a0541710.xsph.ru Open in urlscan Pro
2a0a:2b43:a:1f43:: Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://a0541710.xsph.ru/mmn/
Submission Tags: phishing
Submission: On May 14 via api (May 14th 2021, 11:42:53 am UTC) from AU

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 12 domains to perform 32 HTTP transactions. The main IP is 2a0a:2b43:a:1f43::, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is a0541710.xsph.ru.

This is the only time a0541710.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
5	2a0a:2b43:a:1... 2a0a:2b43:a:1f43::	35278 (SPRINTHOST) (SPRINTHOST)
7	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba20	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:802::200d	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:21::16 2620:1ec:21::16	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.246.133.154 34.246.133.154	16509 (AMAZON-02) (AMAZON-02)
2	52.30.200.197 52.30.200.197	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:46::45 2620:1ec:46::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
2 2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	172.217.23.102 172.217.23.102	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2 2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
32	13

5 2a0a:2b43:a:1f43:: (Russian Federation)

ASN35278 (SPRINTHOST, RU)

a0541710.xsph.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00::210:ba20 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

static-exp1.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:6c00::210:ba0a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::16 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.133.154 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-133-154.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.200.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-200-197.eu-west-1.compute.amazonaws.com

lnkd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:46::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f102.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	linkedin-ei.com platform.linkedin-ei.com www.linkedin-ei.com	82 KB
7	licdn.com static-exp1.licdn.com	157 KB
5	doubleclick.net 5 redirects cm.g.doubleclick.net ad.doubleclick.net googleads.g.doubleclick.net	3 KB
5	xsph.ru a0541710.xsph.ru	12 KB
4	demdex.net dpm.demdex.net lnkd.demdex.net	7 KB
4	google.com 3 redirects accounts.google.com adservice.google.com www.google.com	3 KB
3	google.de adservice.google.de www.google.de	1006 B
2	googleadservices.com 2 redirects www.googleadservices.com	1 KB
2	facebook.com www.facebook.com	441 B
1	twitter.com analytics.twitter.com	581 B
1	googletagmanager.com www.googletagmanager.com	34 KB
1	linkedin.com platform.linkedin.com	29 KB
32	12

	Domain	Requested by
7	static-exp1.licdn.com	a0541710.xsph.ru static-exp1.licdn.com
6	platform.linkedin-ei.com	static-exp1.licdn.com platform.linkedin-ei.com
5	a0541710.xsph.ru	static-exp1.licdn.com
2	www.google.de
2	www.google.com	2 redirects
2	googleads.g.doubleclick.net	2 redirects
2	www.googleadservices.com	2 redirects
2	www.facebook.com
2	cm.g.doubleclick.net	2 redirects
2	lnkd.demdex.net	platform.linkedin-ei.com
2	dpm.demdex.net	platform.linkedin-ei.com
1	analytics.twitter.com
1	adservice.google.de
1	adservice.google.com	1 redirects
1	ad.doubleclick.net	1 redirects
1	www.googletagmanager.com	platform.linkedin-ei.com
1	platform.linkedin.com	platform.linkedin-ei.com
1	www.linkedin-ei.com	static-exp1.licdn.com
1	accounts.google.com	static-exp1.licdn.com
32	19

This site contains no links.

Subject Issuer	Validity	Valid
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-10-29` - `2021-08-13`	2 years	crt.sh
accounts.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.linkedin-ei.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2021-10-30`	6 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2020-07-03` - `2022-07-08`	2 years	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://a0541710.xsph.ru/mmn/
Frame ID: 131A9E042F46AB2AAF6C75277A4BE8E0
Requests: 28 HTTP requests in this frame

Frame: https://lnkd.demdex.net/dest5.html?d_nsid=0
Frame ID: 1B149C333E6CF958E578E607B4EF7DEA
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

32
Requests

69 %
HTTPS

68 %
IPv6

12
Domains

19
Subdomains

13
IPs

4
Countries

325 kB
Transfer

1116 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTMwOTAyNDQ0ODY5NDA3NjI3MDI1ODA2MDgyNDY3NDMwMjc2NjU= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTMwOTAyNDQ0ODY5NDA3NjI3MDI1ODA2MDgyNDY3NDMwMjc2NjU=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKbYFuXyHwqK6BgZDWb9Ge4&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 25

http://www.facebook.com/tr?id=1064772166942435&ev=PageView&noscript=1 HTTP 307
https://www.facebook.com/tr?id=1064772166942435&ev=PageView&noscript=1

Request Chain 27

https://ad.doubleclick.net/activity;src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F HTTP 302
https://adservice.google.com/ddm/fls/p/src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F HTTP 302
https://adservice.google.de/ddm/fls/p/src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F

Request Chain 28

https://www.googleadservices.com/pagead/conversion/979305453/?random=1620992562917&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=M2KeYJIDlMiAB5znrJgB&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYJIDlMiAB5znrJgB&cid=CAQSKQCNIrLMfLx9X-bsjAWPiPH7wY_-ps6KHAkexptw2Z3rtM4-0kB8inGY&random=2689064116&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYJIDlMiAB5znrJgB&cid=CAQSKQCNIrLMfLx9X-bsjAWPiPH7wY_-ps6KHAkexptw2Z3rtM4-0kB8inGY&random=2689064116&resp=GooglemKTybQhCsO&ipr=y

