Report - kg352.keap-link005.com/v2/click/7e3075b7bc641aa1f4c73be693c6bf05/eJyNkEELgkAQhf_LnCUzWZW9iUSI5SHqHIs71ZKuyzolIv731ohOBV3nvfke741AqIWmXAKH2yVkK_DAYqWMQk1Zq0lUL3EVMBYvPaiVvm1sezfAx2-_H32-sjhJYg9oMOgsh32aFXm5OW3zsnBWI6zL-IcTRlHCPpz1Ls23ME0_wdgoWj8cuwNO9o5zI6lcKzra2vmvRIb7ft_3iznGaXpRtY2vtC

Report Overview

Visited public
2023-12-06 17:06:10
Tags
linkedin microsoft phishing
URL
kg352.keap-link005.com/v2/click/7e3075b7bc641aa1f4c73be693c6bf05/eJyNkEELgkAQhf_LnCUzWZW9iUSI5SHqHIs71ZKuyzolIv731ohOBV3nvfke741AqIWmXAKH2yVkK_DAYqWMQk1Zq0lUL3EVMBYvPaiVvm1sezfAx2-_H32-sjhJYg9oMOgsh32aFXm5OW3zsnBWI6zL-IcTRlHCPpz1Ls23ME0_wdgoWj8cuwNO9o5zI6lcKzra2vmvRIb7ft_3iznGaXpRtY2vtC_FQ8lG2KoNHEgYg1q-VyhwAH4WdYfTE29DZI8=
Finishing URL
www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
IP / ASN
34.149.35.41
#15169 GOOGLE
Title
Sign In | LinkedIn
Phishing - LinkedIn

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
platform.linkedin.com	3785	2002-11-02	2012-05-21 15:08:59	2023-12-06 11:55:33	1.0 kB	22 kB	95.101.11.184
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-12-06 09:17:52	1.3 kB	118 kB	64.233.161.84
kg352.keap-link005.com	unknown	2021-01-12	2022-09-29 02:53:41	2022-09-29 02:53:41	791 B	277 B	34.149.35.41
www.linkedin.com	608	2002-11-02	2015-06-18 18:10:03	2023-12-05 05:24:07	27 kB	45 kB	13.107.42.14
static.licdn.com	12070	2011-02-24	2012-10-18 10:55:00	2023-12-06 05:40:56	7.7 kB	124 kB	95.101.11.48
ps.azurewaf.microsoft.com	unknown	1991-05-02	2022-06-29 13:12:32	2023-12-06 09:10:15	1.2 kB	1.4 kB	13.107.213.53
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-06 07:50:48	2.1 kB	113 kB	216.58.207.227
play.google.com	34	1997-09-15	2013-05-31 01:24:35	2023-12-06 09:43:59	1.6 kB	2.4 kB	142.250.74.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	static.licdn.com/aero-v1/sc/h/obrlaav59g6ii1bi1f00nkdb	ScriptElement	418 kB	2023-09-27	2024-08-21
Pretty URL static.licdn.com/aero-v1/sc/h/obrlaav59g6ii1bi1f00nkdb IP 95.101.11.48 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-27 21:15 Last Seen2024-08-21 05:39 Times Seen396 Hash 0b6a062b68f25755076f86c407cef6df e29e9527b66b1120140386cec385535f8e8be11c 9ca15b7249c35cab4b88522b3b6c2687d3e27b07bb6b46cbb704840b5507a32e Loading...

	static.licdn.com/aero-v1/sc/h/an3u8gpta43rgjny4tzujbn6p	ScriptElement	184 kB	2023-09-23	2024-08-21
Pretty URL static.licdn.com/aero-v1/sc/h/an3u8gpta43rgjny4tzujbn6p IP 95.101.11.48 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-23 08:16 Last Seen2024-08-21 05:59 Times Seen498 Hash b3c0efe5673863cd5d15d9327956e521 0f2f2b7c426d53e19a41952881a50aa53cf4b2be 5a17a1bdee75a16150f30746c04708e2757f4f678582aca4ed892a4e4a81e52c Loading...

	static.licdn.com/aero-v1/sc/h/9bbuw1exqj19blmqn9zm4f9il	ScriptElement	642 kB	2023-09-27	2024-08-21
Pretty URL static.licdn.com/aero-v1/sc/h/9bbuw1exqj19blmqn9zm4f9il IP 95.101.11.48 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-27 21:15 Last Seen2024-08-21 05:39 Times Seen170 Hash 9d5628f5a019ba604b667f3748c9e9ed 73ddd5bd7f58a51336e8e7eb8d2f21ab8d29749e 096e768ea8f1c91f85ddb295d6c713c3effacbabe098e3da7e3ded75cfa83617 Loading...

	platform.linkedin.com/litms/utag/seo-directory-frontend/utag.js?cb=1701882300000	ScriptElement	21 kB	2023-03-13	2024-08-21
Pretty URL platform.linkedin.com/litms/utag/seo-directory-frontend/utag.js?cb=1701882300000 IP 95.101.11.184 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:46 Last Seen2024-08-21 09:38 Times Seen184 Hash 0c2b8986d74a36a37dc8e3201286c08e bbce2e43ca1c0971183de4c124b52505a71dd385 2d6c8342e9f1b0d7aeab334afbb5b66f07c2fe525d94c1dcf98a88b395c0afbb Loading...

	static.licdn.com/aero-v1/sc/h/6y2czwba46q3wsh2b0d0g6trj	ScriptElement	186 kB	2023-03-07	2025-03-29
Pretty URL static.licdn.com/aero-v1/sc/h/6y2czwba46q3wsh2b0d0g6trj IP 95.101.11.48 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:41 Last Seen2025-03-29 17:55 Times Seen4449 Hash 7554ae17c5023ecc6d0ffc1e8775bc2f 37b39540102e29993f710047ed89bbe3b47a3a2b 6101eea4239ded7503b74732d078de0de0e31d9465de3876b1641802dd299200 Loading...

	accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361265_892367&as=aFUilrVNHSG8ZLgzd1vUMw	ScriptElement	107 kB	2023-12-05	2024-08-20
Pretty URL accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361265_892367&as=aFUilrVNHSG8ZLgzd1vUMw IP 64.233.161.84 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-05 00:51 Last Seen2024-08-20 16:45 Times Seen21 Hash b6ad8f02e56687aa35edff4a40f94503 a01a550776b997b6d2bcde7a738d591406ca8acc c905b15a8ae7a435f2c638acd9cd6bcf22f8f7242a65f65f4a494971bd804afb Loading...

