financenews24.top
Open in
urlscan Pro
2606:4700:3031::ac43:8619
Malicious Activity!
Public Scan
Submission: On October 18 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on August 23rd 2023. Valid for: 3 months.
This is the only time financenews24.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Lion's Den Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 2606:4700:303... 2606:4700:3031::ac43:8619 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 18.208.62.125 18.208.62.125 | 14618 (AMAZON-AES) (AMAZON-AES) | |
16 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-62-125.compute-1.amazonaws.com
re.redirectfor.money |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
financenews24.top
financenews24.top |
1 MB |
1 |
redirectfor.money
re.redirectfor.money |
|
16 | 2 |
Domain | Requested by | |
---|---|---|
15 | financenews24.top |
financenews24.top
|
1 | re.redirectfor.money |
financenews24.top
|
16 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
re.redirectfor.money |
www.sportschau.de |
www.ardmediathek.de |
www.ardaudiothek.de |
www.kika.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
financenews24.top E1 |
2023-08-23 - 2023-11-21 |
3 months | crt.sh |
re.redirectfor.money R3 |
2023-09-12 - 2023-12-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://financenews24.top/de/lichter/?on=Immediate%20Edge&cep=rGqphTx0oWNWBg6pSfIEzehbRgv4CzT3RcEChrD8o1XgrsUHtSis8xW-fvgMr_vZ9fLbOGdAKEb_DhMl2eVbsQGWU5vz2slKxojjIl39UT6d9n3nO0i3XNzxi3RtzlsITBO0GpVlkLqCsDj3fVkKaQT4sbjwqdDusMK2OrqiasOYPF0Jjrxvwsl3jbjXKwLO84xD5Pr7KUAjm_P5OD9ulhchaCCaMHxLpb06oHijn2KT42Bh4S9dFT-Ino2rcylSQDEDPp6HjlIteh0CoHD2NAN-zAfXNdwr5kxVWwloVji75cLFfvtKewfrmdlTZ0
Frame ID: 6CE64F21FD8D64FA83B1C10A1B8445E0
Requests: 21 HTTP requests in this frame
8 Outgoing links
These are links going to different origins than the main page.
Title: Navigation
Search URL Search Domain Scan URL
Title: Inhalt
Search URL Search Domain Scan URL
Title: Fußzeile
Search URL Search Domain Scan URL
Title: Tagesschau Logo
Search URL Search Domain Scan URL
Title: Sportschau
Search URL Search Domain Scan URL
Title: Mediathek
Search URL Search Domain Scan URL
Title: Audiothek
Search URL Search Domain Scan URL
Title: KiKA
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
financenews24.top/de/lichter/ |
926 KB 540 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
financenews24.top/includes/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
viewer.js
financenews24.top/includes/ |
838 B 761 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles12.css
financenews24.top/de/lichter/assets/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hdl-new-horst-2.jpg
financenews24.top/de/lichter/assets/ |
90 KB 91 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bitprojects-20210323-dhdl.jpg
financenews24.top/de/lichter/assets/ |
78 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
29093406_ea27c533b28aae434.jpg
financenews24.top/de/lichter/assets/ |
118 KB 119 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
horst2.jpg
financenews24.top/de/lichter/assets/ |
95 KB 96 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prof1.jpg
financenews24.top/de/lichter/assets/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prof2.jpg
financenews24.top/de/lichter/assets/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prof3.jpg
financenews24.top/de/lichter/assets/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prof4.jpg
financenews24.top/de/lichter/assets/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prof5.jpg
financenews24.top/de/lichter/assets/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
184dc9ab-6565-4fbf-a6a5-27.jpg
financenews24.top/de/lichter/assets/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
view.php
financenews24.top/includes/ |
0 488 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
.js
re.redirectfor.money/d/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
83 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
18 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
90 KB 90 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
94 KB 94 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
90 KB 90 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Lion's Den Scam (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| getUrlParameter string| offername undefined| pvar undefined| tvar undefined| dvar undefined| ivar undefined| ptvar undefined| geovar function| dtpCallback0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
financenews24.top
re.redirectfor.money
18.208.62.125
2606:4700:3031::ac43:8619
07246191e11b61d7e938f7a58ab04746905e29f937a5ab1edc2699e69c3c4cf1
0773fdbe6089556e9d0d60eef0116dbf389d3e5b46260c038ec529f24242c28a
094aa79cd5cd3d2127afd6f406f86a31a72ae8ffcc12edf6f05eb8239d2532b5
1707346b93ea4f91be70ba1d144c800813af2ef6d7bf2a9785665d2e9764b4c8
1cedfc915d949dd071d4ba84767cf09ad470a8d212c7225ac2c5694554454cf0
35a930950a6e1f5d23a961d3bcacc816765906da7d811bccf88744f1c4e28156
4321aaa0b7ff06b546cbbce19b73ef2cd792feafcf396a05b76feaa38c85725a
5e4a39e9f9298e25b326bd92f08b9cca6b15f0d617677c8ef2a6a3c037a8a0a1
66d0cae83a87e541eaf134f1144a1f9977d1aaf98491b9bbcf05a64f469876b7
70d81524ff46cf40ab5b8dafa8597489819bed792aeffde58837e55b99013464
7ad8a3923844b448bc657c343991c26f2d1791c3a6f25d6eee626ccfd4b6f5c0
b4ab8cc0c2b31a7176025451c898c0f228228c4db2a4392cef152050254713e2
ccf9e97a2b08bc8bae2df934bcc574bd544902809a8cef1e8132ed6bcc31666c
df99f7229bbfb0bdf5ed771fca5acc2fcbe96e41429bc2b2451f238c42d3f948
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1e355a95418ce40814269bdf0d9ed23016c16fc51c63e5b9dd2b636692e6b64
f1eb7b250471bc3fc9010ee3c7ddbaf9aa37ce16d0823ebfdf867b504bcb242f
f5653349d4d9eade79c3484fc521672332ffba22afbf1022e80ecb56973814c4
f6894acedc5915b51c9f1857f0da8ea062475edaff3b391b7cd7ffdf7115ad91
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d