securetwo.ml Open in urlscan Pro
104.168.173.135 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html
Effective URL:
https://securetwo.ml/mimecast/en.php
Submission: On June 18 via manual (June 18th 2019, 9:25:11 am UTC) from CZ

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 104.168.173.135, located in Seattle, United States and belongs to HOSTWINDS - Hostwinds LLC., US. The main domain is securetwo.ml.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 10th 2019. Valid for: 3 months.

This is the only time securetwo.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mimecast (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	173.249.5.19 173.249.5.19	51167 (CONTABO) (CONTABO)
2 10	104.168.173.135 104.168.173.135	54290 (HOSTWINDS) (HOSTWINDS - Hostwinds LLC.)
9	2

1 173.249.5.19 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi272869.contaboserver.net

telefontavsiyeleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.168.173.135 (Seattle, United States) 2 redirects

ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: seans5.masterns.com

securetwo.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	securetwo.ml 2 redirects securetwo.ml	158 KB
1	telefontavsiyeleri.com telefontavsiyeleri.com	242 B
9	2

	Domain	Requested by
10	securetwo.ml	2 redirects securetwo.ml
1	telefontavsiyeleri.com
9	2

This site contains no links.

Subject Issuer	Validity	Valid
telefontavsiyeleri.com Let's Encrypt Authority X3	`2019-06-14` - `2019-09-12`	3 months	crt.sh
securetwo.ml cPanel, Inc. Certification Authority	`2019-06-10` - `2019-09-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://securetwo.ml/mimecast/en.php
Frame ID: 5249B8BDB6EAAC424DAFBF2264AAAA80
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html Page URL
https://securetwo.ml/mimecast HTTP 301
https://securetwo.ml/mimecast/ HTTP 302
https://securetwo.ml/mimecast/en.php Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

