pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Effective URL:
https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Submission: On February 02 via api (February 2nd 2024, 9:31:48 pm UTC) from US — Scanned from US

Summary HTTP 39 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 1 countries across 14 domains to perform 39 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev.
TLS certificate: Issued by E1 on December 9th 2023. Valid for: 3 months.

This is the only time pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2600:141b:1c0... 2600:141b:1c00:8::1728:b347	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:823::200a	15169 (GOOGLE) (GOOGLE)
1	144.2.9.2 144.2.9.2	14413 (LINKEDIN) (LINKEDIN)
2	2607:f8b0:400... 2607:f8b0:4004:c08::54	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:50::16 2620:1ec:50::16	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2011	15169 (GOOGLE) (GOOGLE)
4	3.233.143.239 3.233.143.239	14618 (AMAZON-AES) (AMAZON-AES)
2 2	142.250.176.194 142.250.176.194	15169 (GOOGLE) (GOOGLE)
2 2	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:816::2004	15169 (GOOGLE) (GOOGLE)
2 2	142.251.40.130 142.251.40.130	15169 (GOOGLE) (GOOGLE)
39	14

7 2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:141b:1c00:8::1728:b347 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

static.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
platform.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::200a (United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.2.9.2 (United States)

ASN14413 (LINKEDIN, US)

ponf.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::54 (Ashburn, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:50::16 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2011 (United States)

ASN15169 (GOOGLE, US)

csp.withgoogle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.233.143.239 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-143-239.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lnkd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.176.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::2002 (United States) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:816::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.130 (Queens, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	licdn.com static.licdn.com — Cisco Umbrella Rank: 2308	286 KB
7	r2.dev pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev	141 KB
6	linkedin-ei.com ponf.linkedin-ei.com www.linkedin-ei.com platform.linkedin-ei.com	52 KB
4	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260	3 KB
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 239 lnkd.demdex.net — Cisco Umbrella Rank: 5374	6 KB
4	google.com accounts.google.com — Cisco Umbrella Rank: 23 www.google.com — Cisco Umbrella Rank: 2	3 KB
2	googleadservices.com 2 redirects www.googleadservices.com — Cisco Umbrella Rank: 145	1 KB
2	gstatic.com ssl.gstatic.com	41 KB
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 3538	29 KB
1	withgoogle.com csp.withgoogle.com — Cisco Umbrella Rank: 424
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 369	30 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1019	14 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	24 KB
39	14

	Domain	Requested by
9	static.licdn.com	pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev static.licdn.com
7	pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev	static.licdn.com
3	platform.linkedin-ei.com	static.licdn.com platform.linkedin-ei.com
2	cm.g.doubleclick.net	2 redirects
2	lnkd.demdex.net	platform.linkedin-ei.com
2	www.google.com
2	googleads.g.doubleclick.net	2 redirects
2	www.googleadservices.com	2 redirects
2	dpm.demdex.net	platform.linkedin-ei.com
2	ssl.gstatic.com	accounts.google.com
2	www.linkedin-ei.com	static.licdn.com
2	accounts.google.com	static.licdn.com
1	platform.linkedin.com	platform.linkedin-ei.com
1	csp.withgoogle.com	pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
1	ponf.linkedin-ei.com
1	ajax.googleapis.com	pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
1	maxcdn.bootstrapcdn.com	pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
1	cdnjs.cloudflare.com	pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
1	code.jquery.com	pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
39	19

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2023-12-09` - `2024-03-08`	3 months	crt.sh
static-exp1.licdn.com DigiCert SHA2 Secure Server CA	`2023-03-17` - `2024-03-19`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-01-28` - `2024-04-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
ponf.linkedin-ei.com DigiCert SHA2 Secure Server CA	`2023-02-21` - `2024-02-20`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.linkedin-ei.com DigiCert SHA2 Secure Server CA	`2023-11-07` - `2024-05-07`	6 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.appspot.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Frame ID: DC5AE03A94077E578B784235EB641865
Requests: 32 HTTP requests in this frame

Frame: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_503988_116229&as=9IIx4Ai%2B5vB%2BpG%2FQ3XqECA&hl=en_US
Frame ID: 95383AE3B90991B30B79DA04968A5960
Requests: 4 HTTP requests in this frame

Frame: https://lnkd.demdex.net/dest5.html?d_nsid=0
Frame ID: 25EE7DF8C7E36FAC88110FEF44BAF563
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LinkedIn Login, Sign in | LinkedIn

Page URL History Show full URLs

http://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html HTTP 307
https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