	accounts.google.com/_/gsi/_/js/k=gsi.gsi.en_US.l0gW8cfNiGI.O/am=AFCA/d=1/rs=AF0KOtUvd_mdMjORi1qJhR-dbm4LFQVGQg/m=credential_button_library	ScriptElement	107 kB	2023-12-05	2024-08-20
Pretty URL accounts.google.com/_/gsi/_/js/k=gsi.gsi.en_US.l0gW8cfNiGI.O/am=AFCA/d=1/rs=AF0KOtUvd_mdMjORi1qJhR-dbm4LFQVGQg/m=credential_button_library IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 00:18 Last Seen2024-08-20 16:45 Times Seen53 Hash 9334fbc8b32233fa291834a3a84ccb7a 0c2e96f450c895f3031a0e31932402aae2381951 e51581cb944e0c007fcf8fca56aaa20152af6122d5a919d4c9f827812b8296c8 Loading...

	accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=-2&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361254_434727&as=aFUilrVNHSG8ZLgzd1vUMw&hl=en_US	ScriptElement	107 kB	2023-12-05	2024-08-20
Pretty URL accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=-2&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361254_434727&as=aFUilrVNHSG8ZLgzd1vUMw&hl=en_US IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-05 00:18 Last Seen2024-08-20 16:45 Times Seen53 Hash be123e418f0f5e27f797df84ff3fd68b c3635f4c2eb37e565959b95489f26af5fa4f4aec 4c9879f4e913e147e1227d4d22374d8f225e5145d0b2f6ace8c6025c5543b850 Loading...

	www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1	ScriptElement	392 B	2023-03-07	2025-05-12
Pretty URL www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1 IP 13.107.42.14 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2025-05-12 16:00 Times Seen6930 Hash e0a4dd818cea4496e55b30782ebd8da5 cf5eba9f6f20b2fa835908cf62af6f6b5bf62e8f 0dab6c146a09f20164cf3c68e3b3aeefa599fb74013ce407b41bbda7d6f70e10 Loading...

	static.licdn.com/aero-v1/sc/h/80ndnja80f2uvg4l8sj2su82m	ScriptElement	66 kB	2023-09-16	2025-05-12
Pretty URL static.licdn.com/aero-v1/sc/h/80ndnja80f2uvg4l8sj2su82m IP 95.101.11.48 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 06:43 Last Seen2025-05-12 16:00 Times Seen5443 Hash 876f2fa2944feee72451e3a690d1985e d30f9cd73ba3bdda113f2e4a2513938fdd90c460 3aea2efa28a6c1ce964301fc7264ac01a38b63d2b98f65f53e3877157249ec0c Loading...

	accounts.google.com/_/gsi/_/js/k=gsi.gsi.no.pqh5vAPlhH0.O/am=AFCA/d=1/rs=AF0KOtVeFPYe9kC3GunlrK7L8dQKwSEqRg/m=credential_button_library	ScriptElement	107 kB	2023-12-05	2024-08-20
Pretty URL accounts.google.com/_/gsi/_/js/k=gsi.gsi.no.pqh5vAPlhH0.O/am=AFCA/d=1/rs=AF0KOtVeFPYe9kC3GunlrK7L8dQKwSEqRg/m=credential_button_library IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 00:51 Last Seen2024-08-20 16:45 Times Seen21 Hash 78dd948011f4ddd085fdcacdccddf395 6fd1c2df97e9e1ce6946c400bf75a77171ec5424 bfadf2bb3dddcf4761290149539ec070a343f3a35a6b814c179c1829d72d2745 Loading...

HTTP Transactions (46)

URL IP Response Size

kg352.keap-link005.com/v2/click/7e3075b7bc641aa1f4c73be693c6bf05/eJyNkEELgkAQhf_LnCUzWZW9iUSI5SHqHIs71ZKuyzolIv731ohOBV3nvfke741AqIWmXAKH2yVkK_DAYqWMQk1Zq0lUL3EVMBYvPaiVvm1sezfAx2-_H32-sjhJYg9oMOgsh32aFXm5OW3zsnBWI6zL-IcTRlHCPpz1Ls23ME0_wdgoWj8cuwNO9o5zI6lcKzra2vmvRIb7ft_3iznGaXpRtY2vtC_FQ8lG2KoNHEgYg1q-VyhwAH4WdYfTE29DZI8=

34.149.35.41

0 B

URL
kg352.keap-link005.com/v2/click/7e3075b7bc641aa1f4c73be693c6bf05/eJyNkEELgkAQhf_LnCUzWZW9iUSI5SHqHIs71ZKuyzolIv731ohOBV3nvfke741AqIWmXAKH2yVkK_DAYqWMQk1Zq0lUL3EVMBYvPaiVvm1sezfAx2-_H32-sjhJYg9oMOgsh32aFXm5OW3zsnBWI6zL-IcTRlHCPpz1Ls23ME0_wdgoWj8cuwNO9o5zI6lcKzra2vmvRIb7ft_3iznGaXpRtY2vtC_FQ8lG2KoNHEgYg1q-VyhwAH4WdYfTE29DZI8=
IP
34.149.35.41:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v2/click/7e3075b7bc641aa1f4c73be693c6bf05/eJyNkEELgkAQhf_LnCUzWZW9iUSI5SHqHIs71ZKuyzolIv731ohOBV3nvfke741AqIWmXAKH2yVkK_DAYqWMQk1Zq0lUL3EVMBYvPaiVvm1sezfAx2-_H32-sjhJYg9oMOgsh32aFXm5OW3zsnBWI6zL-IcTRlHCPpz1Ls23ME0_wdgoWj8cuwNO9o5zI6lcKzra2vmvRIb7ft_3iznGaXpRtY2vtC_FQ8lG2KoNHEgYg1q-VyhwAH4WdYfTE29DZI8= HTTP/1.1
Host: kg352.keap-link005.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
location: http://www.linkedin.com/in/davidmarco1
date: Wed, 6 Dec 2023 17:05:52 GMT
x-envoy-upstream-service-time: 26
server: istio-envoy
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.linkedin.com/in/davidmarco1

13.107.42.14

0 B

URL
www.linkedin.com/in/davidmarco1
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

