urlscan.io logo urlscan.io
SecurityTrails logo

ecpm.ps Open in urlscan Pro
217.66.226.50  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ifinanceofamerica.concretium.pt/c2FpY2hAZmluYW5jZW9mYW1lcmljYS5jb20=
Effective URL: http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa...
Submission: On August 18 via manual from TW
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 217.66.226.50, located in Ramallah, Palestinian Territory, Occupied and belongs to HADARA-AS, PS. The main domain is ecpm.ps.
This is the only time ecpm.ps was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 185.11.164.40 33876 (FLESK-AS)
1 6 217.66.226.50 15975 (HADARA-AS)
2 23.62.99.208 20940 (AKAMAI-ASN1)
7 2
Apex Domain
Subdomains		 Transfer
6 ecpm.ps
ecpm.ps
102 KB
2 msftauthimages.net
aadcdn.msftauthimages.net
356 KB
1 concretium.pt
ifinanceofamerica.concretium.pt
393 B
7 3
Domain Requested by
6 ecpm.ps 1 redirects ecpm.ps
2 aadcdn.msftauthimages.net ecpm.ps
1 ifinanceofamerica.concretium.pt 1 redirects
7 3

This site contains no links.

Subject Issuer Validity Valid
aadcdn.msftauthimages.net
Microsoft IT TLS CA 5		 2018-11-29 -
2020-11-29		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Frame ID: 9DDB463F282D038BC8ABE57C6D27C22F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ifinanceofamerica.concretium.pt/c2FpY2hAZmluYW5jZW9mYW1lcmljYS5jb20= HTTP 302
    http://ecpm.ps/js/j?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5... HTTP 301
    http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c... Page URL

Page Statistics

7
Requests

29 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

458 kB
Transfer

454 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ifinanceofamerica.concretium.pt/c2FpY2hAZmluYW5jZW9mYW1lcmljYS5jb20= HTTP 302
    http://ecpm.ps/js/j?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7 HTTP 301
    http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
ecpm.ps/js/j/
Redirect Chain
  • http://ifinanceofamerica.concretium.pt/c2FpY2hAZmluYW5jZW9mYW1lcmljYS5jb20=
  • http://ecpm.ps/js/j?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
  • http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
10 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Protocol
HTTP/1.1
Server
217.66.226.50 Ramallah, Palestinian Territory, Occupied, ASN15975 (HADARA-AS, PS),
Reverse DNS
ns1.hadara.ps
Software
/
Resource Hash
c9dcb1228359eaa55b65694860ac07f7271b44cd76fa496ed934afb9fc0302c1

Request headers

Host
ecpm.ps
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
TSe8d2ac7b029=08e74f81ecab28002602edc7879cc4a00f721b93b524dc48922a28cd5fa1088e8d56ad0fb62f76bc7ea2eabcbd54ac30; TSa7a7d3a9027=08e74f81ecab2000b50c6ff8159f5607785b5741f2498ec7a33d56e668051ea8508e691488d96d2c08688b222c113000e9d71a0593ef923e9c991fee9cee95337c78ac54d1d72edb13574c3ee4568f95930f1ac1ab389fe4cc5bbdd056c04aba
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 18 Aug 2020 14:23:44 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=7k00rvef8k1dlp52rr4o4ibn04; path=/ TS0199eede=014495aacc68b4277c786c333110afb0f6f538e7cf011d745b30ea366c214bcfee8c32c0f6f9fc45695deb3a7be2b78f415be8674a; Path=/ TSe8d2ac7b029=08e74f81ecab2800a9d9d9be82dfe48ac3443d3c78b4b4d2c82d71178a79bdb128bc5f8d66771947e63bf97e45ba7386; Max-Age=30;Path=/ TSa7a7d3a9027=08e74f81ecab20002b46a17a6faec916019636db28f14189e87cd9624362aa608a889c6f526a9d8108eed54cee113000e05c52612703137fce4918546fc87830c578670a8bfc1c966df6f3fd74d89e104b8c5de57bd18ba409f55d272d3c0fd3;Path=/
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html
P3P
CP="{}" CP="{}"
Transfer-Encoding
chunked

Redirect headers

Date
Tue, 18 Aug 2020 14:23:44 GMT
Location
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Content-Length
344
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
P3P
CP="{}" CP="{}"
Set-Cookie
TSe8d2ac7b029=08e74f81ecab28002602edc7879cc4a00f721b93b524dc48922a28cd5fa1088e8d56ad0fb62f76bc7ea2eabcbd54ac30; Max-Age=30;Path=/ TSa7a7d3a9027=08e74f81ecab2000b50c6ff8159f5607785b5741f2498ec7a33d56e668051ea8508e691488d96d2c08688b222c113000e9d71a0593ef923e9c991fee9cee95337c78ac54d1d72edb13574c3ee4568f95930f1ac1ab389fe4cc5bbdd056c04aba;Path=/
Converged1033.css
ecpm.ps/js/j/files2/ 		86 KB
86 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ecpm.ps/js/j/files2/Converged1033.css
Requested by
Host: ecpm.ps
URL: http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Protocol
HTTP/1.1
Server
217.66.226.50 Ramallah, Palestinian Territory, Occupied, ASN15975 (HADARA-AS, PS),
Reverse DNS
ns1.hadara.ps
Software
/
Resource Hash
4ab7658cf047ebb6d8ca59ad1c66a3dc4edf94b2b26ff98e2525fc57320de69c