Request Chain 29

https://www.googleadservices.com/pagead/conversion/979305453/?random=1620992562919&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=M2KeYK4E3qbH8A_M-76YAw&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYK4E3qbH8A_M-76YAw&cid=CAQSKQCNIrLMzhcoM81zcUx0x_lpgaXb8MFmYeIkNXnX-zPOyfwQJf9E-Jzp&random=4158494258&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYK4E3qbH8A_M-76YAw&cid=CAQSKQCNIrLMzhcoM81zcUx0x_lpgaXb8MFmYeIkNXnX-zPOyfwQJf9E-Jzp&random=4158494258&resp=GooglemKTybQhCsO&ipr=y

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
a0541710.xsph.ru/mmn/ 29 KB
10 KB 196ms
155ms Document
text/html 2a0a:2b43:a:1f43::
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://a0541710.xsph.ru/mmn/
Protocol: HTTP/1.1
Server: 2a0a:2b43:a:1f43:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: dbd95328a9064a9387a2a0c76eedc5f73b37abb55b0775dc20821a37455dfd40

Request headers

Host: a0541710.xsph.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: phishfarmer
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: phishfarmer

Response headers

Server: openresty
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 14 May 2021 05:17:59 GMT
ETag: W/"757f-5c2435e09b193"
Content-Encoding: gzip

GET
H/1.1 200
OK 23t875yutz38n5nlan6z9goyj Show response
static-exp1.licdn.com/sc/h/ 127 KB
32 KB 46ms
30ms Script
text/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/23t875yutz38n5nlan6z9goyj
Requested by: Host: a0541710.xsph.ru
URL: http://a0541710.xsph.ru/mmn/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 60766ddd238e790b350fb55a1693d68678fdc852973e37814093dfa5fb6e2ab0

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

X-LI-Proto: http/1.1
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Encoding: br
Content-Type: text/javascript
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: AKAM
X-CDN-Proto: HTTP1
Connection: keep-alive
Content-Length: 32224
X-LI-UUID: qUNPLJSzfRYgP7qy/SoAAA==
Server: Play
Timing-Allow-Origin: *
Last-Modified: Mon, 05 Nov 2012 04:00:51 GMT
X-Li-Pop: prod-eda6
X-Li-Fabric: prod-ltx1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control: max-age=31536000, immutable
X-LI-Static-Content: 1
X-FS-UUID: a9434f2c94b37d16203fbab2fd2a0000
Expires: Tue, 10 May 2022 12:14:49 GMT

GET
H/1.1 200
OK 3kg6vh30jjgwakomzq2bsrglf Show response
static-exp1.licdn.com/sc/h/ 61 KB
19 KB 605ms
589ms Script
text/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/3kg6vh30jjgwakomzq2bsrglf
Requested by: Host: a0541710.xsph.ru
URL: http://a0541710.xsph.ru/mmn/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 70b1be1dd753c9cc6e788d5768a20756c2364c5899ae94b676f4490db8d758da

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

X-EdgeConnect-Origin-MEX-Latency: 471
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Encoding: br
Content-Type: text/javascript
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: AKAM
X-LI-Proto: http/1.1
X-EdgeConnect-MidMile-RTT: 0
X-CDN-Proto: HTTP1
Connection: keep-alive
Content-Length: 18764
X-LI-UUID: JBpNTiTsfhYwC8v51ioAAA==
Server: Play
Timing-Allow-Origin: *
Last-Modified: Mon, 05 Nov 2012 04:00:51 GMT
X-Li-Pop: prod-ech2
X-Li-Fabric: prod-lva1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control: max-age=31536000, immutable
X-LI-Static-Content: 1
X-FS-UUID: 241a4d4e24ec7e16300bcbf9d62a0000
Expires: Sat, 14 May 2022 11:42:36 GMT

GET
H/1.1 200
OK 6jblk5oqhlo45xbkmcr7s4zix Show response
static-exp1.licdn.com/sc/h/ 64 KB
14 KB 22ms
6ms Script
text/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/6jblk5oqhlo45xbkmcr7s4zix
Requested by: Host: a0541710.xsph.ru
URL: http://a0541710.xsph.ru/mmn/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 2072637eca86b31333f03dd2f363993776d87ec85be0f0970d80a08347cbe43f

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

X-LI-Proto: http/1.1
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Encoding: br
Content-Type: text/javascript
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: AKAM
X-CDN-Proto: HTTP1
Remote-Cache-Status: TCP_HIT
Connection: keep-alive
Content-Length: 13554
X-LI-UUID: BJn+vmiYdxZAN1IrmysAAA==
Server: Play
Timing-Allow-Origin: *
Last-Modified: Mon, 05 Nov 2012 04:00:51 GMT
X-Li-Pop: prod-ech2
X-Li-Fabric: prod-lva1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control: max-age=31536000, immutable
X-LI-Static-Content: 1
X-FS-UUID: 0499febe689877164037522b9b2b0000
Expires: Wed, 20 Apr 2022 14:49:26 GMT

