cdn-secure-hosting.com Open in urlscan Pro
35.171.39.98 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
Submission: On October 01 via manual (October 1st 2020, 1:54:46 pm UTC) from IN

Summary HTTP 13 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 13 HTTP transactions. The main IP is 35.171.39.98, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is cdn-secure-hosting.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 19th 2020. Valid for: 3 months.

This is the only time cdn-secure-hosting.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
6	35.171.39.98 35.171.39.98	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:2800:233... 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990	15133 (EDGECAST) (EDGECAST)
1	2620:1ec:21::16 2620:1ec:21::16	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba20	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.154.62.31 54.154.62.31	16509 (AMAZON-02) (AMAZON-02)
2	54.236.115.174 54.236.115.174	14618 (AMAZON-AES) (AMAZON-AES)
13	6

6 35.171.39.98 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-39-98.compute-1.amazonaws.com

cdn-secure-hosting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 (United States)

ASN15133 (EDGECAST, US)

static-exp1.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::16 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba20 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

platform.linkedin-ei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.62.31 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-62-31.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.236.115.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-115-174.compute-1.amazonaws.com

lnkd.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	cdn-secure-hosting.com cdn-secure-hosting.com	173 KB
3	demdex.net dpm.demdex.net lnkd.demdex.net	3 KB
2	linkedin-ei.com www.linkedin-ei.com platform.linkedin-ei.com	43 KB
2	licdn.com static-exp1.licdn.com	53 KB
13	4

	Domain	Requested by
6	cdn-secure-hosting.com	cdn-secure-hosting.com static-exp1.licdn.com
2	lnkd.demdex.net	platform.linkedin-ei.com
2	static-exp1.licdn.com	cdn-secure-hosting.com
1	dpm.demdex.net	platform.linkedin-ei.com
1	platform.linkedin-ei.com	static-exp1.licdn.com
1	www.linkedin-ei.com	static-exp1.licdn.com
13	6

This site contains links to these domains. Also see Links.

Domain
linkedin.com

Subject Issuer	Validity	Valid
cdn-secure-hosting.com Let's Encrypt Authority X3	`2020-09-19` - `2020-12-18`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
www.linkedin-ei.com DigiCert SHA2 Secure Server CA	`2020-05-01` - `2020-11-01`	6 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2020-07-03` - `2022-07-08`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh

This page contains 2 frames:

Primary Page: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
Frame ID: 5EDB836D28508BB2F1E7FB1970005EDA
Requests: 12 HTTP requests in this frame

Frame: https://lnkd.demdex.net/dest5.html?d_nsid=0
Frame ID: DA9B01EDD0926EC6B1EB42CF88AF0351
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

6
IPs

3
Countries

272 kB
Transfer

496 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://linkedin.com/help/linkedin/answer/34593?lang=en&trk=d_checkpoint_lg_consumerLogin_ft_community_guidelines
Title: Community Guidelines

Search URL Search Domain Scan URL

URL: https://linkedin.com/help/linkedin?trk=d_checkpoint_lg_consumerLogin_ft_send_feedback&lang=en
Title: Send Feedback

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request mon Show response
cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/ 19 KB
7 KB 494ms
282ms Document
text/html 35.171.39.98
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.39.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-39-98.compute-1.amazonaws.com

Software

nginx /

Resource Hash

cab45e6ab8bbc99aed12ea1e34fd961957643fe4c77b55d6a229e26d5ec54155

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.elevatesecurity.com

Request headers

:method: GET
:authority: cdn-secure-hosting.com
:scheme: https
:path: /55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: private, no-cache, no-store, max-age=0
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://*.elevatesecurity.com
content-type: text/html; charset=utf-8
date: Thu, 01 Oct 2020 13:54:27 GMT
expires: 0
pragma: no-cache
server: nginx
set-cookie: session=eyJfY3NyZl90b2tlbiI6eyIgYiI6ImJXZzVjR0pxVTNoVVowOUpOM0JCVURGUGRqUkxaMHg0ZG1oNlZGaHlXV055ZDBSMFdWOWhlblpLYXowPSJ9fQ.X3Xfkw.DhGwVT8Rm6HEtRKPzoNcQLeaYMI; Secure; HttpOnly; Path=/
vary: Cookie
x-csrftoken: mh9pbjSxTgOI7pAP1Ov4KgLxvhzTXrYcrwDtY_azvJk=
x-ua-compatible: IE=Edge,chrome=1

