dev-connect-csp.pantheonsite.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 2620:12a:8000::4, located in United States and belongs to FASTLY, US. The main domain is dev-connect-csp.pantheonsite.io.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on July 16th 2020. Valid for: a year.

This is the only time dev-connect-csp.pantheonsite.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address		AS Autonomous System
6	2620:12a:8000::4 2620:12a:8000::4		54113 (FASTLY) (FASTLY)
6	1

6 2620:12a:8000::4 (United States)

ASN54113 (FASTLY, US)

dev-connect-csp.pantheonsite.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	pantheonsite.io dev-connect-csp.pantheonsite.io	83 KB
6	1

	Domain	Requested by
6	dev-connect-csp.pantheonsite.io	dev-connect-csp.pantheonsite.io
6	1

This site contains links to these domains. Also see Links.

Domain
linkedin.com

Subject Issuer	Validity	Valid
*.pantheon.io DigiCert SHA2 Secure Server CA	`2020-07-16` - `2021-07-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
Frame ID: 88149E656FC91F61A997E53561433390
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

83 kB
Transfer

334 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://linkedin.com/help/linkedin/answer/34593?lang=en&trk=d_checkpoint_lg_consumerLogin_ft_community_guidelines
Title: Community Guidelines

Search URL Search Domain Scan URL

URL: https://linkedin.com/help/linkedin?trk=d_checkpoint_lg_consumerLogin_ft_send_feedback&lang=en
Title: Send Feedback

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.html Show response
dev-connect-csp.pantheonsite.io/sign-in/ 21 KB
7 KB 151ms
116ms Document
text/html 2620:12a:8000::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-connect-csp.pantheonsite.io/sign-in/index.html

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5718d1e2ebde538e9463d2d2904849e61e063a14d89451a3085a929cb67d8faf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:method: GET
:authority: dev-connect-csp.pantheonsite.io
:scheme: https
:path: /sign-in/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
etag: W/"60d402c7-5587"
last-modified: Thu, 24 Jun 2021 03:57:59 GMT
server: nginx
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe4-b-6f647f774b-tt85d
x-styx-req-id: 8ce974c3-d585-11eb-a33d-4aca7a70d412
date: Fri, 25 Jun 2021 07:18:42 GMT
x-served-by: cache-mdw17337-MDW, cache-fra19171-FRA
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1624605522.066745,VS0,VE104
vary: Accept-Encoding, Cookie, Cookie
x-robots-tag: noindex
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
content-length: 7133

GET
H2 200 37u7kr5kganeq2p3ellcmfd15 Show response
dev-connect-csp.pantheonsite.io/sign-in/index_files/ 69 KB
26 KB 119ms
118ms Script
text/plain 2620:12a:8000::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-connect-csp.pantheonsite.io/sign-in/index_files/37u7kr5kganeq2p3ellcmfd15

Requested by

Host: dev-connect-csp.pantheonsite.io
URL: https://dev-connect-csp.pantheonsite.io/sign-in/index.html

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ab44a935b273bd76aed10b90b4d9e55f1cf1277c71c21c946ad9047587edc547

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:path: /sign-in/index_files/37u7kr5kganeq2p3ellcmfd15
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: dev-connect-csp.pantheonsite.io
referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f0d7b1a-11479"
age: 8
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 25967
x-served-by: cache-mdw17378-MDW, cache-fra19171-FRA
last-modified: Tue, 14 Jul 2020 09:30:02 GMT
server: nginx
x-timer: S1624605522.186763,VS0,VE107
date: Fri, 25 Jun 2021 07:18:42 GMT
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
x-robots-tag: noindex
x-styx-req-id: 2dd04d36-d56c-11eb-85b0-d26e1d90aaa3
x-pantheon-styx-hostname: styx-fe4-b-6f647f774b-8qp5f

GET
H2 200 amr2fg65yx3tpak6s74f9lemr Show response
dev-connect-csp.pantheonsite.io/sign-in/index_files/ 55 KB
18 KB 115ms
115ms Script
text/plain 2620:12a:8000::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-connect-csp.pantheonsite.io/sign-in/index_files/amr2fg65yx3tpak6s74f9lemr

Requested by

Host: dev-connect-csp.pantheonsite.io
URL: https://dev-connect-csp.pantheonsite.io/sign-in/index.html

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c22f54b3631979deb8563f1a9108f9d8eb981ee76474c9e4217cbe06004522cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:path: /sign-in/index_files/amr2fg65yx3tpak6s74f9lemr
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: dev-connect-csp.pantheonsite.io
referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f0d7b1a-db95"
age: 8
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 17948
x-served-by: cache-mdw17335-MDW, cache-fra19171-FRA
last-modified: Tue, 14 Jul 2020 09:30:02 GMT
server: nginx
x-timer: S1624605522.186815,VS0,VE103
date: Fri, 25 Jun 2021 07:18:42 GMT
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
x-robots-tag: noindex
x-styx-req-id: 2d3bcaa0-d56c-11eb-877f-e2e5cb50f45e
x-pantheon-styx-hostname: styx-fe4-a-667d78d458-m7gb6

