urlscan.io logo urlscan.io
SecurityTrails logo

cloudflare-ipfs.com Open in urlscan Pro
104.17.64.14  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk
Effective URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Submission: On May 15 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 104.17.64.14, located in and belongs to CLOUDFLARENET, US. The main domain is cloudflare-ipfs.com.
TLS certificate: Issued by E1 on April 24th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network) Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 50.87.180.48 46606 (UNIFIEDLA...)
1 6 104.17.64.14 13335 (CLOUDFLAR...)
1 104.18.11.207 13335 (CLOUDFLAR...)
1 104.18.10.207 13335 (CLOUDFLAR...)
1 2620:1ec:21::14 8068 (MICROSOFT...)
9 5
1    50.87.180.48 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2540.bluehost.com
hairgrandeur.com
6    104.17.64.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cloudflare-ipfs.com
1    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
Apex Domain
Subdomains		 Transfer
6 cloudflare-ipfs.com
cloudflare-ipfs.com
77 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1103
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3044
28 KB
1 linkedin.com
www.linkedin.com — Cisco Umbrella Rank: 619
27 KB
1 hairgrandeur.com
hairgrandeur.com
331 B
9 4
Domain Requested by
6 cloudflare-ipfs.com 1 redirects hairgrandeur.com
cloudflare-ipfs.com
1 www.linkedin.com
1 stackpath.bootstrapcdn.com cloudflare-ipfs.com
1 maxcdn.bootstrapcdn.com cloudflare-ipfs.com
1 hairgrandeur.com
9 5

This site contains no links.

Subject Issuer Validity Valid
hairgrandeur.com
Sectigo RSA Domain Validation Secure Server CA		 2024-05-05 -
2025-05-20		 a year crt.sh
cloudflare-ipfs.com
E1		 2024-04-24 -
2024-07-23		 3 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2024-03-27 -
2024-06-25		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-01-30 -
2024-07-30		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Frame ID: 7F3BA68847E4B4096EBCF0E17288B931
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Messages | Linkedln | Welcome back...

Page URL History Show full URLs

  1. http://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk HTTP 307
    https://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk Page URL
  2. https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y Page URL
  3. https://cloudflare-ipfs.com/cdn-cgi/phish-bypass?atok=AMhfUvFZU9NxoaChT3XUH9N9yq6LwqIhUhcWV46y82U-171580... HTTP 301
    https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

133 kB
Transfer

539 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk HTTP 307
    https://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk Page URL
  2. https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y Page URL
  3. https://cloudflare-ipfs.com/cdn-cgi/phish-bypass?atok=AMhfUvFZU9NxoaChT3XUH9N9yq6LwqIhUhcWV46y82U-1715808274-0.0.1.1-%2Fipfs%2Fbafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y HTTP 301
    https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk HTTP 307
  • https://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
hairgrandeur.com/y/re.php/
Redirect Chain
  • http://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk
  • https://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk
180 B
331 B 		Document
General
Check archive.org
Download Go to
Full URL
https://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
50.87.180.48 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box2540.bluehost.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
164
content-type
text/html; charset=UTF-8
date
Wed, 15 May 2024 21:24:33 GMT
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
server
nginx/1.21.6
vary
Accept-Encoding
x-proxy-cache
MISS
x-server-cache
true

Redirect headers

Location
https://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk
Non-Authoritative-Reason
HttpsUpgrades
bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
cloudflare-ipfs.com/ipfs/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Requested by
Host: hairgrandeur.com
URL: https://hairgrandeur.com/y/re.php/?email=a**************@a**.a*.uk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a1d08bf9fd07d16d3b4f64849f1e73d93765a8e0cd1f1021927829b707e0cc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://hairgrandeur.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8846321099b7fc8b-WAW
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 15 May 2024 21:24:34 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
cloudflare-ipfs.com/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 21:24:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 08 May 2024 09:31:53 GMT
server
cloudflare
etag
W/"663b4689-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
884632110a4cfc8b-WAW
expires
Wed, 15 May 2024 23:24:34 GMT
icon-exclamation.png
cloudflare-ipfs.com/cdn-cgi/images/ 		452 B
635 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cloudflare-ipfs.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 21:24:34 GMT
x-content-type-options
nosniff
last-modified
Wed, 08 May 2024 09:31:53 GMT
server
cloudflare
etag
"663b4689-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
884632116ae5fc8b-WAW
content-length
452
expires
Wed, 15 May 2024 23:24:34 GMT
Primary Request bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
cloudflare-ipfs.com/ipfs/
Redirect Chain
  • https://cloudflare-ipfs.com/cdn-cgi/phish-bypass?atok=AMhfUvFZU9NxoaChT3XUH9N9yq6LwqIhUhcWV46y82U-1715808274-0.0.1.1-%2Fipfs%2Fbafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
  • https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
389 KB
70 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3335468896fccf1e0f91de2f01a851d2a2d6ed6f6b415b1a433f1e37dc19e3de

