pub-e01323578a764455955c12cbc115af93.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Effective URL:
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Submission: On July 24 via api (July 24th 2024, 9:41:48 am UTC) from US — Scanned from GB

Summary HTTP 43 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 12 domains to perform 43 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-e01323578a764455955c12cbc115af93.r2.dev.
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.

This is the only time pub-e01323578a764455955c12cbc115af93.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 8	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:2800:233... 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990	15133 (EDGECAST) (EDGECAST)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0a::54	15169 (GOOGLE) (GOOGLE)
7	104.18.2.35 104.18.2.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:50::16 2620:1ec:50::16	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a02:26f0:480... 2a02:26f0:480:15::213:7e4a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	54.75.215.160 54.75.215.160	16509 (AMAZON-02) (AMAZON-02)
1	108.128.76.36 108.128.76.36	16509 (AMAZON-02) (AMAZON-02)
2 2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
43	14

8 2606:4700::6812:323 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-e01323578a764455955c12cbc115af93.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 (United States)

ASN15133 (EDGECAST, US)

static.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0a::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.2.35 (None, )

ASN13335 (CLOUDFLARENET, US)

pub-e01323578a764455955c12cbc115af93.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:50::16 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:15::213:7e4a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.75.215.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-215-160.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lnkd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.76.36 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-76-36.eu-west-1.compute.amazonaws.com

lnkd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	r2.dev 1 redirects pub-e01323578a764455955c12cbc115af93.r2.dev	228 KB
10	licdn.com static.licdn.com — Cisco Umbrella Rank: 5314	284 KB
5	linkedin-ei.com ponf.linkedin-ei.com Failed www.linkedin-ei.com platform.linkedin-ei.com	53 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 lnkd.demdex.net — Cisco Umbrella Rank: 15059	2 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 77	126 B
2	googleadservices.com 2 redirects www.googleadservices.com — Cisco Umbrella Rank: 176	46 B
2	google.com accounts.google.com — Cisco Umbrella Rank: 46	969 B
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 7061	96 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	30 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832	15 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	24 KB
43	12

	Domain	Requested by
15	pub-e01323578a764455955c12cbc115af93.r2.dev	1 redirects pub-e01323578a764455955c12cbc115af93.r2.dev static.licdn.com
10	static.licdn.com	pub-e01323578a764455955c12cbc115af93.r2.dev static.licdn.com
3	platform.linkedin-ei.com	static.licdn.com platform.linkedin-ei.com
2	googleads.g.doubleclick.net
2	www.googleadservices.com	2 redirects
2	lnkd.demdex.net	platform.linkedin-ei.com
2	www.linkedin-ei.com	static.licdn.com
2	accounts.google.com	static.licdn.com
1	platform.linkedin.com	platform.linkedin-ei.com
1	dpm.demdex.net	platform.linkedin-ei.com
1	ajax.googleapis.com	pub-e01323578a764455955c12cbc115af93.r2.dev
1	maxcdn.bootstrapcdn.com	pub-e01323578a764455955c12cbc115af93.r2.dev
1	cdnjs.cloudflare.com	pub-e01323578a764455955c12cbc115af93.r2.dev
1	code.jquery.com	pub-e01323578a764455955c12cbc115af93.r2.dev
0	ponf.linkedin-ei.com Failed
43	15

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2024-07-10` - `2025-07-09`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
bootstrapcdn.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
accounts.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
www.linkedin-ei.com DigiCert SHA2 Secure Server CA	`2024-04-08` - `2024-10-08`	6 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Frame ID: 055B7C612B7D9DCBD4D99BA3EB37EF5D
Requests: 40 HTTP requests in this frame

Frame: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_101012_913049&as=iXtdUsJRWT9wlVrkAC%2Fc6A&hl=en_US
Frame ID: D7D1D01DF86944FE138698A8367CEDD0
Requests: 1 HTTP requests in this frame

Frame: https://lnkd.demdex.net/dest5.html?d_nsid=0
Frame ID: D741B6A3F46FA539300E9C8C846CC587
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LinkedIn Login, Sign in | LinkedIn

Page URL History Show full URLs

http://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html HTTP 307
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html Page URL
https://pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/phish-bypass?atok=9NB37gitxC2gNERTWD9AorUFfzhLxEFhE5g2aorA_ig-172181... HTTP 301
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

