dhltrackings-6f9fa.web.app Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dhltrackings-6f9fa.web.app/index.html/	177 KB 76 KB	773ms 413ms	Document text/html	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://dhltrackings-6f9fa.web.app/index.html/?email=REDACTED&token=ee977806d7286510da8b9a7492ba58e2484c0ecc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e5cfe574eb78f8fd9d5a6774e3e722e257eff8a6e3a7f09e35707892a8da11f5 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 cache-control max-age=3600 content-encoding br content-length 77613 content-type text/html; charset=utf-8 date Thu, 01 Dec 2022 13:32:59 GMT etag "91ef403aebbd3cce60adaf026478bbc9cb01c433f0cb43a516a6bd8314c5cace-br" last-modified Wed, 30 Nov 2022 08:29:47 GMT strict-transport-security max-age=31556926; includeSubDomains; preload vary x-fh-requested-host, accept-encoding x-cache MISS x-cache-hits 0 x-served-by cache-bog2260034-BOG x-timer S1669901579.157534,VS0,VE243
GET H2	200	bootstrap.min.css stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/	152 KB 24 KB	88ms 43ms	Stylesheet text/css	2606:4700::6812:acf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css Requested by Host: dhltrackings-6f9fa.web.app URL: https://dhltrackings-6f9fa.web.app/index.html/?email=REDACTED&token=ee977806d7286510da8b9a7492ba58e2484c0ecc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://dhltrackings-6f9fa.web.app/ Origin https://dhltrackings-6f9fa.web.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Thu, 01 Dec 2022 13:32:59 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br cdn-edgestorageid 752 age 28524 cdn-cachedat 08/15/2022 13:52:49 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:08 GMT cdn-proxyver 1.02 cdn-requestpullcode 200 server cloudflare etag W/"a15c2ac3234aa8f6064ef9c1f7383c37" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid d9f20e45f68ae6a7d9863b5ead6e6132 timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 772c31282d2e9006-FRA cdn-requestpullsuccess True
GET H2	200	css fonts.googleapis.com/	1 KB 964 B	84ms 32ms	Stylesheet text/css	2a00:1450:4001:809::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap Requested by Host: dhltrackings-6f9fa.web.app URL: https://dhltrackings-6f9fa.web.app/index.html/?email=REDACTED&token=ee977806d7286510da8b9a7492ba58e2484c0ecc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b740bb4e2de3bd58f0251ba4493c9f8f547d699235500c4d6bb8979fa201022f Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://dhltrackings-6f9fa.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 01 Dec 2022 13:32:59 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 01 Dec 2022 12:42:07 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 01 Dec 2022 13:32:59 GMT
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/	84 KB 27 KB	75ms 31ms	Script application/javascript	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: dhltrackings-6f9fa.web.app URL: https://dhltrackings-6f9fa.web.app/index.html/?email=REDACTED&token=ee977806d7286510da8b9a7492ba58e2484c0ecc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://dhltrackings-6f9fa.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Thu, 01 Dec 2022 13:32:59 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 741280 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 26909 last-modified Mon, 04 May 2020 16:11:48 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec4-14e4a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=51dwC78faPHWn3E21QwKt1mpAv0liV5I5N4d470l88w1w6iY4MAmTI3%2BJ3Gw0XtRcPnmT3S4F4B9e2M4r96FzzYEN8oYVnOE5avPuqc%2BomG0wPj3XDFQYEzXEddoqJAkZmNL2uCKz2WzRfZi%2BR9bUVfY"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 772c3128293168eb-FRA expires Tue, 21 Nov 2023 13:32:59 GMT