GET /in/davidmarco1 HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.linkedin.com/in/davidmarco1
Set-Cookie: bcookie="v=2&d28f58a1-aa0c-4810-8f34-c2d2d54a0775"; Domain=.linkedin.com; Expires=Thu, 05-Dec-2024 17:05:52 GMT; Path=/; Secure; SameSite=None
li_gc=MTswOzE3MDE4ODIzNTI7MjswMjHr9maja0InudzNQnYT1+LTf1c1sCxN+jPxogOM8IE4EA==; Domain=.linkedin.com; Expires=Mon, 03 Jun 2024 17:05:52 GMT; Path=/; Secure; SameSite=None
X-Li-Fabric: prod-ltx1
X-Li-Pop: afd-prod-ltx1-x
X-Li-Proto: http/1.1
X-LI-UUID: AAYL2l0TrQJZwDU9UDQoJg==
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 5C1BD44125944FE28EB69C5A1CD41A0F Ref B: OSL30EDGE0417 Ref C: 2023-12-06T17:05:52Z
Date: Wed, 06 Dec 2023 17:05:52 GMT
Content-Length: 0

www.linkedin.com/in/davidmarco1

13.107.42.14

1.5 kB

URL
www.linkedin.com/in/davidmarco1
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
1.5 kB (1530 bytes)
Hash
895d2a337cecd4bf36e6ff9a7e669a63
9176c614fa5aca9af6ceba4996cc9128842803f7
644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

GET /in/davidmarco1 HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 999 No Reason Phrase
cache-control: no-cache, no-store
pragma: no-cache
content-length: 1530
content-type: text/html
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; Domain=.linkedin.com; Expires=Thu, 05-Dec-2024 17:05:53 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; Domain=.www.linkedin.com; Expires=Thu, 05-Dec-2024 17:05:53 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; Domain=.linkedin.com; Expires=Mon, 03 Jun 2024 17:05:52 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; Expires=Thu, 07 Dec 2023 17:05:53 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
trkCode=gf; Max-Age=5
trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=; Max-Age=5
rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; Max-Age=120; path=/; domain=.linkedin.com
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l0WueZITnjruhSieA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: F67CCD89D5A14AA1A20BE3362168F1C9 Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:52Z
date: Wed, 06 Dec 2023 17:05:52 GMT
X-Firefox-Spdy: h2

www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1

13.107.42.14

200 OK

9.6 kB

URL User Request GET HTTP/2
www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (948)
Size
9.6 kB (9561 bytes)
Hash
3fe515720ddbd2761376ffc9a0547fa1
11594873f0acaad59f6bd98ab92496a44931ae32
d4262e7cbd94c45275d25d5beb275870f638638535a607cc3973c0af3038818d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

GET /authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1 HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/in/davidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 9561
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: Thu, 01 Jan 1970 00:00:00 GMT
vary: Accept-Encoding
set-cookie: fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; Max-Age=604800; Expires=Wed, 13 Dec 2023 17:05:53 GMT; Path=/
JSESSIONID=ajax:8229369267889637723; SameSite=None; Path=/; Domain=.www.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=linkedin.com; Secure
bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 05-Dec-2024 17:05:53 GMT; SameSite=None
bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; domain=.www.linkedin.com; Path=/; Secure; Expires=Thu, 05-Dec-2024 17:05:53 GMT; HttpOnly; SameSite=None
x-fs-uuid: 00060bda5d24d02b8c649f854dfb37dc
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=grl
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l0k0CuMZJ+FTfs33A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: DF4631140EE5466BADC1CF9CE03AF5C4 Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:53Z
date: Wed, 06 Dec 2023 17:05:52 GMT
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca

95.101.11.48

1.4 kB

URL GET
static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Size
1.4 kB (1446 bytes)
Hash
b2ccd167c908a44e1dd69df79382286a
d9349f1bdcf3c1556cd77ae1f0029475596342aa
19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec

HTTP Headers

GET /aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Wed, 08 Feb 2023 15:45:58 GMT
last-modified: Tue, 05 Apr 2022 06:07:09 GMT
cache-control: max-age=604800, immutable
remote-cache-status: TCP_HIT
x-datastream-cache-status: 1
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0013431406; STORAGE_IN_GB=0.0
x-fs-uuid: 0005e8982b5b184766a9b92d6321b327
x-li-fabric: prod-lor1
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAXomCtbGEdmqbktYyGzJw==
x-ambry-blob-size: 24838
accept-ranges: bytes
content-type: image/x-icon
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 1446
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/8fkga714vy9b2wk5auqo5reeb

95.101.11.48

1.2 kB

URL
static.licdn.com/aero-v1/sc/h/8fkga714vy9b2wk5auqo5reeb
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (664)
Size
1.2 kB (1209 bytes)
Hash
8e6f25f8189065407452b8b0c00426a3
7485d46647a459789f6e7319cfef6426a643244b
b9e0a92c496b900728000dbf48aa623a7eb0468c5814a8bf60c69d6cda05b149

HTTP Headers

GET /aero-v1/sc/h/8fkga714vy9b2wk5auqo5reeb HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Wed, 15 Feb 2023 16:42:01 GMT
last-modified: Tue, 05 Apr 2022 06:06:04 GMT
cache-control: max-age=604800, immutable
x-datastream-cache-status: 1
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=7.717421E-5; STORAGE_IN_GB=0.0
x-fs-uuid: 0005f005006eb585e0c4695853c77de6
x-li-fabric: prod-ltx1
x-li-pop: prod-ltx1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAXwBQButYXgxGlYU8d95g==
remote-cache-status: TCP_HIT
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-ambry-blob-size: 2958
accept-ranges: bytes
content-type: image/svg+xml
content-disposition: attachment
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 1
x-edgeconnect-origin-mex-latency: 480
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 1209
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/5oas73nreunfgygkpe5iwmgrs

95.101.11.48

391 B

URL
static.licdn.com/aero-v1/sc/h/5oas73nreunfgygkpe5iwmgrs
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
391 B (391 bytes)
Hash
5fdb7b403b3a41faa26c73b1aaaf7668
c46a275d28b78b77460e42ba248317378a91b70e
55e3d046df49b2754cec5ecee990e526dbb272e70eb5bea625b4e68e64ce1715

HTTP Headers

GET /aero-v1/sc/h/5oas73nreunfgygkpe5iwmgrs HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Sun, 26 Nov 2023 05:57:08 GMT
last-modified: Tue, 05 Apr 2022 04:16:45 GMT
cache-control: max-age=604800, immutable
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0030622387; STORAGE_IN_GB=0.0
x-fs-uuid: 0006066fff6c3eb7f3afba1e752d60de
x-li-fabric: prod-ltx1
x-content-type-options: nosniff
x-li-pop: prod-ltx1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYGb/9sPrfzr7oedS1g3g==
x-ambry-blob-size: 391
accept-ranges: bytes
content-length: 391
content-type: image/svg+xml
content-disposition: attachment
remote-cache-status: TCP_HIT
x-datastream-cache-status: 1
date: Wed, 06 Dec 2023 17:05:54 GMT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/gs508lg3t2o81tq7pmcgn6m2

95.101.11.48

200 OK

274 B

URL GET HTTP/2
static.licdn.com/aero-v1/sc/h/gs508lg3t2o81tq7pmcgn6m2
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
274 B (274 bytes)
Hash
07dfbaf5f85030efc27e4a012488e13a
b4e6ac4f3dcd094bd4d326b537960328200384f6
5843ed3527bc1e0e105b4e4b15fbbff78c6d44efa024e2ae4a08a0e8c82e5d4c