90 %
HTTPS

75 %
IPv6

14
Domains

19
Subdomains

14
IPs

1
Countries

631 kB
Transfer

1946 kB
Size

13
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html HTTP 307
https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31

https://www.googleadservices.com/pagead/conversion/979305453/?random=1706909505152&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&ocp_id=QV-9ZZC7DsWaoPMPzL-F8Aw&sscte=1&crd=CIK9sQII7LuxAg&pscrd=IhMI0N_ktc2NhAMVRQ1oCB3MXwHOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAg HTTP 302
https://www.google.com/pagead/1p-conversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQII7LuxAg&pscrd=IhMI0N_ktc2NhAMVRQ1oCB3MXwHOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAg&is_vtc=1&ocp_id=QV-9ZZC7DsWaoPMPzL-F8Aw&cid=CAQSGwAvHhf_DzEW1sEfLFk3EpM5nP5A50ry3mw-gg&random=1245222692&resp=GooglemKTybQhCsO

Request Chain 32

https://www.googleadservices.com/pagead/conversion/979305453/?random=1706909505153&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&ocp_id=QV-9Zce2Ds2aoPMPqPaoyAI&sscte=1&crd=CIK9sQI&pscrd=IhMIh9vktc2NhAMVTQ1oCB0oOwop HTTP 302
https://www.google.com/pagead/1p-conversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQI&pscrd=IhMIh9vktc2NhAMVTQ1oCB0oOwop&is_vtc=1&ocp_id=QV-9Zce2Ds2aoPMPqPaoyAI&cid=CAQSGwAvHhf_PtPfgyE0hTfAobIXUWnhhavYjgqapg&random=4111158656&resp=GooglemKTybQhCsO

Request Chain 35

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjY5ODQxNTExODE3MTcxODE4NjM2MTQ2NzA0NTE4ODg3MDE0NDc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NjY5ODQxNTExODE3MTcxODE4NjM2MTQ2NzA0NTE4ODg3MDE0NDc=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHSUGojxvyqW7nmYoamehs8&google_cver=1?gdpr=0&gdpr_consent=

39 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request indexmex.html Show response
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
Redirect Chain

http://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

41 KB
41 KB

262ms
165ms

Document
text/html

2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 158fd030801513067f2544e8bfc65e9f2af3eb54422907406d18276a61c38748

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
CF-RAY: 84f58aec0f6d4bd3-BUF
Connection: keep-alive
Content-Length: 41996
Content-Type: text/html
Date: Fri, 02 Feb 2024 21:31:43 GMT
ETag: "97026c31375b33f52a1d4499e7985ea7"
Last-Modified: Thu, 01 Feb 2024 14:07:19 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Non-Authoritative-Reason: HSTS

GET
H2 200 1sjpgjk18flzq8du4cxjl13ch
static.licdn.com/sc/h/ 273 KB
24 KB 168ms
33ms Stylesheet
text/css 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/1sjpgjk18flzq8du4cxjl13ch

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

7c3190461704d64cb2fb3bbe447902518dcc8a93536e10b7d3475b8ecb836152

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT, TCP_HIT, TCP_HIT
content-length: 24081
x-li-uuid: AAYOpYq2TjJl39Ms/Ovi5w==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-lor1-x
content-type: text/css
x-li-fabric: prod-lor1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-fs-uuid: 00060ea58ab64e3265dfd32cfcebe2e7
expires: Fri, 10 Jan 2025 06:20:19 GMT

GET
H2 200 aoyniy4z81voytvhok68uu3ia Show response
static.licdn.com/sc/h/ 254 KB
56 KB 226ms
91ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

44925f9bdebd7dadd2e05e034c457104b510f8038f37af31bd841b7c00db0aaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
content-length: 57081
x-li-uuid: AAYQUrIhfEURvCqriQ8iJg==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-lor1-x
content-type: text/javascript
x-li-fabric: prod-lor1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-fs-uuid: 00061052b2217c4511bc2aab890f2226
expires: Fri, 31 Jan 2025 14:20:22 GMT

GET
H2 200 ei1ryhlrbku41e394oskcxugy Show response
static.licdn.com/sc/h/ 93 KB
27 KB 172ms
38ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

a5951034ffba6569ef62befc21854c90cd987f3935bf1826e5455ed47eecb5e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT, TCP_HIT
content-length: 26966
x-li-uuid: AAYODnswX17ps4TKZGK1nQ==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-ltx1-x
content-type: text/javascript
x-li-fabric: prod-ltx1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-fs-uuid: 00060e0e7b305f5ee9b384ca6462b59d
expires: Thu, 02 Jan 2025 18:06:59 GMT

GET
H2 200 473v2cdto9klp3y6gfjcs28u2 Show response
static.licdn.com/sc/h/ 74 KB
16 KB 189ms
55ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/473v2cdto9klp3y6gfjcs28u2