GET
H2 200 style.css
cdn-secure-hosting.com/static/templates/linkedin_desktop/ 160 KB
160 KB 236ms
234ms Stylesheet
text/css 35.171.39.98
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-secure-hosting.com/static/templates/linkedin_desktop/style.css
Requested by: Host: cdn-secure-hosting.com
URL: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.171.39.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-39-98.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 61c968d6ea5f329e15b82224ca0c928ac90f54d15b343bc1ffd8ca64e25337c5

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 01 Oct 2020 13:54:27 GMT
last-modified: Thu, 24 Sep 2020 22:43:58 GMT
server: nginx
x-amz-version-id: cgiyETmnufTpckWB0pXx_4vQp8EnlPPf
etag: "47f5b2ced6e76d441010d55088586133"
x-cache-status: MISS
content-type: text/css
status: 200
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 163762

GET
H2 200 2ieeh0gfohcckb0f7ezjk4r0d Show response
static-exp1.licdn.com/sc/h/br/ 66 KB
20 KB 38ms
16ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/br/2ieeh0gfohcckb0f7ezjk4r0d
Requested by: Host: cdn-secure-hosting.com
URL: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F8B) /
Resource Hash: 4acc901fa01b114bc53f8f39cab09d481c45ebefb446889aad00dbe86d73e3cc

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 01 Oct 2020 13:54:27 GMT
content-encoding: br
content-type: text/javascript
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 1825776
x-fs-txn-id: 2b8f69c50e50
x-cache: HIT
status: 200
x-cdn-proto: HTTP2
content-length: 19936
x-li-uuid: MEj+2DlmMxbApx0KtCoAAA==
server: ECAcc (frc/8F8B)
timing-allow-origin: *
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop: prod-ech2
cache-control: max-age=31536000, immutable
vary: Accept-Encoding
x-li-fabric: prod-lva1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
x-li-proto: http/1.1
accept-ranges: bytes
x-li-static-content: 1
x-fs-uuid: 95d6fee50adb2416601a5531332b0000
expires: Sun, 25 Jul 2021 01:36:47 GMT

GET
H2 200 5lbslrg5k7genpotv2hjk7xke Show response
static-exp1.licdn.com/sc/h/br/ 121 KB
33 KB 29ms
9ms Script
text/javascript 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://static-exp1.licdn.com/sc/h/br/5lbslrg5k7genpotv2hjk7xke
Requested by: Host: cdn-secure-hosting.com
URL: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F78) /
Resource Hash: 075358a4303aee3b34bb55902d2500bdfe8eb966fcac65104cf695029c0e8696

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 01 Oct 2020 13:54:27 GMT
content-encoding: br
content-type: text/javascript
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn: ECST
age: 53763
x-fs-txn-id: 2b489f518670
x-cache: HIT
status: 200
x-cdn-proto: HTTP2
content-length: 33478
x-li-uuid: GC8OxtyxORZwv+DiJSsAAA==
server: ECAcc (frc/8F78)
timing-allow-origin: *
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop: prod-ech2
cache-control: max-age=31536000, immutable
x-cdn-client-ip-version: IPV6
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
access-control-allow-origin: *
access-control-expose-headers: X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
x-li-proto: http/1.1
accept-ranges: bytes
x-li-static-content: 1
x-fs-uuid: 182f0ec6dcb1391670bfe0e2252b0000
expires: Thu, 30 Sep 2021 22:58:24 GMT

GET
H2 200 clearforms.js Show response
cdn-secure-hosting.com/static/ 607 B
808 B 140ms
139ms Script
application/javascript 35.171.39.98
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-secure-hosting.com/static/clearforms.js
Requested by: Host: cdn-secure-hosting.com
URL: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.171.39.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-39-98.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b3e40ea639979826e2e5029606c2ee84926eac4173950800fdea50cf70bc1a1c

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 01 Oct 2020 13:54:27 GMT
last-modified: Thu, 24 Sep 2020 22:43:49 GMT
server: nginx
x-amz-version-id: Na8Sid2hF92Bg9K5WC9d0v2YI5Y6t83K
etag: "0ae41c37677efb5c440f7652d9b65d3c"
x-cache-status: MISS
content-type: application/javascript
status: 200
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 607

