online.security.secudepartment.com Open in urlscan Pro
188.119.66.154 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://accesscontrolpage.blob.core.windows.net/security/login.html?17g63
Effective URL:
https://online.security.secudepartment.com/secure/
Submission: On December 09 via manual (December 9th 2024, 9:53:07 pm UTC) from US — Scanned from US

Summary HTTP 6 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 188.119.66.154, located in Moscow, Russian Federation and belongs to changway-as Chang Way Technologies Co. Limited, HK. The main domain is online.security.secudepartment.com.
TLS certificate: Issued by R11 on December 8th 2024. Valid for: 3 months.

This is the only time online.security.secudepartment.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	57.150.27.161 57.150.27.161	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	188.119.66.154 188.119.66.154	57523 (changway-...) (changway-as Chang Way Technologies Co. Limited)
6	3

2 57.150.27.161 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

accesscontrolpage.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.119.66.154 (Moscow, Russian Federation) 1 redirects

ASN57523 (changway-as Chang Way Technologies Co. Limited, HK)

online.security.secudepartment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	secudepartment.com 1 redirects online.security.secudepartment.com	68 KB
2	windows.net accesscontrolpage.blob.core.windows.net	1015 B
0	wellsfargoadvlsor.com Failed connect.online.access.wellsfargoadvlsor.com Failed
6	3

	Domain	Requested by
3	online.security.secudepartment.com	1 redirects
2	accesscontrolpage.blob.core.windows.net
0	connect.online.access.wellsfargoadvlsor.com Failed
6	3

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 08	`2024-10-23` - `2025-04-21`	6 months	crt.sh
secudepartment.com R11	`2024-12-08` - `2025-03-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://online.security.secudepartment.com/secure/
Frame ID: 6688909A1DE07672376A5AA8F0AE4C5E
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Checking your browser...

Page URL History Show full URLs

https://accesscontrolpage.blob.core.windows.net/security/login.html?17g63 Page URL
https://online.security.secudepartment.com/?ref=93isxpaq24fuj HTTP 302
https://online.security.secudepartment.com/secure/ Page URL

Page Statistics

6
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

68 kB
Transfer

303 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://accesscontrolpage.blob.core.windows.net/security/login.html?17g63 Page URL
https://online.security.secudepartment.com/?ref=93isxpaq24fuj HTTP 302
https://online.security.secudepartment.com/secure/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://online.security.secudepartment.com/secure/secure.php HTTP 302
https://connect.online.access.wellsfargoadvlsor.com/IcHrovbe

6 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	login.html Show response accesscontrolpage.blob.core.windows.net/security/	127 B 530 B	212ms 59ms	Document text/html	57.150.27.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://accesscontrolpage.blob.core.windows.net/security/login.html?17g63 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 57.150.27.161 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `325312074801564188b0d1bb9d1e7078924bbf16a3f429cd561f557fef10b6e1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Content-Length 127 Content-MD5 N07wPjYzCcYqXjJfgR8B9A== Content-Type text/html Date Mon, 09 Dec 2024 21:53:01 GMT ETag 0x8DD17C5E3AE8BBC Last-Modified Sun, 08 Dec 2024 20:21:25 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type BlockBlob x-ms-lease-status unlocked x-ms-request-id d27615a5-101e-0071-5684-4a20ae000000 x-ms-version 2009-09-19
GET H/1.1	200 OK	Primary Request / Show response online.security.secudepartment.com/secure/ Redirect Chain https://online.security.secudepartment.com/?ref=93isxpaq24fuj https://online.security.secudepartment.com/secure/	155 KB 57 KB	137ms 136ms	Document text/html	188.119.66.154 changway-as Chang...
General Check archive.org Show headers Download Go to Full URL https://online.security.secudepartment.com/secure/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 188.119.66.154 Moscow, Russian Federation, ASN57523 (changway-as Chang Way Technologies Co. Limited, HK), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `149d3c200d0c0b77cfb9a94bb7aa77f41b09351f758fbeb317ebd887eb70bd6d` Request headers Referer https://accesscontrolpage.blob.core.windows.net/security/login.html?17g63 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Type text/html Date Mon, 09 Dec 2024 21:53:02 GMT ETag "26be6-610f36651d400-gzip" Keep-Alive timeout=5, max=119 Last-Modified Fri, 09 Feb 2024 14:04:00 GMT Server Apache/2.4.41 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Mon, 09 Dec 2024 21:53:02 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=120 Location secure/ Pragma no-cache Server Apache/2.4.41 (Ubuntu)
GET H/1.1	400 One of the request inputs is out of range.	favicon.ico accesscontrolpage.blob.core.windows.net/	226 B 485 B	29ms 28ms	Other application/xml	57.150.27.161 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://accesscontrolpage.blob.core.windows.net/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 57.150.27.161 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Blob Service Version 1.0 Microsoft-HTTPAPI/2.0 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://accesscontrolpage.blob.core.windows.net/security/login.html?17g63 Response headers x-ms-request-id d27615c9-101e-0071-7784-4a20ae000000 Content-Length 226 Date Mon, 09 Dec 2024 21:53:01 GMT Content-Type application/xml Server Blob Service Version 1.0 Microsoft-HTTPAPI/2.0
GET DATA	200 OK	truncated Show response /	2 KB 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1a92872174be2c1d7ad9eec3e0d83a141f95c63c1044004dc7201faab398bb90` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type text/javascript
GET DATA	200 OK	truncated Show response /	79 KB 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7c25e1dde8e804ae24131bb2e6855859023fb4e0719885be5a406bbf621c8004` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://online.security.secudepartment.com Referer Response headers Content-Type text/javascript
GET DATA	200 OK	truncated Show response /	30 KB 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ac5e58f9feeb700e99ab18938389e0e5377f57aac98c6c150d1af2d1054f3309` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://online.security.secudepartment.com Referer Response headers Content-Type text/javascript
GET DATA	200 OK	truncated Show response /	2 KB 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e0ff9ec518f995fdc55bef4af9f3af97fc562e65c7770181d617592067a097b4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type text/javascript
GET H/1.1	200 OK	favicon.ico online.security.secudepartment.com/	35 KB 10 KB	132ms 132ms	Other text/html	188.119.66.154 changway-as Chang...
General Check archive.org Show headers Download Go to Full URL https://online.security.secudepartment.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 188.119.66.154 Moscow, Russian Federation, ASN57523 (changway-as Chang Way Technologies Co. Limited, HK), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `f0898cdacf44cb52a4cb646f87750770f6f59a6217a3f5dc0886f717aa6e3c93` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://online.security.secudepartment.com/secure/ Response headers Cache-Control no-store, no-cache, must-revalidate Content-Encoding gzip Pragma no-cache Connection Keep-Alive Expires Thu, 19 Nov 1981 08:52:00 GMT Content-Length 9907 Keep-Alive timeout=5, max=118 Date Mon, 09 Dec 2024 21:53:03 GMT Content-Type text/html; charset=UTF-8 Vary Accept-Encoding Server Apache/2.4.41 (Ubuntu)
GET		IcHrovbe connect.online.access.wellsfargoadvlsor.com/ Redirect Chain https://online.security.secudepartment.com/secure/secure.php https://connect.online.access.wellsfargoadvlsor.com/IcHrovbe	0 0