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

fb9b509d020c4c45ad497de7c4f7d1b22b4e7dc62339927fbf7e32e227932cb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT
content-length: 15685
x-li-uuid: AAYHY8Vc649nBWY0T+c3kw==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-lor1-x
content-type: text/javascript
x-li-fabric: prod-lor1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-fs-uuid: 00060763c55ceb8f670566344fe73793
expires: Wed, 09 Oct 2024 21:55:54 GMT

GET
H2 200 ccg6j0toh362m9pa9exs90nin Show response
static.licdn.com/sc/h/ 2 KB
1 KB 176ms
42ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/ccg6j0toh362m9pa9exs90nin

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

72bccd36c17aa93a7bb553557626bb720be60cde2357d817bd03af6be67cf08e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT, TCP_HIT, TCP_HIT
content-length: 776
x-li-uuid: AAYIbIY3W2aimBCx49o4Ng==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-lva1-x
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: text/javascript
x-li-fabric: prod-lva1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-fs-uuid: 0006086c86375b66a29810b1e3da3836
expires: Wed, 23 Oct 2024 01:47:41 GMT

GET
H2 200 9khh7n0e2ss763aeozygh9d7 Show response
static.licdn.com/sc/h/ 244 KB
63 KB 196ms
62ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/9khh7n0e2ss763aeozygh9d7

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

f5d13c67089bf5cdbb1b349183598ba8df4dd95a9cf3187e9fd4172f5f5c36fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT, TCP_HIT
content-length: 64201
x-li-uuid: AAYODnswcg0yPs4YDgl9BQ==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-lor1-x
content-type: text/javascript
x-li-fabric: prod-lor1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-fs-uuid: 00060e0e7b30720d323ece180e097d05
expires: Thu, 02 Jan 2025 18:06:59 GMT

GET
H2 200 179r7h6dytjlclq68a906sd4s Show response
static.licdn.com/sc/h/ 72 KB
22 KB 219ms
86ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

f89934ac0709430477b8a664f72035461a08e79aab91944d71d695660d810c13

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT, TCP_HIT
content-length: 22037
x-li-uuid: AAYKSl+ThSDWcSjc8FRgHQ==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-ltx1-x
content-type: text/javascript
x-li-fabric: prod-ltx1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-fs-uuid: 00060a4a5f938520d67128dcf054601d
expires: Fri, 15 Nov 2024 19:53:27 GMT

GET
H2 200 jquery-3.2.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 124ms
28ms Script
application/javascript 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
Origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 12005705
x-cache: HIT, HIT
content-length: 23856
x-served-by: cache-lga21963-LGA, cache-ewr18161-EWR
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1706909504.640788,VS0,VE0
etag: W/"28feccc0-10fdd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 32, 20479

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 94ms
35ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
Origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 262200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y31tCH7ual8nn1PomPcmmgJ%2Fbzit0lKwPGkb3BOQkZsSutBUmbkX2%2BcPjk02vwV%2Bldg4WY7rHJTH5F2pf9l6rhAHb98lKysGu2qcDdK64UmX8XAl%2BCAVS0znWQ3hkdTFwY0r7Gqm%2B9b36vu42P1yrRd5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 84f58aed8e9d4bbb-BUF
expires: Wed, 22 Jan 2025 21:31:43 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
14 KB 96ms
35ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
Origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 845
age: 327
cdn-cachedat: 01/15/2024 23:55:45
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 9c2b953e36b3087d604ef710a22c1161
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 84f58aed8ee44bd5-BUF
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 82ms
24ms Script
text/javascript 2607:f8b0:4006:823::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 05:29:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144140
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Jan 2025 05:29:23 GMT

POST
H/1.1 401
Unauthorized track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ 16 KB
17 KB 42ms
42ms Ping
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 02 Feb 2024 21:31:43 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 84f58aeea99c4bd3-BUF
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 4k6diadsezedadhkq4uxfxss1 Show response
static.licdn.com/sc/h/ 182 KB
63 KB 33ms
32ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.licdn.com/sc/h/4k6diadsezedadhkq4uxfxss1
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 6101eea4239ded7503b74732d078de0de0e31d9465de3876b1641802dd299200

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT
content-length: 63716
x-li-uuid: AAXij7nwXV0S0TqB+PWubQ==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-ltx1-x
content-type: text/javascript
x-li-fabric: prod-ltx1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-datastream-cache-status: 1
x-fs-uuid: 0005e28fb9f05d5d12d13a81f8f5ae6d
expires: Thu, 29 Jun 2023 05:50:11 GMT