GET
H2 200 user Show response
www.linkedin-ei.com/litms/api/metadata/ 324 B
3 KB 216ms
191ms XHR
application/json 2620:1ec:21::16
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin-ei.com/litms/api/metadata/user

Requested by

Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/5lbslrg5k7genpotv2hjk7xke

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:21::16 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

be57e5537107dcd03d6062c832b38c362cde9a9ff8f8fe6fa315bf5ce94ec826

Security Headers

Name	Value
Content-Security-Policy	default-src ; connect-src 'self' ffi.st static.licdn-ei.com media.licdn-ei.com static-exp1.licdn-ei.com static-exp2.licdn-ei.com media-exp1.licdn-ei.com media-exp2.licdn-ei.com https://media-src.linkedin-ei.com/media/ www.linkedin.com www.linkedin-ei.com spdy.linkedin-ei.com dms.licdn-ei.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://linkedin.sc.omtrdc.net/b/ss/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; img-src data: blob: ; font-src data: ; style-src 'unsafe-inline' 'self' static-src.linkedin.com .licdn.com static-src.linkedin-ei.com .licdn-ei.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' ffi.st spdy.linkedin.com static-src.linkedin.com .ads.linkedin.com .licdn.com platform.linkedin-ei.com spdy.linkedin-ei.com static-src.linkedin-ei.com .licdn-ei.com lix.corp.linkedin.com lva1-lixr01.linkedin.biz static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com www.linkedin.com slideshare.www.linkedin-ei.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: ; child-src blob: lnkd-communities: voyager: ; frame-ancestors 'self' http://qa-mailbox.corp.linkedin.com; report-uri https://www.linkedin-ei.com/platform-telemetry/csp?f=l
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src *; connect-src 'self' ffi.st static.licdn-ei.com media.licdn-ei.com static-exp1.licdn-ei.com static-exp2.licdn-ei.com media-exp1.licdn-ei.com media-exp2.licdn-ei.com https://media-src.linkedin-ei.com/media/ www.linkedin.com www.linkedin-ei.com spdy.linkedin-ei.com dms.licdn-ei.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://linkedin.sc.omtrdc.net/b/ss/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com static-src.linkedin-ei.com *.licdn-ei.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' ffi.st spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com platform.linkedin-ei.com spdy.linkedin-ei.com static-src.linkedin-ei.com *.licdn-ei.com lix.corp.linkedin.com lva1-lixr01.linkedin.biz static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com www.linkedin.com slideshare.www.linkedin-ei.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' http://qa-mailbox.corp.linkedin.com; report-uri https://www.linkedin-ei.com/platform-telemetry/csp?f=l
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
status: 200
x-li-ats-encoding: br/5
vary: Origin,Accept-Encoding
content-length: 184
x-li-uuid: V7nisMLiORaAd030dysAAA==
pragma: no-cache
x-li-pop: afd-ei4
x-msedge-ref: Ref A: 7B917B8D064B4B658A11446D23B7669C Ref B: FRAEDGE0917 Ref C: 2020-10-01T13:54:28Z
x-frame-options: sameorigin
date: Thu, 01 Oct 2020 13:54:27 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin-ei.com/platform-telemetry/ct"
strict-transport-security: max-age=31536000
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/json
access-control-allow-origin: https://cdn-secure-hosting.com
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-li-proto: http/2
x-li-fabric: ei4
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 utag.js Show response
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ 123 KB
40 KB 2153ms
2064ms Script
application/javascript 2a02:26f0:6c00::210:ba20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1601560200000
Requested by: Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/5lbslrg5k7genpotv2hjk7xke
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba20 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Play /
Resource Hash: fc57110ea69e23fc17b424ef826bc6177c28df60ea55140a405e974f468fa32d

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 01 Oct 2020 13:54:30 GMT
content-encoding: gzip
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
status: 200
content-length: 40216
x-li-uuid: ximgBMPiORbA51ChFSsAAA==
server: Play
last-modified: Wed, 30 Sep 2020 20:56:22 GMT
x-li-pop: ei-ltx1
etag: "716237bf0af03af9891df9e18b96eb7883803cad"
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: ei-ltx1