43
Requests

91 %
HTTPS

71 %
IPv6

12
Domains

15
Subdomains

14
IPs

5
Countries

739 kB
Transfer

2159 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html HTTP 307
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html Page URL
https://pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/phish-bypass?atok=9NB37gitxC2gNERTWD9AorUFfzhLxEFhE5g2aorA_ig-1721814092-0.0.1.1-%2Findexmex.html HTTP 301
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html HTTP 307
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Request Chain 37

https://www.googleadservices.com/pagead/conversion/979305453/?random=1721814103190&cv=11&fst=1721814103190&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=ZRKoCICMpsUBEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&oid=8593851465900266&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1436283957&cv=11&fst=1721814103190&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=ZRKoCICMpsUBEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion&ct_cookie_present=false&eoid=CkAKEQjwzIK1BhC0ubjNhLH709UBEisAAjOQcU9qYVkhiT4Wsrv3LXsG21MlaJuXfGKPOPJGilKl1bQaEfR6hFwT8P8HAQ&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI8eSBsLG_hwMVFPI7Ah3tHwo6MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjRodHRwczovL3B1Yi1lMDEzMjM1NzhhNzY0NDU1OTU1YzEyY2JjMTE1YWY5My5yMi5kZXYv

Request Chain 38

https://www.googleadservices.com/pagead/conversion/979305453/?random=1721814103195&cv=11&fst=1721814103195&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=Kc16CMr0-_0BEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&oid=8593851465900266&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=944695041&cv=11&fst=1721814103195&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=Kc16CMr0-_0BEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion&ct_cookie_present=false&eoid=CkAKEQjwzIK1BhC0ubjNhLH709UBEisAAjOQcaBKnP6BmEv-YJGJJ3_QzSpzx8z0_G9OHEniSDIkqzqnEE4DeH198P8HAQ&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI7eGBsLG_hwMV8vI7Ah2koQdCMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjRodHRwczovL3B1Yi1lMDEzMjM1NzhhNzY0NDU1OTU1YzEyY2JjMTE1YWY5My5yMi5kZXYv

43 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

indexmex.html Show response
pub-e01323578a764455955c12cbc115af93.r2.dev/
Redirect Chain

http://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

4 KB
5 KB

884ms
51ms

Document
text/html

2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64f101a09a5319b539a1d360ab24266a6ca44f1574edda7a45af0e31cf74827d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

CF-RAY: 8a82f48129e7416d-LHR
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Jul 2024 09:41:32 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK cf.errors.css
pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 43ms
42ms Stylesheet
text/css 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 09:41:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 16 Jul 2024 17:11:36 GMT
Server: cloudflare
ETag: W/"6696a9c8-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 8a82f482ac57416d-LHR
Expires: Wed, 24 Jul 2024 11:41:33 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/images/ 452 B
889 B 34ms
33ms Image
image/png 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 09:41:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 16 Jul 2024 17:11:36 GMT
Server: cloudflare
ETag: "6696a9c8-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8a82f484cf41416d-LHR
Content-Length: 452
Expires: Wed, 24 Jul 2024 11:41:33 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-e01323578a764455955c12cbc115af93.r2.dev/ 27 KB
27 KB 658ms
657ms Other
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 09:41:34 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4887c0f416d-LHR
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request indexmex.html Show response
pub-e01323578a764455955c12cbc115af93.r2.dev/
Redirect Chain

https://pub-e01323578a764455955c12cbc115af93.r2.dev/cdn-cgi/phish-bypass?atok=9NB37gitxC2gNERTWD9AorUFfzhLxEFhE5g2aorA_ig-1721814092-0.0.1.1-%2Findexmex.html
https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

41 KB
41 KB

177ms
174ms

Document
text/html

2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 028981ea63292f655a6a4839bd84dce4cd00720beec1d97285b9c3609852fc6c

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8a82f4a4f9ea416d-LHR
Connection: keep-alive
Content-Length: 41996
Content-Type: text/html
Date: Wed, 24 Jul 2024 09:41:38 GMT
ETag: "5285fa95154a2dfd2bccad4c12d78647"
Last-Modified: Mon, 05 Feb 2024 08:21:20 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 8a82f4a458e4416d-LHR
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Wed, 24 Jul 2024 09:41:38 GMT
Location: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H2 200 1sjpgjk18flzq8du4cxjl13ch
static.licdn.com/sc/h/ 273 KB
24 KB 612ms
40ms Stylesheet
text/css 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/1sjpgjk18flzq8du4cxjl13ch

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/7934) /

Resource Hash

7c3190461704d64cb2fb3bbe447902518dcc8a93536e10b7d3475b8ecb836152

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10548035
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 24081
x-li-uuid: AAYUYy3jpsqi61Wwvqg+sA==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/7934)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lva1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 000611be39812e9375d5acb54b6233e9
expires: Thu, 24 Jul 2025 09:41:39 GMT

