secured-login.net
Open in
urlscan Pro
54.164.242.137
Malicious Activity!
Public Scan
Effective URL: https://secured-login.net/pages/96ed129f563c/XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5faWQ9MTgyENzQzMCZhY3R...
Submission: On February 26 via manual from US
Summary
TLS certificate: Issued by Amazon on November 26th 2018. Valid for: a year.
This is the only time secured-login.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 54.173.166.75 54.173.166.75 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
4 | 54.164.242.137 54.164.242.137 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 52.216.136.206 52.216.136.206 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2620:0:862:ed... 2620:0:862:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA - Wikimedia Foundation Inc.) | |
2 | 2620:11a:e002... 2620:11a:e002:fa00::194 | 22300 (WIKIA) (WIKIA - Wikia) | |
1 | 34.196.121.184 34.196.121.184 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 151.101.2.166 151.101.2.166 | 54113 (FASTLY) (FASTLY - Fastly) | |
16 | 10 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-173-166-75.compute-1.amazonaws.com
05kqatnrj9s0snah9.phish.farm |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-164-242-137.compute-1.amazonaws.com
secured-login.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN14907 (WIKIMEDIA - Wikimedia Foundation Inc., US)
upload.wikimedia.org |
ASN22300 (WIKIA - Wikia, Inc., US)
vignette4.wikia.nocookie.net | |
vignette2.wikia.nocookie.net |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-196-121-184.compute-1.amazonaws.com
www.watervillecsd.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
secured-login.net
secured-login.net |
881 KB |
2 |
nocookie.net
vignette4.wikia.nocookie.net vignette2.wikia.nocookie.net |
8 KB |
2 |
wikimedia.org
upload.wikimedia.org |
77 KB |
2 |
amazonaws.com
s3.amazonaws.com |
10 KB |
1 |
kinja-img.com
i.kinja-img.com |
71 KB |
1 |
watervillecsd.org
www.watervillecsd.org |
4 KB |
1 |
google.com
www.google.com |
11 KB |
1 |
gfx.ms
auth.gfx.ms |
6 KB |
1 |
googleapis.com
ajax.googleapis.com |
20 KB |
1 |
phish.farm
05kqatnrj9s0snah9.phish.farm |
737 B |
16 | 10 |
Domain | Requested by | |
---|---|---|
4 | secured-login.net |
05kqatnrj9s0snah9.phish.farm
secured-login.net |
2 | upload.wikimedia.org |
secured-login.net
|
2 | s3.amazonaws.com |
secured-login.net
|
1 | i.kinja-img.com |
secured-login.net
|
1 | www.watervillecsd.org |
secured-login.net
|
1 | vignette2.wikia.nocookie.net |
secured-login.net
|
1 | vignette4.wikia.nocookie.net |
secured-login.net
|
1 | www.google.com |
secured-login.net
|
1 | auth.gfx.ms |
secured-login.net
|
1 | ajax.googleapis.com |
secured-login.net
|
1 | 05kqatnrj9s0snah9.phish.farm | |
16 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
strongencryption.org Amazon |
2018-11-26 - 2019-12-26 |
a year | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-01-29 - 2019-04-23 |
3 months | crt.sh |
s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2018-12-03 - 2019-10-25 |
a year | crt.sh |
msagfx.live.com Microsoft IT TLS CA 4 |
2017-07-27 - 2019-07-17 |
2 years | crt.sh |
www.google.com Google Internet Authority G3 |
2019-01-29 - 2019-04-23 |
3 months | crt.sh |
*.wikipedia.org GlobalSign Organization Validation CA - SHA256 - G2 |
2018-11-08 - 2019-11-22 |
a year | crt.sh |
*.wikia.nocookie.net DigiCert SHA2 Secure Server CA |
2018-02-02 - 2019-03-27 |
a year | crt.sh |
www.watervillecsd.org Amazon |
2019-02-16 - 2020-03-16 |
a year | crt.sh |
univision.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2019-01-16 - 2019-08-02 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://secured-login.net/pages/96ed129f563c/XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5faWQ9MTgyENzQzMCZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvOTZlZDEyOWY1NjNj
Frame ID: 4D03C50586204F1CE41E555F729B5D1C
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://05kqatnrj9s0snah9.phish.farm/XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5faWQ9MTgyENzQzMCZhY3... Page URL
- https://secured-login.net/pages/96ed129f563c/XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5f... Page URL
Detected technologies
Modernizr (JavaScript Libraries) ExpandDetected patterns
- script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
- env /^Modernizr$/i
Moment.js (JavaScript Libraries) Expand
Detected patterns
- env /^moment$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://05kqatnrj9s0snah9.phish.farm/XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5faWQ9MTgyENzQzMCZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvOTZlZDEyOWY1NjNj Page URL