HTTP Headers

GET /aero-v1/sc/h/gs508lg3t2o81tq7pmcgn6m2 HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Thu, 05 Oct 2023 07:40:10 GMT
last-modified: Tue, 05 Apr 2022 06:12:23 GMT
cache-control: max-age=604800, immutable
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0012790452; STORAGE_IN_GB=0.0
x-fs-uuid: 00060917efe17678de6d35817ed98904
x-li-fabric: prod-lor1
x-content-type-options: nosniff
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYJF+/hdnjebTWBftmJBA==
x-ambry-blob-size: 274
accept-ranges: bytes
content-length: 274
content-type: image/svg+xml
content-disposition: attachment
remote-cache-status: TCP_HIT
date: Wed, 06 Dec 2023 17:05:54 GMT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/dkgve44sisif1wgwp8ozaxu1x

95.101.11.48

200 OK

478 B

URL GET HTTP/2
static.licdn.com/aero-v1/sc/h/dkgve44sisif1wgwp8ozaxu1x
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (315)
Size
478 B (478 bytes)
Hash
e5308429c09ca0ed28eacf843ff14c65
ea1a0d5985600fd0699ad59744a3dff23f211080
b5d878bd7b1fdeb60ae0ebe05f2481f550767043518b1d404be8951ab2738150

HTTP Headers

GET /aero-v1/sc/h/dkgve44sisif1wgwp8ozaxu1x HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Sun, 12 Nov 2023 13:20:45 GMT
last-modified: Wed, 05 Oct 2022 02:00:26 GMT
cache-control: max-age=604800, immutable
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0016601267; STORAGE_IN_GB=0.0
x-fs-uuid: 000608f1f094bff742646742229fd2bf
x-li-fabric: prod-lor1
x-content-type-options: nosniff
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYI8fCUv/dCZGdCIp/Svw==
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-ambry-blob-size: 478
accept-ranges: bytes
content-length: 478
content-type: image/svg+xml
content-disposition: attachment
remote-cache-status: TCP_HIT
date: Wed, 06 Dec 2023 17:05:54 GMT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/582r9vsvwmiwa75ujfqps3ivc

95.101.11.48

241 B

URL
static.licdn.com/aero-v1/sc/h/582r9vsvwmiwa75ujfqps3ivc
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
241 B (241 bytes)
Hash
583edc3d198b3a1117b1c92000728248
83d2af855c97c89b0c403d4db92e0a58a3d01601
98db6b44a8d0d3d6555c5cc022144921572e719b75b630f4dd8e2ffe4727afc8

HTTP Headers

GET /aero-v1/sc/h/582r9vsvwmiwa75ujfqps3ivc HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Fri, 20 Oct 2023 09:02:20 GMT
last-modified: Wed, 05 Oct 2022 01:59:24 GMT
cache-control: max-age=604800, immutable
remote-cache-status: TCP_HIT
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0012246395; STORAGE_IN_GB=0.0
x-fs-uuid: 0005ff51c18ef4ac1e13d9368dfb3b43
x-li-fabric: prod-ltx1
x-content-type-options: nosniff
x-li-pop: prod-ltx1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAX/UcGO9KweE9k2jfs7Qw==
x-ambry-blob-size: 241
accept-ranges: bytes
content-length: 241
content-type: image/svg+xml
content-disposition: attachment
x-datastream-cache-status: 1
date: Wed, 06 Dec 2023 17:05:54 GMT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/ddi43qwelxeqjxdd45pe3fvs1

95.101.11.48

200 OK

903 B

URL GET HTTP/2
static.licdn.com/aero-v1/sc/h/ddi43qwelxeqjxdd45pe3fvs1
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (355)
Size
903 B (903 bytes)
Hash
e1ebda90bd5ae40a05d2fbc7a7b4f9a1
564b16fb3ad295432b850ff58e7a19d30cc6fb22
870436155a72b520f5918f62c6d8f981ef76510e3cd8280266a7c270f6fdad49

HTTP Headers

GET /aero-v1/sc/h/ddi43qwelxeqjxdd45pe3fvs1 HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Sun, 30 Apr 2023 10:12:19 GMT
last-modified: Tue, 05 Apr 2022 02:04:43 GMT
cache-control: max-age=604800, immutable
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0019425489; STORAGE_IN_GB=0.0
x-fs-uuid: 000608eae1ce764aeef43534b7f3bb45
x-li-fabric: prod-lva1
x-content-type-options: nosniff
x-li-pop: prod-lva1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYI6uHOdkru9DU0t/O7RQ==
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-source-fabric: prod-lva1
x-ambry-blob-size: 2435
accept-ranges: bytes
content-type: image/svg+xml
content-disposition: attachment
remote-cache-status: TCP_HIT
x-datastream-cache-status: 1
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 903
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/an3u8gpta43rgjny4tzujbn6p

95.101.11.48

200 OK

0 B

URL HEAD HTTP/2
static.licdn.com/aero-v1/sc/h/an3u8gpta43rgjny4tzujbn6p
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /aero-v1/sc/h/an3u8gpta43rgjny4tzujbn6p HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 20 Sep 2023 11:17:08 GMT
accept-ranges: bytes
content-type: text/javascript
content-disposition: attachment
x-content-type-options: nosniff
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0024345396; STORAGE_IN_GB=0.0
x-fs-uuid: 000605db03f7aa329ffeef705de90d0f
x-li-fabric: prod-lva1
x-li-pop: prod-lva1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYF2wP3qjKf/u9wXekNDw==
remote-cache-status: TCP_HIT
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 20
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/eujtb1vcrk214ujxju6c7aa5k

95.101.11.48

200 OK

0 B

URL GET HTTP/2
static.licdn.com/aero-v1/sc/h/eujtb1vcrk214ujxju6c7aa5k
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /aero-v1/sc/h/eujtb1vcrk214ujxju6c7aa5k HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 Sep 2023 23:15:41 GMT
accept-ranges: bytes
content-type: text/css
content-disposition: attachment
x-content-type-options: nosniff
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0017617684; STORAGE_IN_GB=0.0
x-fs-uuid: 00060675f042811d4b74066a5cc7359a
x-li-fabric: prod-lor1
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYGdfBCgR1LdAZqXMc1mg==
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 170
remote-cache-status: TCP_HIT
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 20
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/obrlaav59g6ii1bi1f00nkdb