GET
H2 200 aoyniy4z81voytvhok68uu3ia Show response
static.licdn.com/sc/h/ 254 KB
56 KB 619ms
68ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/794C) /

Resource Hash

44925f9bdebd7dadd2e05e034c457104b510f8038f37af31bd841b7c00db0aaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10443623
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 57081
x-li-uuid: AAYUe31b2SxY1+Y/EMqySw==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/794C)
x-li-pop: prod-lor1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lor1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 00060eb177e473ffc4d7bdac279d3414
expires: Thu, 24 Jul 2025 09:41:39 GMT

GET
H2 200 ei1ryhlrbku41e394oskcxugy Show response
static.licdn.com/sc/h/ 93 KB
26 KB 629ms
79ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/790E) /

Resource Hash

a5951034ffba6569ef62befc21854c90cd987f3935bf1826e5455ed47eecb5e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10548035
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 26966
x-li-uuid: AAYUYy3orypBladMfHVcxA==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/790E)
x-li-pop: prod-lor1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lor1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 000614632de8af2a4195a74c7c755cc4
expires: Thu, 24 Jul 2025 09:41:39 GMT

GET
H2 200 473v2cdto9klp3y6gfjcs28u2 Show response
static.licdn.com/sc/h/ 74 KB
15 KB 630ms
80ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/473v2cdto9klp3y6gfjcs28u2

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/793B) /

Resource Hash

fb9b509d020c4c45ad497de7c4f7d1b22b4e7dc62339927fbf7e32e227932cb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10472332
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 15685
x-li-uuid: AAYUdM4jc4jVx6/4kbxYjA==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/793B)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lva1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 0006146f49b0684087c2d32ae6cc6ef3
expires: Thu, 24 Jul 2025 09:41:39 GMT

GET
H2 200 ccg6j0toh362m9pa9exs90nin Show response
static.licdn.com/sc/h/ 2 KB
894 B 693ms
144ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/ccg6j0toh362m9pa9exs90nin

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/794B) /

Resource Hash

72bccd36c17aa93a7bb553557626bb720be60cde2357d817bd03af6be67cf08e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10548035
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 776
x-li-uuid: AAYUYy3jqIVmtrHEWkKncQ==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/794B)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lva1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 000611fdc6b5754103266ae608c341de
expires: Thu, 24 Jul 2025 09:41:39 GMT

GET
H2 200 9khh7n0e2ss763aeozygh9d7 Show response
static.licdn.com/sc/h/ 244 KB
63 KB 645ms
96ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/9khh7n0e2ss763aeozygh9d7

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/792E) /

Resource Hash

f5d13c67089bf5cdbb1b349183598ba8df4dd95a9cf3187e9fd4172f5f5c36fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10456443
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 64201
x-li-uuid: AAYUeIEvgqWg7QlDsETuNg==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/792E)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lva1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 0006138bdddc5a051ce997c610b0ed97
expires: Thu, 24 Jul 2025 09:41:39 GMT

GET
H2 200 179r7h6dytjlclq68a906sd4s Show response
static.licdn.com/sc/h/ 72 KB
22 KB 692ms
144ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/795D) /

Resource Hash

f89934ac0709430477b8a664f72035461a08e79aab91944d71d695660d810c13

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10548035
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 22037
x-li-uuid: AAYUYy3o8thANPpYNM8L1A==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/795D)
x-li-pop: prod-lor1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lor1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 000612e02b2b3a0d130d540785e3a85a
expires: Thu, 24 Jul 2025 09:41:39 GMT

GET
H2 200 jquery-3.2.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 596ms
102ms Script
application/javascript 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
Origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1105747
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 23856
x-served-by: cache-lga21963-LGA, cache-lhr-egll1980025-LHR
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1721814100.672979,VS0,VE0
etag: W/"28feccc0-10fdd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 8, 29119

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 595ms
129ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
Origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 501827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUg2p6tWf4Y8c0m5zJGPwYg%2F%2BnQLoXMXHd6alTUBDX3ufgyGJzH%2FYo%2B8YlwuTBDXnO9xTu57Gv4p%2FiHHfpAv%2FIvpvshYYBKWxtvUEAY1IOX22Cq%2FOgSxNzklxV99Nl8OgfhM9R2s8gn1v2s71XlP9nyu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a82f4aac94a88c1-LHR
expires: Mon, 14 Jul 2025 09:41:39 GMT

GET
H3 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
15 KB 620ms
154ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
Origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
cdn-edgestorageid: 946
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 03/18/2024 12:08:58
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a4f692ad3d8d7b73b7a7f1feb88eb74f
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 8a82f4aacf7052db-LHR
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 588ms
101ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: pub-e01323578a764455955c12cbc115af93.r2.dev
URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 14:52:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67756
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 14:52:23 GMT