GET
H2 200 cs.css
dev-connect-csp.pantheonsite.io/sign-in/index_files/ 172 KB
26 KB 131ms
130ms Stylesheet
text/css 2620:12a:8000::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-connect-csp.pantheonsite.io/sign-in/index_files/cs.css

Requested by

Host: dev-connect-csp.pantheonsite.io
URL: https://dev-connect-csp.pantheonsite.io/sign-in/index.html

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

531a543627cea62526d080bd07e24a512c47b96a37b016cf1f26294a7204e636

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:path: /sign-in/index_files/cs.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: dev-connect-csp.pantheonsite.io
referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f0d7b1a-2b021"
age: 0
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-mdw17379-MDW, cache-fra19171-FRA
last-modified: Tue, 14 Jul 2020 09:30:02 GMT
server: nginx
x-timer: S1624605522.187469,VS0,VE119
date: Fri, 25 Jun 2021 07:18:42 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Fri, 25 Jun 2021 07:18:41 GMT
cache-control: no-cache, must-revalidate
accept-ranges: bytes
x-robots-tag: noindex
x-styx-req-id: 920abfab-d585-11eb-b88b-aad7cef04d30
x-pantheon-styx-hostname: styx-fe4-b-6f647f774b-m5ljt

POST
H2 404 track Show response
dev-connect-csp.pantheonsite.io/li/ 8 KB
3 KB 183ms
183ms XHR
text/html 2620:12a:8000::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-connect-csp.pantheonsite.io/li/track

Requested by

Host: dev-connect-csp.pantheonsite.io
URL: https://dev-connect-csp.pantheonsite.io/sign-in/index_files/amr2fg65yx3tpak6s74f9lemr

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fc1d944916d910347e067b45227f5e18cdf97bc81b027c0f0e860fbc4808f396

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-fetch-mode: cors
origin: https://dev-connect-csp.pantheonsite.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
content-length: 483
:path: /li/track
pragma: no-cache
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
csrf-token
:authority: dev-connect-csp.pantheonsite.io
referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
:scheme: https
sec-fetch-site: same-origin
:method: POST
Csrf-Token
Referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 0
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-mdw17320-MDW, cache-fra19171-FRA
link: <https://dev-connect-csp.pantheonsite.io/wp-json/>; rel="https://api.w.org/"
server: nginx
x-timer: S1624605522.454325,VS0,VE169
date: Fri, 25 Jun 2021 07:18:42 GMT
vary: Accept-Encoding, Cookie, Cookie
content-type: text/html; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
accept-ranges: bytes
x-robots-tag: noindex
x-styx-req-id: 923394ab-d585-11eb-8027-b23cbbf2a62e
x-pantheon-styx-hostname: styx-fe4-b-6f647f774b-mdncb

POST
H2 404 track Show response
dev-connect-csp.pantheonsite.io/li/ 8 KB
3 KB 171ms
171ms XHR
text/html 2620:12a:8000::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://dev-connect-csp.pantheonsite.io/li/track

Requested by

Host: dev-connect-csp.pantheonsite.io
URL: https://dev-connect-csp.pantheonsite.io/sign-in/index_files/amr2fg65yx3tpak6s74f9lemr

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fc1d944916d910347e067b45227f5e18cdf97bc81b027c0f0e860fbc4808f396

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-fetch-mode: cors
origin: https://dev-connect-csp.pantheonsite.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
content-length: 3620
:path: /li/track
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: dev-connect-csp.pantheonsite.io
referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://dev-connect-csp.pantheonsite.io/sign-in/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 0
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-mdw17383-MDW, cache-fra19171-FRA
link: <https://dev-connect-csp.pantheonsite.io/wp-json/>; rel="https://api.w.org/"
server: nginx
x-timer: S1624605523.840284,VS0,VE159
date: Fri, 25 Jun 2021 07:18:42 GMT
vary: Accept-Encoding, Cookie, Cookie
content-type: text/html; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
accept-ranges: bytes
x-robots-tag: noindex
x-styx-req-id: 926decd1-d585-11eb-b88b-aad7cef04d30
x-pantheon-styx-hostname: styx-fe4-b-6f647f774b-m5ljt

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://dev-connect-csp.pantheonsite.io/sign-in/index_files/amr2fg65yx3tpak6s74f9lemr(Line 10) Message: [object XMLHttpRequest]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dev-connect-csp.pantheonsite.io
2620:12a:8000::4
531a543627cea62526d080bd07e24a512c47b96a37b016cf1f26294a7204e636
5718d1e2ebde538e9463d2d2904849e61e063a14d89451a3085a929cb67d8faf
ab44a935b273bd76aed10b90b4d9e55f1cf1277c71c21c946ad9047587edc547
c22f54b3631979deb8563f1a9108f9d8eb981ee76474c9e4217cbe06004522cf
fc1d944916d910347e067b45227f5e18cdf97bc81b027c0f0e860fbc4808f396

dev-connect-csp.pantheonsite.io Open in urlscan Pro 2620:12a:8000::4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

83 kBTransfer

334 kBSize

0 Cookies

2 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

dev-connect-csp.pantheonsite.io Open in urlscan Pro
2620:12a:8000::4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

83 kB
Transfer

334 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!