storage-mailbox.securelogin.workers.dev
Open in
urlscan Pro
172.67.166.110
Malicious Activity!
Private Scan
Effective URL: https://storage-mailbox.securelogin.workers.dev/
Submission: On October 13 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 6th 2021. Valid for: 3 months.
This is the only time storage-mailbox.securelogin.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.241.186.140 35.241.186.140 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.67.166.110 172.67.166.110 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 69.16.175.42 69.16.175.42 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2.16.186.187 2.16.186.187 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 142.250.186.68 142.250.186.68 | 15169 (GOOGLE) (GOOGLE) | |
6 | 6 |
ASN15169 (GOOGLE, US)
PTR: 140.186.241.35.bc.googleusercontent.com
xyt2i.mjt.lu |
ASN13335 (CLOUDFLARENET, US)
storage-mailbox.securelogin.workers.dev |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-187.deploy.static.akamaitechnologies.com
www.logmein.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
logmein.com
1 redirects
www.logmein.com |
482 B |
1 |
google.com
www.google.com |
2 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
15 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
workers.dev
storage-mailbox.securelogin.workers.dev |
3 KB |
1 |
mjt.lu
1 redirects
xyt2i.mjt.lu |
152 B |
6 | 6 |
Domain | Requested by | |
---|---|---|
2 | www.logmein.com |
1 redirects
storage-mailbox.securelogin.workers.dev
|
1 | www.google.com | |
1 | stackpath.bootstrapcdn.com |
storage-mailbox.securelogin.workers.dev
|
1 | code.jquery.com |
storage-mailbox.securelogin.workers.dev
|
1 | storage-mailbox.securelogin.workers.dev | |
1 | xyt2i.mjt.lu | 1 redirects |
6 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.securelogin.workers.dev R3 |
2021-10-06 - 2022-01-04 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
gotomeeting.com DigiCert SHA2 Secure Server CA |
2021-08-30 - 2022-08-30 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://storage-mailbox.securelogin.workers.dev/
Frame ID: EC67E3F9790FFB0EDE377CA0653EB8A3
Requests: 4 HTTP requests in this frame
Frame:
https://www.logmein.com/de
Frame ID: 41D509632B189D983F97B10E0ECA8B24
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
MAILBOX STORAGE!Page URL History Show full URLs
-
https://xyt2i.mjt.lu/lnk/AVkAAA9iavIAAAAIsFAAABTLbSEAAAAAd7gAAJJjABga0gBhZws5xuGGelhoRkGh3roSDjBB...
HTTP 302
https://storage-mailbox.securelogin.workers.dev/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://xyt2i.mjt.lu/lnk/AVkAAA9iavIAAAAIsFAAABTLbSEAAAAAd7gAAJJjABga0gBhZws5xuGGelhoRkGh3roSDjBB3QAW_mw/1/7AYrBj-XoRdH-Y9PXfcAMg/aHR0cHM6Ly9zdG9yYWdlLW1haWxib3guc2VjdXJlbG9naW4ud29ya2Vycy5kZXYvI2t1cnQuc25vZGdyYXNzQGxvZ21laW4uY29t
HTTP 302
https://storage-mailbox.securelogin.workers.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://www.logmein.com/ HTTP 302
- https://www.logmein.com/de
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
storage-mailbox.securelogin.workers.dev/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
de
www.logmein.com/ Frame 41D5 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicons
www.google.com/s2/ |
506 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.com/ | Name: NID Value: 511=Qt5hF_DTG5wY2AGPUAGA1pV1SxnW3E7g44CzO6RSeUI8RGBv-LEd454S9VJJj9YUTWsxokdyRrNx1ytmhDZx_-PEuULyZoAk_MTABB2Pn1lWOeERgyv_CzXopguvT4RgRNzye9tkZ7yfcHh_2JmQ9h4sbHhSXYgvI0OygJ-aNRY |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
stackpath.bootstrapcdn.com
storage-mailbox.securelogin.workers.dev
www.google.com
www.logmein.com
xyt2i.mjt.lu
104.18.11.207
142.250.186.68
172.67.166.110
2.16.186.187
35.241.186.140
69.16.175.42
41ee0e142224c1c36afe95ded9407ba26272f62b0354767fbff9666ee30dac1c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2d39fe694af1354221079aa7b6968e142f65e517d69e147ef19668e7e8c877b