dev-jeniferng153.pantheonsite.io
2620:12a:8001::1  Malicious Activity!

Submitted URL: https://dev-jeniferng153.pantheonsite.io/a/
Effective URL: https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx...
Submission: On December 23 via manual from US

Summary

This website contacted 8 IPs in 4 countries across 9 domains to perform 18 HTTP transactions. The main IP is 2620:12a:8001::1, located in United States and belongs to FASTLY, US. The main domain is dev-jeniferng153.pantheonsite.io.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on July 16th 2020. Valid for: a year.
This is the only time dev-jeniferng153.pantheonsite.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network)

Domain & IP information

Domain Requested by
5 dev-jeniferng153.pantheonsite.io static-exp1.licdn.com
4 static-exp1.licdn.com dev-jeniferng153.pantheonsite.io
static-exp1.licdn.com
2 lnkd.demdex.net platform.linkedin-ei.com
2 platform.linkedin-ei.com static-exp1.licdn.com
platform.linkedin-ei.com
1 www.google.de
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 platform.linkedin.com platform.linkedin-ei.com
1 smartlock.google.com static-exp1.licdn.com
1 dpm.demdex.net platform.linkedin-ei.com
1 www.linkedin-ei.com static-exp1.licdn.com
18 12

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
linkedin.com
Subject Issuer Validity Valid
*.pantheon.io
DigiCert SHA2 Secure Server CA
2020-07-16 -
2021-07-20
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-10-10 -
2021-10-14
2 years crt.sh
www.linkedin-ei.com
DigiCert SHA2 Secure Server CA
2020-11-30 -
2021-05-29
6 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA
2020-07-03 -
2022-07-08
2 years crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
*.google.com
GTS CA 1O1
2020-11-10 -
2021-02-02
3 months crt.sh
www.google.de
GTS CA 1O1
2020-11-10 -
2021-02-02
3 months crt.sh

This page contains 3 frames:

Primary Page: https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
Frame ID: 24DE4F99F41EC121304B87F57632FD7C
Requests: 16 HTTP requests in this frame

Frame: https://smartlock.google.com/iframe/request?client=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io&id=c4cca31fcbf22c064576e2994db5a22a89acac05e03cc8baa29f9d6ef6077445&renderMode=navPopout&preloadRequest=%7B%22type%22%3A%22hint%22%2C%22options%22%3A%7B%22supportedAuthMethods%22%3A%5B%22https%3A%2F%2Faccounts.google.com%22%5D%2C%22supportedIdTokenProviders%22%3A%5B%7B%22uri%22%3A%22https%3A%2F%2Faccounts.google.com%22%2C%22clientId%22%3A%22990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com%22%7D%5D%2C%22context%22%3A%22signIn%22%7D%7D&features=%7B%22feature%22%3A%5B%22DISPLAY_RP_TOS%22%5D%7D
Frame ID: 3C852A3D3A4DC201FC392EB7872D53C6
Requests: 1 HTTP requests in this frame

Frame: https://lnkd.demdex.net/dest5.html?d_nsid=0
Frame ID: 755375E3DC010C4A05EE6D8F198FE821
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://dev-jeniferng153.pantheonsite.io/a/ Page URL
  2. https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Y... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Page Statistics

18
Requests

100 %
HTTPS

73 %
IPv6

9
Domains

12
Subdomains

8
IPs

4
Countries

179 kB
Transfer

655 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dev-jeniferng153.pantheonsite.io/a/ Page URL
  2. https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://www.googleadservices.com/pagead/conversion/979305453/?random=1608683103717&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2Flinkedrecruiter.html%3Fpayment%2BcodeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%252Blv1KxDr2OE5uAPrZw%253D&ref=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2Flinkedrecruiter.html%3Fpayment%2BcodeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%252Blv1KxDr2OE5uAPrZw%253D&ref=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=X47iX62oLanQ7_UPqNqn4AU&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2Flinkedrecruiter.html%3Fpayment%2BcodeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%252Blv1KxDr2OE5uAPrZw%253D&ref=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=X47iX62oLanQ7_UPqNqn4AU&random=2794574963&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0>m=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2Flinkedrecruiter.html%3Fpayment%2BcodeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%252Blv1KxDr2OE5uAPrZw%253D&ref=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=X47iX62oLanQ7_UPqNqn4AU&random=2794574963&resp=GooglemKTybQhCsO&ipr=y