Request headers

Referer
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 18 Aug 2020 14:24:09 GMT
Last-Modified
Sun, 09 Feb 2020 07:13:44 GMT
P3P
CP="{}"
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=5, max=98
Content-Length
87628
load2.gif
ecpm.ps/js/j/files/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ecpm.ps/js/j/files/load2.gif
Requested by
Host: ecpm.ps
URL: http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Protocol
HTTP/1.1
Server
217.66.226.50 Ramallah, Palestinian Territory, Occupied, ASN15975 (HADARA-AS, PS),
Reverse DNS
ns1.hadara.ps
Software
/
Resource Hash
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

Referer
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 18 Aug 2020 14:24:09 GMT
Last-Modified
Sun, 09 Feb 2020 07:13:44 GMT
P3P
CP="{}"
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/gif
Keep-Alive
timeout=5, max=100
Content-Length
2672
bannerlogo
aadcdn.msftauthimages.net/dbd5a2dd-3px53s0vfhze8qcnusskgvkvlns5a8oxuu9sdfpfwba/logintenantbranding/0/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-3px53s0vfhze8qcnusskgvkvlns5a8oxuu9sdfpfwba/logintenantbranding/0/bannerlogo?ts=636023995552294807
Requested by
Host: ecpm.ps
URL: http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.99.208 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-62-99-208.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c8a701269bc5469a2d0421c35fa1d796eea8a6b4f5eba53d7ae61b8c068d48bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 14:24:09 GMT
last-modified
Fri, 24 Jun 2016 21:12:36 GMT
content-md5
X4SVTdeNv41If+KsP/RE1Q==
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
public, max-age=86400
content-length
2600
arrow_left.png
ecpm.ps/js/j/files/ 		240 B
707 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ecpm.ps/js/j/files/arrow_left.png
Requested by
Host: ecpm.ps
URL: http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
Protocol
HTTP/1.1
Server
217.66.226.50 Ramallah, Palestinian Territory, Occupied, ASN15975 (HADARA-AS, PS),
Reverse DNS
ns1.hadara.ps
Software
/
Resource Hash
ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83

Request headers

Referer
http://ecpm.ps/js/j/?ss=2&ea=saich@financeofamerica.com&session=522b0e6ba0b78fa48358824b42c5f1d7522b0e6ba0b78fa48358824b42c5f1d7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 18 Aug 2020 14:24:09 GMT
Last-Modified
Sun, 09 Feb 2020 07:13:44 GMT
P3P
CP="{}"
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=5, max=100
Content-Length
240
0-small.jpg
ecpm.ps/js/j/files2/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ecpm.ps/js/j/files2/0-small.jpg
Requested by
Host: ecpm.ps
URL: http://ecpm.ps/js/j/
Protocol
HTTP/1.1
Server
217.66.226.50 Ramallah, Palestinian Territory, Occupied, ASN15975 (HADARA-AS, PS),
Reverse DNS
ns1.hadara.ps
Software
/
Resource Hash
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b

Request headers

Referer
http://ecpm.ps/js/j/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 18 Aug 2020 14:24:09 GMT
Last-Modified
Sun, 09 Feb 2020 07:13:44 GMT
P3P
CP="{}"
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/jpeg
Keep-Alive
timeout=5, max=97
Content-Length
1029
illustration
aadcdn.msftauthimages.net/dbd5a2dd-3px53s0vfhze8qcnusskgvkvlns5a8oxuu9sdfpfwba/logintenantbranding/0/ 		352 KB
353 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-3px53s0vfhze8qcnusskgvkvlns5a8oxuu9sdfpfwba/logintenantbranding/0/illustration?ts=636023995608236615
Requested by
Host: ecpm.ps
URL: http://ecpm.ps/js/j/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.62.99.208 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-62-99-208.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f8a32840565a909ab0e7065ccfaf43f70e297e78374c59f4f09a4e7428b83836
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://ecpm.ps/js/j/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 14:24:09 GMT
last-modified
Fri, 24 Jun 2016 21:12:41 GMT
content-md5
JK/b+9mB41RJ2eVp6EVrrw==
strict-transport-security
max-age=31536000
content-type
image/jpeg
status
200
cache-control
public, max-age=86400
content-length
360829

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| empty function| change function| myFunction object| form object| button

4 Cookies

Domain/Path Name / Value
ecpm.ps/ Name: TSe8d2ac7b029
Value: 08e74f81ecab2800a9d9d9be82dfe48ac3443d3c78b4b4d2c82d71178a79bdb128bc5f8d66771947e63bf97e45ba7386
ecpm.ps/ Name: TSa7a7d3a9027
Value: 08e74f81ecab20001eaa566090c2557d8ed4c3b33c812cfeccb8b7ffe504fecc24bf2212f19e5aaf08db9aec81113000e11522453fdfae79ce4918546fc87830c578670a8bfc1c966df6f3fd74d89e104b8c5de57bd18ba409f55d272d3c0fd3
ecpm.ps/ Name: TS0199eede
Value: 014495aacc68b4277c786c333110afb0f6f538e7cf011d745b30ea366c214bcfee8c32c0f6f9fc45695deb3a7be2b78f415be8674a
ecpm.ps/ Name: PHPSESSID
Value: 7k00rvef8k1dlp52rr4o4ibn04