academia.app.link Open in urlscan Pro
2600:9000:206f:7000:19:9934:6a80:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://academia.app.link/install?source=RelatedWorksStreamlined
Submission Tags: phishing malicious Search All
Submission: On January 28 via api (January 28th 2021, 7:15:00 pm UTC) from US

Summary HTTP 5 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 2600:9000:206f:7000:19:9934:6a80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is academia.app.link.
TLS certificate: Issued by Amazon on July 22nd 2020. Valid for: a year.

This is the only time academia.app.link was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1	2600:9000:206... 2600:9000:206f:7000:19:9934:6a80:93a1		16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::200a		15169 (GOOGLE) (GOOGLE)
1	143.204.93.111 143.204.93.111		16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:825::2003		15169 (GOOGLE) (GOOGLE)
5	4

1 2600:9000:206f:7000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

academia.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.93.111 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-93-111.fra50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	googleapis.com fonts.googleapis.com	1 KB
1	gstatic.com fonts.gstatic.com	11 KB
1	branch.io cdn.branch.io	234 KB
1	app.link academia.app.link	3 KB
5	4

	Domain	Requested by
2	fonts.googleapis.com	academia.app.link
1	fonts.gstatic.com	fonts.googleapis.com
1	cdn.branch.io	academia.app.link
1	academia.app.link
5	4

This site contains no links.

Subject Issuer	Validity	Valid
appipv4.link Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://academia.app.link/install?source=RelatedWorksStreamlined
Frame ID: 3906742E1CCCDBBB8899F7674A057BB2
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /\(CloudFront\)$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /\(CloudFront\)$/i

Page Statistics

5
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

249 kB
Transfer

259 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set install Show response
academia.app.link/ 6 KB
3 KB 216ms
192ms Document
text/html 2600:9000:206f:7000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://academia.app.link/install?source=RelatedWorksStreamlined
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:7000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty / Express
Resource Hash: 2316b764c946274a129e862519acf88037d395d6e3568eb8f2def1dd4fbdfec0

Request headers

Host: academia.app.link
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: openresty
Date: Thu, 28 Jan 2021 19:14:44 GMT
X-Powered-By: Express
Set-Cookie: _s=q%2Bn%2F6J3EowaP6rtPCq%2BqjBd9xEUsx1%2BiQ6acvM2iO%2FHZ1oO%2Fc3%2FsY7%2F7Q2cC0l%2BH; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Fri, 28 Jan 2022 19:14:44 GMT; Secure; SameSite=None
Last-Modified: Thu, 28 Jan 2021 19:14:44 GMT
ETag: W/"181d-+6o5KeoEPfGrQTfy0aIVLCjSmnw"
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C1
X-Amz-Cf-Id: I5Wz3gSDNAxTB1x-BzmHae-1vg2DH9mWfICzvhJFUW34HFScV8tN9A==

GET
H2 200 css
fonts.googleapis.com/ 4 KB
686 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,300

Requested by

Host: academia.app.link
URL: https://academia.app.link/install?source=RelatedWorksStreamlined

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://academia.app.link/install?source=RelatedWorksStreamlined
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 19:14:44 GMT
server: ESF
date: Thu, 28 Jan 2021 19:14:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Jan 2021 19:14:44 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
725 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500

Requested by

Host: academia.app.link
URL: https://academia.app.link/install?source=RelatedWorksStreamlined

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2190c16423c2557bcb20ccba2edc176fbeb16e6a3de2b2af297f650aae85a43e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://academia.app.link/install?source=RelatedWorksStreamlined
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 19:01:27 GMT
server: ESF
date: Thu, 28 Jan 2021 19:14:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Jan 2021 19:14:44 GMT

GET
H/1.1 200
OK 1607563744465-og_image.png
cdn.branch.io/branch-assets/ 234 KB
234 KB 131ms
54ms Image
image/png 143.204.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.branch.io/branch-assets/1607563744465-og_image.png
Requested by: Host: academia.app.link
URL: https://academia.app.link/install?source=RelatedWorksStreamlined
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.93.111 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-93-111.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c3af01918ee56bd03e2168d3566940e516e5bcc328b55aa95e6a0036450e0df8

Request headers

Referer: https://academia.app.link/install?source=RelatedWorksStreamlined
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 18 Jan 2021 20:50:39 GMT
Via: 1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Thu, 10 Dec 2020 01:29:05 GMT
Server: AmazonS3
Age: 858246
ETag: "54c5e8fcf3512fa23455e25361361e73"
X-Cache: Hit from cloudfront
x-amz-version-id: r5oIHUVt8qmgHmi.aMFScISIEELh3YFl
Cache-Control: max-age=2592000
X-Amz-Cf-Pop: FRA50-C1
Content-Type: image/png
Content-Length: 239469
X-Amz-Cf-Id: PkPFrjnHw2XPbjFsjonJW4H9-M3TL4XVKoUlZPvQW13w8D--hmQ-iA==

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://academia.app.link
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 22 Jan 2021 19:56:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 515889
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Sat, 22 Jan 2022 19:56:35 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.app.link/	1970-01-20 00:29:57	Name: _s Value: q%2Bn%2F6J3EowaP6rtPCq%2BqjBd9xEUsx1%2BiQ6acvM2iO%2FHZ1oO%2Fc3%2FsY7%2F7Q2cC0l%2BH

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

academia.app.link
cdn.branch.io
fonts.googleapis.com
fonts.gstatic.com
143.204.93.111
2600:9000:206f:7000:19:9934:6a80:93a1
2a00:1450:4001:825::2003
2a00:1450:4001:829::200a
2190c16423c2557bcb20ccba2edc176fbeb16e6a3de2b2af297f650aae85a43e
2316b764c946274a129e862519acf88037d395d6e3568eb8f2def1dd4fbdfec0
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
c3af01918ee56bd03e2168d3566940e516e5bcc328b55aa95e6a0036450e0df8
fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d