GET
H2 200 1gpe377m8n1eq73qveizv5onv Show response
static.licdn.com/sc/h/ 38 KB
13 KB 39ms
38ms Script
text/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.licdn.com/sc/h/1gpe377m8n1eq73qveizv5onv
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: c852b1105eb000028e9b27677996f8d4773daa31fa1aaf663cb6ae3a6857a50a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:43 GMT
content-encoding: br
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-cdn-proto: HTTP2
remote-cache-status: TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT, TCP_HIT
content-length: 13154
x-li-uuid: AAXynppAipLBs77cbMTQyg==
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
server: Play
x-li-pop: prod-lva1-x
content-type: text/javascript
x-li-fabric: prod-lva1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
cache-control: max-age=31536000, immutable
x-li-proto: http/1.1
x-li-static-content: 1
timing-allow-origin: *
x-datastream-cache-status: 1
x-fs-uuid: 0005f29e9a408a92c1b3bedc6cc4d0ca
expires: Fri, 19 Jan 2024 14:18:10 GMT

GET
H2 502 tracking.png
ponf.linkedin-ei.com/pixel/ 0
0 359ms
84ms Image
text/html 144.2.9.2
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ponf.linkedin-ei.com/pixel/tracking.png?reqid=7d056f0c-37f2-4e97-90cd-719b66aef638&pageInstance=urn%3Ali%3Apage%3Acheckpoint_lg_login_default%3BkSqpbD+0TKWDvB+pHJsBfQ%3D%3D&js=enabled
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.2.9.2 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H2 403 button Show response
accounts.google.com/gsi/ Frame 9538 1 KB
1 KB 179ms
57ms Document
text/html 2607:f8b0:4004:c08::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_503988_116229&as=9IIx4Ai%2B5vB%2BpG%2FQ3XqECA&hl=en_US

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/4k6diadsezedadhkq4uxfxss1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::54 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8207aabbe94983e5e5b69fa93d548c4683c169ed1e603b9c5de02618df9635ac

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http script-src 'report-sample' 'nonce-pZIZNW0qfFkBeN1pUSloCw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http script-src 'report-sample' 'nonce-pZIZNW0qfFkBeN1pUSloCw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Feb 2024 21:31:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 403 status Show response
accounts.google.com/gsi/ 37 B
969 B 177ms
56ms XHR
application/json 2607:f8b0:4004:c08::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=9IIx4Ai%2B5vB%2BpG%2FQ3XqECA

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/4k6diadsezedadhkq4uxfxss1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::54 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4482ee5d94028a15ed58db9ebdb13545162c65ec62295fa5679a686e57599304

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-omgL4x5FXL7Spn35LAaPaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:44 GMT
content-security-policy: script-src 'report-sample' 'nonce-omgL4x5FXL7Spn35LAaPaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
x-content-type-options: nosniff
content-encoding: gzip
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 401
Unauthorized track Show response
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ 16 KB
17 KB 104ms
104ms XHR
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Csrf-Token
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: application/json

Response headers

Date: Fri, 02 Feb 2024 21:31:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 84f58af07b5c4bd3-BUF
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

OPTIONS
H2 999 apfcDf
www.linkedin-ei.com/platform-telemetry/li/ Frame 0
0 370ms
264ms Preflight
text/html 2620:1ec:50::16
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin-ei.com/platform-telemetry/li/apfcDf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:50::16 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-length: 2109
content-type: text/html
date: Fri, 02 Feb 2024 21:31:43 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
x-cache: CONFIG_NOCACHE
x-li-fabric: ei-ltx1
x-li-pop: afd-ei-ltx1-x
x-li-proto: http/2
x-li-uuid: AAYQbNas3ItWM9s+zfHXig==
x-msedge-ref: Ref A: A5A7DCDA0E4343C288C65C57E207D734 Ref B: NYCEDGE1707 Ref C: 2024-02-02T21:31:44Z

POST apfcDf
www.linkedin-ei.com/platform-telemetry/li/ 0
0

GET
H2 200 m=credential_button_library
ssl.gstatic.com/_/gsi/_/ss/k=gsi.gsi.ZYtlUg6-m0E.L.W.O/am=gCRU/d=1/rs=AF0KOtVKiB9YLYfgOfO25WmKpMR_o1doWA/ Frame 9538 7 KB
2 KB 80ms
25ms Stylesheet
text/css 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/_/gsi/_/ss/k=gsi.gsi.ZYtlUg6-m0E.L.W.O/am=gCRU/d=1/rs=AF0KOtVKiB9YLYfgOfO25WmKpMR_o1doWA/m=credential_button_library

