dhltrackings-6f9fa.web.app
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Submission: On December 01 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1D4 on October 19th 2022. Valid for: 3 months.
This is the only time dhltrackings-6f9fa.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:4444 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:440... 2606:4700:4400::6812:2404 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2620:12a:8000::2 2620:12a:8000::2 | 54113 (FASTLY) (FASTLY) | |
9 | 8 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
gyazo.com
i.gyazo.com — Cisco Umbrella Rank: 104399 |
2 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 203 |
32 KB |
1 |
pantheonsite.io
dev-linnkedinn2.pantheonsite.io |
347 B |
1 |
geoiplookup.io
json.geoiplookup.io — Cisco Umbrella Rank: 42664 |
980 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 37 |
964 B |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2309 |
24 KB |
1 |
web.app
dhltrackings-6f9fa.web.app |
76 KB |
9 | 7 |
Domain | Requested by | |
---|---|---|
2 | i.gyazo.com |
dhltrackings-6f9fa.web.app
|
2 | cdnjs.cloudflare.com |
dhltrackings-6f9fa.web.app
|
1 | dev-linnkedinn2.pantheonsite.io |
cdnjs.cloudflare.com
|
1 | json.geoiplookup.io |
cdnjs.cloudflare.com
|
1 | fonts.googleapis.com |
dhltrackings-6f9fa.web.app
|
1 | stackpath.bootstrapcdn.com |
dhltrackings-6f9fa.web.app
|
1 | dhltrackings-6f9fa.web.app | |
9 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2022-10-19 - 2023-01-17 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
pantheonsite.io Sectigo RSA Organization Validation Secure Server CA |
2022-07-14 - 2023-06-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://dhltrackings-6f9fa.web.app/index.html/?email=REDACTED&token=ee977806d7286510da8b9a7492ba58e2484c0ecc
Frame ID: 1B483412B079306BD7E2CEF3220DDA6B
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
LinkedIn Login, Sign in | LinkedInDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
dhltrackings-6f9fa.web.app/index.html/ |
177 KB 76 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/ |
152 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1 KB 964 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ |
84 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aes.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
json.geoiplookup.io/ |
582 B 980 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
29 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
40 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6a6b5659845213c571a220e0f293fea7.png
i.gyazo.com/ |
554 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
48717f45da0133df79b15cba49c5dbe0.png
i.gyazo.com/ |
888 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
wp-post.php
dev-linnkedinn2.pantheonsite.io/css/ |
0 347 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery object| CryptoJS object| _0xeda0 string| absolute_path function| _0x5b33af object| url_string object| url string| email string| token function| _0x588f function| _0x34c0 function| _0x5def function| _0x258bee function| _0x69ca function| _0x4bd7 function| _0x14b8bc function| _0x139f function| _0x2be9 function| _0x21f306 function| _0x3393 function| _0x4507 function| _0x36ca function| checkPass number| count function| _0x592d function| _0x16da function| checkPass2 number| countx function| _0xc884 function| _0x2802 function| checkPass30 function| wait function| _0x5578 function| _0x328d function| _0xd6ae function| testpoint function| _0x1104 function| testpoint21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
i.gyazo.com/ | Name: Gyazo_cfwoker Value: i |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
dev-linnkedinn2.pantheonsite.io
dhltrackings-6f9fa.web.app
fonts.googleapis.com
i.gyazo.com
json.geoiplookup.io
stackpath.bootstrapcdn.com
2606:4700:20::ac43:4444
2606:4700:4400::6812:2404
2606:4700::6811:190e
2606:4700::6812:acf
2620:0:890::100
2620:12a:8000::2
2a00:1450:4001:809::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1b26df20d857c56529a676d94bdc87612e57b3abe7e3ff0395d0c8c17c52a576
42546e8975a018a1a3b9066fc2864a57de7c1159cea211711d881a7d56c60a69
5a9702efdea33af2da765732580e9f0710f1c019461e3c76928c64580848af64
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
9e7002d26d5f85d4d5ba202f6952a4ba7db9aac4368a23d1ef02505da18b3b6d
b740bb4e2de3bd58f0251ba4493c9f8f547d699235500c4d6bb8979fa201022f
cd655284e59383eee866120cd4aa01d0ed43ea466a37f8252a922172fd675095
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5cfe574eb78f8fd9d5a6774e3e722e257eff8a6e3a7f09e35707892a8da11f5
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a