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
dev-jeniferng153.pantheonsite.io/a/
166 B
541 B
Document
General
Full URL
https://dev-jeniferng153.pantheonsite.io/a/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::1 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9613dd1eb07416ba719fb0798137f5984ef6468d375e8f1e02e746d8036db63d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

:method
GET
:authority
dev-jeniferng153.pantheonsite.io
:scheme
https
:path
/a/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html
etag
W/"5fdbf1a5-a6"
last-modified
Fri, 18 Dec 2020 00:02:45 GMT
server
nginx
strict-transport-security
max-age=300
x-pantheon-styx-hostname
styx-fe1-b-5488d894d8-228db
x-styx-req-id
f6e6c155-44ae-11eb-86ce-c6a1f474fc60
date
Wed, 23 Dec 2020 00:25:03 GMT
x-served-by
cache-mdw17350-MDW, cache-fra19124-FRA
x-cache
HIT, HIT
x-cache-hits
1, 1
x-timer
S1608683103.272605,VS0,VE2
vary
Accept-Encoding, Cookie, Cookie
x-robots-tag
noindex
age
115
accept-ranges
bytes
via
1.1 varnish, 1.1 varnish
content-length
175
Primary Request linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
dev-jeniferng153.pantheonsite.io/a/
23 KB
8 KB
Document
General
Full URL
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::1 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9a7a749744551cdf1ee930615031582288696ca6ec13dd35a4fb6682e34ed8ed
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

:method
GET
:authority
dev-jeniferng153.pantheonsite.io
:scheme
https
:path
/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://dev-jeniferng153.pantheonsite.io/a/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://dev-jeniferng153.pantheonsite.io/a/

Response headers

content-encoding
gzip
content-type
text/html
etag
W/"5fdbf1a5-5da6"
last-modified
Fri, 18 Dec 2020 00:02:45 GMT
server
nginx
strict-transport-security
max-age=300
x-pantheon-styx-hostname
styx-fe1-b-5488d894d8-228db
x-styx-req-id
f77af0e8-44ae-11eb-86ce-c6a1f474fc60
date
Wed, 23 Dec 2020 00:25:03 GMT
x-served-by
cache-mdw17349-MDW, cache-fra19124-FRA
x-cache
HIT, HIT
x-cache-hits
1, 1
x-timer
S1608683103.287547,VS0,VE1
vary
Accept-Encoding, Cookie, Cookie
x-robots-tag
noindex
age
115
accept-ranges
bytes
via
1.1 varnish, 1.1 varnish
content-length
7804
bn6l1ciimt7igv0cd9lb5uroi
static-exp1.licdn.com/sc/h/br/
121 KB
33 KB
Script
General
Full URL
https://static-exp1.licdn.com/sc/h/br/bn6l1ciimt7igv0cd9lb5uroi
Requested by
Host: dev-jeniferng153.pantheonsite.io
URL: https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F6A) /
Resource Hash
b54307c8145be2a02381e6d8774d4597d70223995d8690341d6eb72b67941f87