GET
H/1.1 200
OK eifp0ukycgmm5y0uay3omxuap Show response
static-exp1.licdn.com/sc/h/ 1 KB
1 KB 21ms
6ms Script
text/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/eifp0ukycgmm5y0uay3omxuap
Requested by: Host: a0541710.xsph.ru
URL: http://a0541710.xsph.ru/mmn/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 99c52046d1df362721eb275cabcd169c7e105d0bbaf374a7c9f96ddf6c1216f2

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

X-LI-Proto: http/1.1
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Encoding: br
Content-Type: text/javascript
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: AKAM
X-CDN-Proto: HTTP1
Remote-Cache-Status: TCP_HIT, TCP_HIT
Connection: keep-alive
Content-Length: 460
X-LI-UUID: 3IcFAZCcdxbQkdMleysAAA==
Server: Play
Timing-Allow-Origin: *
Last-Modified: Mon, 05 Nov 2012 04:00:51 GMT
X-Li-Pop: prod-eda6
X-Li-Fabric: prod-ltx1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control: max-age=31536000, immutable
X-LI-Static-Content: 1
X-FS-UUID: dc870501909c7716d091d3257b2b0000
Expires: Wed, 20 Apr 2022 16:05:33 GMT

GET
H/1.1 200
OK e1huzwbdgykz7pl92bq0tb7os Show response
static-exp1.licdn.com/sc/h/ 72 KB
22 KB 40ms
25ms Script
text/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/e1huzwbdgykz7pl92bq0tb7os
Requested by: Host: a0541710.xsph.ru
URL: http://a0541710.xsph.ru/mmn/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 1443da1e0c184c7d2774238a960258a00c3c53a3e64690f0c5c706e7cabae066

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

X-LI-Proto: http/1.1
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Encoding: br
Content-Type: text/javascript
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: AKAM
X-CDN-Proto: HTTP1
Connection: keep-alive
Content-Length: 21663
X-LI-UUID: WZixK5SzfRZgNEpcryoAAA==
Server: Play
Timing-Allow-Origin: *
Last-Modified: Mon, 05 Nov 2012 04:00:51 GMT
X-Li-Pop: prod-ech2
X-Li-Fabric: prod-lva1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control: max-age=31536000, immutable
X-LI-Static-Content: 1
X-FS-UUID: 5998b12b94b37d1660344a5caf2a0000
Expires: Tue, 10 May 2022 12:14:49 GMT

GET
H/1.1 200
OK 7u070d0xjsd9qyc4skiimjhaj
static-exp1.licdn.com/sc/h/ 190 KB
18 KB 43ms
28ms Stylesheet
text/css 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/7u070d0xjsd9qyc4skiimjhaj
Requested by: Host: a0541710.xsph.ru
URL: http://a0541710.xsph.ru/mmn/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: d6781996102def45d4b34b0d1de84e0990428b4ff4982bc0e9e796e99093aa88

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

X-LI-Proto: http/1.1
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Encoding: br
Content-Type: text/css
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: AKAM
X-CDN-Proto: HTTP1
Remote-Cache-Status: TCP_HIT
Connection: keep-alive
Content-Length: 18162
X-LI-UUID: kl5Ko59neRbgNNlemisAAA==
Server: Play
Timing-Allow-Origin: *
Last-Modified: Mon, 05 Nov 2012 04:00:51 GMT
X-Li-Pop: prod-edc2
X-Li-Fabric: prod-lva1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control: max-age=31536000, immutable
X-LI-Static-Content: 1
X-FS-UUID: 925e4aa39f677916e034d95e9a2b0000
Expires: Tue, 26 Apr 2022 12:17:56 GMT

GET
H/1.1 200
OK analytics.js Show response
platform.linkedin-ei.com/js/ 60 KB
24 KB 460ms
428ms Script
text/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.linkedin-ei.com/js/analytics.js
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/e1huzwbdgykz7pl92bq0tb7os
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: bcf5b45f5d4126d37d76a88ef3bb2f8944feb1113396c3126d6a778edb873e4a

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

Date: Fri, 14 May 2021 11:42:37 GMT
Content-Encoding: gzip
NEL: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
X-CDN: AKAM
P3P: CP="CAO CUR ADM DEV PSA PSD OUR"
Connection: keep-alive
Content-Length: 23782
X-LI-UUID: pbB9ciTsfhYQyVB/gSsAAA==
Server: Play
X-Li-Pop: ei-ltx1
Vary: Accept-Encoding
Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=600
X-LI-Proto: http/1.1
X-Li-Fabric: ei-ltx1
Expires: Fri, 14 May 2021 11:52:37 GMT

GET
H/1.1 200
OK 50seqnxcfadh00enh9ffvk85k Show response
static-exp1.licdn.com/sc/h/ 181 KB
51 KB 7ms
7ms Script
text/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/50seqnxcfadh00enh9ffvk85k
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/23t875yutz38n5nlan6z9goyj
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 597c946522dec4cf136d651c70944887b7e30adfb8aa5196815b0225283e1253

