ecpm.ps
Open in
urlscan Pro
217.66.226.50
Malicious Activity!
Public Scan
Effective URL: http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa...
Submission: On August 18 via manual from TW
Summary
This is the only time ecpm.ps was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.11.164.40 185.11.164.40 | 33876 (FLESK-AS) (FLESK-AS) | |
1 6 | 217.66.226.50 217.66.226.50 | 15975 (HADARA-AS) (HADARA-AS) | |
2 | 23.62.99.208 23.62.99.208 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
7 | 2 |
ASN33876 (FLESK-AS, PT)
PTR: vs310.rede1024.com
ifinanceofamerica.concretium.pt |
ASN15975 (HADARA-AS, PS)
PTR: ns1.hadara.ps
ecpm.ps |
ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-62-99-208.deploy.static.akamaitechnologies.com
aadcdn.msftauthimages.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
ecpm.ps
1 redirects
ecpm.ps |
102 KB |
2 |
msftauthimages.net
aadcdn.msftauthimages.net |
356 KB |
1 |
concretium.pt
1 redirects
ifinanceofamerica.concretium.pt |
393 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
6 | ecpm.ps |
1 redirects
ecpm.ps
|
2 | aadcdn.msftauthimages.net |
ecpm.ps
|
1 | ifinanceofamerica.concretium.pt | 1 redirects |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
aadcdn.msftauthimages.net Microsoft IT TLS CA 5 |
2018-11-29 - 2020-11-29 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Frame ID: 9DDB463F282D038BC8ABE57C6D27C22F
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://ifinanceofamerica.concretium.pt/c2FpY2hAZmluYW5jZW9mYW1lcmljYS5jb20=
HTTP 302
http://ecpm.ps/js/j?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5... HTTP 301
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ifinanceofamerica.concretium.pt/c2FpY2hAZmluYW5jZW9mYW1lcmljYS5jb20=
HTTP 302
http://ecpm.ps/js/j?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7 HTTP 301
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
ecpm.ps/js/j/ Redirect Chain
|
10 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Converged1033.css
ecpm.ps/js/j/files2/ |
86 KB 86 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
load2.gif
ecpm.ps/js/j/files/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bannerlogo
aadcdn.msftauthimages.net/dbd5a2dd-3px53s0vfhze8qcnusskgvkvlns5a8oxuu9sdfpfwba/logintenantbranding/0/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_left.png
ecpm.ps/js/j/files/ |
240 B 707 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
ecpm.ps/js/j/files2/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
illustration
aadcdn.msftauthimages.net/dbd5a2dd-3px53s0vfhze8qcnusskgvkvlns5a8oxuu9sdfpfwba/logintenantbranding/0/ |
352 KB 353 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| empty function| change function| myFunction object| form object| button4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ecpm.ps/ | Name: TSe8d2ac7b029 Value: 08e74f81ecab2800a9d9d9be82dfe48ac3443d3c78b4b4d2c82d71178a79bdb128bc5f8d66771947e63bf97e45ba7386 |
|
ecpm.ps/ | Name: TSa7a7d3a9027 Value: 08e74f81ecab20001eaa566090c2557d8ed4c3b33c812cfeccb8b7ffe504fecc24bf2212f19e5aaf08db9aec81113000e11522453fdfae79ce4918546fc87830c578670a8bfc1c966df6f3fd74d89e104b8c5de57bd18ba409f55d272d3c0fd3 |
|
ecpm.ps/ | Name: TS0199eede Value: 014495aacc68b4277c786c333110afb0f6f538e7cf011d745b30ea366c214bcfee8c32c0f6f9fc45695deb3a7be2b78f415be8674a |
|
ecpm.ps/ | Name: PHPSESSID Value: 7k00rvef8k1dlp52rr4o4ibn04 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauthimages.net
ecpm.ps
ifinanceofamerica.concretium.pt
185.11.164.40
217.66.226.50
23.62.99.208
4ab7658cf047ebb6d8ca59ad1c66a3dc4edf94b2b26ff98e2525fc57320de69c
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
c8a701269bc5469a2d0421c35fa1d796eea8a6b4f5eba53d7ae61b8c068d48bf
c9dcb1228359eaa55b65694860ac07f7271b44cd76fa496ed934afb9fc0302c1
f8a32840565a909ab0e7065ccfaf43f70e297e78374c59f4f09a4e7428b83836