95.101.11.48

200 OK

0 B

URL GET HTTP/2
static.licdn.com/aero-v1/sc/h/obrlaav59g6ii1bi1f00nkdb
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /aero-v1/sc/h/obrlaav59g6ii1bi1f00nkdb HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 Sep 2023 23:15:42 GMT
accept-ranges: bytes
content-type: text/javascript
content-disposition: attachment
x-content-type-options: nosniff
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0021363483; STORAGE_IN_GB=0.0
x-fs-uuid: 00060920f619d76f6f8d7d3c80153a87
x-li-fabric: prod-ltx1
x-li-pop: prod-ltx1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYJIPYZ129vjX08gBU6hw==
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 20
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/9bbuw1exqj19blmqn9zm4f9il

95.101.11.48

200 OK

0 B

URL GET HTTP/2
static.licdn.com/aero-v1/sc/h/9bbuw1exqj19blmqn9zm4f9il
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /aero-v1/sc/h/9bbuw1exqj19blmqn9zm4f9il HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 21 Sep 2023 23:15:41 GMT
accept-ranges: bytes
content-type: text/javascript
content-disposition: attachment
x-content-type-options: nosniff
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0025582565; STORAGE_IN_GB=0.0
x-fs-uuid: 000607db462ffc7e9ee2a438f872b0a5
x-li-fabric: prod-ltx1
x-li-pop: prod-ltx1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYH20Yv/H6e4qQ4+HKwpQ==
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 20
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca

95.101.11.48

0 B

URL GET
static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 05 Apr 2022 06:07:09 GMT
accept-ranges: bytes
content-type: image/x-icon
x-content-type-options: nosniff
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0014693531; STORAGE_IN_GB=0.0
x-fs-uuid: 000607f5ddc9a3099786bb3a02a6024b
x-li-fabric: prod-ltx1
x-li-pop: prod-ltx1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYH9d3JowmXhrs6AqYCSw==
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 20
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/cyolgscd0imw2ldqppkrb84vo

95.101.11.48

201 B

URL
static.licdn.com/aero-v1/sc/h/cyolgscd0imw2ldqppkrb84vo
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
201 B (201 bytes)
Hash
daf7c1053e08e600e06c4115bf2181b4
452c1516e428c937762cac0842aec6fb3e48c84b
d960843fe85cfd71159433734acd16a8406bce0491bef7c4c361d6139168c64e

HTTP Headers

GET /aero-v1/sc/h/cyolgscd0imw2ldqppkrb84vo HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Tue, 28 Feb 2023 19:30:01 GMT
last-modified: Tue, 05 Apr 2022 02:04:42 GMT
cache-control: max-age=604800, immutable
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0016525544; STORAGE_IN_GB=0.0
x-fs-uuid: 00060995c3cc8d206dfd7af2d305df22
x-li-fabric: prod-lva1
x-content-type-options: nosniff
x-li-pop: prod-lva1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYJlcPMjSBt/Xry0wXfIg==
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
remote-cache-status: TCP_HIT
x-datastream-cache-status: 1
x-ambry-blob-size: 201
accept-ranges: bytes
content-length: 201
content-type: image/svg+xml
content-disposition: attachment
date: Wed, 06 Dec 2023 17:05:54 GMT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/e12h2cd8ac580qen9qdd0qks8

95.101.11.48

1.2 kB

URL
static.licdn.com/aero-v1/sc/h/e12h2cd8ac580qen9qdd0qks8
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (603)
Size
1.2 kB (1157 bytes)
Hash
ecfa6f7d77da7dde7c2ad63721188fb8
3f30d694caf8ddbf98d4cd720cad7fe6705461de
a40ef94220192d445dcdd662392c4def2b31a5f305901fa4d5eb4a73f7ef9351

HTTP Headers

GET /aero-v1/sc/h/e12h2cd8ac580qen9qdd0qks8 HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Wed, 25 Oct 2023 12:13:47 GMT
last-modified: Fri, 13 May 2022 17:24:11 GMT
cache-control: max-age=604800, immutable
remote-cache-status: TCP_HIT
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=4.9551578E-5; STORAGE_IN_GB=0.0
x-fs-uuid: 0005ea28027c3b02d5a8fae541f0a90e
x-li-fabric: prod-ltx1
x-li-pop: prod-ltx1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAXqKAJ8OwLVqPrlQfCpDg==
x-li-source-fabric: prod-lva1
x-ambry-blob-size: 2721
accept-ranges: bytes
content-type: image/svg+xml
content-disposition: attachment
x-content-type-options: nosniff
x-datastream-cache-status: 1
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 1157
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/80ndnja80f2uvg4l8sj2su82m

95.101.11.48

200 OK

21 kB

URL GET HTTP/2
static.licdn.com/aero-v1/sc/h/80ndnja80f2uvg4l8sj2su82m
IP
95.101.11.48:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (21278 bytes)
Hash
876f2fa2944feee72451e3a690d1985e
d30f9cd73ba3bdda113f2e4a2513938fdd90c460
3aea2efa28a6c1ce964301fc7264ac01a38b63d2b98f65f53e3877157249ec0c

HTTP Headers

GET /aero-v1/sc/h/80ndnja80f2uvg4l8sj2su82m HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Tue, 17 Oct 2023 11:55:27 GMT
last-modified: Fri, 08 Sep 2023 09:28:41 GMT
cache-control: max-age=604800, immutable
remote-cache-status: TCP_HIT
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-blob-size: 65933
accept-ranges: bytes
content-type: text/javascript
content-disposition: attachment
x-content-type-options: nosniff
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0031385198; STORAGE_IN_GB=0.0
x-fs-uuid: 000604dcf9a73e1215353423303cfc8a
x-li-fabric: prod-lva1
x-li-pop: prod-lva1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAYE3PmnPhIVNTQjMDz8ig==
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 21278
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

static.licdn.com/aero-v1/sc/h/6y2czwba46q3wsh2b0d0g6trj

95.101.11.48

80 kB

URL
static.licdn.com/aero-v1/sc/h/6y2czwba46q3wsh2b0d0g6trj
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectstatic-exp1.licdn.com
FingerprintA4:83:15:AF:E8:24:5C:22:E6:8D:67:8F:10:52:F1:9D:B4:3A:90:23
ValidityFri, 17 Mar 2023 00:00:00 GMT - Tue, 19 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1354)
Size
80 kB (79505 bytes)
Hash
3466c3546b879bdb4a79406b9ef290d4
78cf10d8cabb9ab2ad44d2458ca6381d2e977f30
fa1cf3165b1ee205ca25b8a88813d8db332221c3ffd92b2e100c2dc109015dd1