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Dec 2020 00:25:03 GMT
content-encoding
br
content-type
text/javascript
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn
ECST
age
5264655
x-fs-txn-id
2ba67250e7c0
x-cache
HIT
x-cdn-proto
HTTP2
content-length
33465
x-li-uuid
07wUaZV8QBagGBo6/CoAAA==
server
ECAcc (frc/8F6A)
timing-allow-origin
*
last-modified
Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop
prod-eda6
cache-control
max-age=31536000, immutable
x-cdn-client-ip-version
IPV6
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lva1
access-control-allow-origin
*
access-control-expose-headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
x-li-proto
http/1.1
accept-ranges
bytes
x-li-static-content
1
x-fs-uuid
d3bc1469957c4016a0181a3afc2a0000
expires
Sat, 23 Oct 2021 02:00:48 GMT
cudmbezwjxnfer11r5mg82e1n
static-exp1.licdn.com/sc/h/br/
66 KB
20 KB
Script
General
Full URL
https://static-exp1.licdn.com/sc/h/br/cudmbezwjxnfer11r5mg82e1n
Requested by
Host: dev-jeniferng153.pantheonsite.io
URL: https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FF2) /
Resource Hash
fc64a81d58429b5c9c58634623e61e009f574b0b8bc33576a3b94962f3d3e1f2

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Dec 2020 00:25:03 GMT
content-encoding
br
content-type
text/javascript
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
3748680
x-fs-txn-id
2af2154bbfb0
x-cache
HIT
x-cdn-proto
HTTP2
content-length
19873
x-li-uuid
LRLU3lrfRRaAFkf67SoAAA==
server
ECAcc (frc/8FF2)
timing-allow-origin
*
last-modified
Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop
prod-tln1
cache-control
max-age=31536000, immutable
vary
Accept-Encoding
x-li-fabric
prod-lor1
access-control-allow-origin
*
access-control-expose-headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
x-li-proto
http/1.1
accept-ranges
bytes
x-li-static-content
1
x-fs-uuid
c8ffe8aed68742160052e250852b0000
expires
Fri, 29 Oct 2021 17:49:33 GMT
%2Fcheckpoint-frontend%2Fstylesheets%2Flogin%2Forganic%2Fdesktop_en_US.css
static-exp1.licdn.com/sc/p/com.linkedin.checkpoint%3Acheckpoint-static-content%2B2.2.140/f/
160 KB
19 KB
Stylesheet
General
Full URL
https://static-exp1.licdn.com/sc/p/com.linkedin.checkpoint%3Acheckpoint-static-content%2B2.2.140/f/%2Fcheckpoint-frontend%2Fstylesheets%2Flogin%2Forganic%2Fdesktop_en_US.css
Requested by
Host: dev-jeniferng153.pantheonsite.io
URL: https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F8B) /
Resource Hash
61c968d6ea5f329e15b82224ca0c928ac90f54d15b343bc1ffd8ca64e25337c5

