toll.helpalinkt.support
Open in
urlscan Pro
104.21.54.95
Malicious Activity!
Public Scan
Effective URL: https://toll.helpalinkt.support/
Submission: On September 24 via api from AU — Scanned from AU
Summary
TLS certificate: Issued by E1 on September 21st 2023. Valid for: 3 months.
This is the only time toll.helpalinkt.support was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Linkt (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
14 | 104.21.54.95 104.21.54.95 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 45.60.48.24 45.60.48.24 | 19551 (INCAPSULA) (INCAPSULA) | |
17 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
helpalinkt.support
toll.helpalinkt.support |
1 MB |
3 |
linkt.com.au
manage.linkt.com.au |
4 KB |
1 |
bit.ly
1 redirects
bit.ly — Cisco Umbrella Rank: 6347 |
421 B |
17 | 3 |
Domain | Requested by | |
---|---|---|
14 | toll.helpalinkt.support |
toll.helpalinkt.support
|
3 | manage.linkt.com.au |
toll.helpalinkt.support
|
1 | bit.ly | 1 redirects |
17 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
helpalinkt.support E1 |
2023-09-21 - 2023-12-20 |
3 months | crt.sh |
MANAGE.CITYLINK.COM.AU Thawte RSA CA 2018 |
2022-09-28 - 2023-09-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://toll.helpalinkt.support/
Frame ID: ABA2A4052851EA2BEF765D1F5F540242
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
AUS postPage URL History Show full URLs
-
http://bit.ly/3taDkVe
HTTP 301
https://toll.helpalinkt.support/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bit.ly/3taDkVe
HTTP 301
https://toll.helpalinkt.support/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
toll.helpalinkt.support/ Redirect Chain
|
746 B 808 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.js
toll.helpalinkt.support/ |
89 B 485 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.bfa8ac96.js
toll.helpalinkt.support/js/ |
967 KB 261 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.09b9f040.js
toll.helpalinkt.support/js/ |
79 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.ab49d789.css
toll.helpalinkt.support/css/ |
206 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.d616cf06.css
toll.helpalinkt.support/css/ |
1 MB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
about.8fac49b4.css
toll.helpalinkt.support/css/ |
6 MB 869 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
about.f81e6db7.js
toll.helpalinkt.support/js/ |
265 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
checkIp
toll.helpalinkt.support/api/card/fish/ |
41 B 548 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
user
toll.helpalinkt.support/api/card/websocket-domain/ |
114 B 552 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
visits
toll.helpalinkt.support/api/num/record/ |
41 B 494 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
linkt_logo.93d970a4.svg
toll.helpalinkt.support/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo-Transurban.cc5a7e14.png
toll.helpalinkt.support/img/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-twitter.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
545 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook-icon.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
494 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-youtube.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
424 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
element-icons.ff18efd1.woff
toll.helpalinkt.support/fonts/ |
28 KB 28 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Linkt (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| webpackChunkaustralia_post function| clearImmediate function| setImmediate function| _ object| $cookies9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
toll.helpalinkt.support/api | Name: JSESSIONID Value: 3FBB53D68E223B500AACD36934634D02 |
|
.bit.ly/ | Name: _bit Value: n8omei-21eddf3cf642bcbc5a-00v |
|
toll.helpalinkt.support/ | Name: token Value: null |
|
toll.helpalinkt.support/ | Name: domainName Value: wss%3A%2F%2Fms.three1.site%2Fapi%2Fapprove%2F |
|
.linkt.com.au/ | Name: visid_incap_1644040 Value: 7eScOupORqO3gq33Z/lJPLy0EGUAAAAAQUIPAAAAAAAqIJAKA7nSswPmCj1h2Mb6 |
|
manage.linkt.com.au/ | Name: AWSALBCORS Value: /aAO/e3T3JpSjxrlTuCXSLmTtqXtGkgUebsqL67784AzBKdDTlajQA+13OL9ypYdujr2uxe361zJGgLel8ZZpfy7fIE2AtVJeq3kaMR0kBNffU8Q3J4wPMvcosOy |
|
.linkt.com.au/ | Name: nlbi_1644040 Value: ZHorDAap4ls46IFl4XKpuwAAAAC28Z90hgWJDrycHV/NwByu |
|
.linkt.com.au/ | Name: incap_ses_607_1644040 Value: nSSqPzIdRFVcrK98RoBsCLy0EGUAAAAAN2R4JKnTrg/SNTrM8zE7ZA== |
|
toll.helpalinkt.support/ | Name: userIp Value: 45.248.79.189 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
manage.linkt.com.au
toll.helpalinkt.support
104.21.54.95
45.60.48.24
67.199.248.11
0d8d865d09c3f3038ff963dd211432085a0939a8495eda8864f6b2b4b916ba70
1d26fb4550d79ddd00ed695c52e9f888abac94e0d3bc3ed161dffbe8b07d9bdb
4b4ed1d38d9e3ab76db1c98ca98f5fb88afc342b160ae96914a001ce969f1a40
50c87a7cbf2f9b0d83bb8a645054b4d2f8a1aa8edef3e92830a8a1e55f0b3aa7
55249775ca508b84f9ae864910450bd7d3f884f6a0b4fb9c8a4383e09961181f
57130fc353be0afa8bce3c1864d212681982fd0c4982c0e2cb7a2400d1055dbf
5aa6ff1c083dc173db77cba6ea27ba9e47daf986416b63c3c8601240c0932269
67c5e1a39cce0c03cd5f194e9daa6f4c805ede1b6852258158bdfe87f6b3edad
794e4bb51b9f1f7efeadab401b75b6f8c65038238b9f9bd694f0a451962a88bd
7d277a7c1ca39dcd670cab45b7d9205a1861c00051217a3bd900ebf032bbb393
85cdaa21c8d06fc4322303a35cea7cd1acdfa9695ad1882598fd107cf3d17522
ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17
c7b6f3c3471cdaef2b211e7c1dd2a3a764929e8c013cc95460c160d426d0016c
d5661d91e8d56409f4525f8f58265c356c204e9fde3eda57a61d1a8594483bc1
f198e9d9887645992d66ec17a7e66c257ed7e422d5bf0724a18d3d8e632001e1
f2ca3e701b519f9032c31b5d4cc1f9c04648d1c1579c44c215c991732625144d