secure-service-gateway.com

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 52.50.68.160, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is secure-service-gateway.com.
TLS certificate: Issued by Amazon on November 6th 2019. Valid for: a year.

This is the only time secure-service-gateway.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.118.35 167.89.118.35	11377 (SENDGRID) (SENDGRID)
1	52.50.68.160 52.50.68.160	16509 (AMAZON-02) (AMAZON-02)
6	2a02:26f0:eb:... 2a02:26f0:eb:38c::35c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2

1 167.89.118.35 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789118x35.outbound-mail.sendgrid.net

u15698942.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.68.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-68-160.eu-west-1.compute.amazonaws.com

secure-service-gateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:eb:38c::35c1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	269 KB
1	secure-service-gateway.com secure-service-gateway.com	2 KB
1	sendgrid.net 1 redirects u15698942.ct.sendgrid.net	249 B
7	3

	Domain	Requested by
6	secure.aadcdn.microsoftonline-p.com	secure-service-gateway.com
1	secure-service-gateway.com
1	u15698942.ct.sendgrid.net	1 redirects
7	3

This site contains no links.

Subject Issuer	Validity	Valid
secure-service-gateway.com Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 4	`2019-07-17` - `2021-07-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://secure-service-gateway.com/?rid=xxdGBBY
Frame ID: 93D528A41D7E33FF4819E6C6CAD7ECC2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u15698942.ct.sendgrid.net/ls/click?upn=-2FGBBSW9evJY9QMjmL6k5SAREa-2BEIR4NJk68mkRRCrfxYyftQUYAmuve2COR... HTTP 302
https://secure-service-gateway.com/?rid=xxdGBBY Page URL

Page Statistics

7
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

271 kB
Transfer

456 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u15698942.ct.sendgrid.net/ls/click?upn=-2FGBBSW9evJY9QMjmL6k5SAREa-2BEIR4NJk68mkRRCrfxYyftQUYAmuve2CORV-2F5SjvmJefMU5MNvkYyHaMP27rw-3D-3DQER-_TCBZcDrRqF4dST4uMwf0Bf2thm7MDguxSCswe6VqrJAbXZPEH8bhniU3-2BwQecpfe6JSOpz1oPauFeeId3hN0w2COLel3rpAzIHGct01WaKe1ac8eNuiIJWTz3W4j45O8haeHUhn-2FGRGBYFq52vOiefaZTrA1QLFY2LvYfUizcW8x3-2BZi02gOntDtWOP9bgCx82yLETh7pQG7cYx-2BodFz8KzZh6gayp-2B9QAuDoAAYj4Y-3D HTTP 302
https://secure-service-gateway.com/?rid=xxdGBBY Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
secure-service-gateway.com/
Redirect Chain

https://u15698942.ct.sendgrid.net/ls/click?upn=-2FGBBSW9evJY9QMjmL6k5SAREa-2BEIR4NJk68mkRRCrfxYyftQUYAmuve2CORV-2F5SjvmJefMU5MNvkYyHaMP27rw-3D-3DQER-_TCBZcDrRqF4dST4uMwf0Bf2thm7MDguxSCswe6VqrJAbXZP...
https://secure-service-gateway.com/?rid=xxdGBBY

6 KB
2 KB

292ms
118ms

Document
text/html

52.50.68.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-service-gateway.com/?rid=xxdGBBY
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.68.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-68-160.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3edf2640034ffdf5bed36e83e2609d68fc3a4fef8c65a291243834a7d369b84b

Request headers

:method: GET
:authority: secure-service-gateway.com
:scheme: https
:path: /?rid=xxdGBBY
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 07 Jul 2020 09:38:38 GMT
content-type: text/html; charset=utf-8
content-length: 1980
content-encoding: gzip
vary: Accept-Encoding
x-server: gophish

Redirect headers

Server: nginx
Date: Tue, 07 Jul 2020 09:38:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 69
Connection: keep-alive
Location: https://secure-service-gateway.com?rid=xxdGBBY
X-Robots-Tag: noindex, nofollow

GET
H/1.1 200
OK login.ltr.css
secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/css/ 27 KB
5 KB 32ms
6ms Stylesheet
text/css 2a02:26f0:eb:38c::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/css/login.ltr.css

Requested by

Host: secure-service-gateway.com
URL: https://secure-service-gateway.com/?rid=xxdGBBY

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:eb:38c::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

/

Resource Hash

f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secure-service-gateway.com/?rid=xxdGBBY
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 07 Jul 2020 09:38:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 14 May 2019 21:45:43 GMT
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=537229
Strict-Transport-Security: max-age=31536000
Content-Length: 4712

