URL: http://linkedliqht.com/skype//cp.php?m=login
Submission Tags: c2 malware zeus Search All
Submission: On September 13 via api from US

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 185.165.168.35, located in Seychelles and belongs to FLOKINET, SC. The main domain is linkedliqht.com.
This is the only time linkedliqht.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 185.165.168.35 200651 (FLOKINET)
9 1
Apex Domain
Subdomains
Transfer
9 linkedliqht.com
linkedliqht.com
93 KB
9 1
Domain Requested by
9 linkedliqht.com linkedliqht.com
9 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://linkedliqht.com/skype//cp.php?m=login
Frame ID: FFA0CA6192207086C31598F893AD7CDB
Requests: 9 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

93 kB
Transfer

191 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set cp.php
linkedliqht.com/skype//
1 KB
1 KB
Document
General
Full URL
http://linkedliqht.com/skype//cp.php?m=login
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
af47ec90f9b69ce21c23de705be61f809bdfb30c5d9b6675466fd21f4b07b48d
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
linkedliqht.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Sun, 13 Sep 2020 12:51:57 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, pre-check=0, post-check=0
Pragma
no-cache
Set-Cookie
ref=9m8chogjgd79cbkv6n2hbsfpa4; expires=Thu, 28-May-2071 02:05:32 GMT; Max-Age=1600002816; path=/skype
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff nosniff
X-XSS-Protection
1; mode=block
X-Nginx-Cache-Status
HIT
X-Server-Powered-By
Engintron
Content-Encoding
gzip
jquery-1.7.1.min.js
linkedliqht.com/skype//theme/js/
92 KB
33 KB
Script
General
Full URL
http://linkedliqht.com/skype//theme/js/jquery-1.7.1.min.js
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//cp.php?m=login
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//cp.php?m=login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:51:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:20:02 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Tue, 13 Oct 2020 12:51:57 GMT
dextend.js
linkedliqht.com/skype//theme/js/
14 KB
5 KB
Script
General
Full URL
http://linkedliqht.com/skype//theme/js/dextend.js
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//cp.php?m=login
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
821a960b83b33d12699b09645f2ec2089fa67c1011991920354f52ee16506034
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//cp.php?m=login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:51:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:20:01 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Tue, 13 Oct 2020 12:51:57 GMT
jlog.js
linkedliqht.com/skype//theme/js/
4 KB
2 KB
Script
General
Full URL
http://linkedliqht.com/skype//theme/js/jlog.js
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//cp.php?m=login
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
ee20cb766cc1545980cda13ac285adff8e67fd50d025bb42537e2f8f11ae3edb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//cp.php?m=login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:52:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:20:01 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Tue, 13 Oct 2020 12:52:02 GMT
global.js
linkedliqht.com/skype//theme/js/
2 KB
1 KB
Script
General
Full URL
http://linkedliqht.com/skype//theme/js/global.js
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//cp.php?m=login
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
08998d065afb373ff5a40443f2866abf3a58434978ed815254ddd0706df3f995
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//cp.php?m=login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:51:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:20:01 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Tue, 13 Oct 2020 12:51:57 GMT
ajax_forms.js
linkedliqht.com/skype//theme/js/
4 KB
2 KB
Script
General
Full URL
http://linkedliqht.com/skype//theme/js/ajax_forms.js
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//cp.php?m=login
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
ed38eb5c96a41148c89428e2d9219dbe4e036845a58089f1dbe7bf496eccc5d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//cp.php?m=login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:51:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:20:00 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Tue, 13 Oct 2020 12:51:57 GMT
style.css
linkedliqht.com/skype//theme/
33 KB
7 KB
Stylesheet
General
Full URL
http://linkedliqht.com/skype//theme/style.css
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//cp.php?m=login
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
8033539d78cce6b59bc1897cdb4fa3e53ed879b74d3c9dd87d54083b15494c61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//cp.php?m=login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:51:57 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:19:24 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Tue, 13 Oct 2020 12:51:57 GMT
back-all.jpg
linkedliqht.com/skype//theme/images/
41 KB
41 KB
Image
General
Full URL
http://linkedliqht.com/skype//theme/images/back-all.jpg
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//theme/style.css
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
a97bec0c9b519763e6fb3c66c4632c39005f11fdb945e5483cc7831105de9775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//theme/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:52:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:19:57 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
41786
Expires
Thu, 12 Nov 2020 12:52:02 GMT
back-header.jpg
linkedliqht.com/skype//theme/images/
736 B
1 KB
Image
General
Full URL
http://linkedliqht.com/skype//theme/images/back-header.jpg
Requested by
Host: linkedliqht.com
URL: http://linkedliqht.com/skype//theme/style.css
Protocol
HTTP/1.1
Server
185.165.168.35 , Seychelles, ASN200651 (FLOKINET, SC),
Reverse DNS
ro2.flokinet.is
Software
nginx /
Resource Hash
1962e3f49a989313252c5dd3bcf8b6aed69dcccb1ad1ec0245d7ea3c746fdaae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://linkedliqht.com/skype//theme/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
public
Date
Sun, 13 Sep 2020 12:52:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 May 2020 20:19:56 GMT
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
736
Expires
Thu, 12 Nov 2020 12:52:02 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery undefined| n undefined| C undefined| p undefined| r undefined| $styles function| AJAXcontextMenu function| phpAppend function| js_form_feeder function| FormNice

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block