urlscan.io logo urlscan.io
SecurityTrails logo

linkd-4tn.pages.dev Open in urlscan Pro
188.114.97.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ubiquitous-honeysuckle-holiday.glitch.me/
Effective URL: https://linkd-4tn.pages.dev/linkd
Submission: On June 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 5 countries across 6 domains to perform 11 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is linkd-4tn.pages.dev.
TLS certificate: Issued by WE1 on June 5th 2024. Valid for: 3 months.
This is the only time linkd-4tn.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network) Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 52.21.53.195 14618 (AMAZON-AES)
2 2 37.252.171.52 29990 (ASN-APPNEX)
2 8 188.114.97.3 13335 (CLOUDFLAR...)
1 128.204.223.94 57367 (ECO-ATMAN...)
2 104.18.11.207 13335 (CLOUDFLAR...)
1 2620:1ec:21::14 8068 (MICROSOFT...)
11 5
1    52.21.53.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-53-195.compute-1.amazonaws.com
ubiquitous-honeysuckle-holiday.glitch.me
2    37.252.171.52 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
8    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
linkd-4tn.pages.dev
1    128.204.223.94 (Poland)

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web4.serv00.com
apatech123.serv00.net
2    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
Apex Domain
Subdomains		 Transfer
8 pages.dev
linkd-4tn.pages.dev
9 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1268
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3330
31 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 524
2 KB
1 linkedin.com
www.linkedin.com — Cisco Umbrella Rank: 553
27 KB
1 serv00.net
apatech123.serv00.net
336 KB
1 glitch.me
ubiquitous-honeysuckle-holiday.glitch.me
1 KB
11 6
Domain Requested by
8 linkd-4tn.pages.dev 2 redirects ubiquitous-honeysuckle-holiday.glitch.me
linkd-4tn.pages.dev
2 secure.adnxs.com 2 redirects
1 www.linkedin.com
1 stackpath.bootstrapcdn.com ubiquitous-honeysuckle-holiday.glitch.me
1 maxcdn.bootstrapcdn.com ubiquitous-honeysuckle-holiday.glitch.me
1 apatech123.serv00.net linkd-4tn.pages.dev
1 ubiquitous-honeysuckle-holiday.glitch.me
11 7

This site contains no links.

Subject Issuer Validity Valid
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
linkd-4tn.pages.dev
WE1		 2024-06-05 -
2024-09-03		 3 months crt.sh
*.serv00.net
R3		 2024-04-04 -
2024-07-03		 3 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2024-05-25 -
2024-08-23		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-01-30 -
2024-07-30		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://linkd-4tn.pages.dev/linkd
Frame ID: 56E92D0CE7733810DC4B27DE61F7A74C
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Messages | Linkedln | Welcome back

Page URL History Show full URLs

  1. http://ubiquitous-honeysuckle-holiday.glitch.me/ HTTP 307
    https://ubiquitous-honeysuckle-holiday.glitch.me/ Page URL
  2. https://secure.adnxs.com/clktrb?id=704169&redir=https://linkd-4tn.pages.dev/linkd.html HTTP 307
    https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3Dhttps%3A%2F%2Flinkd-4tn.pages.dev%2... HTTP 302
    https://linkd-4tn.pages.dev/linkd.html HTTP 308
    https://linkd-4tn.pages.dev/linkd Page URL
  3. https://linkd-4tn.pages.dev/cdn-cgi/phish-bypass?atok=qgg3JgZgvHgRzqFxfxM9mXMlvw40enYRz28g.gslFSw-171781... HTTP 301
    https://linkd-4tn.pages.dev/linkd Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