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_503988_116229&as=9IIx4Ai%2B5vB%2BpG%2FQ3XqECA&hl=en_US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ffd9148502527101428184082d3f169369aa4ba51720bd2eef686fc06571bfd

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 01 Feb 2024 09:26:32 GMT
age: 129912
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1737
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 04:17:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="csi-web-eng"
vary: Accept-Encoding
report-to: {"group":"csi-web-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/csi-web-eng"}]}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 Jan 2025 09:26:32 GMT

GET
H2 200 m=credential_button_library Show response
ssl.gstatic.com/_/gsi/_/js/k=gsi.gsi.en_US.M_CNsb_gUWk.O/am=ACRU/d=1/rs=AF0KOtXAk2ip7xgOCEpWN6p853wDt5tZdw/ Frame 9538 105 KB
39 KB 80ms
26ms Script
text/javascript 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/_/gsi/_/js/k=gsi.gsi.en_US.M_CNsb_gUWk.O/am=ACRU/d=1/rs=AF0KOtXAk2ip7xgOCEpWN6p853wDt5tZdw/m=credential_button_library

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f40dd25da52b36defc2d9f8b8dfe81552b48e2cc1864a464c9d6241839fecc63

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 01 Feb 2024 09:36:55 GMT
age: 129289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39596
x-xss-protection: 0
last-modified: Sat, 27 Jan 2024 02:16:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="csi-web-eng"
vary: Accept-Encoding
report-to: {"group":"csi-web-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/csi-web-eng"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 Jan 2025 09:36:55 GMT

POST
H2 204 identity-sign-in-google-http
csp.withgoogle.com/csp/ Frame 9538 0
0 151ms
51ms Other
text/html 2607:f8b0:4006:81d::2011
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.withgoogle.com/csp/identity-sign-in-google-http
Requested by: Host: pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2011 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H/1.1 401
Unauthorized track Show response
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ 16 KB
17 KB 39ms
38ms XHR
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/aoyniy4z81voytvhok68uu3ia
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Csrf-Token
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: application/json

Response headers

Date: Fri, 02 Feb 2024 21:31:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 84f58af13bf54bd3-BUF
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 user Show response
www.linkedin-ei.com/litms/api/metadata/ 342 B
2 KB 177ms
114ms XHR
application/json 2620:1ec:50::16
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin-ei.com/litms/api/metadata/user

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:50::16 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f5acf7d96c28afbd497678b39d0fd4dff1042860220f800c918aa388c8e31d98

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-uri https://www.linkedin.com/security/csp?f=nh
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-uri https://www.linkedin.com/security/csp?f=nh
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
date: Fri, 02 Feb 2024 21:31:44 GMT
x-cache: CONFIG_NOCACHE
content-length: 222
x-li-uuid: AAYQbNa0D5njMp37zgi9mA==
pragma: no-cache
x-li-pop: afd-ei-ltx1-x
x-msedge-ref: Ref A: 6DB065E531484CBCB3B40251CE03E0B5 Ref B: NYCEDGE1306 Ref C: 2024-02-02T21:31:44Z
vary: Origin,Accept-Encoding
x-frame-options: sameorigin
content-type: application/json
access-control-allow-origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
x-li-fabric: ei-ltx1
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 utag.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 137 KB
43 KB 195ms
30ms Script
application/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1706909400000

Requested by

Host: static.licdn.com
URL: https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

d7302d2a6158e5fefdd335929f59a4808fb274974dadb3f7f79758ce68873c32

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
content-length: 43586
x-li-uuid: AAYQbNUGw5WihlEgwdzqlw==
last-modified: Thu, 01 Feb 2024 16:31:24 GMT
server: Play
x-li-pop: ei-ltx1-x
etag: "3b20fea180392539016fa05debc693adfb3a2926"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
x-li-fabric: ei-ltx1
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-li-proto: http/1.1
accept-ranges: bytes

GET
H2 200 id Show response
dpm.demdex.net/ 440 B
989 B 159ms
38ms XHR
application/json 3.233.143.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=14215E3D5995C57C0A495C55%40AdobeOrg&d_nsid=0&ts=1706909505014

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1706909400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.233.143.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-233-143-239.compute-1.amazonaws.com

Software

Resource Hash

f9416075e7fcbf851592d8b61cea090aefb52bdc29f5c911d8893f9849269297

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-2-v053-037bdb008.edge-va6.demdex.com 1 ms
pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: icObRGeWT04=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 365
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 utag.107.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 9 KB
4 KB 42ms
42ms Script
application/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.107.js?utv=ut4.51.202312140925

