securedownload.1secure.nl
Open in
urlscan Pro
167.172.47.85
Public Scan
URL:
https://securedownload.1secure.nl/medewerker
Submission Tags: @ecarlesi possiblethreat phishing bitvavo Search All
Submission: On February 28 via api from IT — Scanned from NL
Submission Tags: @ecarlesi possiblethreat phishing bitvavo Search All
Submission: On February 28 via api from IT — Scanned from NL
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 12 HTTP transactions.
The main IP is 167.172.47.85, located in
Amsterdam, Netherlands and
belongs to DIGITALOCEAN-ASN, US.
The main domain is securedownload.1secure.nl.
TLS certificate: Issued by R3 on February 27th 2024. Valid for: 3 months.
This is the only time securedownload.1secure.nl was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 27th 2024. Valid for: 3 months.
This is the only time securedownload.1secure.nl was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 12 | 167.172.47.85 167.172.47.85 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
| 12 | 1 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
1secure.nl
securedownload.1secure.nl |
354 KB |
| 12 | 1 |
| Domain | Requested by | |
|---|---|---|
| 12 | securedownload.1secure.nl |
securedownload.1secure.nl
|
| 12 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| securedownload.1secure.nl R3 |
2024-02-27 - 2024-05-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://securedownload.1secure.nl/medewerker
Frame ID: 17B238B130A724701441F8A37A56B227
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Inloggen medewerkers - 1Secure Secure DownloadDetected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Django
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
medewerker
securedownload.1secure.nl/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap-paper.min.57654573e259.css
securedownload.1secure.nl/static/securedropzone/bootstrap/css/ |
129 KB 130 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.bf0c425cdb73.css
securedownload.1secure.nl/static/securedropzone/font-awesome/css/ |
30 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.92bb88b821a8.css
securedownload.1secure.nl/static/securedropzone/ |
12 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style-branding.6dd1a8d24f43.css
securedownload.1secure.nl/static/securedropzone/ |
127 B 340 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.8fb8fee4fcc3.js
securedownload.1secure.nl/static/securedropzone/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-migrate.min.b96b7654cc19.js
securedownload.1secure.nl/static/securedropzone/ |
9 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.2f34b630ffe3.js
securedownload.1secure.nl/static/securedropzone/bootstrap/js/ |
39 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
script.cc125d078033.js
securedownload.1secure.nl/static/securedropzone/ |
381 B 605 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
stylesheet.5e3855d75e28.css
securedownload.1secure.nl/static/securedropzone/webfonts/Roboto/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.b5d56e4ccb6f.svg
securedownload.1secure.nl/static/securedropzone/ |
15 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Roboto-Regular-webfont.3e5675c89f97.woff
securedownload.1secure.nl/static/securedropzone/webfonts/Roboto/ |
24 KB 25 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| securedownload.1secure.nl/ | Name: csrftoken Value: rURWopX3SC7uyEisKBDglqGiKWOYXykKNAMOwfzXNJaEvRyWRQIbrzFw2rtJee7H |
|
| securedownload.1secure.nl/ | Name: sessionid Value: z3jk0xtx8e1t5dvhkaxbqjqa7wyeia58 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | default-src 'self'; script-src 'self' 'nonce-9GS7etNKHUdQ'; frame-ancestors 'self'; |
| X-Content-Type-Options | nosniff nosniff |
| X-Frame-Options | DENY |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
securedownload.1secure.nl
167.172.47.85
17e789e368c207c4b23432e4e9c83c85d9a3b0e3f2715d1dacc5f667af2ded0a
185a10124a45e3bb14d11f36d92deedeb1af40d2e66cfa1b21703beab0cb95c6
336a34e7ef49fa9948b2e824572672a6b6e1f4ca5ae01ee3891284e247e28eba
72d88218e560e0062ee4d791d2b79c278c795cd007113386b29b67504e6e875b
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
9ef090c165b05c6174ca0b0a0119c4c60b4437579e1addc53f85f18b3ca77e40
a1e5b0dd9cd90fe3ef3e24aea202819ee74693d62c00bac8e3fb7c837d8adbfe
a7af374ad6a5b330f2da3db9d358b3e7474582090e00d750f2818365bcbe7f51
a9531b2b4fba9583b89c7e2abf41978519eca4160388f6e6d9b2796d2b5f60f8
cc97f277693cd6797804977c15340f0901af3e04bb2737693921950de950396b
f34f44943c68a9e67f4648d2c6e98007887611915dd908fe0a80251b3704832b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e