GET
H2 200 4k6diadsezedadhkq4uxfxss1 Show response
static.licdn.com/sc/h/ 182 KB
62 KB 107ms
104ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/4k6diadsezedadhkq4uxfxss1

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/78A1) /

Resource Hash

6101eea4239ded7503b74732d078de0de0e31d9465de3876b1641802dd299200

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:40 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10558471
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 63716
x-li-uuid: AAYUYL/lgDeYVRfe4f/r7w==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/78A1)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-lva1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 0006137c6e27d26da0d6114bc3eac041
expires: Thu, 24 Jul 2025 09:41:40 GMT

GET
H2 200 1gpe377m8n1eq73qveizv5onv Show response
static.licdn.com/sc/h/ 38 KB
13 KB 106ms
105ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/1gpe377m8n1eq73qveizv5onv

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/78B8) /

Resource Hash

c852b1105eb000028e9b27677996f8d4773daa31fa1aaf663cb6ae3a6857a50a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:40 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10472332
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 13154
x-li-uuid: AAYUdM4tV8c7/NXj9CO0uQ==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/78B8)
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-ltx1
accept-ranges: bytes
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 000614071758de8a7ab9fea329fec3d6
expires: Thu, 24 Jul 2025 09:41:40 GMT

GET tracking.png
ponf.linkedin-ei.com/pixel/ 0
0

POST
H/1.1 401
Unauthorized initiateLogin Show response
pub-e01323578a764455955c12cbc115af93.r2.dev/checkpoint/pk/ 16 KB
17 KB 49ms
48ms Fetch
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/checkpoint/pk/initiateLogin
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
csrf-token: ajax:5612940056685203071
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 09:41:40 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4b2ab0f416d-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

POST
H/1.1 401
Unauthorized track
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 80ms
79ms Ping
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 24 Jul 2024 09:41:41 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4b33ba9416d-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 9lb1g1kp916tat669q9r5g2kz
static.licdn.com/sc/h/ 32 KB
2 KB 31ms
31ms Other
image/x-icon 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/9lb1g1kp916tat669q9r5g2kz

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/794B) /

Resource Hash

42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:41 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 10544251
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 1476
x-li-uuid: AAYUZA+U7aygjHSJWR652A==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: ECAcc (lhc/794B)
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-fabric: prod-ltx1
timing-allow-origin: *
x-li-static-content: 1
x-fs-uuid: 000614640f4cde9fcd24160f438427a8
expires: Thu, 24 Jul 2025 09:41:41 GMT

GET
H2 403 button
accounts.google.com/gsi/ Frame D7D1 0
0 249ms
58ms Document
text/html 2a00:1450:400c:c0a::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_101012_913049&as=iXtdUsJRWT9wlVrkAC%2Fc6A&hl=en_US

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/4k6diadsezedadhkq4uxfxss1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0FUMgJBQTR_6kKcMp4tP1A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-0FUMgJBQTR_6kKcMp4tP1A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 09:41:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 403 status Show response
accounts.google.com/gsi/ 37 B
969 B 241ms
72ms XHR
application/json 2a00:1450:400c:c0a::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=iXtdUsJRWT9wlVrkAC%2Fc6A

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/4k6diadsezedadhkq4uxfxss1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5dd79d08a25cbff7babfdbea4bfaa5ebdeac221f5634c4a1633646c1e1e5eb8b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-a4MZv2ujM_CujE88XNKFuA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:41 GMT
content-security-policy: script-src 'report-sample' 'nonce-a4MZv2ujM_CujE88XNKFuA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
x-content-type-options: nosniff
content-encoding: gzip
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 401
Unauthorized track Show response
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 117ms
111ms XHR
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Csrf-Token
Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json

Response headers

Date: Wed, 24 Jul 2024 09:41:41 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4b3ff0a35da-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

OPTIONS
H2 999 apfcDf
www.linkedin-ei.com/platform-telemetry/li/ Frame 0
0 785ms
507ms Preflight
text/html 2620:1ec:50::16
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin-ei.com/platform-telemetry/li/apfcDf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:50::16 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-length: 2109
content-type: text/html
date: Wed, 24 Jul 2024 09:41:41 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
x-cache: CONFIG_NOCACHE
x-li-fabric: ei4
x-li-pop: afd-ei4-x
x-li-proto: http/2
x-li-uuid: AAYd+xXp3g7f0MGWNWTNKA==
x-msedge-ref: Ref A: F4AE0435655A4159837DBEE8DA80A196 Ref B: LON04EDGE0813 Ref C: 2024-07-24T09:41:41Z

