financialdept1.com Open in urlscan Pro
108.128.180.28  Malicious Activity! Public Scan

URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Submission Tags: @jcybersec_
Submission: On May 29 via api from GB

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 16 HTTP transactions. The main IP is 108.128.180.28, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is financialdept1.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 27th 2020. Valid for: 3 months.
This is the only time financialdept1.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
10 108.128.180.28 16509 (AMAZON-02)
2 2a00:86c0:209... 40027 (NETFLIX-ASN)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a03:2880:f11... 32934 (FACEBOOK)
16 5
Domain Requested by
10 financialdept1.com financialdept1.com
2 connect.facebook.net financialdept1.com
connect.facebook.net
2 codex.nflxext.com financialdept1.com
1 www.facebook.com connect.facebook.net
1 api.getusecure.com financialdept1.com
16 5

This site contains no links.

Subject Issuer Validity Valid
yahoooo.info
Let's Encrypt Authority X3
2020-03-27 -
2020-06-25
3 months crt.sh
*.1.nflxso.net
DigiCert SHA2 Secure Server CA
2020-05-16 -
2020-06-15
a month crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-05-14 -
2020-08-05
3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-08-15 -
2020-08-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Frame ID: 7C4069C941C5CAFE7AFDDB4AA458221F
Requests: 16 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Page Statistics

16
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

2767 kB
Transfer

3391 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
financialdept1.com/
381 KB
382 KB
Document
General
Full URL
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
0bde12d5f9e1f870ef96646ebe74d2c66ca79805e41328309a75df67c5c94f40

Request headers

Host
financialdept1.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.12.2
Date
Fri, 29 May 2020 04:35:55 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
390265
Connection
keep-alive
X-Powered-By
Express
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Accept-Ranges
bytes
Cache-Control
public, max-age=0
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Etag
W/"5f479-171a6f010b8"
Set-Cookie
connect.sid=s%3A0PA23t6F8Ozdcfo6fKt-p13OEMP7Wccn.%2BdDcmiBz%2FN9Gfe%2BukUgQgEidk8IF2itgUhX%2F2iSXD3U; Path=/; HttpOnly
Via
1.1 vegur
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-mk-v5c39d309/js/js/bootstrap.js,common%7Cbootstrap.js/2/4_034v4t4e084a4B4Z060u004-4A4y0e4R4P4N4j4C4r4F19024O4V/bck/true/
9 KB
4 KB
Script
General
Full URL
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-mk-v5c39d309/js/js/bootstrap.js,common%7Cbootstrap.js/2/4_034v4t4e084a4B4Z060u004-4A4y0e4R4P4N4j4C4r4F19024O4V/bck/true/none
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
93beb0a1f220c11bb5bcb2e52ad6ec3e7dd36e4b53ab754d3ed336eb1b7d0bb2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=16070400
req_id
273fd43c-99e4-4200-9626-2efaa487e62c
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Expires
Tue, 01 Dec 2020 04:35:56 GMT
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-mk-v5c39d309/js/js/components%7Clogin%7CloginControllerClient.js/2/4_034v4t4e084a4B4Z060u004-4A4y0e4R4P4N4j4C4r4F19024O4V/l/true/
704 KB
219 KB
Script
General
Full URL
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-mk-v5c39d309/js/js/components%7Clogin%7CloginControllerClient.js/2/4_034v4t4e084a4B4Z060u004-4A4y0e4R4P4N4j4C4r4F19024O4V/l/true/none
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
e9682ce4bee016425c1892f8b183c4af56a0889a13cc513246a71ada5522ac8b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=16070400
req_id
0011f1f4-e18b-475e-a388-66252d1d35c5
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Expires
Tue, 01 Dec 2020 04:35:56 GMT
WebsiteDetect
financialdept1.com/
0
396 B
Stylesheet
General
Full URL
https://financialdept1.com/WebsiteDetect
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"0-171a6f010b8"
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
0
none.css
financialdept1.com/css/
123 KB
124 KB
Stylesheet
General
Full URL
https://financialdept1.com/css/none.css
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
3e34b1aee74b31b30dd6a83482307dd5f2f1b1dfecbfaf54757b03a11a790ee7

