login.szymon-rancher.ncctest.netrounds.com
Open in
urlscan Pro
3.124.20.247
Public Scan
URL:
https://login.szymon-rancher.ncctest.netrounds.com/
Submission: On April 15 via automatic, source certstream-suspicious
Submission: On April 15 via automatic, source certstream-suspicious
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 12 HTTP transactions.
The main IP is 3.124.20.247, located in
Frankfurt am Main, Germany and
belongs to AMAZON-02, US.
The main domain is login.szymon-rancher.ncctest.netrounds.com.
TLS certificate: Issued by Fake LE Intermediate X1 on April 15th 2020. Valid for: 3 months.
This is the only time login.szymon-rancher.ncctest.netrounds.com was scanned on urlscan.io!
TLS certificate: Issued by Fake LE Intermediate X1 on April 15th 2020. Valid for: 3 months.
This is the only time login.szymon-rancher.ncctest.netrounds.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 12 | 3.124.20.247 3.124.20.247 | 16509 (AMAZON-02) (AMAZON-02) | |
| 12 | 1 |
12
3.124.20.247
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-20-247.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-20-247.eu-central-1.compute.amazonaws.com
| login.szymon-rancher.ncctest.netrounds.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
netrounds.com
login.szymon-rancher.ncctest.netrounds.com |
477 KB |
| 12 | 1 |
| Domain | Requested by | |
|---|---|---|
| 12 | login.szymon-rancher.ncctest.netrounds.com |
login.szymon-rancher.ncctest.netrounds.com
|
| 12 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| app.szymon-rancher.ncctest.netrounds.com Fake LE Intermediate X1 |
2020-04-15 - 2020-07-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.szymon-rancher.ncctest.netrounds.com/
Frame ID: 49F2ED4C0D144D8A3C3EAFBCF700F07C
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
Python
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)/i
Lua
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Django
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)/i
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Dojo
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /([\d.]+)\/dojo\/dojo(?:\.xd)?\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
login.szymon-rancher.ncctest.netrounds.com/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dijit.css
login.szymon-rancher.ncctest.netrounds.com/static/2.35/dijit/themes/ |
53 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cui-netrounds-fonts-standard.min.css
login.szymon-rancher.ncctest.netrounds.com/static/2.35/thirdparty/cisco-ui/css/ |
464 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
netrounds-theme.css
login.szymon-rancher.ncctest.netrounds.com/static/2.35/css/ |
109 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dojo.js
login.szymon-rancher.ncctest.netrounds.com/static/2.35/dojo/ |
458 KB 140 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
default.svg
login.szymon-rancher.ncctest.netrounds.com/static/2.35/images/logo/netrounds/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dojo_ROOT.js
login.szymon-rancher.ncctest.netrounds.com/static/2.35/dojo/nls/ |
8 KB 2 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
number.js
login.szymon-rancher.ncctest.netrounds.com/static/2.35/dojo/cldr/nls/en/ |
381 B 513 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gregorian.js
login.szymon-rancher.ncctest.netrounds.com/static/2.35/dojo/cldr/nls/en/ |
5 KB 2 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
shared.js
login.szymon-rancher.ncctest.netrounds.com/static/2.35/js/netrounds/combined/ |
924 KB 238 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
shared_ROOT.js
login.szymon-rancher.ncctest.netrounds.com/static/2.35/js/netrounds/combined/nls/ |
316 B 465 B |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
blank.gif
login.szymon-rancher.ncctest.netrounds.com/static/2.35/dojo/resources/ |
43 B 239 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| dojoConfig function| define function| require object| dojo object| dijit object| dojox object| _gaq function| handleClickOutside function| initDropdown function| initSideDrawer1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .login.szymon-rancher.ncctest.netrounds.com/ | Name: csrftoken Value: ZVYdjP08sUxxL9ayhXP9cHfvdM0PAwPM |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | default-src 'self' data: https: http: ws: 'unsafe-inline' 'unsafe-eval' ekr.zdassets.com widget-mediator.zopim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com v2.zopim.com static.zdassets.com; img-src 'self' *.google-analytics.com data: |
| Strict-Transport-Security | max-age=15724800; includeSubDomains |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.szymon-rancher.ncctest.netrounds.com
3.124.20.247
089d4fd289a7ff1d4f31fbefc9ee3ae4c3e3122d8c83eda5728e0eff4f29df92
1b19701ad1051bccb79b2d47a549a1880432aeee64e1e90a38abe323523391e0
64375c80fa087e764619a61c11cb812291af5c07d6bfd599722f4885abd6abea
6c72d0d539dbab4b55123d6be8a13c3107ec58040d9b5e7ca0b599a9abf1509c
8b37907468e901e59f6cf3dd20eea9c775fcfddfb365d3a1c3a6f141cc49c34f
9e1b1c2a768fb875939a824660241040e5623ecf177e8cf048d391cb18b9af31
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
bba2fea59f5e9ebc9b0b7467f862aa4900de33436fe2c928dc27f5ab47fb6378
c0cf8bab66c6c5ee94e691d02bfd143325d30f9c9c92a6c0a6024e18f333cc28
d69dadcde5db58b2804263a20042c933498720c2690e8af6aa04777da3f469c5
f2e808fc5f5372ede777ee3a151c856e3e930d7f362c788bce6e5ede7f9eb261
fe79be399fba9cf0458fc302423f04c99044e3c92bb3a240f1a5528d01875cce