HTTP Headers

GET /aero-v1/sc/h/6y2czwba46q3wsh2b0d0g6trj HTTP/1.1
Host: static.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Wed, 30 Aug 2023 01:15:47 GMT
last-modified: Fri, 14 Oct 2022 07:00:01 GMT
cache-control: max-age=604800, immutable
remote-cache-status: TCP_HIT
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.0018059341; STORAGE_IN_GB=0.0
x-fs-uuid: 0005fe96debc39913fdcbd16ad346ec7
x-li-fabric: prod-lor1
x-content-type-options: nosniff
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAX+lt68OZE/3L0WrTRuxw==
x-ambry-blob-size: 186380
accept-ranges: bytes
content-type: text/javascript
content-disposition: attachment
x-datastream-cache-status: 1
vary: Accept-Encoding
content-encoding: gzip
date: Wed, 06 Dec 2023 17:05:54 GMT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

www.linkedin.com/cookie-consent/

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/cookie-consent/
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /cookie-consent/ HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 74
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; Max-Age=15552000; Expires=Mon, 03 Jun 2024 17:05:54 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 05-Dec-2024 17:05:54 GMT; SameSite=None
bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; domain=.www.linkedin.com; Path=/; Secure; Expires=Thu, 05-Dec-2024 17:05:54 GMT; HttpOnly; SameSite=None
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l02S4tLV0mNu0GNMg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 26AFCCF3F750480C87CC10E671ED2EDD Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:54Z
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/litms/api/metadata/user

13.107.42.14

200 OK

226 B

URL GET HTTP/2
www.linkedin.com/litms/api/metadata/user
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (345), with no line terminators
Size
226 B (226 bytes)
Hash
ccb8e9f87744d3b614cadf7b951ae5ea
da1e0528d0b7377a965b569dae93a8ea0e8dbacb
6b6676ca025aaa38464ebd3b1a6c642e3d7feef94b66595fa183f0d76da5f222

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

GET /litms/api/metadata/user HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 226
content-type: application/json
content-encoding: gzip
expires: Thu, 01 Jan 1970 00:00:00 GMT
vary: Origin,Accept-Encoding
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l02b6Tk6b/YuQ5S8w==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: C329374311944DB98D704145D86B77FA Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:54Z
date: Wed, 06 Dec 2023 17:05:54 GMT
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12578
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l02l1Cx4HAqUmqcXQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: A18AB9E6DDD84B3BBE09FD69D501872D Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:54Z
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/aero-v1/sc/h/bxullzz73p3hhf78t6sj3w6pb

13.107.42.14

200 OK

5.0 kB

URL GET HTTP/2
www.linkedin.com/aero-v1/sc/h/bxullzz73p3hhf78t6sj3w6pb
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (523)
Size
5.0 kB (5039 bytes)
Hash
c9af861b3945afc33b17cd522ca638ef
c599f4dcba079461272503b0b1c64e81a9263d4c
30594a90dd8a6944015a199be410d7f6810ba106a7d57d42f740c0da46a70865

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

GET /aero-v1/sc/h/bxullzz73p3hhf78t6sj3w6pb HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 5039
content-type: text/javascript
expires: Thu, 01 Jan 1970 00:00:00 GMT
last-modified: Fri, 14 Oct 2022 06:29:29 GMT
accept-ranges: bytes
x-ambry-target-account-name: aero
x-ambry-target-container-name: assets
x-ambry-blob-size: 5039
content-disposition: attachment
x-content-type-options: nosniff
x-ambry-request-cost: READ_CAPACITY_UNIT=1.0; STORAGE_IN_GB=0.0
x-ambry-user-quota-warning: HEALTHY
x-ambry-user-quota-usage: READ_CAPACITY_UNIT=0.00126127; STORAGE_IN_GB=0.0
strict-transport-security: max-age=31536000
x-frame-options: sameorigin
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l02toNZVwhxA+zrDA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: A0BE02D4F8CD416BAD1CEE5365A2F5EF Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:54Z
date: Wed, 06 Dec 2023 17:05:54 GMT
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1647
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l04/Bv+GplEY02jpg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: DCA3C06F407A450EB83F9EA31A28E940 Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:54Z
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/platform-telemetry/li/collect

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/platform-telemetry/li/collect
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /platform-telemetry/li/collect HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 1920
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==; Max-Age=604800; Expires=Wed, 13 Dec 2023 17:05:55 GMT; SameSite=None; Path=/; Secure
bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 05-Dec-2024 17:05:55 GMT; SameSite=None
bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; domain=.www.linkedin.com; Path=/; Secure; Expires=Thu, 05-Dec-2024 17:05:55 GMT; HttpOnly; SameSite=None
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l04zIUr7J4r3QsxqA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 11A2BBFDCA714D89B1E99F52C7316886 Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:54Z
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2030
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l08fnURMJ8MyceHKQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 4D67EA8303A7470ABF83B16E16DDE4DD Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:55Z
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 0
X-Firefox-Spdy: h2

ps.azurewaf.microsoft.com/event?correlationId=7743ad23-f9d4-478c-8a5b-20d63428073f&type=ping

13.107.213.53

0 B

URL
ps.azurewaf.microsoft.com/event?correlationId=7743ad23-f9d4-478c-8a5b-20d63428073f&type=ping
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event?correlationId=7743ad23-f9d4-478c-8a5b-20d63428073f&type=ping HTTP/1.1
Host: ps.azurewaf.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.linkedin.com/
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
set-cookie: TiPMix=2.115683137281188; path=/; HttpOnly; Domain=mouselogdatacollection.azurewebsites.net; Max-Age=3600; Secure; SameSite=None
x-ms-routing-name=self; path=/; HttpOnly; Domain=mouselogdatacollection.azurewebsites.net; Max-Age=3600; Secure; SameSite=None
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
strict-transport-security: max-age=2592000
request-context: appId=cid-v1:b972f5ff-0dbf-487c-8b8c-19607927d2c0
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 086lwZQAAAABu6SMt24BuSrx6k1S1hW5KU1ZHMjBFREdFMDYwOAAzNmQyZWNiZi02MGQwLTQ5YWUtOWEyNy02YmZhOGI1MGU0OGQ=
date: Wed, 06 Dec 2023 17:05:55 GMT
X-Firefox-Spdy: h2

ps.azurewaf.microsoft.com/event?correlationId=7743ad23-f9d4-478c-8a5b-20d63428073f&type=ping