POST apfcDf
www.linkedin-ei.com/platform-telemetry/li/ 0
0

GET
H2 200 user Show response
www.linkedin-ei.com/litms/api/metadata/ 345 B
2 KB 400ms
179ms XHR
application/json 2620:1ec:50::16
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin-ei.com/litms/api/metadata/user

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:50::16 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

65d5bf20c38cefda06241e16c62c1eab5968686bc5d9265cbdb1499046fc6444

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-uri https://www.linkedin.com/security/csp?f=nh
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-uri https://www.linkedin.com/security/csp?f=nh
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
date: Wed, 24 Jul 2024 09:41:40 GMT
x-cache: CONFIG_NOCACHE
content-length: 226
x-li-uuid: AAYd+xXk293jyvxqAtZxwg==
pragma: no-cache
x-li-pop: afd-ei-ltx1-x
x-msedge-ref: Ref A: 4144F83572B8418494898C5D74803D04 Ref B: LON04EDGE0907 Ref C: 2024-07-24T09:41:41Z
vary: Origin,Accept-Encoding
x-frame-options: sameorigin
content-type: application/json
access-control-allow-origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
x-li-fabric: ei-ltx1
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 utag.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 137 KB
43 KB 569ms
70ms Script
application/javascript 2a02:26f0:480:15::213:7e4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1721814000000

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e4a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

d4ddfb9dda4987506dfbdf0c45e4c1fcaa1db286aec663340ced8f7fe3acabba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
content-length: 43583
x-li-uuid: AAYd+xVb01P8CwlE10a6fQ==
last-modified: Fri, 01 Feb 1980 00:00:00 GMT
server: Play
x-li-pop: ei-ltx1-x
etag: "63040b563fa8040f5ab64078dc8ae7d7db46922e"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-li-fabric: ei-ltx1
cache-control: max-age=300
x-li-proto: http/1.1
accept-ranges: bytes

POST
H/1.1 401
Unauthorized track Show response
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 75ms
73ms XHR
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Csrf-Token
Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json

Response headers

Date: Wed, 24 Jul 2024 09:41:41 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4b5790e35da-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 id Show response
dpm.demdex.net/ 624 B
1 KB 243ms
62ms XHR
application/json 54.75.215.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=14215E3D5995C57C0A495C55%40AdobeOrg&d_nsid=0&ts=1721814101952

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1721814000000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.75.215.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-215-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c1201fa1558c15521c01e12b8be2308ec309469262d2573f68bcf199c3467ad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-1-v063-0bfaafc67.edge-irl1.demdex.com 3 ms
pragma: no-cache
date: Wed, 24 Jul 2024 09:41:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: LopQKYmTTWI=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 441
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 utag.107.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 11 KB
4 KB 1038ms
1038ms Script
application/javascript 2a02:26f0:480:15::213:7e4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.107.js?utv=ut4.51.202403292241

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1721814000000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e4a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

848d5c6fe6e78738adf94026d52319b2c2dde3e651ce9a386fc9fbcca97b9c3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 489
date: Wed, 24 Jul 2024 09:41:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
content-length: 3692
x-li-uuid: AAYdyH2JQoHg2XvsuK6BYQ==
last-modified: Fri, 01 Feb 1980 00:00:00 GMT
server: Play
x-li-pop: ei-ltx1-x
etag: "f162840f1581092b8da2e48b1bc7a05567f5c3fa"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-li-fabric: ei-ltx1
cache-control: max-age=300
x-li-proto: http/1.1
accept-ranges: bytes

GET
H2 200 utag.117.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 11 KB
4 KB 1036ms
1036ms Script
application/javascript 2a02:26f0:480:15::213:7e4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.117.js?utv=ut4.51.202403292241

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1721814000000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e4a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

f6e913fbef0be8163aa97874419afd093425d4dde9a6fb5e0dbcdcdc2b8b47f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 492
date: Wed, 24 Jul 2024 09:41:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
content-length: 3545
x-li-uuid: AAYVC86mJRhjztniczQtmQ==
last-modified: Fri, 01 Feb 1980 00:00:00 GMT
server: Play
x-li-pop: ei-ltx1-x
etag: "9efd39970ab61343250efbf9c928fda912d2fdde"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
x-li-fabric: ei-ltx1
cache-control: max-age=300
x-li-proto: http/1.1
accept-ranges: bytes

POST
H/1.1 401
Unauthorized track Show response
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 50ms
49ms XHR
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Csrf-Token
Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json