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Dec 2020 00:25:03 GMT
content-encoding
gzip
content-type
text/css
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn
ECST
age
581663
x-cache
HIT
x-cdn-proto
HTTP2
content-length
18807
x-li-uuid
A3W3f70fURbQ8d4fvCoAAA==
server
ECAcc (frc/8F8B)
timing-allow-origin
*
last-modified
Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop
prod-eda6
cache-control
max-age=31536000, immutable
x-cdn-client-ip-version
IPV6
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-ltx1
access-control-allow-origin
*
access-control-expose-headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
x-li-proto
http/1.1
accept-ranges
bytes
x-li-static-content
1
x-fs-uuid
0375b77fbd1f5116d0f1de1fbc2a0000
expires
Thu, 16 Dec 2021 06:50:40 GMT
user
www.linkedin-ei.com/litms/api/metadata/
324 B
3 KB
XHR
General
Full URL
https://www.linkedin-ei.com/litms/api/metadata/user
Requested by
Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/bn6l1ciimt7igv0cd9lb5uroi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::16 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
be57e5537107dcd03d6062c832b38c362cde9a9ff8f8fe6fa315bf5ce94ec826
Security Headers
Name Value
Content-Security-Policy default-src *; connect-src 'self' ffi.st static.licdn-ei.com media.licdn-ei.com static-exp1.licdn-ei.com static-exp2.licdn-ei.com media-exp1.licdn-ei.com media-exp2.licdn-ei.com https://media-src.linkedin-ei.com/media/ www.linkedin.com www.linkedin-ei.com spdy.linkedin-ei.com dms.licdn-ei.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://linkedin.sc.omtrdc.net/b/ss/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com static-src.linkedin-ei.com *.licdn-ei.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' ffi.st spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com platform.linkedin-ei.com spdy.linkedin-ei.com static-src.linkedin-ei.com *.licdn-ei.com lix.corp.linkedin.com lva1-lixr01.linkedin.biz static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com www.linkedin.com slideshare.www.linkedin-ei.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' http://qa-mailbox.corp.linkedin.com; report-uri https://www.linkedin-ei.com/platform-telemetry/csp?f=l
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src *; connect-src 'self' ffi.st static.licdn-ei.com media.licdn-ei.com static-exp1.licdn-ei.com static-exp2.licdn-ei.com media-exp1.licdn-ei.com media-exp2.licdn-ei.com https://media-src.linkedin-ei.com/media/ www.linkedin.com www.linkedin-ei.com spdy.linkedin-ei.com dms.licdn-ei.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://linkedin.sc.omtrdc.net/b/ss/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com static-src.linkedin-ei.com *.licdn-ei.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' ffi.st spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com platform.linkedin-ei.com spdy.linkedin-ei.com static-src.linkedin-ei.com *.licdn-ei.com lix.corp.linkedin.com lva1-lixr01.linkedin.biz static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com www.linkedin.com slideshare.www.linkedin-ei.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' http://qa-mailbox.corp.linkedin.com; report-uri https://www.linkedin-ei.com/platform-telemetry/csp?f=l
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-li-ats-encoding
br/5
vary
Origin,Accept-Encoding
content-length
184
x-li-uuid
3jVObMIwUxZA3Q+I9SoAAA==
pragma
no-cache
x-li-pop
afd-ei-ltx1
x-msedge-ref
Ref A: 8950E582DA1D428D891ABA59420469AD Ref B: FRAEDGE1321 Ref C: 2020-12-23T00:25:03Z
x-frame-options
sameorigin
date
Wed, 23 Dec 2020 00:25:03 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin-ei.com/platform-telemetry/ct"
strict-transport-security
max-age=31536000
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type
application/json
access-control-allow-origin
https://dev-jeniferng153.pantheonsite.io
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-li-proto
http/2
x-li-fabric
ei-ltx1
expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.js?cb=1608683100000
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/
126 KB
41 KB
Script
General
Full URL
https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1608683100000
Requested by
Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/bn6l1ciimt7igv0cd9lb5uroi
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6a53 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Play /
Resource Hash
24d5e285141523bd2793ad58a3b661f9e65633cc73c160210eec339313e5a07e

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Dec 2020 00:25:03 GMT
content-encoding
gzip
content-type
application/javascript; charset=utf-8
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn
AKAM
p3p
CP="CAO CUR ADM DEV PSA PSD OUR"
x-li-uuid
GvxobsIwUxbgf1EhgysAAA==
server
Play
last-modified
Fri, 18 Dec 2020 19:18:56 GMT
x-li-pop
ei-ltx1
etag
"f61daf28973b528150d6e93e4726c655a9a05184"
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
x-li-fabric
ei-ltx1
cache-control
max-age=300
accept-ranges
bytes
x-li-proto
http/1.1
3mslc7wqydu0opc2ljqxfaib6
static-exp1.licdn.com/sc/h/br/
45 KB
12 KB
Script
General
Full URL
https://static-exp1.licdn.com/sc/h/br/3mslc7wqydu0opc2ljqxfaib6
Requested by
Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/bn6l1ciimt7igv0cd9lb5uroi
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F67) /
Resource Hash
e27b17af9fbaf454028704cf1307df79c7d3354ca8dce2d9f11164e8c6517992

