easydec.iinkedin.li Open in urlscan Pro
185.237.25.26 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://easydec.iinkedin.li/
Submission: On February 05 via api (February 5th 2023, 4:06:02 pm UTC) from JP — Scanned from JP

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 185.237.25.26, located in Matran, Switzerland and belongs to CISEL, CH. The main domain is easydec.iinkedin.li.
TLS certificate: Issued by R3 on January 21st 2023. Valid for: 3 months.

This is the only time easydec.iinkedin.li was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address		AS Autonomous System
10	185.237.25.26 185.237.25.26		39419 (CISEL) (CISEL)
10	1

10 185.237.25.26 (Matran, Switzerland)

ASN39419 (CISEL, CH)

easydec.iinkedin.li	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sp.ciselsecurity.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	iinkedin.li easydec.iinkedin.li	78 KB
1	ciselsecurity.ch sp.ciselsecurity.ch	3 KB
10	2

	Domain	Requested by
9	easydec.iinkedin.li	easydec.iinkedin.li
1	sp.ciselsecurity.ch	easydec.iinkedin.li
10	2

This site contains no links.

Subject Issuer	Validity	Valid
easydec.iinkedin.li R3	`2023-01-21` - `2023-04-21`	3 months	crt.sh
sp.ciselsecurity.ch R3	`2023-02-01` - `2023-05-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://easydec.iinkedin.li/
Frame ID: 382C3903120E18CC1ADB294AE99CFC1A
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Outlook

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

81 kB
Transfer

95 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response easydec.iinkedin.li/	5 KB 2 KB	1478ms 229ms	Document text/html	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Full URL https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `c4a6ef1daacb9e61d10956d02e079e52e31a5216c0e97320d248e60ed1715caa` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 1487 Content-Type text/html; charset=UTF-8 Date Sun, 05 Feb 2023 16:05:57 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	style.css easydec.iinkedin.li/resources/	9 KB 2 KB	232ms 231ms	Stylesheet text/css	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Full URL https://easydec.iinkedin.li/resources/style.css Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `8d48574bdedbac82ba6acb91d8c3954c9e2e3b4d32ddbdc3d32a5048f5f8b757` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:57 GMT Content-Encoding gzip Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "24be-5ee0af9b7ae89-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2204
GET H/1.1	200 OK	login.js Show response easydec.iinkedin.li/resources/	561 B 583 B	280ms 258ms	Script application/javascript	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Full URL https://easydec.iinkedin.li/resources/login.js Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `6add52763e23796067aa404f3f6268e015a90a755a4470cd9b721c6af438b832` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:57 GMT Content-Encoding gzip Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "231-5ee0af9b7ae89-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 233
GET H/1.1	200 OK	mod Show response sp.ciselsecurity.ch/	9 KB 3 KB	784ms 279ms	Script application/javascript	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Full URL https://sp.ciselsecurity.ch/mod?tlink=e1mvt6 Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `a6575dc5c15783798665ae011708b6e24e7916993eac39fb93793b7707341d17` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:57 GMT Content-Encoding gzip Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 2680
GET H/1.1	200 OK	outlookLogoBig.png easydec.iinkedin.li/resources/images/	2 KB 3 KB	246ms 246ms	Image image/png	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Show image Full URL https://easydec.iinkedin.li/resources/images/outlookLogoBig.png Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:57 GMT Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "9c7-5ee0af9b7ae89" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2503
GET H/1.1	200 OK	outlookLogoSmall2.png easydec.iinkedin.li/resources/images/	4 KB 4 KB	276ms 276ms	Image image/png	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Show image Full URL https://easydec.iinkedin.li/resources/images/outlookLogoSmall2.png Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:57 GMT Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "e0b-5ee0af9b7ae89" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3595
GET H/1.1	200 OK	outlookLogoLong.png easydec.iinkedin.li/resources/images/	8 KB 8 KB	245ms 244ms	Image image/png	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Show image Full URL https://easydec.iinkedin.li/resources/images/outlookLogoLong.png Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:58 GMT Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "1e42-5ee0af9b7ae89" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 7746
GET H/1.1	200 OK	arrowRight.png easydec.iinkedin.li/resources/images/	1 KB 2 KB	265ms 264ms	Image image/png	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Show image Full URL https://easydec.iinkedin.li/resources/images/arrowRight.png Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:58 GMT Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "5a1-5ee0af9b7ae89" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1441
GET H/1.1	200 OK	bar.png easydec.iinkedin.li/resources/images/	1 KB 2 KB	469ms 230ms	Image image/png	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Show image Full URL https://easydec.iinkedin.li/resources/images/bar.png Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/resources/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://easydec.iinkedin.li/resources/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:58 GMT Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "59a-5ee0af9b7ae89" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1434
GET H/1.1	200 OK	segoeui-regular.ttf easydec.iinkedin.li/resources/	55 KB 56 KB	272ms 263ms	Font font/ttf	185.237.25.26 CISEL
General Check archive.org Show headers Download Go to Full URL https://easydec.iinkedin.li/resources/segoeui-regular.ttf Requested by Host: easydec.iinkedin.li URL: https://easydec.iinkedin.li/resources/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.237.25.26 Matran, Switzerland, ASN39419 (CISEL, CH), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash `c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708` Request headers Referer https://easydec.iinkedin.li/resources/style.css Origin https://easydec.iinkedin.li accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 05 Feb 2023 16:05:58 GMT Last-Modified Tue, 22 Nov 2022 08:29:50 GMT Server Apache/2.4.41 (Ubuntu) ETag "ddb8-5ee0af9b7ae89" Content-Type font/ttf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 56760

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

easydec.iinkedin.li
sp.ciselsecurity.ch
185.237.25.26
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
6add52763e23796067aa404f3f6268e015a90a755a4470cd9b721c6af438b832
8d48574bdedbac82ba6acb91d8c3954c9e2e3b4d32ddbdc3d32a5048f5f8b757
a6575dc5c15783798665ae011708b6e24e7916993eac39fb93793b7707341d17
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
c4a6ef1daacb9e61d10956d02e079e52e31a5216c0e97320d248e60ed1715caa
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b

easydec.iinkedin.li Open in urlscan Pro 185.237.25.26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

81 kBTransfer

95 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

0 Cookies

Indicators

easydec.iinkedin.li Open in urlscan Pro
185.237.25.26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

81 kB
Transfer

95 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!