158 kB
Transfer

999 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html Page URL
https://securetwo.ml/mimecast HTTP 301
https://securetwo.ml/mimecast/ HTTP 302
https://securetwo.ml/mimecast/en.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	a.html Show response telefontavsiyeleri.com/wp-content/uploads/2019/	74 B 242 B	53ms 13ms	Document text/html	173.249.5.19 CONTABO
General Check archive.org Show headers Download Go to Full URL https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.249.5.19 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi272869.contaboserver.net Software nginx / PleskLin Resource Hash `fa2968363eec9a5056839f93acf8524a1121ca66009421dc098f3c08d4b72665` Request headers :method GET :authority telefontavsiyeleri.com :scheme https :path /wp-content/uploads/2019/a.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 server nginx date Tue, 18 Jun 2019 09:24:55 GMT content-type text/html content-length 74 x-accel-version 0.01 last-modified Mon, 17 Jun 2019 03:29:20 GMT etag "4a-58b7c9a086400" accept-ranges bytes x-powered-by PleskLin
GET H2	200	Primary Request en.php Show response securetwo.ml/mimecast/ Redirect Chain https://securetwo.ml/mimecast https://securetwo.ml/mimecast/ https://securetwo.ml/mimecast/en.php	810 KB 75 KB	191ms 190ms	Document text/html	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Full URL https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `e3ff37065b24bf94ffbdde14d0ead3c83228508cf7f6304ab533803a2c9b970a` Request headers :method GET :authority securetwo.ml :scheme https :path /mimecast/en.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 referer https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html accept-encoding gzip, deflate, br cookie PHPSESSID=7h2b89od15f81rcph895frvjf7 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html Response headers status 200 date Tue, 18 Jun 2019 09:24:58 GMT server Apache vary Accept-Encoding content-encoding br content-type text/html; charset=UTF-8 Redirect headers status 302 date Tue, 18 Jun 2019 09:24:57 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache set-cookie PHPSESSID=7h2b89od15f81rcph895frvjf7; path=/ location en.php vary Accept-Encoding content-encoding br content-length 1 content-type text/html; charset=UTF-8
GET H2	200	entypo.css securetwo.ml/mimecast/css/	17 KB 3 KB	181ms 180ms	Stylesheet text/css	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Full URL https://securetwo.ml/mimecast/css/entypo.css Requested by Host: securetwo.ml URL: https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `7a24726189ec811cbf06e22aaabffbb801ac7053ab29639db0be79d4f1806c1d` Request headers Referer https://securetwo.ml/mimecast/en.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 18 Jun 2019 09:24:58 GMT content-encoding br last-modified Thu, 23 May 2019 18:20:00 GMT server Apache vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 3214
GET H2	200	font-awesome.css securetwo.ml/mimecast/css/	28 KB 5 KB	313ms 312ms	Stylesheet text/css	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Full URL https://securetwo.ml/mimecast/css/font-awesome.css Requested by Host: securetwo.ml URL: https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `c374efba54279628793f04e10ebf5d0c1b4dbc36b3f4132d9235f01d64ca5c8e` Request headers Referer https://securetwo.ml/mimecast/en.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 18 Jun 2019 09:24:58 GMT content-encoding br last-modified Thu, 23 May 2019 18:20:00 GMT server Apache vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 5403
GET H2	200	mimecast-icons.css securetwo.ml/mimecast/css/	10 KB 2 KB	178ms 177ms	Stylesheet text/css	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Full URL https://securetwo.ml/mimecast/css/mimecast-icons.css Requested by Host: securetwo.ml URL: https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `83cf71af07d94d9c23664cab0049784939c9b1e1874b5c99fe2e221d618ebe54` Request headers Referer https://securetwo.ml/mimecast/en.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 18 Jun 2019 09:24:58 GMT content-encoding br last-modified Thu, 23 May 2019 18:20:00 GMT server Apache vary Accept-Encoding content-type text/css status 200 accept-ranges bytes content-length 2138
GET H2	200	mimecast-logo.png securetwo.ml/mimecast/images/	3 KB 3 KB	147ms 146ms	Image image/png	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Show image Full URL https://securetwo.ml/mimecast/images/mimecast-logo.png Requested by Host: securetwo.ml URL: https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `3fa3a17b8560b8e303917887ee40d3c04148b6dfdc515d00e24da39229780eb2` Request headers Referer https://securetwo.ml/mimecast/en.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Tue, 18 Jun 2019 09:24:58 GMT last-modified Thu, 23 May 2019 18:20:00 GMT server Apache accept-ranges bytes content-length 3050 content-type image/png
GET H2	200	jquery-1.11.3.min.js Show response securetwo.ml/mimecast/js/	94 KB 32 KB	162ms 162ms	Script application/javascript	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Full URL https://securetwo.ml/mimecast/js/jquery-1.11.3.min.js Requested by Host: securetwo.ml URL: https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8` Request headers Referer https://securetwo.ml/mimecast/en.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 18 Jun 2019 09:24:58 GMT content-encoding br last-modified Thu, 23 May 2019 18:20:00 GMT server Apache vary Accept-Encoding content-type application/javascript status 200 accept-ranges bytes content-length 32399
GET H2	200	main.js Show response securetwo.ml/mimecast/js/	1 KB 381 B	149ms 148ms	Script application/javascript	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Full URL https://securetwo.ml/mimecast/js/main.js Requested by Host: securetwo.ml URL: https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `92b6124e09bfef228b136511ab4a1bf58d532cfea77ce08701e62dea8b354054` Request headers Referer https://securetwo.ml/mimecast/en.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 18 Jun 2019 09:24:59 GMT content-encoding br last-modified Thu, 23 May 2019 18:20:00 GMT server Apache vary Accept-Encoding content-type application/javascript status 200 accept-ranges bytes content-length 326
GET H2	200	mimecast-icons.woff2 securetwo.ml/mimecast/fonts/	37 KB 37 KB	145ms 144ms	Font font/woff2	104.168.173.135 Hostwinds LLC.
General Check archive.org Show headers Download Go to Full URL https://securetwo.ml/mimecast/fonts/mimecast-icons.woff2?88870484 Requested by Host: securetwo.ml URL: https://securetwo.ml/mimecast/en.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.168.173.135 Seattle, United States, ASN54290 (HOSTWINDS - Hostwinds LLC., US), Reverse DNS seans5.masterns.com Software Apache / Resource Hash `e1cc0f9784d2d947aa86e10e4eff6b99fe50f1a0a4c34bd8a2c43a6cf66176cc` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://securetwo.ml/mimecast/css/mimecast-icons.css Origin https://securetwo.ml Response headers date Tue, 18 Jun 2019 09:24:59 GMT content-encoding br last-modified Thu, 23 May 2019 18:20:00 GMT server Apache vary Accept-Encoding content-type font/woff2 status 200 accept-ranges bytes content-length 37996

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mimecast (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			securetwo.ml/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7h2b89od15f81rcph895frvjf7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

securetwo.ml
telefontavsiyeleri.com
104.168.173.135
173.249.5.19
3fa3a17b8560b8e303917887ee40d3c04148b6dfdc515d00e24da39229780eb2
7a24726189ec811cbf06e22aaabffbb801ac7053ab29639db0be79d4f1806c1d
83cf71af07d94d9c23664cab0049784939c9b1e1874b5c99fe2e221d618ebe54
92b6124e09bfef228b136511ab4a1bf58d532cfea77ce08701e62dea8b354054
c374efba54279628793f04e10ebf5d0c1b4dbc36b3f4132d9235f01d64ca5c8e
e1cc0f9784d2d947aa86e10e4eff6b99fe50f1a0a4c34bd8a2c43a6cf66176cc
e3ff37065b24bf94ffbdde14d0ead3c83228508cf7f6304ab533803a2c9b970a
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
fa2968363eec9a5056839f93acf8524a1121ca66009421dc098f3c08d4b72665

securetwo.ml Open in urlscan Pro 104.168.173.135 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

158 kBTransfer

999 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

securetwo.ml Open in urlscan Pro
104.168.173.135 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

158 kB
Transfer

999 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!