haelesotho.org.ls Open in urlscan Pro
69.167.136.124 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://haelesotho.org.ls/wp-content/
Submission: On February 15 via automatic, source openphish (February 15th 2022, 1:17:55 pm UTC) — Scanned from DE

Summary HTTP 17 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 69.167.136.124, located in United States and belongs to LIQUIDWEB, US. The main domain is haelesotho.org.ls.

This is the only time haelesotho.org.ls was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
4	69.167.136.124 69.167.136.124	32244 (LIQUIDWEB) (LIQUIDWEB)
12	2a03:5f80:a::... 2a03:5f80:a::b212:e7d1	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
1 2	13.32.99.90 13.32.99.90	16509 (AMAZON-02) (AMAZON-02)
17	3

4 69.167.136.124 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: berea.zeecom.host

haelesotho.org.ls	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a03:5f80:a::b212:e7d1 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

static-exp1.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.90 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-90.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	licdn.com static-exp1.licdn.com — Cisco Umbrella Rank: 2597	247 KB
4	haelesotho.org.ls haelesotho.org.ls	85 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 129	714 B
17	3

	Domain	Requested by
12	static-exp1.licdn.com	haelesotho.org.ls static-exp1.licdn.com
4	haelesotho.org.ls	static-exp1.licdn.com
2	sb.scorecardresearch.com	1 redirects
17	3

This site contains links to these domains. Also see Links.

Domain
about.linkedin.com
press.linkedin.com
blog.linkedin.com
developer.linkedin.com
mobile.linkedin.com
business.linkedin.com
learning.linkedin.com
brand.linkedin.com
www.linkedin.com

Subject Issuer	Validity	Valid
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://haelesotho.org.ls/wp-content/
Frame ID: B8C4903D4DE5C2FC7CD8023AD1E563FE
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LinkedIn: Log In or Sign Up

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

17
Requests

71 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

333 kB
Transfer

1020 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://about.linkedin.com/?trk=homepage-basic_directory_aboutUrl
Title: About

Search URL Search Domain Scan URL

URL: https://press.linkedin.com/?trk=homepage-basic_directory_pressMicrositeUrl
Title: Press

Search URL Search Domain Scan URL

URL: https://blog.linkedin.com/?trk=homepage-basic_directory_blogMicrositeUrl
Title: Blog

Search URL Search Domain Scan URL

URL: https://developer.linkedin.com/?trk=homepage-basic_directory_developerMicrositeUrl
Title: Developers

Search URL Search Domain Scan URL

URL: https://mobile.linkedin.com/?trk=homepage-basic_directory_mobileMicrositeUrl
Title: Mobile

Search URL Search Domain Scan URL

URL: https://business.linkedin.com/talent-solutions?src=li-footer&utm_source=linkedin&utm_medium=footer&trk=homepage-basic_directory_talentSolutionsMicrositeUrl
Title: Talent

Search URL Search Domain Scan URL

URL: https://business.linkedin.com/marketing-solutions?src=li-footer&utm_source=linkedin&utm_medium=footer&trk=homepage-basic_directory_marketingSolutionsMicrositeUrl
Title: Marketing

Search URL Search Domain Scan URL

URL: https://business.linkedin.com/sales-solutions?src=li-footer&utm_source=linkedin&utm_medium=footer&trk=homepage-basic_directory_salesSolutionsMicrositeUrl
Title: Sales

Search URL Search Domain Scan URL

URL: https://learning.linkedin.com/?src=li-footer&trk=homepage-basic_directory_learningMicrositeUrl
Title: Learning

Search URL Search Domain Scan URL

URL: https://about.linkedin.com/?trk=homepage-basic_footer-about
Title: About

Search URL Search Domain Scan URL

URL: https://brand.linkedin.com/policies?trk=homepage-basic_footer-brand-policy
Title: Brand Policy

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/professional-community-policies?trk=homepage-basic_footer-community-guide
Title: Community Guidelines

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://sb.scorecardresearch.com/b?c1=2&c2=6402952&c3=&c4=&c5=&c6=&c15=&ns__t=1644931071294&ns_c=UTF-8&c8=LinkedIn%3A%20Log%20In%20or%20Sign%20Up&c7=http%3A%2F%2Fhaelesotho.org.ls%2Fwp-content%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6402952&c3=&c4=&c5=&c6=&c15=&ns__t=1644931071294&ns_c=UTF-8&c8=LinkedIn%3A%20Log%20In%20or%20Sign%20Up&c7=http%3A%2F%2Fhaelesotho.org.ls%2Fwp-content%2F&c9=