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 611 B
1 KB 134ms
35ms XHR
application/json 54.154.62.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=14215E3D5995C57C0A495C55%40AdobeOrg&d_nsid=0&ts=1601560470395

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1601560200000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.154.62.31 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-62-31.eu-west-1.compute.amazonaws.com

Software

Resource Hash

948233505787adcd9d096ac8d13c39a1d1a4a198d4ab5dae704a80f773f219d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v081-01fbe066d.edge-irl1.demdex.com 5.78.0.20200908113611 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: 5C0N4VlFSjI=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://cdn-secure-hosting.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 445
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 400 track Show response
cdn-secure-hosting.com/li/ 163 B
195 B 513ms
513ms XHR
application/problem+json 35.171.39.98
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-secure-hosting.com/li/track

Requested by

Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/5lbslrg5k7genpotv2hjk7xke

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.39.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-39-98.compute-1.amazonaws.com

Software

nginx /

Resource Hash

eb9b7647ecb4bb21c5236d6b9200d8428a2056779b1a7e90afa3835aaf9e5e7c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.elevatesecurity.com

Request headers

Csrf-Token
Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

pragma: no-cache
content-security-policy: frame-ancestors 'self' https://*.elevatesecurity.com
server: nginx
status: 400
date: Thu, 01 Oct 2020 13:54:30 GMT
vary: Origin, Cookie
content-type: application/problem+json
access-control-allow-origin: https://cdn-secure-hosting.com
expires: 0
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
x-csrftoken: mh9pbjSxTgOI7pAP1Ov4KgLxvhzTXrYcrwDtY_azvJk=
content-length: 163
x-ua-compatible: IE=Edge,chrome=1

POST
H2 400 track Show response
cdn-secure-hosting.com/li/ 163 B
302 B 254ms
254ms XHR
application/problem+json 35.171.39.98
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-secure-hosting.com/li/track

Requested by

Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/2ieeh0gfohcckb0f7ezjk4r0d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.39.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-39-98.compute-1.amazonaws.com

Software

nginx /

Resource Hash

eb9b7647ecb4bb21c5236d6b9200d8428a2056779b1a7e90afa3835aaf9e5e7c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.elevatesecurity.com

Request headers

Csrf-Token
Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

pragma: no-cache
content-security-policy: frame-ancestors 'self' https://*.elevatesecurity.com
server: nginx
status: 400
date: Thu, 01 Oct 2020 13:54:30 GMT
vary: Origin, Cookie
content-type: application/problem+json
access-control-allow-origin: https://cdn-secure-hosting.com
expires: 0
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
x-csrftoken: mh9pbjSxTgOI7pAP1Ov4KgLxvhzTXrYcrwDtY_azvJk=
content-length: 163
x-ua-compatible: IE=Edge,chrome=1

GET
H/1.1 200
OK Cookie set dest5.html
lnkd.demdex.net/ Frame DA9B 0
0 403ms
100ms Document
text/html 54.236.115.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/dest5.html?d_nsid=0

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1601560200000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.236.115.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-236-115-174.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: lnkd.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=18142304890687505011973719567958124589
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 01 Oct 2020 09:34:26 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=18142304890687505011973719567958124589;Path=/;Domain=.demdex.net;Expires=Tue, 30-Mar-2021 13:54:30 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: jUB14XAQT60=
Content-Length: 2785
Connection: keep-alive

POST
H/1.1 200
OK event Show response
lnkd.demdex.net/ 689 B
1 KB 406ms
106ms XHR
application/json 54.236.115.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://lnkd.demdex.net/event?d_dil_ver=9.4&_ts=1601560470399

Requested by

Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1601560200000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.236.115.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-236-115-174.compute-1.amazonaws.com

Software

Resource Hash

cf97447f3971a1f1d9ff6104063302be50cbf0db3d13399ce5ccf360e2ea681e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-va6-v069-0d955e038.edge-va6.demdex.com 5.78.1.20200930093915 6ms (+2ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: SwPtc9GzQmo=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://cdn-secure-hosting.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 689
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 500 track Show response
cdn-secure-hosting.com/li/ 5 KB
5 KB 252ms
252ms XHR
text/html 35.171.39.98
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-secure-hosting.com/li/track