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

X-LI-Proto: http/1.1
Date: Fri, 14 May 2021 11:42:36 GMT
Content-Encoding: br
Content-Type: text/javascript
X-CDN-CLIENT-IP-VERSION: IPV6
X-CDN: AKAM
X-CDN-Proto: HTTP1
Remote-Cache-Status: TCP_HIT
Connection: keep-alive
Content-Length: 51508
X-LI-UUID: xx7jjIuRdxZApsUwySoAAA==
Server: Play
Timing-Allow-Origin: *
Last-Modified: Mon, 05 Nov 2012 04:00:51 GMT
X-Li-Pop: prod-ltx1
X-Li-Fabric: prod-ltx1
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control: max-age=31536000, immutable
X-LI-Static-Content: 1
X-FS-UUID: c71ee38c8b91771640a6c530c92a0000
Expires: Wed, 20 Apr 2022 12:43:39 GMT

GET
H2 403 status Show response
accounts.google.com/gsi/ 40 B
979 B 44ms
24ms XHR
application/json 2a00:1450:4001:802::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=6khdRzq3ouM%2FiiN8GUjulQ

Requested by

Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/50seqnxcfadh00enh9ffvk85k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1bae92fe4d1b7da6b40ca2c907ea6ac37aa61dc1404f774d1993825106b91e9b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vHOC2CnILRmJrTOpTfTs8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

date: Fri, 14 May 2021 11:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: http://a0541710.xsph.ru
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-vHOC2CnILRmJrTOpTfTs8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 404
Not Found track Show response
a0541710.xsph.ru/li/ 278 B
450 B 33ms
32ms XHR
text/html 2a0a:2b43:a:1f43::
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://a0541710.xsph.ru/li/track
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/e1huzwbdgykz7pl92bq0tb7os
Protocol: HTTP/1.1
Server: 2a0a:2b43:a:1f43:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: cb97a7ed04a7e7ce094d15dacf4c0e34373426750708cbb9f34b91aeda49c12b

Request headers

Pragma: no-cache
Origin: http://a0541710.xsph.ru
Accept-Encoding: gzip, deflate
Host: a0541710.xsph.ru
Accept-Language: en-US
User-Agent: phishfarmer
Content-type: application/json
Accept: */*
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
Connection: keep-alive
Content-Length: 466
Cache-Control: no-cache
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
User-Agent: phishfarmer
Content-type: application/json

Response headers

Date: Fri, 14 May 2021 11:42:37 GMT
Server: openresty
Connection: keep-alive
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

POST
H/1.1 404
Not Found track Show response
a0541710.xsph.ru/li/ 278 B
450 B 43ms
33ms XHR
text/html 2a0a:2b43:a:1f43::
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://a0541710.xsph.ru/li/track
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/23t875yutz38n5nlan6z9goyj
Protocol: HTTP/1.1
Server: 2a0a:2b43:a:1f43:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: cb97a7ed04a7e7ce094d15dacf4c0e34373426750708cbb9f34b91aeda49c12b

Request headers

Pragma: no-cache
Origin: http://a0541710.xsph.ru
Accept-Encoding: gzip, deflate
Host: a0541710.xsph.ru
Accept-Language: en-US
User-Agent: phishfarmer
Content-type: application/json
Accept: */*
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
Connection: keep-alive
Content-Length: 581
Cache-Control: no-cache
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
User-Agent: phishfarmer
Content-type: application/json

Response headers

Date: Fri, 14 May 2021 11:42:37 GMT
Server: openresty
Connection: keep-alive
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

POST
H/1.1 404
Not Found track Show response
a0541710.xsph.ru/li/ 278 B
450 B 33ms
33ms XHR
text/html 2a0a:2b43:a:1f43::
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://a0541710.xsph.ru/li/track
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/e1huzwbdgykz7pl92bq0tb7os
Protocol: HTTP/1.1
Server: 2a0a:2b43:a:1f43:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: cb97a7ed04a7e7ce094d15dacf4c0e34373426750708cbb9f34b91aeda49c12b

Request headers

Pragma: no-cache
Origin: http://a0541710.xsph.ru
Accept-Encoding: gzip, deflate
Host: a0541710.xsph.ru
Accept-Language: en-US
User-Agent: phishfarmer
content-type: application/json
Accept: */*
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
Connection: keep-alive
Content-Length: 7936
Cache-Control: no-cache
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
User-Agent: phishfarmer
content-type: application/json

Response headers

Date: Fri, 14 May 2021 11:42:37 GMT
Server: openresty
Connection: keep-alive
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 user Show response
www.linkedin-ei.com/litms/api/metadata/ 307 B
3 KB 184ms
153ms XHR
application/json 2620:1ec:21::16
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin-ei.com/litms/api/metadata/user

Requested by

Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/3kg6vh30jjgwakomzq2bsrglf

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:21::16 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