OPTIONS		IcHrovbe connect.online.access.wellsfargoadvlsor.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: connect.online.access.wellsfargoadvlsor.com
URL: https://connect.online.access.wellsfargoadvlsor.com/IcHrovbe

Domain: connect.online.access.wellsfargoadvlsor.com
URL: https://connect.online.access.wellsfargoadvlsor.com/IcHrovbe

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			online.security.secudepartment.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: hb56gvh7k4lskul2oc1fnl8prt
			online.security.secudepartment.com/	1970-01-21 01:36:24	Name: referer Value: aHR0cHM6Ly9hY2Nlc3Njb250cm9scGFnZS5ibG9iLmNvcmUud2luZG93cy5uZXQv

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accesscontrolpage.blob.core.windows.net/favicon.ico Message: Failed to load resource: the server responded with a status of 400 (One of the request inputs is out of range.)
rendering	warning	URL: https://online.security.secudepartment.com/secure/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0C00408D4210000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://online.security.secudepartment.com/secure/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A040E201D4210000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
javascript	error	URL: https://online.security.secudepartment.com/secure/ Message: Access to XMLHttpRequest at 'https://connect.online.access.wellsfargoadvlsor.com/IcHrovbe' (redirected from 'https://online.security.secudepartment.com/secure/secure.php') from origin 'https://online.security.secudepartment.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
network	error	URL: https://connect.online.access.wellsfargoadvlsor.com/IcHrovbe Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accesscontrolpage.blob.core.windows.net
connect.online.access.wellsfargoadvlsor.com
online.security.secudepartment.com
connect.online.access.wellsfargoadvlsor.com
188.119.66.154
57.150.27.161
149d3c200d0c0b77cfb9a94bb7aa77f41b09351f758fbeb317ebd887eb70bd6d
1a92872174be2c1d7ad9eec3e0d83a141f95c63c1044004dc7201faab398bb90
325312074801564188b0d1bb9d1e7078924bbf16a3f429cd561f557fef10b6e1
7c25e1dde8e804ae24131bb2e6855859023fb4e0719885be5a406bbf621c8004
ac5e58f9feeb700e99ab18938389e0e5377f57aac98c6c150d1af2d1054f3309
e0ff9ec518f995fdc55bef4af9f3af97fc562e65c7770181d617592067a097b4
f0898cdacf44cb52a4cb646f87750770f6f59a6217a3f5dc0886f717aa6e3c93

online.security.secudepartment.com Open in urlscan Pro 188.119.66.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

67 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

68 kBTransfer

303 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

2 Cookies

5 Console Messages

Indicators

online.security.secudepartment.com Open in urlscan Pro
188.119.66.154 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

68 kB
Transfer

303 kB
Size

2
Cookies

6 HTTP transactions
4 data transactions