GET H2	200	aes.js Show response cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/	13 KB 5 KB	87ms 43ms	Script application/javascript	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js Requested by Host: dhltrackings-6f9fa.web.app URL: https://dhltrackings-6f9fa.web.app/index.html/?email=REDACTED&token=ee977806d7286510da8b9a7492ba58e2484c0ecc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://dhltrackings-6f9fa.web.app/ Origin https://dhltrackings-6f9fa.web.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Thu, 01 Dec 2022 13:32:59 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 7285204 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4256 last-modified Mon, 04 May 2020 16:09:17 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e2d-3430" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mLJW7icVxQnbFUIzfNS1iEnHGcaVdvPG3V3XMhbO4sG5RZNeNPZ9pog6FLdPYFNVWCyflHYSVUPSez7rySED6aF%2B3Qb9TSmp7l9JAxEBLhDgS3Jq24zBpTgYwe3V2u5OJwJmmM6wjHW%2BEg1eMbA3G2y"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 772c31282f5c6928-FRA expires Tue, 21 Nov 2023 13:32:59 GMT
GET H2	200	/ Show response json.geoiplookup.io/	582 B 980 B	1313ms 1257ms	Script application/javascript	2606:4700:20::ac43:4444 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://json.geoiplookup.io/?callback=jQuery224008922316239018913_1669901579595&_=1669901579596 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4444 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Octolus Resource Hash 1b26df20d857c56529a676d94bdc87612e57b3abe7e3ff0395d0c8c17c52a576 Security Headers Name Value X-Content-Type-Options nosniff, nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://dhltrackings-6f9fa.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Thu, 01 Dec 2022 13:33:00 GMT content-encoding br x-content-type-options nosniff, nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by Octolus alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-xss-protection 1; mode=block last-modified Thu, 01 Dec 2022 13:33:00 GMT server cloudflare vary Accept-Encoding x-ratelimit-remaining 10000 content-type application/javascript; charset=utf-8 access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MEFI9aveduAO%2FLRUC8%2BcNOv4V5KkVkjeoiLJLM5aDYMZyfa0vuURdqLRK3sHvqOsXsRCVIx%2FMtfJ5NaRLbHUTG9uS1RCMGDwa1L2emsmAYSz7EN3EeXEEaFX7GBcPwzOnEkTmdqI9Yzw8SpXy%2BdnFKw%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31536000 x-ratelimit-limit 10000 cf-ray 772c3128e9c99b51-FRA
GET DATA	200 OK	truncated /	29 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cd655284e59383eee866120cd4aa01d0ed43ea466a37f8252a922172fd675095 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	40 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9e7002d26d5f85d4d5ba202f6952a4ba7db9aac4368a23d1ef02505da18b3b6d Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	6a6b5659845213c571a220e0f293fea7.png i.gyazo.com/	554 B 634 B	111ms 51ms	Image image/png	2606:4700:4400::6812:2404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://i.gyazo.com/6a6b5659845213c571a220e0f293fea7.png Requested by Host: dhltrackings-6f9fa.web.app URL: https://dhltrackings-6f9fa.web.app/index.html/www.linkedin.com/checkpoint/lg/login-submit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a9702efdea33af2da765732580e9f0710f1c019461e3c76928c64580848af64 Request headers accept-language de-DE,de;q=0.9 Referer https://dhltrackings-6f9fa.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Thu, 01 Dec 2022 13:32:59 GMT via 1.1 google cf-cache-status HIT age 140660 content-length 554 server cloudflare etag "6a6b" vary Accept-Encoding content-type image/png access-control-allow-origin https://gyazo.com cache-control public, max-age=31536000 access-control-allow-credentials true content-dpr 1.000000 x-cache-level ZS accept-ranges bytes cf-ray 772c3129ad26906c-FRA expires Fri, 01 Dec 2023 13:32:59 GMT