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Dec 2020 00:25:03 GMT
content-encoding
br
content-type
text/javascript
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn
ECST
age
3748679
x-fs-txn-id
2b0627cefcc0
x-cache
HIT
x-cdn-proto
HTTP2
content-length
11759
x-li-uuid
/rwfElvfRRbQ1p3koCsAAA==
server
ECAcc (frc/8F67)
timing-allow-origin
*
last-modified
Mon, 05 Nov 2012 04:00:51 GMT
x-li-pop
prod-tln1
cache-control
max-age=31536000, immutable
x-cdn-client-ip-version
IPV6
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
access-control-allow-origin
*
access-control-expose-headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
x-li-proto
http/1.1
accept-ranges
bytes
x-li-static-content
1
x-fs-uuid
f052b6a7a39f45163081cf49012b0000
expires
Mon, 08 Nov 2021 19:39:27 GMT
id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=14215E3D5995C57C0A495C55%40AdobeOrg&d_nsid=0&ts=1608683103670
dpm.demdex.net/
611 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=14215E3D5995C57C0A495C55%40AdobeOrg&d_nsid=0&ts=1608683103670
Requested by
Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1608683100000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.128.13.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-13-248.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
79ef072819374ee36d7609f327434c54ef40e6429c4668490cdb9fa7dfcb0b5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v086-0850536cb.edge-irl1.demdex.com 5.80.1.20201111130852 2ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
WJuCYZdiSKw=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://dev-jeniferng153.pantheonsite.io
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
446
Expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.107.js?utv=ut4.46.202011182119
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/
9 KB
4 KB
Script
General
Full URL
https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.107.js?utv=ut4.46.202011182119
Requested by
Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1608683100000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6a53 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Play /
Resource Hash
704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Dec 2020 00:25:03 GMT
content-encoding
gzip
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.0001,"failure_fraction":1,"include_subdomains":true}
x-cdn
AKAM
p3p
CP="CAO CUR ADM DEV PSA PSD OUR"
content-length
3147
x-li-uuid
j8oYCBfnURYgJdGRuCoAAA==
server
Play
last-modified
Fri, 18 Dec 2020 19:18:56 GMT
x-li-pop
ei-ltx1
etag
"c053761228613e6b3e3e73441f9de038cb2e4321"
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin-ei.com/li/rep"}],"include_subdomains":true}
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
accept-ranges
bytes
x-li-proto
http/1.1
x-li-fabric
ei-ltx1
track
dev-jeniferng153.pantheonsite.io/li/
8 KB
3 KB
XHR
General
Full URL
https://dev-jeniferng153.pantheonsite.io/li/track
Requested by
Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/bn6l1ciimt7igv0cd9lb5uroi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::1 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98072c249dcbed9311c4813de5a2e798e52072c3a1f19279b0583228832fd357
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Csrf-Token
Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/html; charset=UTF-8
age
0
x-pantheon-styx-hostname
styx-fe1-b-5488d894d8-228db
x-cache
MISS, MISS