19ed97de04c45311a7a7ae3740f30c2bc82e23098e4b8e1a744ad8414a717ba3

Security Headers

Name	Value
Content-Security-Policy	default-src ; connect-src 'self' ffi.st static.licdn-ei.com media.licdn-ei.com static-exp1.licdn-ei.com static-exp2.licdn-ei.com media-exp1.licdn-ei.com media-exp2.licdn-ei.com https://media-src.linkedin-ei.com/media/ www.linkedin.com www.linkedin-ei.com spdy.linkedin-ei.com dms.licdn-ei.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://linkedin.sc.omtrdc.net/b/ss/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; img-src data: blob: ; font-src data: ; style-src 'unsafe-inline' 'self' static-src.linkedin.com .licdn.com static-src.linkedin-ei.com .licdn-ei.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' ffi.st spdy.linkedin.com static-src.linkedin.com .ads.linkedin.com .licdn.com platform.linkedin-ei.com spdy.linkedin-ei.com static-src.linkedin-ei.com .licdn-ei.com lix.corp.linkedin.com lva1-lixr01.linkedin.biz wus2-pd-lixr1.linkedin.biz static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: ; child-src blob: lnkd-communities: voyager: ; frame-ancestors 'self' http://qa-mailbox.corp.linkedin.com; report-uri https://www.linkedin-ei.com/platform-telemetry/csp?f=l
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

content-security-policy: default-src *; connect-src 'self' ffi.st static.licdn-ei.com media.licdn-ei.com static-exp1.licdn-ei.com static-exp2.licdn-ei.com media-exp1.licdn-ei.com media-exp2.licdn-ei.com https://media-src.linkedin-ei.com/media/ www.linkedin.com www.linkedin-ei.com spdy.linkedin-ei.com dms.licdn-ei.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://linkedin.sc.omtrdc.net/b/ss/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com static-src.linkedin-ei.com *.licdn-ei.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' ffi.st spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com platform.linkedin-ei.com spdy.linkedin-ei.com static-src.linkedin-ei.com *.licdn-ei.com lix.corp.linkedin.com lva1-lixr01.linkedin.biz wus2-pd-lixr1.linkedin.biz static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' http://qa-mailbox.corp.linkedin.com; report-uri https://www.linkedin-ei.com/platform-telemetry/csp?f=l
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cache: CONFIG_NOCACHE
vary: Origin,Accept-Encoding
content-length: 208
x-li-uuid: Y5xmiSXsfhawv8iUuSoAAA==
pragma: no-cache
x-li-pop: afd-ei-ltx1
x-msedge-ref: Ref A: 52FD646294654353B2CBEE7ECF1239EE Ref B: FRAEDGE1408 Ref C: 2021-05-14T11:42:41Z
x-frame-options: sameorigin
date: Fri, 14 May 2021 11:42:41 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin-ei.com/platform-telemetry/ct"
strict-transport-security: max-age=31536000
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/json
access-control-allow-origin: http://a0541710.xsph.ru
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-li-proto: http/2
x-li-fabric: ei-ltx1
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 utag.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 129 KB
41 KB 648ms
633ms Script
application/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/3kg6vh30jjgwakomzq2bsrglf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 11f969edc62e1af1287cf6d839b2b143680e48593530b2f2a7fd8481e857112a

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

date: Fri, 14 May 2021 11:42:42 GMT
content-encoding: gzip
content-type: application/javascript; charset=utf-8
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
x-li-uuid: fC0doSXsfhYQCEt/gSsAAA==
server: Play
last-modified: Thu, 13 May 2021 21:30:50 GMT
x-li-pop: ei-ltx1
etag: "74ac4c89bec3f44c46a82ed0ed130f47c902bab3"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
x-li-fabric: ei-ltx1
cache-control: max-age=300
accept-ranges: bytes
x-li-proto: http/1.1

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 611 B
1 KB 66ms
65ms XHR
application/json 34.246.133.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=14215E3D5995C57C0A495C55%40AdobeOrg&d_nsid=0&ts=1620992562571

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.246.133.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-246-133-154.eu-west-1.compute.amazonaws.com

Software

Resource Hash

480f9b08f931b156c6a1dd67ef538b3c86590627a186d2131c7fa2a5b7a57cc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v006-02a5ca202.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 5eACWJPNTSg=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://a0541710.xsph.ru
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 454
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK utag.107.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 9 KB
4 KB 284ms
284ms Script
application/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.107.js?utv=ut4.46.202104132125
Requested by: Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

Date: Fri, 14 May 2021 11:42:42 GMT
Content-Encoding: gzip
NEL: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
X-CDN: AKAM
P3P: CP="CAO CUR ADM DEV PSA PSD OUR"
Connection: keep-alive
Content-Length: 3147
X-LI-UUID: ZTz9wCXsfhYQyVB/gSsAAA==
Server: Play
Last-Modified: Thu, 13 May 2021 21:30:50 GMT
X-Li-Pop: ei-ltx1
ETag: "5b7cddb494333c8bbcfea99e55fa75d92b4a6cfa"
Vary: Accept-Encoding
Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Accept-Ranges: bytes
X-LI-Proto: http/1.1
X-Li-Fabric: ei-ltx1

GET
H/1.1 200
OK utag.116.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 3 KB
2 KB 309ms
304ms Script
application/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.116.js?utv=ut4.46.202104132125
Requested by: Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: cd776aa311400c90accd07b01cf79a23278d85d536ecccd66b895586be32c23d

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

Date: Fri, 14 May 2021 11:42:42 GMT
Content-Encoding: gzip
NEL: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
X-CDN: AKAM
P3P: CP="CAO CUR ADM DEV PSA PSD OUR"
Connection: keep-alive
Content-Length: 1485
X-LI-UUID: Z8s6wSXsfhbAMUuVhysAAA==
Server: Play
Last-Modified: Thu, 13 May 2021 21:30:50 GMT
X-Li-Pop: ei-ltx1
ETag: "9efaf1c51e9143eae5ef761914aa15eef1639923"
Vary: Accept-Encoding
Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Accept-Ranges: bytes
X-LI-Proto: http/1.1
X-Li-Fabric: ei-ltx1

