secured-logn.net Open in urlscan Pro
54.86.39.20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://addto.password.land/XcmVWjaXBpZWy50X2lkPTPM1NDY5UiNTk3HNiZjYW1waYWFlnbl9ydW5faWQ9MTI2pNDAwMSZhY3Rpb249Y2xpY2smdXJsPW...
Effective URL:
https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
Submission: On June 06 via manual (June 6th 2018, 2:35:59 pm UTC) from US

Summary HTTP 7 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 54.86.39.20, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is secured-logn.net.
TLS certificate: Issued by Amazon on June 5th 2018. Valid for: a year.

This is the only time secured-logn.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 1	52.72.175.22 52.72.175.22		14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3	54.86.39.20 54.86.39.20		14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3	2.20.23.219 2.20.23.219		20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	3

1 52.72.175.22 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-175-22.compute-1.amazonaws.com

addto.password.land	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.86.39.20 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-86-39-20.compute-1.amazonaws.com

secured-logn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.20.23.219 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-23-219.deploy.static.akamaitechnologies.com

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	205 KB
3	secured-logn.net secured-logn.net	793 KB
1	password.land 1 redirects addto.password.land	500 B
0	googleapis.com Failed ajax.googleapis.com Failed
7	4

	Domain	Requested by
3	secure.aadcdn.microsoftonline-p.com	secured-logn.net
3	secured-logn.net	secured-logn.net
1	addto.password.land	1 redirects
0	ajax.googleapis.com Failed	secured-logn.net
7	4

This site contains no links.

Subject Issuer	Validity	Valid
secured-logn.net Amazon	`2018-06-05` - `2019-07-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
Frame ID: 602F7CCE553CE8701DDDF7C05677D53D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://addto.password.land/XcmVWjaXBpZWy50X2lkPTPM1NDY5UiNTk3HNiZjYW1waYWFlnbl9ydW5faWQ9MTI2pNDAwMSZhY3... HTTP 302
https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land Page URL

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
env /^Modernizr$/i

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^moment$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

7
Requests

43 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

998 kB
Transfer

3416 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://addto.password.land/XcmVWjaXBpZWy50X2lkPTPM1NDY5UiNTk3HNiZjYW1waYWFlnbl9ydW5faWQ9MTI2pNDAwMSZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvY2FlODczNTllODEw HTTP 302
https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cae87359e810 Show response
secured-logn.net/pages/
Redirect Chain

http://addto.password.land/XcmVWjaXBpZWy50X2lkPTPM1NDY5UiNTk3HNiZjYW1waYWFlnbl9ydW5faWQ9MTI2pNDAwMSZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvY2FlODczNTllODEw
https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land

4 KB
2 KB

378ms
135ms

Document
text/html

54.86.39.20
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.86.39.20 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-54-86-39-20.compute-1.amazonaws.com

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

01c2d71c6b963d481ddebbfe83fca479da6e0f135df9dc59bb6a386b73632ce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: secured-logn.net
:scheme: https
:path: /pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 602F7CCE553CE8701DDDF7C05677D53D

Response headers

status: 200 200 OK
date: Wed, 06 Jun 2018 14:35:48 GMT
content-type: text/html; charset=utf-8
server: nginx/1.4.6 (Ubuntu)
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=0, private, must-revalidate
x-request-id: 7d19ac14-927b-49fa-9ef3-225f18ee6c08
x-runtime: 0.035852
content-encoding: gzip

Redirect headers

Date: Wed, 06 Jun 2018 14:35:47 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.4.6 (Ubuntu)
Status: 302 Found
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
Cache-Control: no-cache
X-Request-Id: 36817059-3bf4-4a7e-861f-be0e9135dee3
X-Runtime: 0.026919

GET
H2 200 application-04d48baa62f76846b9e8bcc132fd6e0c4bd06ab0374c66b2246f539483e83a42.js Show response
secured-logn.net/assets/ 3 MB
775 KB 100ms
99ms Script
application/x-javascript 54.86.39.20
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://secured-logn.net/assets/application-04d48baa62f76846b9e8bcc132fd6e0c4bd06ab0374c66b2246f539483e83a42.js
Requested by: Host: secured-logn.net
URL: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.39.20 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-86-39-20.compute-1.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 04d48baa62f76846b9e8bcc132fd6e0c4bd06ab0374c66b2246f539483e83a42

