urlscan.io logo urlscan.io
SecurityTrails logo

a.imagem.app Open in urlscan Pro
2606:4700:3031::ac43:c6bd  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.linkedin.com/slink?code=ex_CDiAX
Effective URL: https://a.imagem.app/b0jhja.jpg
Submission Tags: scam/phishing e-mail links
Submission: On May 27 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 2606:4700:3031::ac43:c6bd, located in United States and belongs to CLOUDFLARENET, US. The main domain is a.imagem.app.
TLS certificate: Issued by GTS CA 2P2 on May 17th 2023. Valid for: 3 months.
This is the only time a.imagem.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1
Apex Domain
Subdomains		 Transfer
1 imagem.app
a.imagem.app
94 KB
1 linkedin.com
www.linkedin.com — Cisco Umbrella Rank: 603
2 KB
1 2
Domain Requested by
1 a.imagem.app
1 www.linkedin.com 1 redirects
1 2

This site contains no links.

Subject Issuer Validity Valid
imagem.app
GTS CA 2P2		 2023-05-17 -
2023-08-15		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://a.imagem.app/b0jhja.jpg
Frame ID: 8987DD583F2799D45A2037C5E2953D60
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

b0jhja.jpg (611×750)

Page URL History Show full URLs

  1. https://www.linkedin.com/slink?code=ex_CDiAX HTTP 301
    https://a.imagem.app/b0jhja.jpg Page URL

Page Statistics

1
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

94 kB
Transfer

93 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.linkedin.com/slink?code=ex_CDiAX HTTP 301
    https://a.imagem.app/b0jhja.jpg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request b0jhja.jpg
a.imagem.app/
Redirect Chain
  • https://www.linkedin.com/slink?code=ex_CDiAX
  • https://a.imagem.app/b0jhja.jpg
93 KB
94 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.imagem.app/b0jhja.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c6bd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / centminmod
Resource Hash
3f0a38bd3cd86e82c1a235fbebd7afc6fb9fec033738aac7a475663dfda2cec3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
cache-control
max-age=2678400
cf-cache-status
MISS
cf-ray
7ce005d51e1c4245-EWR
content-length
95614
content-type
image/jpeg
date
Sat, 27 May 2023 17:36:54 GMT
etag
"6472285a-1757e"
last-modified
Sat, 27 May 2023 15:57:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5G4n9nKYyrExefnGG5tkwuanjY2JsYtcP4nAQ1FjxthagVzAX9ka7gLhGZ1DQukyRAuItg4mrWeAQq5%2FB2N%2FjekFArkbqDDN3aviUhB7YWHATJd62R88VG1F2QD%2FZZW%2Fx8F96kij4UXCBWg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
centminmod
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy
default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com *.microsoft.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; script-src-attr 'report-sample' 'none'; object-src 'none'; media-src blob: *; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' *.linkedin.com teams.microsoft.com client.learningapp.microsoft.com
date
Sat, 27 May 2023 17:36:53 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://a.imagem.app/b0jhja.jpg
pragma
no-cache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
sameorigin
x-li-fabric
prod-lor1
x-li-pop
afd-prod-lor1-x
x-li-proto
http/2
x-li-uuid
AAX8sEysYQb2G0r1upLfsg==
x-msedge-ref
Ref A: F2F2E9E3F60343AD8D9071B20A8CCB16 Ref B: NYCEDGE1609 Ref C: 2023-05-27T17:36:54Z

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

3 Cookies

Domain/Path Name / Value
.linkedin.com/ Name: bcookie
Value: "v=2&85146036-2aed-4503-8e6e-31b12abea7a3"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230527173654b47c8347-5662-44f5-8e2d-f16db3fc4544AQFoxC4YRmAE0-v-BMsl0Enie98KZpgo"
.linkedin.com/ Name: lidc
Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2895:u=1:x=1:i=1685209014:t=1685295414:v=2:sig=AQFzCVloj4GvYXSWSnphYboY3xkB6BJc"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.imagem.app
www.linkedin.com
2606:4700:3031::ac43:c6bd
2620:1ec:21::14
3f0a38bd3cd86e82c1a235fbebd7afc6fb9fec033738aac7a475663dfda2cec3