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"1ec9e-171a6f010b8"
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
126110
usecure.bundle.js
financialdept1.com/
89 KB
89 KB
Script
General
Full URL
https://financialdept1.com/usecure.bundle.js
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
db5b762e5237bdaafec62bb9d2fbfe0be3159cb0bab1635f3c98e60d1f9ae422

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:48 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"162f6-171a6f0c080"
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
90870
GB-en-20181126-popsignuptwoweeks-perspective_alpha_website_large.jpg
financialdept1.com/images/
339 KB
340 KB
Image
General
Full URL
https://financialdept1.com/images/GB-en-20181126-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
6bde49a9f069a2e0a858cd61cc54ac7736bf36ec661f84148cd9a7ede4221fb2

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"54ca8-171a6f010b8"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
347304
none
financialdept1.com/
9 KB
9 KB
Script
General
Full URL
https://financialdept1.com/none
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
93beb0a1f220c11bb5bcb2e52ad6ec3e7dd36e4b53ab754d3ed336eb1b7d0bb2

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"2215-171a6f010b8"
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8725
none_1
financialdept1.com/
704 KB
704 KB
Script
General
Full URL
https://financialdept1.com/none_1
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
e9682ce4bee016425c1892f8b183c4af56a0889a13cc513246a71ada5522ac8b

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"afe75-171a6f010b8"
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
720501
WebsiteDetect
financialdept1.com/personalization/cl2/freeform/
381 KB
382 KB
XHR
General
Full URL
https://financialdept1.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
0bde12d5f9e1f870ef96646ebe74d2c66ca79805e41328309a75df67c5c94f40

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"5f479-171a6f010b8"
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
390265
WebsiteScreen
financialdept1.com/personalization/cl2/freeform/
381 KB
382 KB
XHR
General
Full URL
https://financialdept1.com/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
0bde12d5f9e1f870ef96646ebe74d2c66ca79805e41328309a75df67c5c94f40

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"5f479-171a6f010b8"
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
390265
nf-icon-v1-93.woff
financialdept1.com/fonts/
72 KB
72 KB
Font
General
Full URL
https://financialdept1.com/fonts/nf-icon-v1-93.woff
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.128.180.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-180-28.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.2 / Express
Resource Hash
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://financialdept1.com/css/none.css
Origin
https://financialdept1.com