x-drupal-dynamic-cache
UNCACHEABLE
x-ua-compatible
IE=edge
server
nginx
x-timer
S1608683104.685100,VS0,VE168
x-frame-options
SAMEORIGIN
date
Wed, 23 Dec 2020 00:25:03 GMT
x-served-by
cache-mdw17346-MDW, cache-fra19124-FRA
vary
Accept-Encoding, Cookie, Cookie
content-language
en
via
1.1 varnish, 1.1 varnish
x-generator
Drupal 8 (https://www.drupal.org)
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
must-revalidate, no-cache, private
accept-ranges
bytes
x-robots-tag
noindex
x-styx-req-id
4d0d7eaa-44b5-11eb-86ce-c6a1f474fc60
x-cache-hits
0, 0
track
dev-jeniferng153.pantheonsite.io/li/
8 KB
3 KB
XHR
General
Full URL
https://dev-jeniferng153.pantheonsite.io/li/track
Requested by
Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/cudmbezwjxnfer11r5mg82e1n
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::1 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98072c249dcbed9311c4813de5a2e798e52072c3a1f19279b0583228832fd357
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Csrf-Token
Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/html; charset=UTF-8
age
0
x-pantheon-styx-hostname
styx-fe1-a-848cb6f46-pnchk
x-cache
MISS, MISS
x-drupal-dynamic-cache
UNCACHEABLE
x-ua-compatible
IE=edge
server
nginx
x-timer
S1608683104.685079,VS0,VE169
x-frame-options
SAMEORIGIN
date
Wed, 23 Dec 2020 00:25:03 GMT
x-served-by
cache-mdw17340-MDW, cache-fra19124-FRA
vary
Accept-Encoding, Cookie, Cookie
content-language
en
via
1.1 varnish, 1.1 varnish
x-generator
Drupal 8 (https://www.drupal.org)
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
must-revalidate, no-cache, private
accept-ranges
bytes
x-robots-tag
noindex
x-styx-req-id
4d0d66d9-44b5-11eb-9cb6-1ad0383edd27
x-cache-hits
0, 0
request?client=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io&id=c4cca31fcbf22c064576e2994db5a22a89acac05e03cc8baa29f9d6ef6077445&renderMode=navPopout&preloadRequest=%7B%22type%22%3A%22hint%22%2C%2...
smartlock.google.com/iframe/ Frame 3C85
0
0
Document
General
Full URL
https://smartlock.google.com/iframe/request?client=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io&id=c4cca31fcbf22c064576e2994db5a22a89acac05e03cc8baa29f9d6ef6077445&renderMode=navPopout&preloadRequest=%7B%22type%22%3A%22hint%22%2C%22options%22%3A%7B%22supportedAuthMethods%22%3A%5B%22https%3A%2F%2Faccounts.google.com%22%5D%2C%22supportedIdTokenProviders%22%3A%5B%7B%22uri%22%3A%22https%3A%2F%2Faccounts.google.com%22%2C%22clientId%22%3A%22990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com%22%7D%5D%2C%22context%22%3A%22signIn%22%7D%7D&features=%7B%22feature%22%3A%5B%22DISPLAY_RP_TOS%22%5D%7D
Requested by
Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/3mslc7wqydu0opc2ljqxfaib6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
smartlock.google.com
:scheme
https
:path
/iframe/request?client=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io&id=c4cca31fcbf22c064576e2994db5a22a89acac05e03cc8baa29f9d6ef6077445&renderMode=navPopout&preloadRequest=%7B%22type%22%3A%22hint%22%2C%22options%22%3A%7B%22supportedAuthMethods%22%3A%5B%22https%3A%2F%2Faccounts.google.com%22%5D%2C%22supportedIdTokenProviders%22%3A%5B%7B%22uri%22%3A%22https%3A%2F%2Faccounts.google.com%22%2C%22clientId%22%3A%22990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com%22%7D%5D%2C%22context%22%3A%22signIn%22%7D%7D&features=%7B%22feature%22%3A%5B%22DISPLAY_RP_TOS%22%5D%7D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D