13.107.213.53

0 B

URL
ps.azurewaf.microsoft.com/event?correlationId=7743ad23-f9d4-478c-8a5b-20d63428073f&type=ping
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /event?correlationId=7743ad23-f9d4-478c-8a5b-20d63428073f&type=ping HTTP/1.1
Host: ps.azurewaf.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1707
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
set-cookie: TiPMix=69.30136279772462; path=/; HttpOnly; Domain=mouselogdatacollection.azurewebsites.net; Max-Age=3600; Secure; SameSite=None
x-ms-routing-name=self; path=/; HttpOnly; Domain=mouselogdatacollection.azurewebsites.net; Max-Age=3600; Secure; SameSite=None
access-control-allow-origin: *
strict-transport-security: max-age=2592000
request-context: appId=cid-v1:b972f5ff-0dbf-487c-8b8c-19607927d2c0
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 086lwZQAAAAA83STyXkyJT6GjhSy260MTU1ZHMjBFREdFMDYwOAAzNmQyZWNiZi02MGQwLTQ5YWUtOWEyNy02YmZhOGI1MGU0OGQ=
date: Wed, 06 Dec 2023 17:05:55 GMT
content-length: 0
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361265_892367&as=aFUilrVNHSG8ZLgzd1vUMw
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google Sans MediumRegularGoogle;GoogleSans-Medium\012- data
Size
27 kB (27431 bytes)
Hash
9ecc1a07aa9e5e87f04d31b49ca09897
a030a565d2168e505861d6f1de260dc1adf8b77b
ebeace42646aa327b1fa6225f70120658993d4796cc9103484a6f068d3a58a6d

HTTP Headers

GET /s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27431
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 588542
last-modified: Mon, 22 Apr 2019 23:43:31 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=-2&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361254_434727&as=aFUilrVNHSG8ZLgzd1vUMw&hl=en_US
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google SansRegularGoogle;GoogleSans-RegularGoogle\012- data
Size
27 kB (27191 bytes)
Hash
20f7180ebc95ade510a7fbd4cbdc35b6
6cfc5afa73095577a20461de09d2a8f4b34d80e0
8087cf253743d85d9153ba12ce624c2e460e966c40a61928b3a036a2d452f45a

HTTP Headers

GET /s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:18:29 GMT
expires: Tue, 03 Dec 2024 23:18:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2019 23:42:54 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 150446
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361265_892367&as=aFUilrVNHSG8ZLgzd1vUMw
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google Sans MediumRegularGoogle;GoogleSans-Medium\012- data
Size
27 kB (27431 bytes)
Hash
9ecc1a07aa9e5e87f04d31b49ca09897
a030a565d2168e505861d6f1de260dc1adf8b77b
ebeace42646aa327b1fa6225f70120658993d4796cc9103484a6f068d3a58a6d

HTTP Headers

GET /s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27431
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 588542
last-modified: Mon, 22 Apr 2019 23:43:31 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=-2&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361254_434727&as=aFUilrVNHSG8ZLgzd1vUMw&hl=en_US
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, Copyright 2015 Google LLC. All Rights Reserved.Google SansRegularGoogle;GoogleSans-RegularGoogle\012- data
Size
27 kB (27191 bytes)
Hash
20f7180ebc95ade510a7fbd4cbdc35b6
6cfc5afa73095577a20461de09d2a8f4b34d80e0
8087cf253743d85d9153ba12ce624c2e460e966c40a61928b3a036a2d452f45a

HTTP Headers

GET /s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owps.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:18:29 GMT
expires: Tue, 03 Dec 2024 23:18:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2019 23:42:54 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 150446
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 16075
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l1EgmXc3Qmaw6hSTg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: A6C1C27660DE4F73A3AD3DFA6131586B Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:55Z
date: Wed, 06 Dec 2023 17:05:54 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1014
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l1TsfpThMm7AuZIgw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 3A7EF7DD04BD4FCA9F38B559C2EC38DC Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:56Z
date: Wed, 06 Dec 2023 17:05:55 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1014
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l1yMxIJoAXcSaG2Fw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 74850B04397749529D4094D09494A8C7 Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:05:58Z
date: Wed, 06 Dec 2023 17:05:57 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1014
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l2Q5MMBTSrs0WNdNA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 73055A15C99F42C794D73F8FF2E3FE44 Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:06:00Z
date: Wed, 06 Dec 2023 17:05:59 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1014
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l2va/z98nGt2MBXlg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9F4C8D02EBEB49C3B4516BA623F4898C Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:06:02Z
date: Wed, 06 Dec 2023 17:06:01 GMT
content-length: 0
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1014
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l3OBAUc0jMBfa2c6Q==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9FD77396DC2844EAB437D78B1D1592BA Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:06:04Z
date: Wed, 06 Dec 2023 17:06:03 GMT
content-length: 0
X-Firefox-Spdy: h2

play.google.com/log?format=json&hasfast=true&authuser=0

142.250.74.14

200 OK

0 B

URL POST HTTP/2
play.google.com/log?format=json&hasfast=true&authuser=0
IP
142.250.74.14:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=-2&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361254_434727&as=aFUilrVNHSG8ZLgzd1vUMw&hl=en_US
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://accounts.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 06 Dec 2023 17:06:05 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+808; expires=Fri, 05-Dec-2025 17:06:05 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 06 Dec 2023 17:06:05 GMT
cache-control: private
X-Firefox-Spdy: h2

play.google.com/log?format=json&hasfast=true&authuser=0

142.250.74.14

200 OK

131 B

URL POST HTTP/2
play.google.com/log?format=json&hasfast=true&authuser=0
IP
142.250.74.14:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=-2&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361254_434727&as=aFUilrVNHSG8ZLgzd1vUMw&hl=en_US
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 453
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://accounts.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Wed, 06 Dec 2023 17:06:05 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+205; expires=Fri, 05-Dec-2025 17:06:05 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 06 Dec 2023 17:06:05 GMT
X-Firefox-Spdy: h2

play.google.com/log?format=json&hasfast=true&authuser=0

142.250.74.14

200 OK

131 B

URL POST HTTP/2
play.google.com/log?format=json&hasfast=true&authuser=0
IP
142.250.74.14:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=-2&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361254_434727&as=aFUilrVNHSG8ZLgzd1vUMw&hl=en_US
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 453
Origin: https://accounts.google.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://accounts.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Wed, 06 Dec 2023 17:06:05 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+885; expires=Fri, 05-Dec-2025 17:06:05 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 06 Dec 2023 17:06:05 GMT
X-Firefox-Spdy: h2

www.linkedin.com/li/track

13.107.42.14

200 OK

0 B

URL POST HTTP/2
www.linkedin.com/li/track
IP
13.107.42.14:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - LinkedIn