GET
H/1.1 200
OK utag.117.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 10 KB
4 KB 299ms
294ms Script
application/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.117.js?utv=ut4.46.202104132125
Requested by: Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 962d24fdaffaabc712ef425e30b013455416f8d14ddb5166482d04c89421e25d

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

Date: Fri, 14 May 2021 11:42:42 GMT
Content-Encoding: gzip
NEL: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
X-CDN: AKAM
P3P: CP="CAO CUR ADM DEV PSA PSD OUR"
Connection: keep-alive
Content-Length: 3265
X-LI-UUID: gVKJvyXsfhbAMUuVhysAAA==
Server: Play
Last-Modified: Thu, 13 May 2021 21:30:50 GMT
X-Li-Pop: ei-ltx1
ETag: "33c14fea29b6ae275a4ab3de16c5932fb86b5f10"
Vary: Accept-Encoding
Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Accept-Ranges: bytes
X-LI-Proto: http/1.1
X-Li-Fabric: ei-ltx1

GET
H/1.1 200
OK utag.118.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 7 KB
4 KB 305ms
300ms Script
application/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.118.js?utv=ut4.46.202104132125
Requested by: Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000
Protocol: HTTP/1.1
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: ec3ac9a7605b05b7f2561c35b16dab632c8252873580e6b481dbae7bdebd32f8

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

Date: Fri, 14 May 2021 11:42:42 GMT
Content-Encoding: gzip
NEL: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
X-CDN: AKAM
P3P: CP="CAO CUR ADM DEV PSA PSD OUR"
Connection: keep-alive
Content-Length: 2582
X-LI-UUID: vHdJvyXsfhaAq0eVuSoAAA==
Server: Play
Last-Modified: Thu, 13 May 2021 21:30:50 GMT
X-Li-Pop: ei-ltx1
ETag: "7dff21c6d635fc25356a13e514e27ca4996596a5"
Vary: Accept-Encoding
Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Accept-Ranges: bytes
X-LI-Proto: http/1.1
X-Li-Fabric: ei-ltx1

POST
H/1.1 404
Not Found track Show response
a0541710.xsph.ru/li/ 278 B
450 B 32ms
32ms XHR
text/html 2a0a:2b43:a:1f43::
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://a0541710.xsph.ru/li/track
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/3kg6vh30jjgwakomzq2bsrglf
Protocol: HTTP/1.1
Server: 2a0a:2b43:a:1f43:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: cb97a7ed04a7e7ce094d15dacf4c0e34373426750708cbb9f34b91aeda49c12b

Request headers

Pragma: no-cache
Origin: http://a0541710.xsph.ru
Accept-Encoding: gzip, deflate
Host: a0541710.xsph.ru
Accept-Language: en-US
User-Agent: phishfarmer
Content-type: application/json
Accept: */*
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
Cookie: AMCV_14215E3D5995C57C0A495C55%40AdobeOrg=-637568504%7CMCIDTS%7C18762%7CvVersion%7C5.1.1
Connection: keep-alive
Content-Length: 1688
Cache-Control: no-cache
Csrf-Token
Referer: http://a0541710.xsph.ru/mmn/
User-Agent: phishfarmer
Content-type: application/json

Response headers

Date: Fri, 14 May 2021 11:42:42 GMT
Server: openresty
Connection: keep-alive
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK dest5.html Show response
lnkd.demdex.net/ Frame 1B14 7 KB
3 KB 152ms
40ms Document
text/html 52.30.200.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/dest5.html?d_nsid=0

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.200.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-200-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: lnkd.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: phishfarmer
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://a0541710.xsph.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=53090244486940762702580608246743027665
Upgrade-Insecure-Requests: 1
User-Agent: phishfarmer
Referer: http://a0541710.xsph.ru/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 14 May 2021 11:42:42 GMT
DCS: dcs-prod-irl1-2-v006-0476c10d7.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Tue, 11 May 2021 11:18:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: gc5HDx0fRPQ=
Content-Length: 2791
Connection: keep-alive

POST
H/1.1 200
OK event Show response
lnkd.demdex.net/ 689 B
1 KB 167ms
51ms XHR
application/json 52.30.200.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/event?d_dil_ver=9.4&_ts=1620992562576

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.200.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-200-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

33da8c7cbdf6d103b089858e2b8dffed608ed88c986e4f51544431f570313a3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v006-0e8003c34.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: kAjD7XelRDM=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://a0541710.xsph.ru
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 467
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 gtag-adwords.js Show response
platform.linkedin.com/litms/vendor/google/ 78 KB
29 KB 28ms
10ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/litms/vendor/google/gtag-adwords.js?id=AW-979305453
Requested by: Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Play /
Resource Hash: f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

date: Fri, 14 May 2021 11:42:42 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cdn-client-ip-version: IPV6
x-cdn: AZUR
x-cache: TCP_HIT
x-cdn-proto: HTTP2
x-azure-ref-originshield: 0C3qdYAAAAAAJYUWKc7SzQItgJviIWjfGTE9OMjFFREdFMDExNgBkN2Q1MzcxZC04ZWE5LTRmYWYtYTQwNS1kMDYwMGIzNTE3NjM=
content-length: 29593
x-li-uuid: G1YNg3x6fhaAQStA0CoAAA==
server: Play
last-modified: Thu, 06 May 2021 17:59:22 GMT
x-li-pop: afd-prod-edc2
x-azure-ref: 0MmKeYAAAAAC6KpwmFiBOQpPA1y/5H68/RlJBRURHRTEwMTYAZDdkNTM3MWQtOGVhOS00ZmFmLWE0MDUtZDA2MDBiMzUxNzYz
content-type: application/javascript; charset=utf-8
cache-control: max-age=2628000
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-ltx1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
34 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-979305453