7
Subdomains

5
IPs

5
Countries

404 kB
Transfer

487 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ubiquitous-honeysuckle-holiday.glitch.me/ HTTP 307
    https://ubiquitous-honeysuckle-holiday.glitch.me/ Page URL
  2. https://secure.adnxs.com/clktrb?id=704169&redir=https://linkd-4tn.pages.dev/linkd.html HTTP 307
    https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3Dhttps%3A%2F%2Flinkd-4tn.pages.dev%2Flinkd.html HTTP 302
    https://linkd-4tn.pages.dev/linkd.html HTTP 308
    https://linkd-4tn.pages.dev/linkd Page URL
  3. https://linkd-4tn.pages.dev/cdn-cgi/phish-bypass?atok=qgg3JgZgvHgRzqFxfxM9mXMlvw40enYRz28g.gslFSw-1717819465-0.0.1.1-%2Flinkd HTTP 301
    https://linkd-4tn.pages.dev/linkd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ubiquitous-honeysuckle-holiday.glitch.me/ HTTP 307
  • https://ubiquitous-honeysuckle-holiday.glitch.me/
Request Chain 1
  • https://secure.adnxs.com/clktrb?id=704169&redir=https://linkd-4tn.pages.dev/linkd.html HTTP 307
  • https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3Dhttps%3A%2F%2Flinkd-4tn.pages.dev%2Flinkd.html HTTP 302
  • https://linkd-4tn.pages.dev/linkd.html HTTP 308
  • https://linkd-4tn.pages.dev/linkd

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ubiquitous-honeysuckle-holiday.glitch.me/
Redirect Chain
  • http://ubiquitous-honeysuckle-holiday.glitch.me/
  • https://ubiquitous-honeysuckle-holiday.glitch.me/
840 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ubiquitous-honeysuckle-holiday.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.53.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-53-195.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
840
content-type
text/html; charset=utf-8
date
Sat, 08 Jun 2024 04:04:24 GMT
etag
"91840a47601f9c0eac242aadd87f25b3"
last-modified
Thu, 06 Jun 2024 15:51:58 GMT
server
AmazonS3
x-amz-id-2
LHRYS6Cwuk4V2xlAPq3qAxxUwGAf1+HVfHXkxTu+Q0Q2aCh9F0DXb8fgUeX9kZ8WUSK4gy04/R67LZvrWLvGcDdL1oLN3B4+
x-amz-request-id
85FC8M60XK2XGVK4
x-amz-server-side-encryption
AES256
x-amz-version-id
ALYVC8bDnjfGtA3a6t0awIdiyRc3dVa1