GET
H/1.1 200
OK jquery.1.5.1.min.js Show response
secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/js/ 85 KB
30 KB 34ms
8ms Script
application/x-javascript 2a02:26f0:eb:38c::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/js/jquery.1.5.1.min.js

Requested by

Host: secure-service-gateway.com
URL: https://secure-service-gateway.com/?rid=xxdGBBY

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:eb:38c::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

/

Resource Hash

f0ecc5a8e657458720f3d97ab079570ce1f954f951fddc306cde4bc03151d590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secure-service-gateway.com/?rid=xxdGBBY
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 07 Jul 2020 09:38:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 14 May 2019 21:45:47 GMT
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=537229
Strict-Transport-Security: max-age=31536000
Content-Length: 30587

GET
H/1.1 200
OK aad.login.js Show response
secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/js/ 126 KB
28 KB 61ms
35ms Script
application/x-javascript 2a02:26f0:eb:38c::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/js/aad.login.js

Requested by

Host: secure-service-gateway.com
URL: https://secure-service-gateway.com/?rid=xxdGBBY

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:eb:38c::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

/

Resource Hash

0764cd74693cbf231ec1841cea80d3308cb39892dacdf906044ad6c0622cada2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secure-service-gateway.com/?rid=xxdGBBY
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 07 Jul 2020 09:38:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 14 May 2019 21:45:47 GMT
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=537229
Strict-Transport-Security: max-age=31536000
Content-Length: 28486

GET
H/1.1 200
OK jquery.easing.1.3.js Show response
secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/js/ 9 KB
3 KB 33ms
7ms Script
application/x-javascript 2a02:26f0:eb:38c::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.aadcdn.microsoftonline-p.com/aad/20.200.19625/js/jquery.easing.1.3.js

Requested by

Host: secure-service-gateway.com
URL: https://secure-service-gateway.com/?rid=xxdGBBY

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:eb:38c::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

/

Resource Hash

e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secure-service-gateway.com/?rid=xxdGBBY
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 07 Jul 2020 09:38:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 14 May 2019 21:45:47 GMT
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=537229
Strict-Transport-Security: max-age=31536000
Content-Length: 2264

GET
H/1.1 200
OK logo.png
secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/ 4 KB
5 KB 23ms
23ms Image
image/png 2a02:26f0:eb:38c::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/logo.png

Requested by

Host: secure-service-gateway.com
URL: https://secure-service-gateway.com/?rid=xxdGBBY

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:eb:38c::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

/

Resource Hash

fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secure-service-gateway.com/?rid=xxdGBBY
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 07 Jul 2020 09:38:38 GMT
Last-Modified: Tue, 14 May 2019 21:52:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=537229
Connection: keep-alive
Content-Length: 4585

GET
H/1.1 200
OK illustration.jpg
secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/ 199 KB
199 KB 8ms
7ms Image
image/jpeg 2a02:26f0:eb:38c::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/aadbranding/1.0.1/aadlogin/Office365/illustration.jpg

Requested by

Host: secure-service-gateway.com
URL: https://secure-service-gateway.com/?rid=xxdGBBY

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:eb:38c::35c1 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

/

Resource Hash

7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://secure-service-gateway.com/?rid=xxdGBBY
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 07 Jul 2020 09:38:38 GMT
Last-Modified: Tue, 14 May 2019 21:52:11 GMT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=537229
Connection: keep-alive
Content-Length: 203294

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure-service-gateway.com
secure.aadcdn.microsoftonline-p.com
u15698942.ct.sendgrid.net
167.89.118.35
2a02:26f0:eb:38c::35c1
52.50.68.160
0764cd74693cbf231ec1841cea80d3308cb39892dacdf906044ad6c0622cada2
3edf2640034ffdf5bed36e83e2609d68fc3a4fef8c65a291243834a7d369b84b
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
e9f76a23a17184eec1ee54b5fa9d25ae90439b9f8edf31391ee19332010fb698
f0ecc5a8e657458720f3d97ab079570ce1f954f951fddc306cde4bc03151d590
f902d8b3484872d0bb6fdb71084823e6363905e3f0ebaeeafa6cb373acd28350
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603

secure-service-gateway.com Open in urlscan Pro 52.50.68.160 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

7 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

271 kBTransfer

456 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

36 JavaScript Global Variables

0 Cookies

Indicators

secure-service-gateway.com Open in urlscan Pro
52.50.68.160 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

271 kB
Transfer

456 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!