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
MISS
cf-ray
884632296a2cfc8b-WAW
content-encoding
br
content-type
text/html
date
Wed, 15 May 2024 21:24:38 GMT
etag
W/"bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y"
server
cloudflare
vary
Accept-Encoding
x-cf-ipfs-cache-status
miss
x-ipfs-path
/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
x-ipfs-roots
bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y

Redirect headers

cache-control
private, no-cache
cf-ray
88463228b916fc8b-WAW
content-length
167
content-type
text/html
date
Wed, 15 May 2024 21:24:37 GMT
location
https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
jquery-3.3.1.js
cloudflare-ipfs.com/ipfs/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cloudflare-ipfs.com/ipfs/js/jquery-3.3.1.js
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.64.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Origin
https://cloudflare-ipfs.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 21:24:38 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
cache-control
no-store
x-cf-ipfs-cache-status
miss
cf-ray
8846322b2c54fc8b-WAW
alt-svc
h3=":443"; ma=86400
content-length
99
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cloudflare-ipfs.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 21:24:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
617, 617, 617
age
16065157
cdn-cachedat
2021-06-08 14:29:21
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
395e10f82368220a7b7579d8f1c28956
timing-allow-origin
*
cdn-requestcountrycode
US
cf-ray
8846322b98a33524-WAW
cdn-requestpullsuccess
True
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cloudflare-ipfs.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 15 May 2024 21:24:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
723
age
2684188
cdn-cachedat
11/15/2021 23:30:00
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
a35b0179a28ed953258d0fb41376a09c
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
8846322b9926bfc6-WAW
cdn-requestpullsuccess
True
favicon.ico
www.linkedin.com/ 		24 KB
27 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.linkedin.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cloudflare-ipfs.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-security-policy
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d
x-content-type-options
nosniff
date
Wed, 15 May 2024 21:24:38 GMT
x-cache
CONFIG_NOCACHE
content-length
24838
x-li-uuid
AAYYhL7zbNvGXXGeLTxhLg==
last-modified
Tue, 16 Apr 2024 21:22:05 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: BE7A1CCE729049DD9FE617B5BB781342 Ref B: FRAEDGE1516 Ref C: 2024-05-15T21:24:38Z
etag
"661eebfd-6106"
x-frame-options
sameorigin
content-type
image/x-icon
x-li-fabric
prod-ltx1
cache-control
max-age=604800,private
x-li-proto
http/2
accept-ranges
bytes
expires
Wed, 22 May 2024 21:24:38 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network) Generic Cloudflare (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bootstrap

5 Cookies

Domain/Path Name / Value
cloudflare-ipfs.com/ Name: __cf_mw_byp
Value: AMhfUvFZU9NxoaChT3XUH9N9yq6LwqIhUhcWV46y82U-1715808274-0.0.1.1-/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
cloudflare-ipfs.com/ Name: __cf_bm
Value: 5bE0Zo3Z2tw7viQ3F7IgI2DYjlX0q.mfoRfqydLykPk-1715808278-1.0.1.1-oxm5GuQhlcWsXklr8wvQEduA5H4LRuoknM5cJAl.PIGaoe2OFPOamZTVYSLdv8d9uk9FWVYqVksD5T_smRLzPQ
.linkedin.com/ Name: bcookie
Value: "v=2&e74dccdc-e9c3-476d-82a8-6458e132476b"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20240515212438218899c7-6196-4e9d-8925-678d899bde4dAQG9Aq3P-YQZImP8i2faCm5_svb9opvw"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MTU4MDgyNzg7MjswMjFIWIJ3RDwP9KyTr9yXTtfIfGXYnO3sLgSKe6H6Xd6FdA==

6 Console Messages

Source Level URL
Text
network error URL: https://cloudflare-ipfs.com/ipfs/js/jquery-3.3.1.js
Message:
Failed to load resource: the server responded with a status of 400 ()
security error URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Message:
Refused to execute script from 'https://cloudflare-ipfs.com/ipfs/js/jquery-3.3.1.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
recommendation verbose URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://cloudflare-ipfs.com/ipfs/bafkreibtgvdirfx4z4pa7eo6f4a2quosullo233lifnruqz7dy35ygpd3y
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.