urlscan.io logo urlscan.io
SecurityTrails logo

singlesignon.secured-login.net Open in urlscan Pro
34.194.137.221  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://employeeportal.net-login.com/XcmVTjaXBpZWb50X2lkPTcMyNzcyVmMTAzjNCZjYW1wHYWBlnbl9ydW5faWQ9MTAzVOTU3OSZhY3Rpb249Y2xpY2smdXJsPW...
Effective URL: https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Submission: On January 07 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 34.194.137.221, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is singlesignon.secured-login.net.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 31st 2016. Valid for: 3 years.
This is the only time singlesignon.secured-login.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 52.200.28.87 14618 (AMAZON-AES)
3 34.194.137.221 14618 (AMAZON-AES)
3 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
7 3
Domain Requested by
3 secure.aadcdn.microsoftonline-p.com singlesignon.secured-login.net
3 singlesignon.secured-login.net singlesignon.secured-login.net
1 employeeportal.net-login.com 1 redirects
0 ajax.googleapis.com Failed singlesignon.secured-login.net
7 4

This site contains no links.

Subject Issuer Validity Valid
knowbe4.com
Go Daddy Secure Certificate Authority - G2		 2016-03-31 -
2019-02-25		 3 years crt.sh
secure.aadcdn.microsoftonline-p.com
Microsoft IT TLS CA 1		 2017-08-15 -
2019-08-15		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Frame ID: (5395A943186837D22AE98566E75FDAC)
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://employeeportal.net-login.com/XcmVTjaXBpZWb50X2lkPTcMyNzcyVmMTAzjNCZjYW1wHYWBlnbl9ydW5faWQ9MTAzVOTU3OSZhY3... HTTP 302
    https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i

Page Statistics

7
Requests

86 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

0 kB
Transfer

3651 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://employeeportal.net-login.com/XcmVTjaXBpZWb50X2lkPTcMyNzcyVmMTAzjNCZjYW1wHYWBlnbl9ydW5faWQ9MTAzVOTU3OSZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2luZ2xlc2lnbm9uLnNlY3VyZWQtbG9naW4ubmV0L3BhZ2VzLzVjNWRhYzljNTA3 HTTP 302
    https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 5c5dac9c507
singlesignon.secured-login.net/pages/
Redirect Chain
  • http://employeeportal.net-login.com/XcmVTjaXBpZWb50X2lkPTcMyNzcyVmMTAzjNCZjYW1wHYWBlnbl9ydW5faWQ9MTAzVOTU3OSZhY3Rpb249Y2xpY2smdXJsPWh0dHBzOi8vc2luZ2xlc2lnbm9uLnNlY3VyZWQtbG9naW4ubmV0L3BhZ2VzLzVjNWR...
  • https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
4 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.137.221 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-194-137-221.compute-1.amazonaws.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
814d0274da218840efa751d4b18074e2d8134270468c316bee9abb648b1d297b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
accept-encoding
gzip, deflate
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
:authority
singlesignon.secured-login.net
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

x-runtime
0.031292
date
Sun, 07 Jan 2018 03:33:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx/1.4.6 (Ubuntu)
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
status
200 200 OK
cache-control
max-age=0, private, must-revalidate
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
d2bd1002-9e71-48be-be4f-92200b95465c

Redirect headers

X-Runtime
0.030167
Date
Sun, 07 Jan 2018 03:33:13 GMT
X-Content-Type-Options
nosniff
Server
nginx/1.4.6 (Ubuntu)
Status
302 Found
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Location
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
4200d922-4346-44d4-85b8-fe847fdbb4ea
application-55820df885b57b44ab46533717a9c5620111f86d1083a1414727729639c4e11c.js
singlesignon.secured-login.net/assets/ 		3 MB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://singlesignon.secured-login.net/assets/application-55820df885b57b44ab46533717a9c5620111f86d1083a1414727729639c4e11c.js
Requested by
Host: singlesignon.secured-login.net
URL: https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.137.221 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-194-137-221.compute-1.amazonaws.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
55820df885b57b44ab46533717a9c5620111f86d1083a1414727729639c4e11c