Response headers

Date: Wed, 24 Jul 2024 09:41:41 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4b95e8335da-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

POST
H/1.1 401
Unauthorized track
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 95ms
92ms Ping
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 24 Jul 2024 09:41:42 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4bac8fc35da-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 dest5.html
lnkd.demdex.net/ Frame D741 0
0 261ms
58ms Document
text/html 108.128.76.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/dest5.html?d_nsid=0

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1721814000000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.128.76.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-76-36.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 24 Jul 2024 09:41:42 GMT
dcs: dcs-prod-irl1-2-v063-036e77921.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 18 Jul 2024 10:28:44 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: BcOFhPVtSmM=

POST
H2 200 event Show response
lnkd.demdex.net/ 529 B
971 B 91ms
61ms XHR
application/json 54.75.215.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/event?d_dil_ver=9.4&_ts=1721814101956

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1721814000000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.75.215.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-215-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

5c9c69df840f530e811584709837cab69eac45852caa4e0b21e4087a24c051cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-1-v063-0fbc57458.edge-irl1.demdex.com 23 ms
pragma: no-cache
date: Wed, 24 Jul 2024 09:41:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: sRQeBB/bTTw=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://pub-e01323578a764455955c12cbc115af93.r2.dev
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 346
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 gtag-adwords.js Show response
platform.linkedin.com/litms/vendor/google// 273 KB
96 KB 92ms
63ms Script
application/javascript 2a02:26f0:480:15::213:7e4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/litms/vendor/google//gtag-adwords.js?id=AW-979305453

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1721814000000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e4a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

639f80fe9e54da39cf4647977783a3c412c647af8a08a2297cb2e89bf13ca5a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 09:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
content-length: 98046
x-li-uuid: AAYSp6VmTKAes52PQMDuEA==
last-modified: Fri, 01 Mar 2024 20:14:28 GMT
server: Play
x-li-pop: prod-ltx1-x
etag: "6ab83764e8b318e2f953c0f19e5dbe6f7ae4ef55"
vary: Accept-Encoding
x-li-fabric: prod-ltx1
content-type: application/javascript; charset=utf-8
cache-control: max-age=2628000
x-li-proto: http/1.1
accept-ranges: bytes

GET
H3

200

/
googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/979305453/?random=1721814103190&cv=11&fst=1721814103190&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1436283957&cv=11&fst=1721814103190&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=...

42 B
63 B

278ms
112ms

Image
image/gif

2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1436283957&cv=11&fst=1721814103190&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=ZRKoCICMpsUBEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion&ct_cookie_present=false&eoid=CkAKEQjwzIK1BhC0ubjNhLH709UBEisAAjOQcU9qYVkhiT4Wsrv3LXsG21MlaJuXfGKPOPJGilKl1bQaEfR6hFwT8P8HAQ&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI8eSBsLG_hwMVFPI7Ah3tHwo6MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjRodHRwczovL3B1Yi1lMDEzMjM1NzhhNzY0NDU1OTU1YzEyY2JjMTE1YWY5My5yMi5kZXYv

Protocol

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 09:41:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 09:41:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1436283957&cv=11&fst=1721814103190&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=ZRKoCICMpsUBEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion&ct_cookie_present=false&eoid=CkAKEQjwzIK1BhC0ubjNhLH709UBEisAAjOQcU9qYVkhiT4Wsrv3LXsG21MlaJuXfGKPOPJGilKl1bQaEfR6hFwT8P8HAQ&crd=CLHBsQIIsMGxAgi5wbECSixub3QtbmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXIsIGV2ZW50LXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMI8eSBsLG_hwMVFPI7Ah3tHwo6MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjRodHRwczovL3B1Yi1lMDEzMjM1NzhhNzY0NDU1OTU1YzEyY2JjMTE1YWY5My5yMi5kZXYv
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/979305453/?random=1721814103195&cv=11&fst=1721814103195&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=944695041&cv=11&fst=1721814103195&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0...

