![](/screenshots/5d2377e8-ab5c-43b3-a497-fa84b8b683e8.png)
linkd-4tn.pages.dev
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://linkd-4tn.pages.dev/linkd
Submission: On June 08 via api from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on June 5th 2024. Valid for: 3 months.
This is the only time linkd-4tn.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network) Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.21.53.195 52.21.53.195 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 2 | 37.252.171.52 37.252.171.52 | 29990 (ASN-APPNEX) (ASN-APPNEX) | |
2 8 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 128.204.223.94 128.204.223.94 | 57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-) | |
2 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2620:1ec:21::14 2620:1ec:21::14 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
11 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-53-195.compute-1.amazonaws.com
ubiquitous-honeysuckle-holiday.glitch.me |
ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com |
ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web4.serv00.com
apatech123.serv00.net |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
pages.dev
2 redirects
linkd-4tn.pages.dev |
9 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1268 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3330 |
31 KB |
2 |
adnxs.com
2 redirects
secure.adnxs.com — Cisco Umbrella Rank: 524 |
2 KB |
1 |
linkedin.com
www.linkedin.com — Cisco Umbrella Rank: 553 |
27 KB |
1 |
serv00.net
apatech123.serv00.net |
336 KB |
1 |
glitch.me
ubiquitous-honeysuckle-holiday.glitch.me |
1 KB |
11 | 6 |
Domain | Requested by | |
---|---|---|
8 | linkd-4tn.pages.dev |
2 redirects
ubiquitous-honeysuckle-holiday.glitch.me
linkd-4tn.pages.dev |
2 | secure.adnxs.com | 2 redirects |
1 | www.linkedin.com | |
1 | stackpath.bootstrapcdn.com |
ubiquitous-honeysuckle-holiday.glitch.me
|
1 | maxcdn.bootstrapcdn.com |
ubiquitous-honeysuckle-holiday.glitch.me
|
1 | apatech123.serv00.net |
linkd-4tn.pages.dev
|
1 | ubiquitous-honeysuckle-holiday.glitch.me | |
11 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon RSA 2048 M03 |
2023-12-04 - 2025-01-01 |
a year | crt.sh |
linkd-4tn.pages.dev WE1 |
2024-06-05 - 2024-09-03 |
3 months | crt.sh |
*.serv00.net R3 |
2024-04-04 - 2024-07-03 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
www.linkedin.com DigiCert SHA2 Secure Server CA |
2024-01-30 - 2024-07-30 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://linkd-4tn.pages.dev/linkd
Frame ID: 56E92D0CE7733810DC4B27DE61F7A74C
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/5d2377e8-ab5c-43b3-a497-fa84b8b683e8.png)
Page Title
Messages | Linkedln | Welcome backPage URL History Show full URLs
-
http://ubiquitous-honeysuckle-holiday.glitch.me/
HTTP 307
https://ubiquitous-honeysuckle-holiday.glitch.me/ Page URL
-
https://secure.adnxs.com/clktrb?id=704169&redir=https://linkd-4tn.pages.dev/linkd.html
HTTP 307
https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3Dhttps%3A%2F%2Flinkd-4tn.pages.dev%2... HTTP 302
https://linkd-4tn.pages.dev/linkd.html HTTP 308
https://linkd-4tn.pages.dev/linkd Page URL
-
https://linkd-4tn.pages.dev/cdn-cgi/phish-bypass?atok=qgg3JgZgvHgRzqFxfxM9mXMlvw40enYRz28g.gslFSw-171781...
