securetwo.ml
Open in
urlscan Pro
104.168.173.135
Malicious Activity!
Public Scan
Effective URL: https://securetwo.ml/mimecast/en.php
Submission: On June 18 via manual from CZ
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 10th 2019. Valid for: 3 months.
This is the only time securetwo.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mimecast (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 173.249.5.19 173.249.5.19 | 51167 (CONTABO) (CONTABO) | |
2 10 | 104.168.173.135 104.168.173.135 | 54290 (HOSTWINDS) (HOSTWINDS - Hostwinds LLC.) | |
9 | 2 |
ASN51167 (CONTABO, DE)
PTR: vmi272869.contaboserver.net
telefontavsiyeleri.com |
ASN54290 (HOSTWINDS - Hostwinds LLC., US)
PTR: seans5.masterns.com
securetwo.ml |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
securetwo.ml
2 redirects
securetwo.ml |
158 KB |
1 |
telefontavsiyeleri.com
telefontavsiyeleri.com |
242 B |
9 | 2 |
Domain | Requested by | |
---|---|---|
10 | securetwo.ml |
2 redirects
securetwo.ml
|
1 | telefontavsiyeleri.com | |
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
telefontavsiyeleri.com Let's Encrypt Authority X3 |
2019-06-14 - 2019-09-12 |
3 months | crt.sh |
securetwo.ml cPanel, Inc. Certification Authority |
2019-06-10 - 2019-09-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://securetwo.ml/mimecast/en.php
Frame ID: 5249B8BDB6EAAC424DAFBF2264AAAA80
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html Page URL
-
https://securetwo.ml/mimecast
HTTP 301
https://securetwo.ml/mimecast/ HTTP 302
https://securetwo.ml/mimecast/en.php Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://telefontavsiyeleri.com/wp-content/uploads/2019/a.html Page URL
-
https://securetwo.ml/mimecast
HTTP 301
https://securetwo.ml/mimecast/ HTTP 302
https://securetwo.ml/mimecast/en.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
a.html
telefontavsiyeleri.com/wp-content/uploads/2019/ |
74 B 242 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
en.php
securetwo.ml/mimecast/ Redirect Chain
|
810 KB 75 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
entypo.css
securetwo.ml/mimecast/css/ |
17 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
securetwo.ml/mimecast/css/ |
28 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mimecast-icons.css
securetwo.ml/mimecast/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mimecast-logo.png
securetwo.ml/mimecast/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.3.min.js
securetwo.ml/mimecast/js/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
securetwo.ml/mimecast/js/ |
1 KB 381 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mimecast-icons.woff2
securetwo.ml/mimecast/fonts/ |
37 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mimecast (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| checkParams function| checkParams2 function| checkParams31 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
securetwo.ml/ | Name: PHPSESSID Value: 7h2b89od15f81rcph895frvjf7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
securetwo.ml
telefontavsiyeleri.com
104.168.173.135
173.249.5.19
3fa3a17b8560b8e303917887ee40d3c04148b6dfdc515d00e24da39229780eb2
7a24726189ec811cbf06e22aaabffbb801ac7053ab29639db0be79d4f1806c1d
83cf71af07d94d9c23664cab0049784939c9b1e1874b5c99fe2e221d618ebe54
92b6124e09bfef228b136511ab4a1bf58d532cfea77ce08701e62dea8b354054
c374efba54279628793f04e10ebf5d0c1b4dbc36b3f4132d9235f01d64ca5c8e
e1cc0f9784d2d947aa86e10e4eff6b99fe50f1a0a4c34bd8a2c43a6cf66176cc
e3ff37065b24bf94ffbdde14d0ead3c83228508cf7f6304ab533803a2c9b970a
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
fa2968363eec9a5056839f93acf8524a1121ca66009421dc098f3c08d4b72665