42 B
63 B

246ms
81ms

Image
image/gif

2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=944695041&cv=11&fst=1721814103195&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=Kc16CMr0-_0BEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion&ct_cookie_present=false&eoid=CkAKEQjwzIK1BhC0ubjNhLH709UBEisAAjOQcaBKnP6BmEv-YJGJJ3_QzSpzx8z0_G9OHEniSDIkqzqnEE4DeH198P8HAQ&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI7eGBsLG_hwMV8vI7Ah2koQdCMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjRodHRwczovL3B1Yi1lMDEzMjM1NzhhNzY0NDU1OTU1YzEyY2JjMTE1YWY5My5yMi5kZXYv

Protocol

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 09:41:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 09:41:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=944695041&cv=11&fst=1721814103195&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45ae42h0v873428484za200&gcd=13l3l3l3l3&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&ref=https%3A%2F%2Fpub-e01323578a764455955c12cbc115af93.r2.dev%2Findexmex.html&label=Kc16CMr0-_0BEO2H_NID&hn=www.googleadservices.com&frm=0&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&did=dYmQxMT&gdid=dYmQxMT&gtm_ee=1&npa=1&pscdl=noapi&auid=1826830679.1721814103&uamb=0&uaw=0&capi=1&data=event%3Dconversion&ct_cookie_present=false&eoid=CkAKEQjwzIK1BhC0ubjNhLH709UBEisAAjOQcaBKnP6BmEv-YJGJJ3_QzSpzx8z0_G9OHEniSDIkqzqnEE4DeH198P8HAQ&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI7eGBsLG_hwMV8vI7Ah2koQdCMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjRodHRwczovL3B1Yi1lMDEzMjM1NzhhNzY0NDU1OTU1YzEyY2JjMTE1YWY5My5yMi5kZXYv
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 401
Unauthorized track
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 47ms
46ms Ping
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 24 Jul 2024 09:41:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4c74bd635da-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

POST
H/1.1 401
Unauthorized track
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 91ms
90ms Ping
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 24 Jul 2024 09:41:46 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4d3cee535da-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

POST
H/1.1 401
Unauthorized track
pub-e01323578a764455955c12cbc115af93.r2.dev/li/ 16 KB
17 KB 90ms
88ms Ping
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 24 Jul 2024 09:41:48 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8a82f4e04f1a35da-LHR
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ponf.linkedin-ei.com
URL: https://ponf.linkedin-ei.com/pixel/tracking.png?reqid=7d056f0c-37f2-4e97-90cd-719b66aef638&pageInstance=urn%3Ali%3Apage%3Acheckpoint_lg_login_default%3BkSqpbD+0TKWDvB+pHJsBfQ%3D%3D&js=enabled

Domain: www.linkedin-ei.com
URL: https://www.linkedin-ei.com/platform-telemetry/li/apfcDf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network) Generic Cloudflare (Online)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pub-e01323578a764455955c12cbc115af93.r2.dev/	1970-01-20 22:18:20	Name: __cf_mw_byp Value: 9NB37gitxC2gNERTWD9AorUFfzhLxEFhE5g2aorA_ig-1721814092-0.0.1.1-/indexmex.html
.www.linkedin-ei.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: ajax:1973486717901600700
.linkedin-ei.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin-ei.com/	1970-01-21 07:02:30	Name: bcookie Value: "v=2&29ca3288-9ebe-4602-8f5a-7cd230fb7bac"
.www.linkedin-ei.com/	1970-01-21 07:02:30	Name: bscookie Value: "v=1&20240724094141d63a2735-6a84-465f-81ac-3257b5214cd5AQGKL7E7CvHYir6F97H9PZtGZNxVV1P2"
.linkedin-ei.com/	1970-01-21 02:36:06	Name: li_gc Value: MTswOzE3MjE4MTQxMDE7MjswMjGuRb2wePfW/xIMBKUSqqbVryGmBFTZd2LwlH3GFyUV0w==
.linkedin-ei.com/	1970-01-20 22:18:20	Name: lidc Value: "b=ETGST08:s=ET:r=ET:a=ET:p=ET:g=124:u=1:x=1:i=1721814101:t=1721900501:v=2:sig=AQF-uipipFrILDxEC0mXbNuz-nPfEbN8"
.demdex.net/	1970-01-21 02:36:06	Name: demdex Value: 08273819464482327162468893089328690914
.pub-e01323578a764455955c12cbc115af93.r2.dev/	1969-12-31 23:59:59	Name: AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg Value: 1
.pub-e01323578a764455955c12cbc115af93.r2.dev/	1970-01-21 02:36:06	Name: AMCV_14215E3D5995C57C0A495C55%40AdobeOrg Value: -637568504%7CMCIDTS%7C19929%7CMCMID%7C08434004757323905992489481326636860713%7CMCAAMLH-1722418902%7C6%7CMCAAMB-1722418902%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1721821302s%7CNONE%7CvVersion%7C5.1.1
.pub-e01323578a764455955c12cbc115af93.r2.dev/	1970-01-20 23:00:06	Name: aam_uuid Value: 08273819464482327162468893089328690914
.demdex.net/	1970-01-21 02:36:06	Name: dextp Value: 771-1-1721814102496\|1957-1-1721814102598
.doubleclick.net/	1970-01-21 07:38:30	Name: IDE Value: AHWqTUlPKfJiBI5hn5AAmHxpvP_itoCxTFt--KwvfeOLc_ynw8FZjF5qCik9Id-VhcE
.bing.com/	1970-01-21 07:38:30	Name: MUID Value: 38E4E98E3DDB6EC525A1FD483CFC6F86
.c.bing.com/	1970-01-20 22:26:58	Name: MR Value: 0
.dpm.demdex.net/	1970-01-21 02:36:06	Name: dpm Value: 08273819464482327162468893089328690914
.pub-e01323578a764455955c12cbc115af93.r2.dev/	1970-01-21 00:26:30	Name: _gcl_au Value: 1.1.1826830679.1721814103