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1706909400000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
content-length: 3147
x-li-uuid: AAYQVQxYx40bNDH2UjtbxA==
last-modified: Thu, 01 Feb 2024 16:31:24 GMT
server: Play
x-li-pop: ei-ltx1-x
etag: "b17548c19f0f99982881ba423b94c9b30d7d1d56"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
x-li-fabric: ei-ltx1
cache-control: max-age=300
x-li-proto: http/1.1
accept-ranges: bytes

GET
H2 200 utag.117.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 9 KB
3 KB 42ms
41ms Script
application/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.117.js?utv=ut4.51.202312140925

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1706909400000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

013b4c45c5a0cb7da23d2941ec7d94f323a9dd5306c3d3951223b92109e5dc7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:31:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
content-length: 2998
x-li-uuid: AAYQVQxY6Y0T3gF4/40Pdw==
last-modified: Thu, 01 Feb 2024 16:31:24 GMT
server: Play
x-li-pop: ei-ltx1-x
etag: "728acf3d9d9ff5d5abde481b314bc7758c321ed4"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
x-li-fabric: ei-ltx1
cache-control: max-age=300
x-li-proto: http/1.1
accept-ranges: bytes

POST
H/1.1 401
Unauthorized track Show response
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ 16 KB
17 KB 38ms
38ms XHR
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/ei1ryhlrbku41e394oskcxugy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Csrf-Token
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: application/json

Response headers

Date: Fri, 02 Feb 2024 21:31:45 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 84f58af678744bd3-BUF
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 gtag-adwords.js Show response
platform.linkedin.com/litms/vendor/google/ 78 KB
29 KB 71ms
32ms Script
application/javascript 2600:141b:1c00:8::1728:b347
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/litms/vendor/google/gtag-adwords.js?id=AW-979305453

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1706909400000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:8::1728:b347 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 782, 782
date: Fri, 02 Feb 2024 21:31:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0, 7
content-length: 29593
x-li-uuid: AAYM6C9SmODvt0kx+kPmDw==
last-modified: Tue, 19 Dec 2023 23:12:46 GMT
server: Play
x-li-pop: prod-lor1-x
etag: "009df37990c0e61602587d7e64f687391f655eb4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-li-fabric: prod-lor1
cache-control: max-age=2628000
x-li-proto: http/1.1
accept-ranges: bytes

GET
H2

200

/
www.google.com/pagead/1p-conversion/979305453/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/979305453/?random=1706909505152&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=12...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQ...
https://www.google.com/pagead/1p-conversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=160...

42 B
455 B

181ms
44ms

Image
image/gif

2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQII7LuxAg&pscrd=IhMI0N_ktc2NhAMVRQ1oCB3MXwHOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAg&is_vtc=1&ocp_id=QV-9ZZC7DsWaoPMPzL-F8Aw&cid=CAQSGwAvHhf_DzEW1sEfLFk3EpM5nP5A50ry3mw-gg&random=1245222692&resp=GooglemKTybQhCsO

Protocol

Server

2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/979305453/?random=1654958382&cv=9&fst=1706909505152&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQII7LuxAg&pscrd=IhMI0N_ktc2NhAMVRQ1oCB3MXwHOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAg&is_vtc=1&ocp_id=QV-9ZZC7DsWaoPMPzL-F8Aw&cid=CAQSGwAvHhf_DzEW1sEfLFk3EpM5nP5A50ry3mw-gg&random=1245222692&resp=GooglemKTybQhCsO
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.com/pagead/1p-conversion/979305453/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/979305453/?random=1706909505153&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=12...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQh...
https://www.google.com/pagead/1p-conversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600...

42 B
108 B

182ms
45ms

Image
image/gif

2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQI&pscrd=IhMIh9vktc2NhAMVTQ1oCB0oOwop&is_vtc=1&ocp_id=QV-9Zce2Ds2aoPMPqPaoyAI&cid=CAQSGwAvHhf_PtPfgyE0hTfAobIXUWnhhavYjgqapg&random=4111158656&resp=GooglemKTybQhCsO

Protocol

Server

2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/979305453/?random=940583209&cv=9&fst=1706909505153&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=3&u_nmime=4&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fpub-afefbd42172b4962b6a81b41b8d10b31.r2.dev%2Findexmex.html&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ct_cookie_present=false&sscte=1&crd=CIK9sQI&pscrd=IhMIh9vktc2NhAMVTQ1oCB0oOwop&is_vtc=1&ocp_id=QV-9Zce2Ds2aoPMPqPaoyAI&cid=CAQSGwAvHhf_PtPfgyE0hTfAobIXUWnhhavYjgqapg&random=4111158656&resp=GooglemKTybQhCsO
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dest5.html Show response
lnkd.demdex.net/ Frame 25EE 7 KB
3 KB 87ms
36ms Document
text/html 3.233.143.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/dest5.html?d_nsid=0