Redirect headers

Location
https://ubiquitous-honeysuckle-holiday.glitch.me/
Non-Authoritative-Reason
HttpsUpgrades
linkd
linkd-4tn.pages.dev/
Redirect Chain
  • https://secure.adnxs.com/clktrb?id=704169&redir=https://linkd-4tn.pages.dev/linkd.html
  • https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3Dhttps%3A%2F%2Flinkd-4tn.pages.dev%2Flinkd.html
  • https://linkd-4tn.pages.dev/linkd.html
  • https://linkd-4tn.pages.dev/linkd
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://linkd-4tn.pages.dev/linkd
Requested by
Host: ubiquitous-honeysuckle-holiday.glitch.me
URL: https://ubiquitous-honeysuckle-holiday.glitch.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d73e47fc43a635aa9323282bc7bab0ed26d0f987a47c14de89d02dd4e5d60756
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://ubiquitous-honeysuckle-holiday.glitch.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cf-ray
8905ff6b396c2bda-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 08 Jun 2024 04:04:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2Bi0nVU0TqVXGr3fWahKJG9IjzBdLFnRlZcP4mEHY0NwnqDzGm7gVEZWWwyUW%2BsYoooUqWgjkfa3tIhVfnDcxt6HuuXZ5FFEBJorB%2BHPEFyphS0rh1yKfWJGrbu3qOGfb4nfG%2Bv4"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-ray
8905ff6ab92e2bda-FRA
content-length
0
date
Sat, 08 Jun 2024 04:04:25 GMT
location
/linkd
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2NO8XW2nyPgHi9sQoezO%2BUV7PJfuHEavcPxwPyW1h4d0o8iZA9%2FBhUqSZGxovRYP2Kk34PXnLYlM0Zwa8cTunki0SyyzTJp4HFN2XE8iNF3%2BjWEUJQAkVYxRC%2FBUxwVa3eRbp0Qm"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
cf.errors.css
linkd-4tn.pages.dev/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://linkd-4tn.pages.dev/cdn-cgi/styles/cf.errors.css
Requested by
Host: linkd-4tn.pages.dev
URL: https://linkd-4tn.pages.dev/linkd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/linkd
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 04:04:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 12:26:34 GMT
server
cloudflare
etag
W/"665f07fa-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
8905ff6b999c2bda-FRA
expires
Sat, 08 Jun 2024 06:04:25 GMT
icon-exclamation.png
linkd-4tn.pages.dev/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://linkd-4tn.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: linkd-4tn.pages.dev
URL: https://linkd-4tn.pages.dev/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/cdn-cgi/styles/cf.errors.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 04:04:25 GMT
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 12:26:34 GMT
server
cloudflare
etag
"665f07fa-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
8905ff6be9e32bda-FRA
content-length
452
expires
Sat, 08 Jun 2024 06:04:25 GMT
favicon.ico
linkd-4tn.pages.dev/ 		0
413 B 		Other
General
Check archive.org
Download Go to
Full URL
https://linkd-4tn.pages.dev/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/linkd
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 04:04:25 GMT
referrer-policy
strict-origin-when-cross-origin
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Oa3k%2FYT%2BUGk9lCmcsvcnZtqvKXJWSc5r8kx6V3Ppe8bYKzK%2F%2BXM1%2FYapT1pNQMacvb1QffVAUMRh0PZAboWVdgN7ANJxENwmDTNPmPud%2BgN0lEEtGy7hr2y3AXwU7KcaN7VGTYx"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
no-store
cf-ray
8905ff6c3a0f2bda-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
Primary Request linkd
linkd-4tn.pages.dev/
Redirect Chain
  • https://linkd-4tn.pages.dev/cdn-cgi/phish-bypass?atok=qgg3JgZgvHgRzqFxfxM9mXMlvw40enYRz28g.gslFSw-1717819465-0.0.1.1-%2Flinkd
  • https://linkd-4tn.pages.dev/linkd
100 B
552 B 		Document
General
Check archive.org
Download Go to
Full URL
https://linkd-4tn.pages.dev/linkd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e3d9cfbb86e79dba455cbaa005638f5ee5179784c3daca09088db0d972aae4f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://linkd-4tn.pages.dev/linkd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
8905ff875b5d2bda-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 08 Jun 2024 04:04:30 GMT
etag
W/"3ce29730add83349ad0e1e128628f427"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f8PKtWBHV5To844NFqnspUi2erf2T%2BvM7xYXFbVFGmuWNwzIrt1D6SP21ZjG0B4ETR5taZh%2FS1COxMEmXlrtGrWfTpE4B9lsn4kLfsLDppVj2j3bQ%2BVswA2TCVJuV81MLVfvdhOi"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