- https://secured-login.net/pages/96ed129f563c/XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5faWQ9MTgyENzQzMCZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvOTZlZDEyOWY1NjNj Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5faWQ9MTgyENzQzMCZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvOTZlZDEyOWY1NjNj
05kqatnrj9s0snah9.phish.farm/ |
334 B 737 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
XcmVEjaXBpZWX50X2lkPTiQyODMyVINTcyiMiZjYW1wEYWvlnbl9ydW5faWQ9MTgyENzQzMCZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2VjdXJlZC1sb2dpbi5uZXQvcGFnZXMvOTZlZDEyOWY1NjNj
secured-login.net/pages/96ed129f563c/ |
19 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-74911fae6c808166e0ec728d330817f0821d4526cfe9ec3bcd969493bbc71d43.js
secured-login.net/assets/ |
3 MB 846 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
secured-login.net/assets/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
landing-watermark-46ea054482a4c24d938b4b38a7697c9dbf537b919f1bb91ebbc3431cfbdbb376.css
secured-login.net/assets/ |
1 KB 559 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.3.2/ |
56 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
featuredcontentglider.css
s3.amazonaws.com/knowbe4.scripts/Stylesheets/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
featuredcontentglider.js
s3.amazonaws.com/knowbe4.scripts/javascript/ |
8 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
R3WinLive1033.css
auth.gfx.ms/16.000.26093.00/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-drive.png
www.google.com/drive/static/images/drive/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2000px-AOL_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b6/AOL_logo.svg/ |
28 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Gmail_logo.png
vignette4.wikia.nocookie.net/logopedia/images/0/0a/ |
3 KB 4 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2000px-Outlook_logo_and_wordmark.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/e/e7/Outlook_logo_and_wordmark.svg/ |
47 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest
vignette2.wikia.nocookie.net/logopedia/images/1/17/YahooMailLogo.svg.png/revision/ |
3 KB 4 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
outlook.png
www.watervillecsd.org/cms/lib/NY01914022/Centricity/Template/GlobalAssets/icons/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
18ia8yvufp4hepng.png
i.kinja-img.com/gawker-media/image/upload/s--Oto9l6CB--/ |
70 KB 71 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook (Online)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| _typeof boolean| windowIsDefined function| _extends function| FlatpickrInstance function| _flatpickr function| flatpickr function| updateQueryStringParameter function| getParam function| colSort function| ES6Promise function| $ function| jQuery object| jQuery112406409721983137697 function| Retina function| RetinaImagePath function| RetinaImage function| Color function| Chart object| Chartkick function| proj4 function| AjaxBootstrapSelect function| AjaxBootstrapSelectList function| AjaxBootstrapSelectRequest function| Slider object| Utils object| asap_questionaire function| AsapStoreViewer object| Routes function| moment object| FullCalendar function| _ object| ProgressBar object| html5 object| Modernizr object| featuredcontentglider object| asap object| kb40 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
05kqatnrj9s0snah9.phish.farm
ajax.googleapis.com
auth.gfx.ms
i.kinja-img.com
s3.amazonaws.com
secured-login.net
upload.wikimedia.org
vignette2.wikia.nocookie.net
vignette4.wikia.nocookie.net
www.google.com
www.watervillecsd.org
151.101.2.166
2620:0:862:ed1a::2:b
2620:11a:e002:fa00::194
2a00:1450:4001:814::2004
2a00:1450:4001:820::200a
2a02:26f0:6c00:283::34ef
34.196.121.184
52.216.136.206
54.164.242.137
54.173.166.75
1b8923596e74e1a9f0c06e1ac736b9a7a5ef960447dd46ae7839ebfcd83c0cf4
20fa9fff3eb1d8d9d1ad1e2b782178004fa160cfab59df616891e5125114cebc
43776b9967ae79205a69476c606b469dae48aa70b94ea92e11c1c5f4ecd3fbcf
46ea054482a4c24d938b4b38a7697c9dbf537b919f1bb91ebbc3431cfbdbb376
4c1101d55622c0d888b5835298a60eca92e2d38c273d7c3553a7921658ddb624
4cfcef23396ffbb9981c9e373e2c24b51a2dc32cd91cd6b86ddaf82121716c1e
604e1558dc4a80e08e4f41d230afed5ec9afcfef024847ae792dd958750c7b32
654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97
74911fae6c808166e0ec728d330817f0821d4526cfe9ec3bcd969493bbc71d43
8315b575103cba389663eb6cdf2b19a7fc9447deb784519e757da911ecf530ee
b9ad99909c4b37a550817c74db0833d91a0fdd7dcd19fe74e1f1143625e86c88
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899
e4c26629c82a636475e74c9d3e231b35a73870fdd8267393a385829636bef55a
e88a762a4b03a2bb6a9f4173ff375fb4f4023e056d6fbfde2cdc8d3c50fac17f
ea470c3755ab03df351ecd688c7a30dd0f98be3bcdb60df5a410c8ba582fc220
f8ae702f131ba65bcfc93bf4e060495aae26cd39994716656401f2bde4f2ad93