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	verbose	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "username"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/checkpoint/pk/initiateLogin Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://accounts.google.com/gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=iXtdUsJRWT9wlVrkAC%2Fc6A Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
javascript	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/indexmex.html Message: Access to XMLHttpRequest at 'https://www.linkedin-ei.com/platform-telemetry/li/apfcDf' from origin 'https://pub-e01323578a764455955c12cbc115af93.r2.dev' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.linkedin-ei.com/platform-telemetry/li/apfcDf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-e01323578a764455955c12cbc115af93.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
dpm.demdex.net
googleads.g.doubleclick.net
lnkd.demdex.net
maxcdn.bootstrapcdn.com
platform.linkedin-ei.com
platform.linkedin.com
ponf.linkedin-ei.com
pub-e01323578a764455955c12cbc115af93.r2.dev
static.licdn.com
www.googleadservices.com
www.linkedin-ei.com
ponf.linkedin-ei.com
www.linkedin-ei.com
104.18.2.35
108.128.76.36
172.217.16.130
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
2606:4700::6811:190e
2606:4700::6812:323
2606:4700::6812:bcf
2620:1ec:50::16
2a00:1450:4001:80b::200a
2a00:1450:4001:81c::2002
2a00:1450:400c:c0a::54
2a02:26f0:480:15::213:7e4a
2a04:4e42::649
54.75.215.160
028981ea63292f655a6a4839bd84dce4cd00720beec1d97285b9c3609852fc6c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
44925f9bdebd7dadd2e05e034c457104b510f8038f37af31bd841b7c00db0aaf
5c9c69df840f530e811584709837cab69eac45852caa4e0b21e4087a24c051cb
5dd79d08a25cbff7babfdbea4bfaa5ebdeac221f5634c4a1633646c1e1e5eb8b
6101eea4239ded7503b74732d078de0de0e31d9465de3876b1641802dd299200
639f80fe9e54da39cf4647977783a3c412c647af8a08a2297cb2e89bf13ca5a8
64f101a09a5319b539a1d360ab24266a6ca44f1574edda7a45af0e31cf74827d
65d5bf20c38cefda06241e16c62c1eab5968686bc5d9265cbdb1499046fc6444
72bccd36c17aa93a7bb553557626bb720be60cde2357d817bd03af6be67cf08e
7c3190461704d64cb2fb3bbe447902518dcc8a93536e10b7d3475b8ecb836152
848d5c6fe6e78738adf94026d52319b2c2dde3e651ce9a386fc9fbcca97b9c3f
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a5951034ffba6569ef62befc21854c90cd987f3935bf1826e5455ed47eecb5e2
c1201fa1558c15521c01e12b8be2308ec309469262d2573f68bcf199c3467ad9
c852b1105eb000028e9b27677996f8d4773daa31fa1aaf663cb6ae3a6857a50a
d4ddfb9dda4987506dfbdf0c45e4c1fcaa1db286aec663340ced8f7fe3acabba
e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f5d13c67089bf5cdbb1b349183598ba8df4dd95a9cf3187e9fd4172f5f5c36fe
f6e913fbef0be8163aa97874419afd093425d4dde9a6fb5e0dbcdcdc2b8b47f6
f89934ac0709430477b8a664f72035461a08e79aab91944d71d695660d810c13
fb9b509d020c4c45ad497de7c4f7d1b22b4e7dc62339927fbf7e32e227932cb7

pub-e01323578a764455955c12cbc115af93.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

91 %HTTPS

71 %IPv6

12 Domains

15 Subdomains

14 IPs

5 Countries

739 kBTransfer

2159 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pub-e01323578a764455955c12cbc115af93.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

91 %
HTTPS

71 %
IPv6

12
Domains

15
Subdomains

14
IPs

5
Countries

739 kB
Transfer

2159 kB
Size

17
Cookies

43 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!