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response haelesotho.org.ls/wp-content/	84 KB 84 KB	2460ms 1810ms	Document text/html	69.167.136.124 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://haelesotho.org.ls/wp-content/ Protocol HTTP/1.1 Server 69.167.136.124 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS berea.zeecom.host Software Apache / Resource Hash `c07aea777c891ff6ae37bb5e614f058d57330e7bf4ef4ca68b7fde433fb03c1c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Tue, 15 Feb 2022 13:17:48 GMT Server Apache Upgrade h2,h2c Connection Upgrade, Keep-Alive Keep-Alive timeout=5, max=200 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	7vioby51vkvkst94rqlxige9g static-exp1.licdn.com/sc/h/	268 KB 27 KB	314ms 83ms	Stylesheet text/css	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/7vioby51vkvkst94rqlxige9g Requested by Host: haelesotho.org.ls URL: http://haelesotho.org.ls/wp-content/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `2b58d7aa89e92bec00b137d52fd99897505a10d3bd6a1d56e0685ee23d01c928` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 168 Date Tue, 15 Feb 2022 13:17:50 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 42 X-LI-Static-Content 1 X-Li-Fabric prod-ltx1 X-CDN-Proto HTTP1 Connection keep-alive Content-Length 27225 X-LI-UUID AAXYCcx3oubPHTEcbWsO/g== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-ltx1-x Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d809cc77a2e6cf1d311c6d6b0efe Expires Wed, 15 Feb 2023 07:51:20 GMT
GET H/1.1	200 OK	gou6qda3x8bdh2k8t17uu6y4 Show response static-exp1.licdn.com/sc/h/	170 KB 49 KB	85ms 85ms	Script text/javascript	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/gou6qda3x8bdh2k8t17uu6y4 Requested by Host: haelesotho.org.ls URL: http://haelesotho.org.ls/wp-content/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `f13810b1f17ab6f92eb0e48920e9408355ed7064b66657c55e9b099fb4fcb635` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 119 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 43 X-LI-Static-Content 1 Transfer-Encoding chunked X-CDN-Proto HTTP1 Connection keep-alive, Transfer-Encoding X-Li-Fabric prod-lva1 X-LI-UUID AAXYCcx9N22C3rEdYxTLLg== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-lva1-x Vary Accept-Encoding Content-Type text/javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d809cc7d376d82deb11d6314cb2e Expires Wed, 15 Feb 2023 07:51:20 GMT
GET H/1.1	200 OK	zrzhhhhzo3j2o02nyb1wo78s Show response static-exp1.licdn.com/sc/h/	114 KB 36 KB	180ms 81ms	Script text/javascript	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Requested by Host: haelesotho.org.ls URL: http://haelesotho.org.ls/wp-content/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `4c19a72f9fb6743aff869bdb9461c64c237329959b07f973f3120cb9f212ac41` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 133 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 42 X-LI-Static-Content 1 X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Connection keep-alive Content-Length 36081 X-LI-UUID AAXYCcx9P3xk1YFNB9tqCQ== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-lva1-x Vary Accept-Encoding Content-Type text/javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d809cc7d3f7c64d5814d07db6a09 Expires Wed, 15 Feb 2023 07:51:20 GMT
GET H/1.1	200 OK	8fkga714vy9b2wk5auqo5reeb Show response static-exp1.licdn.com/sc/h/	3 KB 2 KB	251ms 66ms	XHR image/svg+xml	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/8fkga714vy9b2wk5auqo5reeb Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `b9e0a92c496b900728000dbf48aa623a7eb0468c5814a8bf60c69d6cda05b149` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-LI-Proto http/1.1 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Static-Content 1 X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Remote-Cache-Status TCP_HIT, TCP_HIT, TCP_HIT Connection keep-alive Content-Length 1209 X-LI-UUID /3bI48RpdxagmllseisAAA== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-edc2 Vary Accept-Encoding Content-Type image/svg+xml Access-Control-Allow-Origin * Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID ff76c8e3c4697716a09a596c7a2b0000 Expires Wed, 20 Apr 2022 00:34:45 GMT
GET H/1.1	200 OK	5lbeoj8zb8shvj56rv8jnarz8 Show response static-exp1.licdn.com/sc/h/	192 B 929 B	250ms 64ms	XHR image/svg+xml	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/5lbeoj8zb8shvj56rv8jnarz8 Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `a27aef50e8214ac2f8e8c0590a3717b6e4309e39140012ed07432ac067be2057` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 118 Date Tue, 15 Feb 2022 13:17:51 GMT X-LI-Static-Content 1 X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 43 X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Connection keep-alive Content-Length 192 X-LI-UUID AAXYCcyMstpLJ47f/qC8UA== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-lva1-x Content-Type image/svg+xml Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d809cc8cb2da4b278edffea0bc50 Expires Wed, 15 Feb 2023 07:51:21 GMT