Requested by

Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/2ieeh0gfohcckb0f7ezjk4r0d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.39.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-39-98.compute-1.amazonaws.com

Software

nginx /

Resource Hash

98da550ad622465787456fab0a12386d3769a6552290f1f3427bd5de7ea8bea9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.elevatesecurity.com

Request headers

Csrf-Token
Referer: https://cdn-secure-hosting.com/55924d6e6fe66e08d1e110b00f57801cb63cd341/mon
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: application/json

Response headers

pragma: no-cache
content-security-policy: frame-ancestors 'self' https://*.elevatesecurity.com
server: nginx
status: 500
date: Thu, 01 Oct 2020 13:54:31 GMT
vary: Origin, Cookie
content-type: text/html; charset=utf-8
access-control-allow-origin: https://cdn-secure-hosting.com
expires: 0
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
x-csrftoken: CKkfz1A-XAIWhDEOm-71x0APXXjjEMFvjApNn_ZwzBg=
content-length: 5027
x-ua-compatible: IE=Edge,chrome=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.cdn-secure-hosting.com/	1970-01-19 17:11:52	Name: AMCV_14215E3D5995C57C0A495C55%40AdobeOrg Value: -408604571%7CMCIDTS%7C18537%7CvVersion%7C4.6.0
			cdn-secure-hosting.com/	1969-12-31 23:59:59	Name: session Value: eyJfY3NyZl90b2tlbiI6eyIgYiI6ImJXZzVjR0pxVTNoVVowOUpOM0JCVURGUGRqUkxaMHg0ZG1oNlZGaHlXV055ZDBSMFdWOWhlblpLYXowPSJ9fQ.X3Xfkw.DhGwVT8Rm6HEtRKPzoNcQLeaYMI

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://static-exp1.licdn.com/sc/h/br/2ieeh0gfohcckb0f7ezjk4r0d(Line 1) Message: [object XMLHttpRequest]
console-api	error	URL: https://static-exp1.licdn.com/sc/h/br/5lbslrg5k7genpotv2hjk7xke(Line 3) Message: [object XMLHttpRequest]
console-api	log	URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1601560200000(Line 8) Message: visitor.publishDestinations() result: The destination publishing iframe is already attached and loaded.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://*.elevatesecurity.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-secure-hosting.com
dpm.demdex.net
lnkd.demdex.net
platform.linkedin-ei.com
static-exp1.licdn.com
www.linkedin-ei.com
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
2620:1ec:21::16
2a02:26f0:6c00::210:ba20
35.171.39.98
54.154.62.31
54.236.115.174
075358a4303aee3b34bb55902d2500bdfe8eb966fcac65104cf695029c0e8696
4acc901fa01b114bc53f8f39cab09d481c45ebefb446889aad00dbe86d73e3cc
61c968d6ea5f329e15b82224ca0c928ac90f54d15b343bc1ffd8ca64e25337c5
948233505787adcd9d096ac8d13c39a1d1a4a198d4ab5dae704a80f773f219d8
98da550ad622465787456fab0a12386d3769a6552290f1f3427bd5de7ea8bea9
b3e40ea639979826e2e5029606c2ee84926eac4173950800fdea50cf70bc1a1c
be57e5537107dcd03d6062c832b38c362cde9a9ff8f8fe6fa315bf5ce94ec826
cab45e6ab8bbc99aed12ea1e34fd961957643fe4c77b55d6a229e26d5ec54155
cf97447f3971a1f1d9ff6104063302be50cbf0db3d13399ce5ccf360e2ea681e
eb9b7647ecb4bb21c5236d6b9200d8428a2056779b1a7e90afa3835aaf9e5e7c
fc57110ea69e23fc17b424ef826bc6177c28df60ea55140a405e974f468fa32d

cdn-secure-hosting.com Open in urlscan Pro 35.171.39.98 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

50 %IPv6

4 Domains

6 Subdomains

6 IPs

3 Countries

272 kBTransfer

496 kBSize

2 Cookies

2 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

2 Cookies

3 Console Messages

Security Headers

Indicators

cdn-secure-hosting.com Open in urlscan Pro
35.171.39.98 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

6
IPs

3
Countries

272 kB
Transfer

496 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!