financialdept1.com
Open in
urlscan Pro
108.128.180.28
Malicious Activity!
Public Scan
Submission Tags: @jcybersec_
Submission: On May 29 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on March 27th 2020. Valid for: 3 months.
This is the only time financialdept1.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 108.128.180.28 108.128.180.28 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
2 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2606:4700:20:... 2606:4700:20::681a:7b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
16 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
financialdept1.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
financialdept1.com
financialdept1.com |
2 MB |
2 |
facebook.net
connect.facebook.net |
62 KB |
2 |
nflxext.com
codex.nflxext.com |
222 KB |
1 |
facebook.com
www.facebook.com |
|
1 |
getusecure.com
api.getusecure.com |
428 B |
16 | 5 |
Domain | Requested by | |
---|---|---|
10 | financialdept1.com |
financialdept1.com
|
2 | connect.facebook.net |
financialdept1.com
connect.facebook.net |
2 | codex.nflxext.com |
financialdept1.com
|
1 | www.facebook.com |
connect.facebook.net
|
1 | api.getusecure.com |
financialdept1.com
|
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
yahoooo.info Let's Encrypt Authority X3 |
2020-03-27 - 2020-06-25 |
3 months | crt.sh |
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2020-05-16 - 2020-06-15 |
a month | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-05-14 - 2020-08-05 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-08-15 - 2020-08-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Frame ID: 7C4069C941C5CAFE7AFDDB4AA458221F
Requests: 16 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
financialdept1.com/ |
381 KB 382 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-mk-v5c39d309/js/js/bootstrap.js,common%7Cbootstrap.js/2/4_034v4t4e084a4B4Z060u004-4A4y0e4R4P4N4j4C4r4F19024O4V/bck/true/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-mk-v5c39d309/js/js/components%7Clogin%7CloginControllerClient.js/2/4_034v4t4e084a4B4Z060u004-4A4y0e4R4P4N4j4C4r4F19024O4V/l/true/ |
704 KB 219 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
financialdept1.com/ |
0 396 B |
Stylesheet
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none.css
financialdept1.com/css/ |
123 KB 124 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
usecure.bundle.js
financialdept1.com/ |
89 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GB-en-20181126-popsignuptwoweeks-perspective_alpha_website_large.jpg
financialdept1.com/images/ |
339 KB 340 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
financialdept1.com/ |
9 KB 9 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none_1
financialdept1.com/ |
704 KB 704 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
financialdept1.com/personalization/cl2/freeform/ |
381 KB 382 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteScreen
financialdept1.com/personalization/cl2/freeform/ |
381 KB 382 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
financialdept1.com/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sdk.js
connect.facebook.net/en_GB/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1px.gif
api.getusecure.com/api/uPhish/results/visit/ae3b4ea5-0879-4657-bbb4-13b1bf96a40f/045b7e84-5f8b-4fdd-946d-c63e4cf6beb3/ |
35 B 428 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sdk.js
connect.facebook.net/en_GB/ |
198 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
status
www.facebook.com/x/oauth/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| netflix object| usecure object| Codex object| C object| global object| process object| util function| jQuery object| jQuery111107152440094340922 function| fbAsyncInit object| FB2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.financialdept1.com/ | Name: cL Value: 1590726956502%7C159072695626242514%7C159072695686707760%7C%7C4%7Cnull |
|
financialdept1.com/ | Name: connect.sid Value: s%3A0PA23t6F8Ozdcfo6fKt-p13OEMP7Wccn.%2BdDcmiBz%2FN9Gfe%2BukUgQgEidk8IF2itgUhX%2F2iSXD3U |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.getusecure.com
codex.nflxext.com
connect.facebook.net
financialdept1.com
www.facebook.com
108.128.180.28
2606:4700:20::681a:7b
2a00:86c0:2091::1
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
0bde12d5f9e1f870ef96646ebe74d2c66ca79805e41328309a75df67c5c94f40
24e0981e284e8dac0aaf3edd9685de77f47ec3555d4ce5b2c3796e028e8d380a
3e34b1aee74b31b30dd6a83482307dd5f2f1b1dfecbfaf54757b03a11a790ee7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bde49a9f069a2e0a858cd61cc54ac7736bf36ec661f84148cd9a7ede4221fb2
878db2a246f1fa936238e2af12fe7911a555133d94e66a46bcf4af4336705cd6
93beb0a1f220c11bb5bcb2e52ad6ec3e7dd36e4b53ab754d3ed336eb1b7d0bb2
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
db5b762e5237bdaafec62bb9d2fbfe0be3159cb0bab1635f3c98e60d1f9ae422
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9682ce4bee016425c1892f8b183c4af56a0889a13cc513246a71ada5522ac8b