Response headers

content-type
text/html; charset=UTF-8
referrer-policy
no-referrer
content-length
1575
date
Wed, 23 Dec 2020 00:25:03 GMT
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gtag-adwords.js?id=AW-979305453
platform.linkedin.com/litms/vendor/google/
78 KB
29 KB
Script
General
Full URL
https://platform.linkedin.com/litms/vendor/google/gtag-adwords.js?id=AW-979305453
Requested by
Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1608683100000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6a53 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Play /
Resource Hash
f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Dec 2020 00:25:03 GMT
content-encoding
gzip
x-cdn-client-ip-version
IPV6
x-cdn
AKAM
content-length
29593
x-li-uuid
R11Z9tb0TxYQKRIEpCsAAA==
server
Play
last-modified
Mon, 07 Dec 2020 23:22:28 GMT
x-li-pop
prod-edc2
etag
"0324a90b3bd40c0e82a04a6577d11b71e785fbad"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=2628000
accept-ranges
bytes
x-li-proto
http/1.1
x-li-fabric
prod-ltx1
?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=fa...
www.google.de/pagead/1p-conversion/979305453/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/979305453/?random=1608683103717&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=12...
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQh...
  • https://www.google.com/pagead/1p-conversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600...
  • https://www.google.de/pagead/1p-conversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&...
42 B
154 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2Flinkedrecruiter.html%3Fpayment%2BcodeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%252Blv1KxDr2OE5uAPrZw%253D&ref=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=X47iX62oLanQ7_UPqNqn4AU&random=2794574963&resp=GooglemKTybQhCsO&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Dec 2020 00:25:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 Dec 2020 00:25:03 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/979305453/?random=577458642&cv=9&fst=1608683103717&num=1&fmt=3&npa=1&label=ZRKoCICMpsUBEO2H_NID&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2sa3i1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2Flinkedrecruiter.html%3Fpayment%2BcodeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%252Blv1KxDr2OE5uAPrZw%253D&ref=https%3A%2F%2Fdev-jeniferng153.pantheonsite.io%2Fa%2F&tiba=LinkedIn%20Login%2C%20Sign%20in%20%7C%20LinkedIn&async=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=X47iX62oLanQ7_UPqNqn4AU&random=2794574963&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Cookie set dest5.html?d_nsid=0
lnkd.demdex.net/ Frame 7553
0
0
Document
General
Full URL
https://lnkd.demdex.net/dest5.html?d_nsid=0
Requested by
Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1608683100000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.47.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-47-228.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
lnkd.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=39831280072977484810964711469281253581
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Thu, 19 Nov 2020 14:53:06 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=39831280072977484810964711469281253581;Path=/;Domain=.demdex.net;Expires=Mon, 21-Jun-2021 00:25:04 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
BEsoRoxhT9I=
Content-Length
2785
Connection
keep-alive
event?d_dil_ver=9.4&_ts=1608683103675
lnkd.demdex.net/
689 B
1 KB
XHR
General
Full URL
https://lnkd.demdex.net/event?d_dil_ver=9.4&_ts=1608683103675
Requested by
Host: platform.linkedin-ei.com
URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1608683100000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.47.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-47-228.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
009cc8cfd2f6c441377ecc5faf7fa905602f2e7b57842196604cad6889a51df3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v086-001e21f15.edge-irl1.demdex.com 5.80.1.20201111130852 5ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
UALAUCdpQWU=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://dev-jeniferng153.pantheonsite.io
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
689
Expires
Thu, 01 Jan 1970 00:00:00 GMT
track
dev-jeniferng153.pantheonsite.io/li/
8 KB
3 KB
XHR
General
Full URL
https://dev-jeniferng153.pantheonsite.io/li/track
Requested by
Host: static-exp1.licdn.com
URL: https://static-exp1.licdn.com/sc/h/br/cudmbezwjxnfer11r5mg82e1n
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::1 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98072c249dcbed9311c4813de5a2e798e52072c3a1f19279b0583228832fd357
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Csrf-Token
Referer
https://dev-jeniferng153.pantheonsite.io/a/linkedrecruiter.html?payment+codeAAQkADUyYzNhODUwLTAwNzYtNGE2YS04YWQ1LWI2Yjg5MWY5NzM2ZAAQADKpx%2Blv1KxDr2OE5uAPrZw%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
application/json