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1706909400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.233.143.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-233-143-239.compute-1.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Fri, 02 Feb 2024 21:31:45 GMT
dcs: dcs-prod-va6-2-v053-0d1df410a.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Sun, 12 Nov 2023 20:32:56 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: 9zsuCLHwRYo=

POST
H2 200 event Show response
lnkd.demdex.net/ 345 B
921 B 89ms
41ms XHR
application/json 3.233.143.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/event?d_dil_ver=9.4&_ts=1706909505018

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1706909400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.233.143.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-233-143-239.compute-1.amazonaws.com

Software

Resource Hash

b25cddc0004ee2c686bc507ef85ddc5d62031a44023ae370a87932271605b5ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-2-v053-0e24680df.edge-va6.demdex.com 5 ms
pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: wFA04v/TRSM=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 298
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

ibs:dpid=771&dpuuid=CAESEHSUGojxvyqW7nmYoamehs8&google_cver=1
dpm.demdex.net/ Frame 25EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NjY5ODQxNTExODE3MTcxODE4NjM2MTQ2NzA0NTE4ODg3MDE0NDc=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NjY5ODQxNTExODE3MTcxODE4NjM2MTQ2NzA0NTE4ODg3MDE0NDc=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHSUGojxvyqW7nmYoamehs8&google_cver=1?gdpr=0&gdpr_consent=

42 B
716 B

39ms
38ms

Image
image/gif

3.233.143.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHSUGojxvyqW7nmYoamehs8&google_cver=1?gdpr=0&gdpr_consent=

Protocol

Server

3.233.143.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-233-143-239.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lnkd.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v053-07861c496.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: BKQlCeyVT6g=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 02 Feb 2024 21:31:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHSUGojxvyqW7nmYoamehs8&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 401
Unauthorized track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ 16 KB
17 KB 38ms
37ms Ping
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 02 Feb 2024 21:31:45 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 84f58afb1d284bd3-BUF
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

POST
H/1.1 401
Unauthorized track
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/ 16 KB
17 KB 39ms
38ms Ping
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track
Requested by: Host: static.licdn.com
URL: https://static.licdn.com/sc/h/179r7h6dytjlclq68a906sd4s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7

Request headers

Referer: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 02 Feb 2024 21:31:47 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 84f58b0798664bd3-BUF
Content-Length: 16794
Vary: Accept-Encoding
Content-Type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.linkedin-ei.com
URL: https://www.linkedin-ei.com/platform-telemetry/li/apfcDf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.linkedin-ei.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: ajax:7341666604528374772
.linkedin-ei.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin-ei.com/	1970-01-21 02:54:05	Name: bcookie Value: "v=2&f8b9574a-ec7b-4e8c-87a9-63a1eac9e7cc"
.www.linkedin-ei.com/	1970-01-21 02:54:05	Name: bscookie Value: "v=1&20240202213144be465a45-6af2-4e6f-897f-663ddc2cd391AQH5n2CLfqOMHubDBzYtID-JQIP6IWoT"
.linkedin-ei.com/	1970-01-20 22:27:41	Name: li_gc Value: MTswOzE3MDY5MDk1MDQ7MTswMjEYJG+LhKqxEChNVmbPH81rapxWtxIQf6x3wkHZY0xjBw==
.linkedin-ei.com/	1970-01-20 18:09:55	Name: lidc Value: "b=ETGST04:s=ET:r=ET:a=ET:p=ET:g=119:u=1:x=1:i=1706909504:t=1706995904:v=2:sig=AQE_BV7JFPmbEbXiraToG5-trNER2g_d"
.demdex.net/	1970-01-20 22:27:41	Name: demdex Value: 66984151181717181863614670451888701447
.pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/	1969-12-31 23:59:59	Name: AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg Value: 1
.pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/	1970-01-20 22:27:41	Name: AMCV_14215E3D5995C57C0A495C55%40AdobeOrg Value: -637568504%7CMCIDTS%7C19756%7CMCMID%7C66458025435601105613667843948402947020%7CMCAAMLH-1707514305%7C7%7CMCAAMB-1707514305%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1706916705s%7CNONE%7CvVersion%7C5.1.1
.pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/	1970-01-20 18:51:41	Name: aam_uuid Value: 66984151181717181863614670451888701447
.demdex.net/	1970-01-20 22:27:41	Name: dextp Value: 771-1-1706909505291
.doubleclick.net/	1970-01-21 03:44:29	Name: IDE Value: AHWqTUkrMi4hEgmGhGVm0cXOeYbuQIPqn9hdwUASvz5xNQp_cMtOFHLlVOyWpy4jZyY
.dpm.demdex.net/	1970-01-20 22:27:41	Name: dpm Value: 66984151181717181863614670451888701447