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a9990000fd0385763af6bfe9a51ce803898a18513912dc433a6ada22721ffbc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

date: Fri, 14 May 2021 11:42:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34253
x-xss-protection: 0
last-modified: Fri, 14 May 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 May 2021 11:42:42 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEKbYFuXyHwqK6BgZDWb9Ge4&google_cver=1
dpm.demdex.net/ Frame 1B14
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTMwOTAyNDQ0ODY5NDA3NjI3MDI1ODA2MDgyNDY3NDMwMjc2NjU=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTMwOTAyNDQ0ODY5NDA3NjI3MDI1ODA2MDgyNDY3NDMwMjc2NjU=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKbYFuXyHwqK6BgZDWb9Ge4&google_cver=1?gdpr=0&gdpr_consent=

42 B
975 B

48ms
47ms

Image
image/gif

34.246.133.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKbYFuXyHwqK6BgZDWb9Ge4&google_cver=1?gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.246.133.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-246-133-154.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://lnkd.demdex.net/
User-Agent: phishfarmer

Response headers

DCS: dcs-prod-irl1-1-v006-06ff4cb4b.edge-irl1.demdex.com 6.2.1.20210507120117-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: aFHK7aZxR5g=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 14 May 2021 11:42:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKbYFuXyHwqK6BgZDWb9Ge4&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

tr
www.facebook.com/
Redirect Chain

http://www.facebook.com/tr?id=1064772166942435&ev=PageView&noscript=1
https://www.facebook.com/tr?id=1064772166942435&ev=PageView&noscript=1

44 B
353 B

6ms
6ms

Image
image/gif

2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1064772166942435&ev=PageView&noscript=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

date: Fri, 14 May 2021 11:42:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 14 May 2021 11:42:42 GMT

Redirect headers

Location: https://www.facebook.com/tr?id=1064772166942435&ev=PageView&noscript=1
Non-Authoritative-Reason: HSTS

GET
H3-29 200 /
www.facebook.com/tr/ Frame 1B14 44 B
88 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136430647058082&ev=Adobe-Audience-Manager-Segment&cd[segID]=16675012&noscript=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://lnkd.demdex.net/
User-Agent: phishfarmer

Response headers

date: Fri, 14 May 2021 11:42:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 14 May 2021 11:42:42 GMT

GET
H2

200

src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F
adservice.google.de/ddm/fls/p/
Redirect Chain

https://ad.doubleclick.net/activity;src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F?
https://adservice.google.com/ddm/fls/p/src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F
https://adservice.google.de/ddm/fls/p/src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F

42 B
744 B

63ms
43ms

Image
image/gif

2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.de/ddm/fls/p/src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

pragma: no-cache
date: Fri, 14 May 2021 11:42:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 14 May 2021 11:42:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=ISO-8859-1
location: https://adservice.google.de/ddm/fls/p/src=9261636;type=ja_gsp1;cat=car_ja;ord=7633237192298;gtm=2sa3i1;auiddc=1875229835.1620992563;~oref=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/979305453/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/979305453/?random=1620992562917&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=12...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQh...
https://www.google.com/pagead/1p-conversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600...
https://www.google.de/pagead/1p-conversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&...

42 B
108 B

36ms
36ms

Image
image/gif

2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYJIDlMiAB5znrJgB&cid=CAQSKQCNIrLMfLx9X-bsjAWPiPH7wY_-ps6KHAkexptw2Z3rtM4-0kB8inGY&random=2689064116&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

pragma: no-cache
date: Fri, 14 May 2021 11:42:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 14 May 2021 11:42:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/979305453/?random=199682017&cv=9&fst=1620992562917&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYJIDlMiAB5znrJgB&cid=CAQSKQCNIrLMfLx9X-bsjAWPiPH7wY_-ps6KHAkexptw2Z3rtM4-0kB8inGY&random=2689064116&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/979305453/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/979305453/?random=1620992562919&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=12...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQ...
https://www.google.com/pagead/1p-conversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=160...
https://www.google.de/pagead/1p-conversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600...

