMSZhY3...
HTTP 302
https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
- env /^Modernizr$/i
Moment.js (JavaScript Libraries) Expand
Detected patterns
- env /^moment$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://addto.password.land/XcmVWjaXBpZWy50X2lkPTPM1NDY5UiNTk3HNiZjYW1waYWFlnbl9ydW5faWQ9MTI2pNDAwMSZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvY2FlODczNTllODEw
HTTP 302
https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cae87359e810
secured-logn.net/pages/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-04d48baa62f76846b9e8bcc132fd6e0c4bd06ab0374c66b2246f539483e83a42.js
secured-logn.net/assets/ |
3 MB 775 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
secured-logn.net/assets/ |
50 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ajax.googleapis.com
- URL
- http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| updateQueryStringParameter function| getParam function| colSort function| ES6Promise function| $ function| jQuery object| jQuery112409139595908236964 function| Retina function| RetinaImagePath function| RetinaImage object| Select2 function| Color function| Chart object| Chartkick function| proj4 function| SimpleWidget object| Tree object| Utils object| asap_questionaire function| AsapStoreViewer object| Routes function| moment function| _ object| ProgressBar object| html5 object| Modernizr object| asap object| kb40 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
addto.password.land
ajax.googleapis.com
secure.aadcdn.microsoftonline-p.com
secured-logn.net
ajax.googleapis.com
2.20.23.219
52.72.175.22
54.86.39.20
01c2d71c6b963d481ddebbfe83fca479da6e0f135df9dc59bb6a386b73632ce9
04d48baa62f76846b9e8bcc132fd6e0c4bd06ab0374c66b2246f539483e83a42
654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603