43 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://accounts.google.com/gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=9IIx4Ai%2B5vB%2BpG%2FQ3XqECA Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_503988_116229&as=9IIx4Ai%2B5vB%2BpG%2FQ3XqECA&hl=en_US Message: Failed to load resource: the server responded with a status of 403 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://ponf.linkedin-ei.com/pixel/tracking.png?reqid=7d056f0c-37f2-4e97-90cd-719b66aef638&pageInstance=urn%3Ali%3Apage%3Acheckpoint_lg_login_default%3BkSqpbD+0TKWDvB+pHJsBfQ%3D%3D&js=enabled Message: Failed to load resource: the server responded with a status of 502 ()
javascript	error	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Access to XMLHttpRequest at 'https://www.linkedin-ei.com/platform-telemetry/li/apfcDf' from origin 'https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.linkedin-ei.com/platform-telemetry/li/apfcDf Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/indexmex.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev/li/track Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ajax.googleapis.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
csp.withgoogle.com
dpm.demdex.net
googleads.g.doubleclick.net
lnkd.demdex.net
maxcdn.bootstrapcdn.com
platform.linkedin-ei.com
platform.linkedin.com
ponf.linkedin-ei.com
pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev
ssl.gstatic.com
static.licdn.com
www.google.com
www.googleadservices.com
www.linkedin-ei.com
www.linkedin-ei.com
142.250.176.194
142.251.40.130
144.2.9.2
2600:141b:1c00:8::1728:b347
2606:4700::6811:190e
2606:4700::6812:323
2606:4700::6812:acf
2607:f8b0:4004:c08::54
2607:f8b0:4006:809::2003
2607:f8b0:4006:816::2004
2607:f8b0:4006:81d::2011
2607:f8b0:4006:820::2002
2607:f8b0:4006:823::200a
2620:1ec:50::16
2a04:4e42::649
3.233.143.239
013b4c45c5a0cb7da23d2941ec7d94f323a9dd5306c3d3951223b92109e5dc7f
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
158fd030801513067f2544e8bfc65e9f2af3eb54422907406d18276a61c38748
4482ee5d94028a15ed58db9ebdb13545162c65ec62295fa5679a686e57599304
44925f9bdebd7dadd2e05e034c457104b510f8038f37af31bd841b7c00db0aaf
6101eea4239ded7503b74732d078de0de0e31d9465de3876b1641802dd299200
704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0
72bccd36c17aa93a7bb553557626bb720be60cde2357d817bd03af6be67cf08e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3190461704d64cb2fb3bbe447902518dcc8a93536e10b7d3475b8ecb836152
8207aabbe94983e5e5b69fa93d548c4683c169ed1e603b9c5de02618df9635ac
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9ffd9148502527101428184082d3f169369aa4ba51720bd2eef686fc06571bfd
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a5951034ffba6569ef62befc21854c90cd987f3935bf1826e5455ed47eecb5e2
b25cddc0004ee2c686bc507ef85ddc5d62031a44023ae370a87932271605b5ad
c852b1105eb000028e9b27677996f8d4773daa31fa1aaf663cb6ae3a6857a50a
d7302d2a6158e5fefdd335929f59a4808fb274974dadb3f7f79758ce68873c32
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72220408b3a3a351433a4cc02b8d3dea31bf8b6955e11d5baa7fb5655cacbe7
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f40dd25da52b36defc2d9f8b8dfe81552b48e2cc1864a464c9d6241839fecc63
f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da
f5acf7d96c28afbd497678b39d0fd4dff1042860220f800c918aa388c8e31d98
f5d13c67089bf5cdbb1b349183598ba8df4dd95a9cf3187e9fd4172f5f5c36fe
f89934ac0709430477b8a664f72035461a08e79aab91944d71d695660d810c13
f9416075e7fcbf851592d8b61cea090aefb52bdc29f5c911d8893f9849269297
fb9b509d020c4c45ad497de7c4f7d1b22b4e7dc62339927fbf7e32e227932cb7

pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

39 Requests

90 %HTTPS

75 %IPv6

14 Domains

19 Subdomains

14 IPs

1 Countries

631 kBTransfer

1946 kBSize

13 Cookies

0 Outgoing links

Page URL History

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pub-afefbd42172b4962b6a81b41b8d10b31.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

90 %
HTTPS

75 %
IPv6

14
Domains

19
Subdomains

14
IPs

1
Countries

631 kB
Transfer

1946 kB
Size

13
Cookies

39 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!