42 B
154 B

21ms
21ms

Image
image/gif

2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYK4E3qbH8A_M-76YAw&cid=CAQSKQCNIrLMzhcoM81zcUx0x_lpgaXb8MFmYeIkNXnX-zPOyfwQJf9E-Jzp&random=4158494258&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://a0541710.xsph.ru/
User-Agent: phishfarmer

Response headers

pragma: no-cache
date: Fri, 14 May 2021 11:42:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 14 May 2021 11:42:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/979305453/?random=1420962037&cv=9&fst=1620992562919&num=1&fmt=3&npa=1&label=Kc16CMr0-_0BEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=http%3A%2F%2Fa0541710.xsph.ru%2Fmmn%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=M2KeYK4E3qbH8A_M-76YAw&cid=CAQSKQCNIrLMzhcoM81zcUx0x_lpgaXb8MFmYeIkNXnX-zPOyfwQJf9E-Jzp&random=4158494258&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 1B14 43 B
581 B 206ms
137ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_user_id=53090244486940762702580608246743027665&p_id=38594

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://lnkd.demdex.net/
User-Agent: phishfarmer

Response headers

date: Fri, 14 May 2021 11:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Fri, 14 May 2021 11:42:43 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1e44988619c82768c4e71a3cc80791ff46d5989d061c39f4670ac061b28a57c4
x-transaction: 9e02d299797195f7
expires: Tue, 31 Mar 1981 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://static-exp1.licdn.com/sc/h/50seqnxcfadh00enh9ffvk85k(Line 234) Message: [GSI_LOGGER]: The browser is not supported.
console-api	error	URL: https://static-exp1.licdn.com/sc/h/e1huzwbdgykz7pl92bq0tb7os(Line 1) Message: [object XMLHttpRequest]
console-api	error	URL: https://static-exp1.licdn.com/sc/h/23t875yutz38n5nlan6z9goyj(Line 4) Message: [object XMLHttpRequest]
console-api	error	URL: https://static-exp1.licdn.com/sc/h/3kg6vh30jjgwakomzq2bsrglf(Line 1) Message: [object XMLHttpRequest]
console-api	log	URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1620992400000(Line 8) Message: visitor.publishDestinations() result: The destination publishing iframe is already attached and loaded.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a0541710.xsph.ru
accounts.google.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
analytics.twitter.com
cm.g.doubleclick.net
dpm.demdex.net
googleads.g.doubleclick.net
lnkd.demdex.net
platform.linkedin-ei.com
platform.linkedin.com
static-exp1.licdn.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin-ei.com
104.244.42.3
142.250.186.162
172.217.16.130
172.217.23.102
2620:1ec:21::16
2620:1ec:46::45
2a00:1450:4001:801::2002
2a00:1450:4001:802::200d
2a00:1450:4001:811::2008
2a00:1450:4001:812::2002
2a00:1450:4001:829::2003
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a02:26f0:6c00::210:ba0a
2a02:26f0:6c00::210:ba20
2a03:2880:f11c:8183:face:b00c:0:25de
2a0a:2b43:a:1f43::
34.246.133.154
52.30.200.197
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11f969edc62e1af1287cf6d839b2b143680e48593530b2f2a7fd8481e857112a
1443da1e0c184c7d2774238a960258a00c3c53a3e64690f0c5c706e7cabae066
19ed97de04c45311a7a7ae3740f30c2bc82e23098e4b8e1a744ad8414a717ba3
1bae92fe4d1b7da6b40ca2c907ea6ac37aa61dc1404f774d1993825106b91e9b
2072637eca86b31333f03dd2f363993776d87ec85be0f0970d80a08347cbe43f
33da8c7cbdf6d103b089858e2b8dffed608ed88c986e4f51544431f570313a3b
480f9b08f931b156c6a1dd67ef538b3c86590627a186d2131c7fa2a5b7a57cc8
597c946522dec4cf136d651c70944887b7e30adfb8aa5196815b0225283e1253
60766ddd238e790b350fb55a1693d68678fdc852973e37814093dfa5fb6e2ab0
704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0
70b1be1dd753c9cc6e788d5768a20756c2364c5899ae94b676f4490db8d758da
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
962d24fdaffaabc712ef425e30b013455416f8d14ddb5166482d04c89421e25d
99c52046d1df362721eb275cabcd169c7e105d0bbaf374a7c9f96ddf6c1216f2
a9990000fd0385763af6bfe9a51ce803898a18513912dc433a6ada22721ffbc4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
bcf5b45f5d4126d37d76a88ef3bb2f8944feb1113396c3126d6a778edb873e4a
cb97a7ed04a7e7ce094d15dacf4c0e34373426750708cbb9f34b91aeda49c12b
cd776aa311400c90accd07b01cf79a23278d85d536ecccd66b895586be32c23d
d6781996102def45d4b34b0d1de84e0990428b4ff4982bc0e9e796e99093aa88
dbd95328a9064a9387a2a0c76eedc5f73b37abb55b0775dc20821a37455dfd40
ec3ac9a7605b05b7f2561c35b16dab632c8252873580e6b481dbae7bdebd32f8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da

a0541710.xsph.ru Open in urlscan Pro 2a0a:2b43:a:1f43:: Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

32 Requests

69 %HTTPS

68 %IPv6

12 Domains

19 Subdomains

13 IPs

4 Countries

325 kBTransfer

1116 kBSize

0 Cookies

0 Outgoing links

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

a0541710.xsph.ru Open in urlscan Pro
2a0a:2b43:a:1f43:: Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

69 %
HTTPS

68 %
IPv6

12
Domains

19
Subdomains

13
IPs

4
Countries

325 kB
Transfer

1116 kB
Size

0
Cookies

32 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!