GET H2	200	48717f45da0133df79b15cba49c5dbe0.png i.gyazo.com/	888 B 1 KB	104ms 45ms	Image image/png	2606:4700:4400::6812:2404 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://i.gyazo.com/48717f45da0133df79b15cba49c5dbe0.png Requested by Host: dhltrackings-6f9fa.web.app URL: https://dhltrackings-6f9fa.web.app/index.html/www.linkedin.com/checkpoint/lg/login-submit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2404 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 42546e8975a018a1a3b9066fc2864a57de7c1159cea211711d881a7d56c60a69 Request headers accept-language de-DE,de;q=0.9 Referer https://dhltrackings-6f9fa.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Thu, 01 Dec 2022 13:32:59 GMT via 1.1 google cf-cache-status HIT age 141393 content-length 888 server cloudflare etag "4871" vary Accept-Encoding content-type image/png access-control-allow-origin https://gyazo.com cache-control public, max-age=31536000 access-control-allow-credentials true content-dpr 1.000000 x-cache-level ZS accept-ranges bytes cf-ray 772c3129ad2a906c-FRA expires Fri, 01 Dec 2023 13:32:59 GMT
POST H2	200	wp-post.php Show response dev-linnkedinn2.pantheonsite.io/css/	0 347 B	986ms 612ms	XHR application/json	2620:12a:8000::2 FASTLY
General Check archive.org Show headers Download Go to Full URL https://dev-linnkedinn2.pantheonsite.io/css/wp-post.php Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:12a:8000::2 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers Accept */* Referer https://dhltrackings-6f9fa.web.app/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers x-cache-hits 0, 0 strict-transport-security max-age=300 content-encoding gzip via 1.1 varnish, 1.1 varnish date Thu, 01 Dec 2022 13:33:01 GMT age 0 x-cache MISS, MISS content-length 20 x-served-by cache-yyz4562-YYZ, cache-bog2260039-BOG server nginx x-timer S1669901581.380150,VS0,VE442 vary Accept-Encoding content-type application/json access-control-allow-origin * x-styx-req-id ad68b70a-717c-11ed-91f3-b28964cb9a25 accept-ranges bytes x-robots-tag noindex x-pantheon-styx-hostname styx-fe1fe2-h-6cc6dbcfd9-lpf44

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery object| CryptoJS object| _0xeda0 string| absolute_path function| _0x5b33af object| url_string object| url string| email string| token function| _0x588f function| _0x34c0 function| _0x5def function| _0x258bee function| _0x69ca function| _0x4bd7 function| _0x14b8bc function| _0x139f function| _0x2be9 function| _0x21f306 function| _0x3393 function| _0x4507 function| _0x36ca function| checkPass number| count function| _0x592d function| _0x16da function| checkPass2 number| countx function| _0xc884 function| _0x2802 function| checkPass30 function| wait function| _0x5578 function| _0x328d function| _0xd6ae function| testpoint function| _0x1104 function| testpoint2

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			i.gyazo.com/	1970-01-20 17:27:41	Name: Gyazo_cfwoker Value: i

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
dev-linnkedinn2.pantheonsite.io
dhltrackings-6f9fa.web.app
fonts.googleapis.com
i.gyazo.com
json.geoiplookup.io
stackpath.bootstrapcdn.com
2606:4700:20::ac43:4444
2606:4700:4400::6812:2404
2606:4700::6811:190e
2606:4700::6812:acf
2620:0:890::100
2620:12a:8000::2
2a00:1450:4001:809::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1b26df20d857c56529a676d94bdc87612e57b3abe7e3ff0395d0c8c17c52a576
42546e8975a018a1a3b9066fc2864a57de7c1159cea211711d881a7d56c60a69
5a9702efdea33af2da765732580e9f0710f1c019461e3c76928c64580848af64
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
9e7002d26d5f85d4d5ba202f6952a4ba7db9aac4368a23d1ef02505da18b3b6d
b740bb4e2de3bd58f0251ba4493c9f8f547d699235500c4d6bb8979fa201022f
cd655284e59383eee866120cd4aa01d0ed43ea466a37f8252a922172fd675095
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5cfe574eb78f8fd9d5a6774e3e722e257eff8a6e3a7f09e35707892a8da11f5
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a