pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
Open in
urlscan Pro
2606:4700::6812:323
Malicious Activity!
Public Scan
Effective URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Submission: On February 02 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on December 9th 2023. Valid for: 3 months.
This is the only time pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
ASN13335 (CLOUDFLARENET, US)
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev |
ASN20940 (AKAMAI-ASN1, NL)
static.licdn.com | |
platform.linkedin-ei.com | |
platform.linkedin.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-143-239.compute-1.amazonaws.com
dpm.demdex.net | |
lnkd.demdex.net |
ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net
www.googleadservices.com |
ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f2.1e100.net
cm.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
licdn.com
static.licdn.com — Cisco Umbrella Rank: 2308 |
286 KB |
7 |
r2.dev
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev |
141 KB |
6 |
linkedin-ei.com
ponf.linkedin-ei.com www.linkedin-ei.com platform.linkedin-ei.com |
52 KB |
4 |
doubleclick.net
4 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 |
3 KB |
4 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 239 lnkd.demdex.net — Cisco Umbrella Rank: 5374 |
6 KB |
4 |
google.com
accounts.google.com — Cisco Umbrella Rank: 23 www.google.com — Cisco Umbrella Rank: 2 |
3 KB |
2 |
googleadservices.com
2 redirects
www.googleadservices.com — Cisco Umbrella Rank: 145 |
1 KB |
2 |
gstatic.com
ssl.gstatic.com |
41 KB |
1 |
linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3538 |
29 KB |
1 |
withgoogle.com
csp.withgoogle.com — Cisco Umbrella Rank: 424 |
|
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 369 |
30 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1019 |
14 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225 |
7 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 760 |
24 KB |
39 | 14 |
Domain | Requested by | |
---|---|---|
9 | static.licdn.com |
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
static.licdn.com |
7 | pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev |
static.licdn.com
|
3 | platform.linkedin-ei.com |
static.licdn.com
platform.linkedin-ei.com |
2 | cm.g.doubleclick.net | 2 redirects |
2 | lnkd.demdex.net |
platform.linkedin-ei.com
|
2 | www.google.com | |
2 | googleads.g.doubleclick.net | 2 redirects |
2 | www.googleadservices.com | 2 redirects |
2 | dpm.demdex.net |
platform.linkedin-ei.com
|
2 | ssl.gstatic.com |
accounts.google.com
|
2 | www.linkedin-ei.com |
static.licdn.com
|
2 | accounts.google.com |
static.licdn.com
|
1 | platform.linkedin.com |
platform.linkedin-ei.com
|
1 | csp.withgoogle.com |
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
|
1 | ponf.linkedin-ei.com | |
1 | ajax.googleapis.com |
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
|
1 | maxcdn.bootstrapcdn.com |
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
|
1 | cdnjs.cloudflare.com |
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
|
1 | code.jquery.com |
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
|
39 | 19 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.r2.dev E1 |
2023-12-09 - 2024-03-08 |
3 months | crt.sh |
static-exp1.licdn.com DigiCert SHA2 Secure Server CA |
2023-03-17 - 2024-03-19 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
ponf.linkedin-ei.com DigiCert SHA2 Secure Server CA |
2023-02-21 - 2024-02-20 |
a year | crt.sh |
accounts.google.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
www.linkedin-ei.com DigiCert SHA2 Secure Server CA |
2023-11-07 - 2024-05-07 |
6 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
*.appspot.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
platform.linkedin.com DigiCert SHA2 Secure Server CA |
2023-05-17 - 2024-05-16 |
a year | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-09-26 - 2024-10-26 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Frame ID: DC5AE03A94077E578B784235EB641865
Requests: 32 HTTP requests in this frame
Frame:
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_503988_116229&as=9IIx4Ai%2B5vB%2BpG%2FQ3XqECA&hl=en_US
Frame ID: 95383AE3B90991B30B79DA04968A5960
Requests: 4 HTTP requests in this frame
Frame:
https://lnkd.demdex.net/dest5.html?d_nsid=0
Frame ID: 25EE7DF8C7E36FAC88110FEF44BAF563
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
LinkedIn Login, Sign in | LinkedInPage URL History Show full URLs
-
http://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
HTTP 307
https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
HTTP 307
https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 31- https://www.googleadservices.com/pagead/conversion/979305453/?random=1706909505152&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP 302
- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&ocp_id=QV-9ZZC7DsWaoPMPzL-F8Aw&sscte=1&crd=CIK9sQII7LuxAg&pscrd=IhMI0N_ktc2NhAMVRQ1oCB3MXwHOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAg HTTP 302
- https://www.google.com/pagead/1p-conversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQII7LuxAg&pscrd=IhMI0N_ktc2NhAMVRQ1oCB3MXwHOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAg&is_vtc=1&ocp_id=QV-9ZZC7DsWaoPMPzL-F8Aw&cid=CAQSGwAvHhf_DzEW1sEfLFk3EpM5nP5A50ry3mw-gg&random=1245222692&resp=GooglemKTybQhCsO
- https://www.googleadservices.com/pagead/conversion/979305453/?random=1706909505153&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP 302
- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&ocp_id=QV-9Zce2Ds2aoPMPqPaoyAI&sscte=1&crd=CIK9sQI&pscrd=IhMIh9vktc2NhAMVTQ1oCB0oOwop HTTP 302
- https://www.google.com/pagead/1p-conversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQI&pscrd=IhMIh9vktc2NhAMVTQ1oCB0oOwop&is_vtc=1&ocp_id=QV-9Zce2Ds2aoPMPqPaoyAI&cid=CAQSGwAvHhf_PtPfgyE0hTfAobIXUWnhhavYjgqapg&random=4111158656&resp=GooglemKTybQhCsO
- https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjY5ODQxNTExODE3MTcxODE4NjM2MTQ2NzA0NTE4ODg3MDE0NDc= HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NjY5ODQxNTExODE3MTcxODE4NjM2MTQ2NzA0NTE4ODg3MDE0NDc=&google_tc= HTTP 302
- https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHSUGojxvyqW7nmYoamehs8&google_cver=1?gdpr=0&gdpr_consent=
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
indexmex.html
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/ Redirect Chain
|
41 KB 41 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1sjpgjk18flzq8du4cxjl13ch
static.licdn.com/sc/h/ |
273 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aoyniy4z81voytvhok68uu3ia
static.licdn.com/sc/h/ |
254 KB 56 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ei1ryhlrbku41e394oskcxugy
static.licdn.com/sc/h/ |
93 KB 27 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
473v2cdto9klp3y6gfjcs28u2
static.licdn.com/sc/h/ |
74 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ccg6j0toh362m9pa9exs90nin
static.licdn.com/sc/h/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9khh7n0e2ss763aeozygh9d7
static.licdn.com/sc/h/ |
244 KB 63 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
179r7h6dytjlclq68a906sd4s
static.licdn.com/sc/h/ |
72 KB 22 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ |
16 KB 17 KB |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4k6diadsezedadhkq4uxfxss1
static.licdn.com/sc/h/ |
182 KB 63 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1gpe377m8n1eq73qveizv5onv
static.licdn.com/sc/h/ |
38 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracking.png
ponf.linkedin-ei.com/pixel/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
button
accounts.google.com/gsi/ Frame 9538 |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
status
accounts.google.com/gsi/ |
37 B 969 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ |
16 KB 17 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
apfcDf
www.linkedin-ei.com/platform-telemetry/li/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
apfcDf
www.linkedin-ei.com/platform-telemetry/li/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=credential_button_library
ssl.gstatic.com/_/gsi/_/ss/k=gsi.gsi.ZYtlUg6-m0E.L.W.O/am=gCRU/d=1/rs=AF0KOtVKiB9YLYfgOfO25WmKpMR_o1doWA/ Frame 9538 |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=credential_button_library
ssl.gstatic.com/_/gsi/_/js/k=gsi.gsi.en_US.M_CNsb_gUWk.O/am=ACRU/d=1/rs=AF0KOtXAk2ip7xgOCEpWN6p853wDt5tZdw/ Frame 9538 |
105 KB 39 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
identity-sign-in-google-http
csp.withgoogle.com/csp/ Frame 9538 |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ |
16 KB 17 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user
www.linkedin-ei.com/litms/api/metadata/ |
342 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ |
137 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
dpm.demdex.net/ |
440 B 989 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.107.js
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.117.js
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ |
16 KB 17 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtag-adwords.js
platform.linkedin.com/litms/vendor/google/ |
78 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-conversion/979305453/ Redirect Chain
|
42 B 455 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-conversion/979305453/ Redirect Chain
|
42 B 108 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
lnkd.demdex.net/ Frame 25EE |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
event
lnkd.demdex.net/ |
345 B 921 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibs:dpid=771&dpuuid=CAESEHSUGojxvyqW7nmYoamehs8&google_cver=1
dpm.demdex.net/ Frame 25EE Redirect Chain
|
42 B 716 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ |
16 KB 17 KB |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ |
16 KB 17 KB |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.linkedin-ei.com
- URL
- https://www.linkedin-ei.com/platform-telemetry/li/apfcDf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| $ function| jQuery function| Popper object| bootstrap undefined| utag_data object| utag_cfg_ovrd object| trackingEventDebugData object| artdeco object| _artdecoBakedCurves object| __core-js_shared__ object| _0x41e7 function| _0x561f function| triggerDnaApfcEvent object| AppleID object| default_gsi object| google object| __G_ID_CLIENT__ object| closure_lm_185230 object| apfcDf object| tealiumDil boolean| utag_condload object| landingPageUrl object| utag boolean| __tealium_twc_switch function| DIL object| adobe function| Visitor object| s_c_il number| s_c_in string| gtagRename object| dataLayer function| gtag function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_manager13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.linkedin-ei.com/ | Name: JSESSIONID Value: ajax:7341666604528374772 |
|
.linkedin-ei.com/ | Name: lang Value: v=2&lang=en-us |
|
.linkedin-ei.com/ | Name: bcookie Value: "v=2&f8b9574a-ec7b-4e8c-87a9-63a1eac9e7cc" |
|
.www.linkedin-ei.com/ | Name: bscookie Value: "v=1&20240202213144be465a45-6af2-4e6f-897f-663ddc2cd391AQH5n2CLfqOMHubDBzYtID-JQIP6IWoT" |
|
.linkedin-ei.com/ | Name: li_gc Value: MTswOzE3MDY5MDk1MDQ7MTswMjEYJG+LhKqxEChNVmbPH81rapxWtxIQf6x3wkHZY0xjBw== |
|
.linkedin-ei.com/ | Name: lidc Value: "b=ETGST04:s=ET:r=ET:a=ET:p=ET:g=119:u=1:x=1:i=1706909504:t=1706995904:v=2:sig=AQE_BV7JFPmbEbXiraToG5-trNER2g_d" |
|
.demdex.net/ | Name: demdex Value: 66984151181717181863614670451888701447 |
|
.pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/ | Name: AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg Value: 1 |
|
.pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/ | Name: AMCV_14215E3D5995C57C0A495C55%40AdobeOrg Value: -637568504%7CMCIDTS%7C19756%7CMCMID%7C66458025435601105613667843948402947020%7CMCAAMLH-1707514305%7C7%7CMCAAMB-1707514305%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1706916705s%7CNONE%7CvVersion%7C5.1.1 |
|
.pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/ | Name: aam_uuid Value: 66984151181717181863614670451888701447 |
|
.demdex.net/ | Name: dextp Value: 771-1-1706909505291 |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUkrMi4hEgmGhGVm0cXOeYbuQIPqn9hdwUASvz5xNQp_cMtOFHLlVOyWpy4jZyY |
|
.dpm.demdex.net/ | Name: dpm Value: 66984151181717181863614670451888701447 |
43 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
ajax.googleapis.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
csp.withgoogle.com
dpm.demdex.net
googleads.g.doubleclick.net
lnkd.demdex.net
maxcdn.bootstrapcdn.com
platform.linkedin-ei.com
platform.linkedin.com
ponf.linkedin-ei.com
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
ssl.gstatic.com
static.licdn.com
www.google.com
www.googleadservices.com
www.linkedin-ei.com
www.linkedin-ei.com
142.250.176.194
142.251.40.130
144.2.9.2
2600:141b:1c00:8::1728:b347
2606:4700::6811:190e
2606:4700::6812:323
2606:4700::6812:acf
2607:f8b0:4004:c08::54
2607:f8b0:4006:809::2003
2607:f8b0:4006:816::2004
2607:f8b0:4006:81d::2011
2607:f8b0:4006:820::2002
2607:f8b0:4006:823::200a
2620:1ec:50::16
2a04:4e42::649
3.233.143.239
013b4c45c5a0cb7da23d2941ec7d94f323a9dd5306c3d3951223b92109e5dc7f
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
158fd030801513067f2544e8bfc65e9f2af3eb54422907406d18276a61c38748
4482ee5d94028a15ed58db9ebdb13545162c65ec62295fa5679a686e57599304
44925f9bdebd7dadd2e05e034c457104b510f8038f37af31bd841b7c00db0aaf
6101eea4239ded7503b74732d078de0de0e31d9465de3876b1641802dd299200
704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0
72bccd36c17aa93a7bb553557626bb720be60cde2357d817bd03af6be67cf08e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3190461704d64cb2fb3bbe447902518dcc8a93536e10b7d3475b8ecb836152
8207aabbe94983e5e5b69fa93d548c4683c169ed1e603b9c5de02618df9635ac
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9ffd9148502527101428184082d3f169369aa4ba51720bd2eef686fc06571bfd
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a5951034ffba6569ef62befc21854c90cd987f3935bf1826e5455ed47eecb5e2
b25cddc0004ee2c686bc507ef85ddc5d62031a44023ae370a87932271605b5ad
c852b1105eb000028e9b27677996f8d4773daa31fa1aaf663cb6ae3a6857a50a
d7302d2a6158e5fefdd335929f59a4808fb274974dadb3f7f79758ce68873c32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f40dd25da52b36defc2d9f8b8dfe81552b48e2cc1864a464c9d6241839fecc63
f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da
f5acf7d96c28afbd497678b39d0fd4dff1042860220f800c918aa388c8e31d98
f5d13c67089bf5cdbb1b349183598ba8df4dd95a9cf3187e9fd4172f5f5c36fe
f89934ac0709430477b8a664f72035461a08e79aab91944d71d695660d810c13
f9416075e7fcbf851592d8b61cea090aefb52bdc29f5c911d8893f9849269297
fb9b509d020c4c45ad497de7c4f7d1b22b4e7dc62339927fbf7e32e227932cb7