HTTP 301
https://linkd-4tn.pages.dev/linkd Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ubiquitous-honeysuckle-holiday.glitch.me/
HTTP 307
https://ubiquitous-honeysuckle-holiday.glitch.me/ Page URL
-
https://secure.adnxs.com/clktrb?id=704169&redir=https://linkd-4tn.pages.dev/linkd.html
HTTP 307
https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3Dhttps%3A%2F%2Flinkd-4tn.pages.dev%2Flinkd.html HTTP 302
https://linkd-4tn.pages.dev/linkd.html HTTP 308
https://linkd-4tn.pages.dev/linkd Page URL
-
https://linkd-4tn.pages.dev/cdn-cgi/phish-bypass?atok=qgg3JgZgvHgRzqFxfxM9mXMlvw40enYRz28g.gslFSw-1717819465-0.0.1.1-%2Flinkd
HTTP 301
https://linkd-4tn.pages.dev/linkd Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://ubiquitous-honeysuckle-holiday.glitch.me/ HTTP 307
- https://ubiquitous-honeysuckle-holiday.glitch.me/
- https://secure.adnxs.com/clktrb?id=704169&redir=https://linkd-4tn.pages.dev/linkd.html HTTP 307
- https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3Dhttps%3A%2F%2Flinkd-4tn.pages.dev%2Flinkd.html HTTP 302
- https://linkd-4tn.pages.dev/linkd.html HTTP 308
- https://linkd-4tn.pages.dev/linkd
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ubiquitous-honeysuckle-holiday.glitch.me/ Redirect Chain
|
840 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
linkd
linkd-4tn.pages.dev/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
linkd-4tn.pages.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
linkd-4tn.pages.dev/cdn-cgi/images/ |
452 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
linkd-4tn.pages.dev/ |
0 413 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
linkd
linkd-4tn.pages.dev/ Redirect Chain
|
100 B 552 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
linTst.js
apatech123.serv00.net/ |
336 KB 336 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.3.1.js
linkd-4tn.pages.dev/js/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.linkedin.com/ |
24 KB 27 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network) Generic Cloudflare (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| ai function| $ function| jQuery object| bootstrap function| _0x20a9 function| _0x36467 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.adnxs.com/ | Name: XANDR_PANID Value: zOPMyDjbuVOgd-ct8v14s02CVATifcRsBeVB81Wc5gurg9THtavvkmH9C-Inp2X3-e45e1FqvR_nV-3UU5Sb9TMrF1xNDONgx_dvd11W3Oo. |
|
.adnxs.com/ | Name: receive-cookie-deprecation Value: 1 |
|
.adnxs.com/ | Name: uuid2 Value: 8385690200837838228 |
|
.linkd-4tn.pages.dev/ | Name: __cf_mw_byp Value: qgg3JgZgvHgRzqFxfxM9mXMlvw40enYRz28g.gslFSw-1717819465-0.0.1.1-/linkd |
|
.linkedin.com/ | Name: bcookie Value: "v=2&2bf60885-b6c7-4813-82bc-207810ebcfcc" |
|
.www.linkedin.com/ | Name: bscookie Value: "v=1&20240608040431b3246182-fe38-4a00-8674-3f7d24fb89d4AQHRZmFB7bIu5IM8NIRQXwSAX0JiYXOT" |
|
.linkedin.com/ | Name: li_gc Value: MTswOzE3MTc4MTk0NzE7MjswMjGfqORjA7R7aDUFsRixhmwb0mpAMRYHhbuhnVtyB8IjBg== |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apatech123.serv00.net
linkd-4tn.pages.dev
maxcdn.bootstrapcdn.com
secure.adnxs.com
stackpath.bootstrapcdn.com
ubiquitous-honeysuckle-holiday.glitch.me
www.linkedin.com
104.18.11.207
128.204.223.94
188.114.97.3
2620:1ec:21::14
37.252.171.52
52.21.53.195
19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
413e6fcc8cd97d997638f9fdb7dec582dc694602bd1f00fcd1cb274ac02a88c6
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9e3d9cfbb86e79dba455cbaa005638f5ee5179784c3daca09088db0d972aae4f
d73e47fc43a635aa9323282bc7bab0ed26d0f987a47c14de89d02dd4e5d60756
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016