HTTP Headers

POST /li/track HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1014
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; bscookie="v=1&20231206170552120e0bc1-04d3-40f6-8332-77aa13a11078AQF8c-6tD7oxNxYe1XZ3xTHfEtetmGtb"; li_gc=MTs0MjsxNzAxODgyMzU0OzI7MDIxrG9N8tF3CF1Nn5fudgobk1fTtIE+Rxe8baYkPyVnKAY=; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; fid=AQFw5jqxZ9lMnAAAAYxAF9iAlGsYNCvuDqlcDGmUwASNH6nInLC4sakUIOIkBUMeD9fijcQHHUJbeA; JSESSIONID=ajax:8229369267889637723; lang=v=2&lang=en-us; li_alerts=e30=; fcookie=AQFxBaU0JA388AAAAYxAF92VMdt9j4oDcAxvqEwzr1WU5C_Yfvti-7DZeoSoAn3PuAFNoKMZizZRIVstUmGKT2dBD7bWi_wQWUfqNf5NxRZMuZBgrbevSr5rSt4RQcNGvqB1At9kmzJrFHKyh_Yvk34ZV5W5bWoISoVkQveWrGennC_93HaN0WF-8su-HczjYm2zEydbeRT9VScOemx6tMAo2YNAZG4q9_t28EV7FXtIOgG4mLMm3Ub1ZgLMdo/3cd2+kK/4e7p/lPt99OiIPGBVnNqOeBc4nCnt/hwgx2uvXdz5SlG8ZPmrqOwkffQc3PnYTFcAAObtQ2BA==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/plain; charset=utf-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: sameorigin
content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYL2l3se896vYbbUzOZyw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 98CACDAE5AFE418BBFA688B994521AC5 Ref B: OSL30EDGE0219 Ref C: 2023-12-06T17:06:06Z
date: Wed, 06 Dec 2023 17:06:05 GMT
content-length: 0
X-Firefox-Spdy: h2

platform.linkedin.com/litms/utag/seo-directory-frontend/utag.js?cb=1701882300000

95.101.11.184

200 OK

21 kB

URL GET HTTP/2
platform.linkedin.com/litms/utag/seo-directory-frontend/utag.js?cb=1701882300000
IP
95.101.11.184:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerDigiCert Inc
Subjectplatform.linkedin.com
Fingerprint4B:93:3D:B1:BC:00:2B:2E:AE:1F:AE:FD:0C:60:BD:19:AB:04:FE:CC
ValidityWed, 17 May 2023 00:00:00 GMT - Thu, 16 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20936), with no line terminators
Size
21 kB (20936 bytes)
Hash
0c2b8986d74a36a37dc8e3201286c08e
bbce2e43ca1c0971183de4c124b52505a71dd385
2d6c8342e9f1b0d7aeab334afbb5b66f07c2fe525d94c1dcf98a88b395c0afbb

HTTP Headers

GET /litms/utag/seo-directory-frontend/utag.js?cb=1701882300000 HTTP/1.1
Host: platform.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/
Cookie: bcookie="v=2&63028f78-a41d-4467-8a21-b659113bada6"; li_gc=MTswOzE3MDE4ODIzNTI7MjswMjGS1Mv74SwG1Awg27Ay5wm6MwvaWm7/y5+7gxOx8Ts4xg==; lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2663:u=1:x=1:i=1701882353:t=1701968753:v=2:sig=AQFPLZEX5cjioFiV_vyRv_OtgmSGbKys"; rtc=AQFvodVKMPSfjwAAAYxAF9VoIgrBol4OFDODIl2TnOreqS6C3a1Y4qik9lzTqYHmPYRpLOfZPajubm_nw1ziBK6HZtN0cj6kbN0iQIPqG9i21jDfdqqMjjuhvrLQ_srI_pZgeTVgdndMLpLqcNJOm1bP_FrmsmxsJTjDsDkidm-CcIk_HPObUfb2pbx_LLiAsiSATSMyA9uI3ACi2RXa34TOTr2mIKJlESLdHdXotxzE0-2SYWz2NKufW_7LrJgoEw==; lang=v=2&lang=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
etag: "b0e65bfa4c60473917780fc2e3ec3be35125308c"
server: Play
accept-ranges: bytes
cache-control: max-age=300
last-modified: Sat, 02 Dec 2023 16:52:02 GMT
content-encoding: gzip
content-length: 7270
content-type: application/javascript; charset=utf-8
x-li-fabric: prod-lva1
x-content-type-options: nosniff
x-li-pop: prod-lva1-x
x-li-proto: http/1.1
x-li-uuid: AAYL2loaZVVLPzdLc91/jw==
date: Wed, 06 Dec 2023 17:05:54 GMT
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
X-Firefox-Spdy: h2

accounts.google.com/gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=aFUilrVNHSG8ZLgzd1vUMw

64.233.161.84

200 OK

40 B

URL GET HTTP/2
accounts.google.com/gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=aFUilrVNHSG8ZLgzd1vUMw
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintF3:FB:54:1B:21:E9:69:01:41:02:BB:D0:97:A2:BA:45:72:5A:71:D8
ValidityMon, 20 Nov 2023 08:09:49 GMT - Mon, 12 Feb 2024 08:09:48 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
a771b9a37a52140bb98eba3f0c877827
44a5ffef49bfa514623ed368e516e72439aaf77f
65b62e058d2c29353a645e88b905f45192f02d1a2caeacf30ff23c840cf93554

HTTP Headers

GET /gsi/status?client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&as=aFUilrVNHSG8ZLgzd1vUMw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.linkedin.com
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
x-content-type-options: nosniff
access-control-allow-origin: https://www.linkedin.com
access-control-allow-credentials: true
access-control-allow-methods: GET
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 06 Dec 2023 17:05:55 GMT
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-yyzzyp9jsvKFNwCkCmBqNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361265_892367&as=aFUilrVNHSG8ZLgzd1vUMw

64.233.161.84

200 OK

116 kB

URL GET HTTP/2
accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361265_892367&as=aFUilrVNHSG8ZLgzd1vUMw
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://www.linkedin.com/authwall?trk=gf&trkInfo=AQGJEgVV4u1seQAAAYxAF9VopWgYfMknHkLUPXvbiiy_ktw-SqmS79uLzMcfHESAkc8uubnRouzHSdw4tN9Eh4vCQdzxk0GAOo_nL_OyIDdFseET70axHsEFlhMuymIsu1yVVYU=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidmarco1
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintF3:FB:54:1B:21:E9:69:01:41:02:BB:D0:97:A2:BA:45:72:5A:71:D8
ValidityMon, 20 Nov 2023 08:09:49 GMT - Mon, 12 Feb 2024 08:09:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7754)
Size
116 kB (115720 bytes)
Hash
0a4c893bcaf6e0f2f66ac158e6bc01df
80b54ff9de1fe83f6c3c48ebfee05b219f154cef
be57a5452a3fbf0e4a5e9f50691da7c76f24decb4117a71dda19a69d4a8bef8b

HTTP Headers

GET /gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_361265_892367&as=aFUilrVNHSG8ZLgzd1vUMw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.linkedin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 06 Dec 2023 17:05:55 GMT
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'nonce-f9I3G6ypX3CkAkNijj6R_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by