GET H/1.1	200 OK	5lbeoj8zb8shvj56rv8jnarz8 Show response static-exp1.licdn.com/sc/h/	192 B 929 B	255ms 67ms	XHR image/svg+xml	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/5lbeoj8zb8shvj56rv8jnarz8 Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `a27aef50e8214ac2f8e8c0590a3717b6e4309e39140012ed07432ac067be2057` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 118 Date Tue, 15 Feb 2022 13:17:51 GMT X-LI-Static-Content 1 X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 43 X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Connection keep-alive Content-Length 192 X-LI-UUID AAXYCcyMstpLJ47f/qC8UA== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-lva1-x Content-Type image/svg+xml Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d809cc8cb2da4b278edffea0bc50 Expires Wed, 15 Feb 2023 07:51:21 GMT
GET H/1.1	200 OK	66itw880ou7ix4ag13vdsd3v5 Show response static-exp1.licdn.com/sc/h/	182 B 929 B	261ms 70ms	XHR image/svg+xml	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/66itw880ou7ix4ag13vdsd3v5 Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `63ca898d00cc1d9716820fe6dc932cc0747892787133bcfc995e5ec6ef63136f` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-LI-Proto http/1.1 Date Tue, 15 Feb 2022 13:17:51 GMT X-LI-Static-Content 1 X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Remote-Cache-Status TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT Connection keep-alive Content-Length 182 X-LI-UUID dDu/SddReRYwcOTOcysAAA== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-edc2 Content-Type image/svg+xml Access-Control-Allow-Origin * Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 743bbf49d75179163070e4ce732b0000 Expires Tue, 26 Apr 2022 05:38:46 GMT
GET H/1.1	200 OK	ddi43qwelxeqjxdd45pe3fvs1 Show response static-exp1.licdn.com/sc/h/	2 KB 2 KB	260ms 68ms	XHR image/svg+xml	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/ddi43qwelxeqjxdd45pe3fvs1 Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `870436155a72b520f5918f62c6d8f981ef76510e3cd8280266a7c270f6fdad49` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-LI-Proto http/1.1 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Static-Content 1 X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Remote-Cache-Status TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT Connection keep-alive Content-Length 903 X-LI-UUID vP+b8fGkdxawaYK5hSsAAA== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-edc2 Vary Accept-Encoding Content-Type image/svg+xml Access-Control-Allow-Origin * Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID bcff9bf1f1a47716b06982b9852b0000 Expires Wed, 20 Apr 2022 18:39:10 GMT
GET H/1.1	200 OK	b8nmakf6h0x06rajxf1vxrb8g Show response static-exp1.licdn.com/sc/h/	108 KB 37 KB	79ms 78ms	Script text/javascript	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/b8nmakf6h0x06rajxf1vxrb8g Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `ee701e167f6e0f16463e84fac42d93665c904b716e2ed6b328821d2ea477a616` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 118 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 45 X-LI-Static-Content 1 X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Connection keep-alive Content-Length 37165 X-LI-UUID AAXYCcyKxG2DVi1/vJIcWg== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-lva1-x Vary Accept-Encoding Content-Type text/javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d809cc8ac46d83562d7fbc921c5a Expires Wed, 15 Feb 2023 07:51:21 GMT
GET H/1.1	200 OK	b08gxllvwy6zylnb52u2u7ovr Show response static-exp1.licdn.com/sc/h/	218 KB 73 KB	84ms 83ms	Script text/javascript	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Full URL https://static-exp1.licdn.com/sc/h/b08gxllvwy6zylnb52u2u7ovr Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `fbd8ab1e9352c31ce919f63ea07e34d3fb2fd0985cfa66a86b9a9630a0c37d28` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 115 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 42 X-LI-Static-Content 1 Transfer-Encoding chunked X-CDN-Proto HTTP1 Connection keep-alive, Transfer-Encoding X-Li-Fabric prod-lva1 X-LI-UUID AAXYCcyNMNpP+e+G9FUzXg== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-lva1-x Vary Accept-Encoding Content-Type text/javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d809cc8d30da4ff9ef86f455335e Expires Wed, 15 Feb 2023 07:51:21 GMT
GET H/1.1	200 OK	dxf91zhqd2z6b0bwg85ktm5s4 static-exp1.licdn.com/sc/h/	27 KB 10 KB	68ms 68ms	Image image/svg+xml	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Show image Full URL https://static-exp1.licdn.com/sc/h/dxf91zhqd2z6b0bwg85ktm5s4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `268b5cddbb5be30e78071bd682bcb89ba4d614d5b30b55a8c4254fcab1f3f842` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-LI-Proto http/1.1 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Static-Content 1 X-Li-Fabric prod-lva1 X-CDN-Proto HTTP1 Remote-Cache-Status TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT Connection keep-alive Content-Length 9205 X-LI-UUID 6MM46NB6dxbw5drbQisAAA== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-ech2 Vary Accept-Encoding Content-Type image/svg+xml Access-Control-Allow-Origin * Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID e8c338e8d07a7716f0e5dadb422b0000 Expires Wed, 20 Apr 2022 05:47:08 GMT