cache-control
private, no-cache
cf-ray
8905ff871b3f2bda-FRA
content-length
167
content-type
text/html
date
Sat, 08 Jun 2024 04:04:29 GMT
location
https://linkd-4tn.pages.dev/linkd
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
linTst.js
apatech123.serv00.net/ 		336 KB
336 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apatech123.serv00.net/linTst.js
Requested by
Host: linkd-4tn.pages.dev
URL: https://linkd-4tn.pages.dev/linkd
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
128.204.223.94 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS
web4.serv00.com
Software
nginx /
Resource Hash
413e6fcc8cd97d997638f9fdb7dec582dc694602bd1f00fcd1cb274ac02a88c6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 04:04:30 GMT
last-modified
Tue, 04 Jun 2024 22:37:12 GMT
server
nginx
accept-ranges
bytes
etag
"665f9718-53ee7"
content-length
343783
content-type
application/javascript
jquery-3.3.1.js
linkd-4tn.pages.dev/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://linkd-4tn.pages.dev/js/jquery-3.3.1.js
Requested by
Host: ubiquitous-honeysuckle-holiday.glitch.me
URL: https://ubiquitous-honeysuckle-holiday.glitch.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/linkd
Origin
https://linkd-4tn.pages.dev
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 04:04:30 GMT
referrer-policy
strict-origin-when-cross-origin
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2BuGBB5JNS2rrL0aEDmC6ZzvI6xZVvAsFROG2LvHFrYmqa7gOdK%2BudfYP27%2F5jFYRGJKi%2FzaHJ4m6GZAj8kmZCA6G47qzfsvdVo0191UomtSiuV8fgWMv09V%2Fc8%2B5eLPSx8e%2BAKn"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
no-store
cf-ray
8905ff8bce002bda-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: ubiquitous-honeysuckle-holiday.glitch.me
URL: https://ubiquitous-honeysuckle-holiday.glitch.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 04:04:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1048
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
107788
cdn-cachedat
03/18/2024 12:46:36
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
e3f3bfe1b89f7f16a5a4802a3640b8c7
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
8905ff8c18d2450a-TXL
cdn-requestpullsuccess
True
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: ubiquitous-honeysuckle-holiday.glitch.me
URL: https://ubiquitous-honeysuckle-holiday.glitch.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 04:04:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3132125
cdn-cachedat
11/15/2021 23:30:00
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
a35b0179a28ed953258d0fb41376a09c
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
8905ff8c08b9450a-TXL
cdn-requestpullsuccess
True
favicon.ico
www.linkedin.com/ 		24 KB
27 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.linkedin.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://linkd-4tn.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-security-policy
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d
x-content-type-options
nosniff
date
Sat, 08 Jun 2024 04:04:31 GMT
x-cache
CONFIG_NOCACHE
content-length
24838
x-li-uuid
AAYaWQNcFUao+2C8Y4NsOw==
last-modified
Tue, 16 Apr 2024 21:26:51 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 697EAF1E25FD42F6BBFB05565EC5387C Ref B: DUS30EDGE0414 Ref C: 2024-06-08T04:04:30Z
etag
"661eed1b-6106"
x-frame-options
sameorigin
content-type
image/x-icon
x-li-fabric
prod-lor1
cache-control
max-age=604800,private
x-li-proto
http/2
accept-ranges
bytes
expires
Sat, 15 Jun 2024 04:04:31 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network) Generic Cloudflare (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| ai function| $ function| jQuery object| bootstrap function| _0x20a9 function| _0x3646

7 Cookies

Domain/Path Name / Value
.adnxs.com/ Name: XANDR_PANID
Value: zOPMyDjbuVOgd-ct8v14s02CVATifcRsBeVB81Wc5gurg9THtavvkmH9C-Inp2X3-e45e1FqvR_nV-3UU5Sb9TMrF1xNDONgx_dvd11W3Oo.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 8385690200837838228
.linkd-4tn.pages.dev/ Name: __cf_mw_byp
Value: qgg3JgZgvHgRzqFxfxM9mXMlvw40enYRz28g.gslFSw-1717819465-0.0.1.1-/linkd
.linkedin.com/ Name: bcookie
Value: "v=2&2bf60885-b6c7-4813-82bc-207810ebcfcc"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20240608040431b3246182-fe38-4a00-8674-3f7d24fb89d4AQHRZmFB7bIu5IM8NIRQXwSAX0JiYXOT"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MTc4MTk0NzE7MjswMjGfqORjA7R7aDUFsRixhmwb0mpAMRYHhbuhnVtyB8IjBg==

8 Console Messages

Source Level URL
Text
network error URL: https://linkd-4tn.pages.dev/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://linkd-4tn.pages.dev/js/jquery-3.3.1.js
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://linkd-4tn.pages.dev/linkd
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://linkd-4tn.pages.dev/linkd
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://linkd-4tn.pages.dev/linkd
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://linkd-4tn.pages.dev/linkd
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.