![](/screenshots/81599821-8130-4db3-b41b-d8fbb2d3cca4.png)
ja.org.ua
Open in
urlscan Pro
2606:4700:3033::6815:f78
Malicious Activity!
Public Scan
Submission: On April 08 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 17th 2021. Valid for: a year.
This is the only time ja.org.ua was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2606:4700:303... 2606:4700:3033::6815:f78 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2606:2800:233... 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dca | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200d | 15169 (GOOGLE) (GOOGLE) | |
14 | 4 |
ASN15133 (EDGECAST, US)
static-exp1.licdn.com |
ASN20940 (AKAMAI-ASN1, NL)
platform.linkedin-ei.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
licdn.com
static-exp1.licdn.com — Cisco Umbrella Rank: 2859 |
156 KB |
5 |
ja.org.ua
ja.org.ua |
70 KB |
1 |
google.com
accounts.google.com — Cisco Umbrella Rank: 80 |
1 KB |
1 |
linkedin-ei.com
platform.linkedin-ei.com |
24 KB |
14 | 4 |
Domain | Requested by | |
---|---|---|
7 | static-exp1.licdn.com |
ja.org.ua
static-exp1.licdn.com |
5 | ja.org.ua |
ja.org.ua
static-exp1.licdn.com |
1 | accounts.google.com |
static-exp1.licdn.com
|
1 | platform.linkedin-ei.com |
static-exp1.licdn.com
|
14 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-05-17 - 2022-05-16 |
a year | crt.sh |
*.licdn.com DigiCert SHA2 Secure Server CA |
2021-09-16 - 2022-09-15 |
a year | crt.sh |
platform.linkedin.com DigiCert SHA2 Secure Server CA |
2020-07-03 - 2022-07-08 |
2 years | crt.sh |
accounts.google.com GTS CA 1C3 |
2022-03-21 - 2022-06-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ja.org.ua/sitemap-image/linkedin-normal/?csdun=
Frame ID: 53AC33E0159F7027873A8CB357362BD7
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ja.org.ua/sitemap-image/linkedin-normal/ |
42 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
ja.org.ua/sitemap-image/linkedin-normal/js/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6u4abakrebm97iir18d17rmu0
static-exp1.licdn.com/sc/h/ |
206 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9z2qszoigwown5438iofxsbd3
static-exp1.licdn.com/sc/h/ |
134 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2qwdjwm18c9qqjkkqgthouslg
static-exp1.licdn.com/sc/h/ |
62 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6jblk5oqhlo45xbkmcr7s4zix
static-exp1.licdn.com/sc/h/ |
64 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eifp0ukycgmm5y0uay3omxuap
static-exp1.licdn.com/sc/h/ |
1 KB 598 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z5z0fyn9degkqxthacxz44e4
static-exp1.licdn.com/sc/h/ |
73 KB 22 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
platform.linkedin-ei.com/js/ |
60 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
50seqnxcfadh00enh9ffvk85k
static-exp1.licdn.com/sc/h/ |
181 KB 50 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
status
accounts.google.com/gsi/ |
37 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
track
ja.org.ua/li/ |
38 KB 10 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
track
ja.org.ua/li/ |
38 KB 10 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
track
ja.org.ua/li/ |
38 KB 10 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network) Generic (Online)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt object| LI object| artdeco object| _artdecoBakedCurves object| __core-js_shared__ object| utag_data object| utag_cfg_ovrd object| _0x3365 function| _0xcf3d object| rumTracking string| GoogleAnalyticsObject function| ga object| gapi object| _ object| gadgets object| osapi object| ___jsl object| oauth2 object| default_gsi object| closure_lm_98861 object| google object| __G_ID_CLIENT__ object| apfcDf object| google_tag_data object| gaplugins object| gaGlobal object| gaData2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ja.org.ua/ | Name: PHPSESSID Value: 1lnga9o00felnb4kea43p15q1k |
|
.linkedin-ei.com/ | Name: lidc Value: "b=ETGST00:s=ET:r=ET:a=ET:p=ET:g=76:u=1:x=1:i=1649385253:t=1649471653:v=2:sig=AQEKpO3RjXBaom6WZbznCrZfmlS_7vzy" |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
ja.org.ua
platform.linkedin-ei.com
static-exp1.licdn.com
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
2606:4700:3033::6815:f78
2a00:1450:4001:800::200d
2a02:26f0:3500:7::17d8:4dca
2072637eca86b31333f03dd2f363993776d87ec85be0f0970d80a08347cbe43f
348df093a36c0b1c994a7d028a8db84e2f15715c3ede86d6338a20fe3eb7be32
40acd7d76879e5cd1af1c25f66c840d84fa0e3f1070bf438eb7aa24b5469b625
48923a58feaa387328008470b1ff2a9fed1500d035b35916e02f493c6659652c
597c946522dec4cf136d651c70944887b7e30adfb8aa5196815b0225283e1253
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
99c52046d1df362721eb275cabcd169c7e105d0bbaf374a7c9f96ddf6c1216f2
9edf0e1fc3ef5062d6aef1b537226c289970b6bb7bb5cd0f1855ad8fadecdd42
ab14e650ef11bf674815d6ad0bf62efa272698c3df1eb815cd8ddce876207ec9
c07f4c4caa7bf62915a154289d26250b2ae256215175e2f413cd5e664c94bde2
c86c1c34d7256d5e7a0964ffd9726b977626c434e4d7c850227ab0a3f8ac85a7
ffbf8b87d477b1f917e6358124494745533f7820946c87bab5e9817202356b8a