Request headers

:path
/assets/application-55820df885b57b44ab46533717a9c5620111f86d1083a1414727729639c4e11c.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
singlesignon.secured-login.net
referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
:scheme
https
:method
GET
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 07 Jan 2018 03:33:14 GMT
content-encoding
gzip
last-modified
Sat, 06 Jan 2018 18:13:02 GMT
server
nginx/1.4.6 (Ubuntu)
etag
"5a5111ae-d6175"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=315360000 public
content-length
876917
expires
Thu, 31 Dec 2037 23:55:55 GMT
modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
singlesignon.secured-login.net/assets/ 		50 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://singlesignon.secured-login.net/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
Requested by
Host: singlesignon.secured-login.net
URL: https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.137.221 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-194-137-221.compute-1.amazonaws.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97

Request headers

:path
/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
singlesignon.secured-login.net
referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
:scheme
https
:method
GET
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date
Sun, 07 Jan 2018 03:33:14 GMT
content-encoding
gzip
last-modified
Sat, 06 Jan 2018 18:13:02 GMT
server
nginx/1.4.6 (Ubuntu)
etag
"5a5111ae-3d69"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=315360000 public
content-length
15721
expires
Thu, 31 Dec 2037 23:55:55 GMT
heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ 		199 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/heroillustration?ts=635974776187911809
Requested by
Host: singlesignon.secured-login.net
URL: https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:11a:394::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
secure.aadcdn.microsoftonline-p.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Connection
keep-alive
Cache-Control
no-cache
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 07 Jan 2018 03:33:14 GMT
Last-Modified
Sat, 06 Jan 2018 20:46:39 GMT
Content-MD5
ZSg7Ej6yNeYXaumMAqxbHA==
Strict-Transport-Security
max-age=31536000
Content-Type
image\jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=69055
Connection
keep-alive
Content-Length
203294
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-6ybrougjmflxqw910ieyohr7wb4x4-yvoixrlaidmz4/appbranding/askzfdsqe20i-bcjwporaywega7vbt4acqnn1hiliiw/0/bannerlogo?ts=635974776182591704
Requested by
Host: singlesignon.secured-login.net
URL: https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:11a:394::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
secure.aadcdn.microsoftonline-p.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Connection
keep-alive
Cache-Control
no-cache
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 07 Jan 2018 03:33:14 GMT
Last-Modified
Sat, 06 Jan 2018 09:57:55 GMT
Content-MD5
nwmifU9ps1V8dDNXSinXJg==
Strict-Transport-Security
max-age=31536000
Content-Type
image\jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=24845
Connection
keep-alive
Content-Length
4585
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png
Requested by
Host: singlesignon.secured-login.net
URL: https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:11a:394::35c1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
988e349f2bf4e87154738c7b2c1fa86618713a8cfa0cef60a046f5add89bd9de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
secure.aadcdn.microsoftonline-p.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
Connection
keep-alive
Cache-Control
no-cache
Referer
https://singlesignon.secured-login.net/pages/5c5dac9c507?crid=327721034&crun=1039579&dom=employeeportal.net-login.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Sun, 07 Jan 2018 03:33:14 GMT
Last-Modified
Fri, 26 Aug 2016 19:02:05 GMT
Content-MD5
5LZ1AH3GSS7lkBMdH337sw==
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=590063
Connection
keep-alive
Content-Length
1040
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ajax.googleapis.com
URL
http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onafterprint object| onbeforeprint function| RunTimeData function| RunTimeApi function| RunTimeApi_Initialize function| RunTimeApi_Terminate function| RunTimeApi_GetValue function| RunTimeApi_SetValue function| RunTimeApi_Commit function| RunTimeApi_GetLastError function| RunTimeApi_GetErrorString function| RunTimeApi_GetDiagnostic function| RunTimeApi_CloseOutSession function| updateQueryStringParameter function| getParam function| colSort function| ES6Promise function| $ function| jQuery object| jQuery112405996124700346848 function| Retina function| RetinaImagePath function| RetinaImage object| Select2 object| Highcharts function| Color function| Chart object| Chartkick function| proj4 function| SimpleWidget object| Tree object| Utils object| asap_questionaire function| AsapStoreViewer object| Routes function| moment function| _ object| ProgressBar object| html5 object| Modernizr object| asap object| kb4

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block