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/html; charset=UTF-8
age
0
x-pantheon-styx-hostname
styx-fe1-b-5488d894d8-g6jdh
x-cache
MISS, MISS
x-drupal-dynamic-cache
UNCACHEABLE
x-ua-compatible
IE=edge
server
nginx
x-timer
S1608683104.162065,VS0,VE299
x-frame-options
SAMEORIGIN
date
Wed, 23 Dec 2020 00:25:04 GMT
x-served-by
cache-mdw17364-MDW, cache-fra19124-FRA
vary
Accept-Encoding, Cookie, Cookie
content-language
en
via
1.1 varnish, 1.1 varnish
x-generator
Drupal 8 (https://www.drupal.org)
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
must-revalidate, no-cache, private
accept-ranges
bytes
x-robots-tag
noindex
x-styx-req-id
4d56880c-44b5-11eb-aa22-52b2fd9004ae
x-cache-hits
0, 0

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| LI object| artdeco object| _artdecoBakedCurves object| __core-js_shared__ undefined| utag_data object| utag_cfg_ovrd object| tealiumDil boolean| utag_condload object| utag boolean| __tealium_twc_switch function| DIL object| rumTracking function| onGoogleYoloLoad object| adobe function| Visitor object| s_c_il number| s_c_in object| GOOGLE_ONETAP_EXPERIMENTAL_FEATURES string| PROVIDER_URL_BASE object| Ra object| openyolo function| OpenYoloError object| smartlock object| googleyolo string| gtagRename object| dataLayer function| gtag function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_manager

1 Cookies

Domain/Path Name / Value
.dev-jeniferng153.pantheonsite.io/ Name: test
Value: cookie

3 Console Messages

Source Level URL
Text
console-api error URL: https://static-exp1.licdn.com/sc/h/br/bn6l1ciimt7igv0cd9lb5uroi, Line 3, Column16923
Message:
[object XMLHttpRequest]
console-api error URL: https://static-exp1.licdn.com/sc/h/br/cudmbezwjxnfer11r5mg82e1n, Line 1, Column16859
Message:
[object XMLHttpRequest]
console-api log URL: https://platform.linkedin-ei.com/litms/utag/checkpoint-frontend/utag.js?cb=1608683100000, Line 8, Column73954
Message:
visitor.publishDestinations() result: The destination publishing iframe is already attached and loaded.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dev-jeniferng153.pantheonsite.io
dpm.demdex.net
googleads.g.doubleclick.net
lnkd.demdex.net
platform.linkedin-ei.com
platform.linkedin.com
smartlock.google.com
static-exp1.licdn.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin-ei.com
108.128.13.248
172.217.22.34
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
2620:12a:8001::1
2620:1ec:21::16
2a00:1450:4001:806::2003
2a00:1450:4001:814::2004
2a00:1450:4001:81d::200e
2a00:1450:4001:81e::2002
2a02:26f0:64::210:6a53
52.49.47.228
009cc8cfd2f6c441377ecc5faf7fa905602f2e7b57842196604cad6889a51df3
24d5e285141523bd2793ad58a3b661f9e65633cc73c160210eec339313e5a07e
61c968d6ea5f329e15b82224ca0c928ac90f54d15b343bc1ffd8ca64e25337c5
704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0
79ef072819374ee36d7609f327434c54ef40e6429c4668490cdb9fa7dfcb0b5d
9613dd1eb07416ba719fb0798137f5984ef6468d375e8f1e02e746d8036db63d
98072c249dcbed9311c4813de5a2e798e52072c3a1f19279b0583228832fd357
9a7a749744551cdf1ee930615031582288696ca6ec13dd35a4fb6682e34ed8ed
b54307c8145be2a02381e6d8774d4597d70223995d8690341d6eb72b67941f87
be57e5537107dcd03d6062c832b38c362cde9a9ff8f8fe6fa315bf5ce94ec826
e27b17af9fbaf454028704cf1307df79c7d3354ca8dce2d9f11164e8c6517992
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da
fc64a81d58429b5c9c58634623e61e009f574b0b8bc33576a3b94962f3d3e1f2