Response headers

Date
Fri, 29 May 2020 04:35:56 GMT
Via
1.1 vegur
Last-Modified
Thu, 23 Apr 2020 12:08:03 GMT
Server
nginx/1.12.2
X-Powered-By
Express
Etag
W/"11f64-171a6f010b8"
Content-Type
font/woff
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Link
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
73572
sdk.js
connect.facebook.net/en_GB/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_GB/sdk.js
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/none_1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
878db2a246f1fa936238e2af12fe7911a555133d94e66a46bcf4af4336705cd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
6wzLrXy2os24UGHU1Y59Qw==
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=3600
content-length
1779
etag
"8321be39d3de5d8b15a62a6ab0a8d035"
x-fb-debug
za/H/28I+1XOZa2AjxqHmfzeyJh4tvf8f+LqhuXqsgLktaCTrTt22COcD+uY4RZ9xKmJlbu9+YdLqdNL0jVZaQ==
x-fb-trip-id
664085054
x-fb-content-md5
ea241188588e97b3a16e5df999c32c89
x-frame-options
DENY
date
Fri, 29 May 2020 04:35:56 GMT, Fri, 29 May 2020 04:35:56 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 29 May 2020 04:54:23 GMT
1px.gif
api.getusecure.com/api/uPhish/results/visit/ae3b4ea5-0879-4657-bbb4-13b1bf96a40f/045b7e84-5f8b-4fdd-946d-c63e4cf6beb3/
35 B
428 B
Image
General
Full URL
https://api.getusecure.com/api/uPhish/results/visit/ae3b4ea5-0879-4657-bbb4-13b1bf96a40f/045b7e84-5f8b-4fdd-946d-c63e4cf6beb3/1px.gif
Requested by
Host: financialdept1.com
URL: https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 29 May 2020 04:35:56 GMT
via
1.1 vegur
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
image/gif
access-control-allow-origin
*
cf-ray
59ad82f7efa9dfcb-FRA
alt-svc
h3-27=":443"; ma=86400
cf-request-id
0300502eee0000dfcb15352200000001
sdk.js
connect.facebook.net/en_GB/
198 KB
60 KB
Script
General
Full URL
https://connect.facebook.net/en_GB/sdk.js?hash=a081bd3d39c282ec75a4c090a1cf2016&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
24e0981e284e8dac0aaf3edd9685de77f47ec3555d4ce5b2c3796e028e8d380a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://financialdept1.com/?s=ae3b4ea5-0879-4657-bbb4-13b1bf96a40f&l=045b7e84-5f8b-4fdd-946d-c63e4cf6beb3&t=movies
Origin
https://financialdept1.com

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
+qyvOlR93FdPbg9ZUtTQaA==
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=3600
content-length
60918
etag
"c8860bfa51c9203f30ce9e067811f9c1"
x-fb-debug
QE8Zwc0ByT8XL1vYnQiiLmtAzeslToD6k+Ne+WQW7JEYkX/pQxuZKVl5/340NMzzX+NOyE7BFKx0WzWUPe5cow==
x-fb-trip-id
664085054
x-fb-content-md5
f5790d89f5e0585ac7e6808d79f8a978
x-frame-options
DENY
date
Fri, 29 May 2020 04:35:56 GMT, Fri, 29 May 2020 04:35:56 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
expires
Sat, 29 May 2021 03:50:13 GMT
status
www.facebook.com/x/oauth/
0
0
Fetch
General
Full URL
https://www.facebook.com/x/oauth/status?client_id=163114453728333&input_token&origin=1&redirect_uri=https%3A%2F%2Ffinancialdept1.com%2F%3Fs%3Dae3b4ea5-0879-4657-bbb4-13b1bf96a40f%26l%3D045b7e84-5f8b-4fdd-946d-c63e4cf6beb3%26t%3Dmovies&sdk=joey&wants_cookie_data=true
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js?hash=a081bd3d39c282ec75a4c090a1cf2016&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://financialdept1.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
x-fb-debug
fom382Lx8/zCoZoPi7Ei19DmKCQCHjj2cmucWhyO0F6Z3e1B3V7FzKxAQb9g/+6WVGM13gRb4uL41HfmB+gMGA==
fb-s
unknown
status
200
date
Fri, 29 May 2020 04:35:56 GMT, Fri, 29 May 2020 04:35:56 GMT
strict-transport-security
max-age=15552000; preload
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://financialdept1.com
access-control-expose-headers
fb-s
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-27=":443"; ma=3600
content-length
0
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| netflix object| usecure object| Codex object| C object| global object| process object| util function| jQuery object| jQuery111107152440094340922 function| fbAsyncInit object| FB

2 Cookies

Domain/Path Name / Value
.financialdept1.com/ Name: cL
Value: 1590726956502%7C159072695626242514%7C159072695686707760%7C%7C4%7Cnull
financialdept1.com/ Name: connect.sid
Value: s%3A0PA23t6F8Ozdcfo6fKt-p13OEMP7Wccn.%2BdDcmiBz%2FN9Gfe%2BukUgQgEidk8IF2itgUhX%2F2iSXD3U