GET H/1.1	200 OK	d58zfe6h3ycgq5l1ccjpkrtdn static-exp1.licdn.com/sc/h/	26 KB 9 KB	69ms 68ms	Image image/svg+xml	2a03:5f80:a::b212:e7d1 DATAIX-AS Peering...
General Check archive.org Show headers Download Go to Show image Full URL https://static-exp1.licdn.com/sc/h/d58zfe6h3ycgq5l1ccjpkrtdn Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a03:5f80:a::b212:e7d1 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU), Reverse DNS Software Play / Resource Hash `7b8ca8b479d0e717b3bc510e0be5760865e54bc3fc024fb4e9402ac895674ab4` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers X-EdgeConnect-Origin-MEX-Latency 153 Date Tue, 15 Feb 2022 13:17:51 GMT Content-Encoding gzip X-CDN-CLIENT-IP-VERSION IPV6 X-CDN AKAM X-LI-Proto http/1.1 X-EdgeConnect-MidMile-RTT 42 X-LI-Static-Content 1 X-Li-Fabric prod-ltx1 X-CDN-Proto HTTP1 Connection keep-alive Content-Length 8457 X-LI-UUID AAXX7lO+PUArkESTjEY3gw== Server Play Last-Modified Mon, 05 Nov 2012 04:00:51 GMT X-Li-Pop prod-ltx1-x Vary Accept-Encoding Content-Type image/svg+xml Access-Control-Allow-Origin * Access-Control-Expose-Headers X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE Cache-Control max-age=31536000, immutable Timing-Allow-Origin * X-FS-UUID 0005d7ee53be3d402b9044938c463783 Expires Mon, 13 Feb 2023 23:04:50 GMT
POST H/1.1	404 Not Found	gauge Show response haelesotho.org.ls/homepage-guest/api/ingraphs/	315 B 516 B	123ms 123ms	XHR text/html	69.167.136.124 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://haelesotho.org.ls/homepage-guest/api/ingraphs/gauge Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Server 69.167.136.124 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS berea.zeecom.host Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer http://haelesotho.org.ls/wp-content/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type application/json Response headers Date Tue, 15 Feb 2022 13:17:51 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=199 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H2	204	b2 sb.scorecardresearch.com/ Redirect Chain https://sb.scorecardresearch.com/b?c1=2&c2=6402952&c3=&c4=&c5=&c6=&c15=&ns__t=1644931071294&ns_c=UTF-8&c8=LinkedIn%3A%20Log%20In%20or%20Sign%20Up&c7=http%3A%2F%2Fhaelesotho.org.ls%2Fwp-content%2F&c9= https://sb.scorecardresearch.com/b2?c1=2&c2=6402952&c3=&c4=&c5=&c6=&c15=&ns__t=1644931071294&ns_c=UTF-8&c8=LinkedIn%3A%20Log%20In%20or%20Sign%20Up&c7=http%3A%2F%2Fhaelesotho.org.ls%2Fwp-content%2F&c9=	0 225 B	9ms 8ms	Image text/plain	13.32.99.90 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://sb.scorecardresearch.com/b2?c1=2&c2=6402952&c3=&c4=&c5=&c6=&c15=&ns__t=1644931071294&ns_c=UTF-8&c8=LinkedIn%3A%20Log%20In%20or%20Sign%20Up&c7=http%3A%2F%2Fhaelesotho.org.ls%2Fwp-content%2F&c9= Protocol H2 Server 13.32.99.90 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-90.fra60.r.cloudfront.net Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer http://haelesotho.org.ls/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers date Tue, 15 Feb 2022 13:17:51 GMT via 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P3 etag W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk" x-amz-cf-id wF4DSkaBYVmZDDgwS9jtpQYYDpQoVRHT-awz51MLe6QN4ZcWcLb3AA== x-cache Miss from cloudfront Redirect headers date Tue, 15 Feb 2022 13:17:51 GMT via 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P3 vary Accept x-cache Miss from cloudfront content-type text/plain; charset=utf-8 location https://sb.scorecardresearch.com/b2?c1=2&c2=6402952&c3=&c4=&c5=&c6=&c15=&ns__t=1644931071294&ns_c=UTF-8&c8=LinkedIn%3A%20Log%20In%20or%20Sign%20Up&c7=http%3A%2F%2Fhaelesotho.org.ls%2Fwp-content%2F&c9= content-length 222 x-amz-cf-id R-WYP5vFPJoJC94YtPDdCcn9dt32rPh8insGSZkj9rozjmultEtJ4w==
POST H/1.1	404 Not Found	track haelesotho.org.ls/li/	315 B 516 B	220ms 112ms	Ping text/html	69.167.136.124 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://haelesotho.org.ls/li/track Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Server 69.167.136.124 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS berea.zeecom.host Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer http://haelesotho.org.ls/wp-content/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Tue, 15 Feb 2022 13:17:51 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=200 Content-Length 315 Content-Type text/html; charset=iso-8859-1
POST H/1.1	404 Not Found	track Show response haelesotho.org.ls/li/	315 B 516 B	116ms 116ms	Fetch text/html	69.167.136.124 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL http://haelesotho.org.ls/li/track Requested by Host: static-exp1.licdn.com URL: https://static-exp1.licdn.com/sc/h/zrzhhhhzo3j2o02nyb1wo78s Protocol HTTP/1.1 Server 69.167.136.124 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS berea.zeecom.host Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer http://haelesotho.org.ls/wp-content/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 content-type application/json Response headers Date Tue, 15 Feb 2022 13:17:51 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=199 Content-Length 315 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.scorecardresearch.com/	1970-01-20 18:12:19	Name: UID Value: 1DD7137f811d1e698f277621644931071

