urlscan.io logo urlscan.io
SecurityTrails logo

fs.jordan-best.com Open in urlscan Pro
192.185.193.146  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tinyurl.com/bp8awtkb
Effective URL: https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
Submission Tags: @phish_report
Submission: On July 24 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 192.185.193.146, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is fs.jordan-best.com.
TLS certificate: Issued by R10 on July 23rd 2024. Valid for: 3 months.
This is the only time fs.jordan-best.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education)

Domain & IP information

IP Address AS Autonomous System
1 1 104.17.112.233 13335 (CLOUDFLAR...)
3 192.185.193.146 19871 (NETWORK-S...)
2 132.236.101.10 26 (CORNELL)
5 2
Apex Domain
Subdomains		 Transfer
3 jordan-best.com
fs.jordan-best.com
13 KB
2 cornell.edu
adfs.ad.cornell.edu
226 KB
1 tinyurl.com
tinyurl.com — Cisco Umbrella Rank: 28394
860 B
5 3
Domain Requested by
3 fs.jordan-best.com fs.jordan-best.com
2 adfs.ad.cornell.edu fs.jordan-best.com
1 tinyurl.com 1 redirects
5 3

This site contains no links.

Subject Issuer Validity Valid
fs.jordan-best.com
R10		 2024-07-23 -
2024-10-21		 3 months crt.sh
adfs.ad.cornell.edu
Sectigo RSA Extended Validation Secure Server CA		 2024-01-23 -
2025-01-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
Frame ID: 6ABB7BDFE36864B7B52F836F8C121697
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In

Page URL History Show full URLs

  1. https://tinyurl.com/bp8awtkb HTTP 301
    https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

239 kB
Transfer

257 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tinyurl.com/bp8awtkb HTTP 301
    https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request client-request-id=7c724&wa=wsignin10.html
fs.jordan-best.com/cornell.edu/&adfs/ls/
Redirect Chain
  • https://tinyurl.com/bp8awtkb
  • https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.193.146 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-193-146.unifiedlayer.com
Software
Apache /
Resource Hash
cad7b59e24c3ce9becfba015024f0e3b292dee063e5c50486470dcf8395c4173

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
5412
content-type
text/html
date
Wed, 24 Jul 2024 03:12:55 GMT
last-modified
Tue, 23 Jul 2024 11:57:16 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

age
1
alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
cf-cache-status
HIT
cf-ray
8a80bb35cee28d6b-HEL
content-type
text/html; charset=UTF-8
date
Wed, 24 Jul 2024 03:12:54 GMT
location
https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
referrer-policy
unsafe-url
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex
x-tinyurl-redirect
eyJpdiI6Im1RZFEyR25pek8xbStUdjM3RElwY3c9PSIsInZhbHVlIjoiZTY2YlRDcFJ3U3J3OEUvUUZwOTUwOHpOQUZ0RE1nRjR0QnpkQ2QwM0R0VTQyZGNlWFJuVzd6UmhOaS9QMmVQRm1id1I3MkV5ZFp2RlFuUDU0dFZUU0E9PSIsIm1hYyI6ImJhMWQ3MzUxYzBjZTU5ZjZlZmFlYmI4YzAyNmQxMDY5YzE5Y2U4MGJjNmMyOTRjM2IyYzNjMjcxYmRhYWQ2MWMiLCJ0YWciOiIifQ==
x-tinyurl-redirect-type
redirect
x-xss-protection
1; mode=block
style.css
fs.jordan-best.com/cornell.edu/&adfs/ls/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fs.jordan-best.com/cornell.edu/&adfs/ls/style.css
Requested by
Host: fs.jordan-best.com
URL: https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.193.146 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-193-146.unifiedlayer.com
Software
Apache /
Resource Hash
694b38c762564d1292ab27d4a32aaa6166299b28d20df601438c35b186c061e8

Request headers

Referer
https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 03:12:56 GMT
content-encoding
gzip
last-modified
Wed, 18 May 2022 17:19:39 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
2678
logo.jpg
adfs.ad.cornell.edu/adfs/portal/logo/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adfs.ad.cornell.edu/adfs/portal/logo/logo.jpg?id=20E1D7B4AB695D11A2D9834597263BE8AB2D397385F64A1D79AAEAD644FE3E8C
Requested by
Host: fs.jordan-best.com
URL: https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
132.236.101.10 Dryden, United States, ASN26 (CORNELL, US),
Reverse DNS
adfs.ad.cornell.edu
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
20e1d7b4ab695d11a2d9834597263be8ab2d397385f64a1d79aaead644fe3e8c

Request headers

Referer
https://fs.jordan-best.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Expires
Fri, 23 Aug 2024 03:12:57 GMT
Date
Wed, 24 Jul 2024 03:12:55 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
20E1D7B4AB695D11A2D9834597263BE8AB2D397385F64A1D79AAEAD644FE3E8C
Content-Length
29882
Content-Type
image/jpg
illustration.jpg
adfs.ad.cornell.edu/adfs/portal/illustration/ 		196 KB
196 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adfs.ad.cornell.edu/adfs/portal/illustration/illustration.jpg?id=7977E23FB24DA332A91B38E165B52E263EC4C92BEA51E63E44C3E68677BC7BA6
Requested by
Host: fs.jordan-best.com
URL: https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
132.236.101.10 Dryden, United States, ASN26 (CORNELL, US),
Reverse DNS
adfs.ad.cornell.edu
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
85076f77a3346ea1e681085bb2c175573b4748df7f1418d54388ec5b6213b1f1

Request headers

Referer
https://fs.jordan-best.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Expires
Fri, 23 Aug 2024 03:12:57 GMT
Date
Wed, 24 Jul 2024 03:12:55 GMT
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag
85076F77A3346EA1E681085BB2C175573B4748DF7F1418D54388EC5B6213B1F1
Content-Length
200925
Content-Type
image/jpg
favicon.ico
fs.jordan-best.com/ 		12 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://fs.jordan-best.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.193.146 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-193-146.unifiedlayer.com
Software
Apache /
Resource Hash
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482

Request headers

Referer
https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 03:12:58 GMT
content-encoding
gzip
last-modified
Sat, 01 Oct 2022 13:16:28 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
accept-ranges
bytes
content-length
4677

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| SelectOption

1 Cookies

Domain/Path Name / Value
.tinyurl.com/ Name: __cf_bm
Value: RT8QFcTz2JpzxH2Ttny7Visf.x41NZPEZqelk2rnNyw-1721790774-1.0.1.1-R92ZXxMkIGCvcxyC3SnS2tNwChFcAoDM7frr4k1LVO5eKEHNhMeRB4My0F9GLDWiw0PRLMVAv5zqeKp7iTQlYw

2 Console Messages

Source Level URL
Text
rendering warning URL: https://fs.jordan-best.com/cornell.edu/&adfs/ls/client-request-id=7c724&wa=wsignin10.html(Line 4)
Message:
Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.
network error URL: https://fs.jordan-best.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()