www.financerts.org
Open in
urlscan Pro
2620:1ec:bdf::38
Malicious Activity!
Public Scan
URL:
https://www.financerts.org/nam/bcdaf06b-91cb-4fc7-aee9-8748600ed7a2/1c4cca0d-14fd-4ad1-9376-dee435585c03/53a35fd5-7d94-4278...
Submission: On July 30 via manual from US — Scanned from US
Submission: On July 30 via manual from US — Scanned from US
Summary
This website contacted 2 IPs
in 1 countries
across 2 domains to perform 11 HTTP transactions.
The main IP is 2620:1ec:bdf::38, located in
United States and
belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US.
The main domain is www.financerts.org.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on May 4th 2024. Valid for: 6 months.
This is the only time www.financerts.org was scanned on urlscan.io!
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on May 4th 2024. Valid for: 6 months.
This is the only time www.financerts.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 6 | 2620:1ec:bdf::38 2620:1ec:bdf::38 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 11 | 2 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
financerts.org
www.financerts.org |
489 KB |
| 0 |
licdn.com
Failed
static-exp1.licdn.com Failed |
|
| 11 | 2 |
| Domain | Requested by | |
|---|---|---|
| 6 | www.financerts.org |
www.financerts.org
|
| 0 | static-exp1.licdn.com Failed |
www.financerts.org
|
| 11 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.attemplate.com Microsoft Azure RSA TLS Issuing CA 04 |
2024-05-04 - 2024-10-31 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.financerts.org/nam/bcdaf06b-91cb-4fc7-aee9-8748600ed7a2/1c4cca0d-14fd-4ad1-9376-dee435585c03/53a35fd5-7d94-4278-bc9f-4532c67adb12/login?id=UE9CNnhVTGpEOHorUGRKYkZrMWFSQkZZVmhDNzlpSDZoUGJRaERsdVBLczlrdFp1MXVRK1gxQ2k4R2pITU5jcTRQeWo2RFRSMytRTnlWcm5rSnIrN1phMWdsNVpGZXY3TlZjZ3RRM0RHTk9uMnhPU1htcnBhS2ZCTHo3eENrWFF1a1ZtZWpyT1RhMzgzYmp1c1VRMUQwZ2xuQTJ5WXVsdnp3QUVabkhBOWsyai9zV2ZtelNrWmJoekpjNnBsRENzaWJNYmJjaEF2VzFBZ1Q3TXdYUUtpWGRDTWJ2ZGRNR1MxWjI4L3NWRDhWVDYxVFZGU3hMRkdCbnZLMFJHcTdqWDhzN3I1MG5tYmRuSld5c1lyVkh0NWVUYkFRU1lTVWQ2OGFYWHA2NmVsNG1Rb05aV2Jmb3gwaHU3eUdJcmdlSEo5aXZhdHphSWZ5RHRwOUxOVkZuR2xoaEJhcG9NU0NybGhoQmlpZlFUWFdQRFhKdFpvQVZycml6ZkRsWnZ2ZmVGU0l4SDZjdUNoN2VqcmxuUXp2Yk53Z04ya3M2MTFiYWlVYUNlNFNmdVl0dz0
Frame ID: B3F7EB42F64FCE78D1E0725CF616EF0B
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login
www.financerts.org/nam/bcdaf06b-91cb-4fc7-aee9-8748600ed7a2/1c4cca0d-14fd-4ad1-9376-dee435585c03/53a35fd5-7d94-4278-bc9f-4532c67adb12/ |
337 KB 338 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
www.financerts.org/Content/Sign_In_files/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
1f64eepbcdl14q0qjl59tj0gq
static-exp1.licdn.com/sc/h/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
1sl5fgewknc9ayyaed567cleo
static-exp1.licdn.com/sc/h/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
6j0uvc4sf8364y7z4n91izlhg
static-exp1.licdn.com/sc/h/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
6jblk5oqhlo45xbkmcr7s4zix
static-exp1.licdn.com/sc/h/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
6h819quem31j0r6g7obsb9sqf
static-exp1.licdn.com/sc/h/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.5.1.min.js
www.financerts.org/Content/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.js
www.financerts.org/Content/ |
198 B 472 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
www.financerts.org/Content/ |
50 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
www.financerts.org/ |
4 KB 4 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- static-exp1.licdn.com
- URL
- https://static-exp1.licdn.com/sc/h/1f64eepbcdl14q0qjl59tj0gq
- Domain
- static-exp1.licdn.com
- URL
- https://static-exp1.licdn.com/sc/h/1sl5fgewknc9ayyaed567cleo
- Domain
- static-exp1.licdn.com
- URL
- https://static-exp1.licdn.com/sc/h/6j0uvc4sf8364y7z4n91izlhg
- Domain
- static-exp1.licdn.com
- URL
- https://static-exp1.licdn.com/sc/h/6jblk5oqhlo45xbkmcr7s4zix
- Domain
- static-exp1.licdn.com
- URL
- https://static-exp1.licdn.com/sc/h/6h819quem31j0r6g7obsb9sqf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | img-src https: data: ; style-src 'self' 'unsafe-inline'; script-src 'self' |
| Strict-Transport-Security | max-age=2592000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
static-exp1.licdn.com
www.financerts.org
static-exp1.licdn.com
2620:1ec:bdf::38
49a3f556e105ab7c965d5708154ffefbe56cc9b8e0b8f813c5a8b67f897111e5
4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411
b0808ce5b4bc780a1f86aa8c669b86d6231dd8d990243304fbd103eb99d2ba3a
c14468cdc2213365958a15b100e91d5b1722efed31f0eb898d838eb7114316fe
f116760bd4b44c1a29b36dd4d59729bad9091a9b0e89c2b470bff0086982a822
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b