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://haelesotho.org.ls/homepage-guest/api/ingraphs/gauge Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://haelesotho.org.ls/li/track Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://haelesotho.org.ls/li/track Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

haelesotho.org.ls
sb.scorecardresearch.com
static-exp1.licdn.com
13.32.99.90
2a03:5f80:a::b212:e7d1
69.167.136.124
268b5cddbb5be30e78071bd682bcb89ba4d614d5b30b55a8c4254fcab1f3f842
2b58d7aa89e92bec00b137d52fd99897505a10d3bd6a1d56e0685ee23d01c928
4c19a72f9fb6743aff869bdb9461c64c237329959b07f973f3120cb9f212ac41
63ca898d00cc1d9716820fe6dc932cc0747892787133bcfc995e5ec6ef63136f
7b8ca8b479d0e717b3bc510e0be5760865e54bc3fc024fb4e9402ac895674ab4
870436155a72b520f5918f62c6d8f981ef76510e3cd8280266a7c270f6fdad49
a27aef50e8214ac2f8e8c0590a3717b6e4309e39140012ed07432ac067be2057
b9e0a92c496b900728000dbf48aa623a7eb0468c5814a8bf60c69d6cda05b149
c07aea777c891ff6ae37bb5e614f058d57330e7bf4ef4ca68b7fde433fb03c1c
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee701e167f6e0f16463e84fac42d93665c904b716e2ed6b328821d2ea477a616
f13810b1f17ab6f92eb0e48920e9408355ed7064b66657c55e9b099fb4fcb635
fbd8ab1e9352c31ce919f63ea07e34d3fb2fd0985cfa66a86b9a9630a0c37d28

haelesotho.org.ls Open in urlscan Pro 69.167.136.124 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

71 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

333 kBTransfer

1020 kBSize

1 Cookies

12 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

haelesotho.org.ls Open in urlscan Pro
69.167.136.124 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

71 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

333 kB
Transfer

1020 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!