Request headers

:path: /assets/application-04d48baa62f76846b9e8bcc132fd6e0c4bd06ab0374c66b2246f539483e83a42.js
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: secured-logn.net
referer: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
:scheme: https
:method: GET
Referer: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Wed, 06 Jun 2018 14:35:48 GMT
content-encoding: gzip
last-modified: Tue, 05 Jun 2018 22:04:00 GMT
server: nginx/1.4.6 (Ubuntu)
etag: "5b1708d0-c167c"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=315360000 public
content-length: 792188
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js Show response
secured-logn.net/assets/ 50 KB
16 KB 296ms
295ms Script
application/x-javascript 54.86.39.20
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://secured-logn.net/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
Requested by: Host: secured-logn.net
URL: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.39.20 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-86-39-20.compute-1.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97

Request headers

:path: /assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: secured-logn.net
referer: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
:scheme: https
:method: GET
Referer: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Wed, 06 Jun 2018 14:35:48 GMT
content-encoding: gzip
last-modified: Tue, 05 Jun 2018 22:04:00 GMT
server: nginx/1.4.6 (Ubuntu)
etag: "5b1708d0-3d69"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=315360000 public
content-length: 15721
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ 199 KB
199 KB 27ms
7ms Image
image/jpeg 2.20.23.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration?ts=635974776187911809

Requested by

Host: secured-logn.net
URL: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land

Protocol

HTTP/1.1

Server

2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-20-23-219.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Wed, 06 Jun 2018 14:35:48 GMT
Last-Modified: Tue, 05 Jun 2018 16:39:05 GMT
Content-MD5: ZSg7Ej6yNeYXaumMAqxbHA==
Strict-Transport-Security: max-age=31536000
Content-Type: image\jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=13706
Connection: keep-alive
Content-Length: 203294

GET
H/1.1 200
OK bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ 4 KB
5 KB 7ms
7ms Image
image/png 2.20.23.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704

Requested by

Host: secured-logn.net
URL: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land

Protocol

HTTP/1.1

Server

2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-20-23-219.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Wed, 06 Jun 2018 14:35:48 GMT
Last-Modified: Wed, 06 Jun 2018 04:00:36 GMT
Content-MD5: nwmifU9ps1V8dDNXSinXJg==
Strict-Transport-Security: max-age=31536000
Content-Type: image\jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=52700
Connection: keep-alive
Content-Length: 4585

GET
H/1.1 200
OK microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/ 1 KB
1 KB 7ms
7ms Image
image/png 2.20.23.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png

Requested by

Host: secured-logn.net
URL: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land

Protocol

HTTP/1.1

Server

2.20.23.219 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-20-23-219.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secured-logn.net/pages/cae87359e810?crid=354695976&crun=1264001&dom=addto.password.land
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Wed, 06 Jun 2018 14:35:48 GMT
Last-Modified: Fri, 26 Aug 2016 19:02:05 GMT
Content-MD5: 5LZ1AH3GSS7lkBMdH337sw==
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=59336
Connection: keep-alive
Content-Length: 1040

GET jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| updateQueryStringParameter function| getParam function| colSort function| ES6Promise function| $ function| jQuery object| jQuery112409139595908236964 function| Retina function| RetinaImagePath function| RetinaImage object| Select2 function| Color function| Chart object| Chartkick function| proj4 function| SimpleWidget object| Tree object| Utils object| asap_questionaire function| AsapStoreViewer object| Routes function| moment function| _ object| ProgressBar object| html5 object| Modernizr object| asap object| kb4

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addto.password.land
ajax.googleapis.com
secure.aadcdn.microsoftonline-p.com
secured-logn.net
ajax.googleapis.com
2.20.23.219
52.72.175.22
54.86.39.20
01c2d71c6b963d481ddebbfe83fca479da6e0f135df9dc59bb6a386b73632ce9
04d48baa62f76846b9e8bcc132fd6e0c4bd06ab0374c66b2246f539483e83a42
654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603