urlscan.io logo urlscan.io
SecurityTrails logo

gtdiv.com Open in urlscan Pro
162.241.230.102  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://disq.us/?url=http%3A%2F%2Ftanjorepaintinggoldfoil.com%2Fini_menu-en-GB.localise.php&key=-04bgPDVPe7lD2DB...
Effective URL: http://gtdiv.com/wp-includes/js/jcrop/porc.html
Submission: On March 12 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 8 HTTP transactions. The main IP is 162.241.230.102, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is gtdiv.com.
This is the only time gtdiv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: LinkedIn (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 151.101.0.64 54113 (FASTLY)
1 1 66.147.242.85 46606 (UNIFIEDLA...)
3 162.241.230.102 46606 (UNIFIEDLA...)
4 2606:2800:233... 15133 (EDGECAST)
8 3
Apex Domain
Subdomains		 Transfer
4 licdn.com
static.licdn.com
140 KB
3 gtdiv.com
gtdiv.com
19 KB
1 tanjorepaintinggoldfoil.com
tanjorepaintinggoldfoil.com
220 B
1 disq.us
disq.us
611 B
8 4
Domain Requested by
4 static.licdn.com gtdiv.com
3 gtdiv.com disq.us
static.licdn.com
1 tanjorepaintinggoldfoil.com 1 redirects
1 disq.us
8 4

This site contains links to these domains. Also see Links.

Domain
linkedin.com
Subject Issuer Validity Valid
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-10-10 -
2021-10-14		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://gtdiv.com/wp-includes/js/jcrop/porc.html
Frame ID: 760395AD638A18A84AC2842AC0C9509B
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://disq.us/?url=http%3A%2F%2Ftanjorepaintinggoldfoil.com%2Fini_menu-en-GB.localise.php&... Page URL
  2. http://tanjorepaintinggoldfoil.com/ini_menu-en-GB.localise.php HTTP 302
    http://gtdiv.com/wp-includes/js/jcrop/porc.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

50 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

159 kB
Transfer

520 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://disq.us/?url=http%3A%2F%2Ftanjorepaintinggoldfoil.com%2Fini_menu-en-GB.localise.php&key=-04bgPDVPe7lD2DBKvCI8w Page URL
  2. http://tanjorepaintinggoldfoil.com/ini_menu-en-GB.localise.php HTTP 302
    http://gtdiv.com/wp-includes/js/jcrop/porc.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
disq.us/ 		351 B
611 B 		Document
General
Check archive.org
Download Go to
Full URL
http://disq.us/?url=http%3A%2F%2Ftanjorepaintinggoldfoil.com%2Fini_menu-en-GB.localise.php&key=-04bgPDVPe7lD2DBKvCI8w
Protocol
HTTP/1.1
Server
151.101.0.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b8896869193cf04de400c40ddb579436db9f41ff6cac12657f934ab11399aec4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disq.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Content-Type
text/html
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Expires
Thu, 12 Mar 2020 22:05:10 GMT
Cache-Control
max-age=3600
Content-Encoding
gzip
X-Backend
shortener
Disqus-Cachetype
TTL
Disqus-NoCache
1
Content-Length
213
Date
Thu, 12 Mar 2020 22:00:11 GMT
Age
3301
Connection
keep-alive
Vary
Accept-Encoding
Primary Request porc.html
gtdiv.com/wp-includes/js/jcrop/
Redirect Chain
  • http://tanjorepaintinggoldfoil.com/ini_menu-en-GB.localise.php
  • http://gtdiv.com/wp-includes/js/jcrop/porc.html
22 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://gtdiv.com/wp-includes/js/jcrop/porc.html
Requested by
Host: disq.us
URL: http://disq.us/?url=http%3A%2F%2Ftanjorepaintinggoldfoil.com%2Fini_menu-en-GB.localise.php&key=-04bgPDVPe7lD2DBKvCI8w
Protocol
HTTP/1.1
Server
162.241.230.102 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5282.bluehost.com
Software
nginx/1.17.6 /
Resource Hash
f1c9763c0931270f53781a3a8243af691d885f8678686ee78361c72559453d41

Request headers

Host
gtdiv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://disq.us/?url=http%3A%2F%2Ftanjorepaintinggoldfoil.com%2Fini_menu-en-GB.localise.php&key=-04bgPDVPe7lD2DBKvCI8w
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://disq.us/?url=http%3A%2F%2Ftanjorepaintinggoldfoil.com%2Fini_menu-en-GB.localise.php&key=-04bgPDVPe7lD2DBKvCI8w

Response headers

Date
Thu, 12 Mar 2020 22:00:12 GMT
Server
nginx/1.17.6
Content-Type
text/html
Content-Length
8455
Last-Modified
Thu, 12 Mar 2020 20:04:34 GMT
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Server-Cache
false

Redirect headers

Server
nginx/1.14.1
Date
Thu, 12 Mar 2020 22:00:12 GMT
Content-Type
text/html
Content-Length
0
Connection
keep-alive
Location
http://gtdiv.com/wp-includes/js/jcrop/porc.html
31mqu6a6sydhthsyjzi3v5coe
static.licdn.com/sc/h/br/ 		70 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.licdn.com/sc/h/br/31mqu6a6sydhthsyjzi3v5coe
Requested by
Host: gtdiv.com
URL: http://gtdiv.com/wp-includes/js/jcrop/porc.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1a99:2aa:1474:167d:2694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F4C) /
Resource Hash
1cfe4c996a730d4001d94dc792f36503e3d055aa129a1fbbb9f739180fa4a19e

Request headers

Referer
http://gtdiv.com/wp-includes/js/jcrop/porc.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

X-LI-Proto
http/1.1
Date
Thu, 12 Mar 2020 22:00:12 GMT
Content-Encoding
br
X-CDN-CLIENT-IP-VERSION
IPV6
X-CDN
ECST
Age
1977312
X-FS-TXN-ID
2ac2df519fe0
X-Cache
HIT
X-CDN-Proto
HTTP1
X-LI-Static-Content
1
X-Li-Pop
prod-tln1
Content-Length
19607
X-LI-UUID
7g3HNBqn9BVAfSIpqysAAA==
X-FS-UUID
e1f40cbdd2d2f015304a25769a2b0000
Last-Modified
Mon, 05 Nov 2012 04:00:51 GMT
Server
ECAcc (frc/8F4C)
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control
max-age=31536000, immutable
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Li-Fabric
prod-lor1
Expires
Fri, 05 Feb 2021 13:21:11 GMT
64qgwz5qqroaggxqxu6370jvs
static.licdn.com/sc/h/br/ 		185 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.licdn.com/sc/h/br/64qgwz5qqroaggxqxu6370jvs
Requested by
Host: gtdiv.com
URL: http://gtdiv.com/wp-includes/js/jcrop/porc.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1a99:2aa:1474:167d:2694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8EA2) /
Resource Hash
5439c1a615806b62849178f075c081bd09a195233477f3b324a1531c4bf20a4a

Request headers

Referer
http://gtdiv.com/wp-includes/js/jcrop/porc.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

X-LI-Proto
http/1.1
Date
Thu, 12 Mar 2020 22:00:12 GMT
Content-Encoding
br
X-CDN-CLIENT-IP-VERSION
IPV6
X-CDN
ECST
Age
11660405
X-LI-Static-Content
1
X-Cache
HIT
X-CDN-Proto
HTTP1
X-Li-Pop
prod-eda6
Content-Length
85215
X-LI-UUID
mbv2PmJA0hVQCdMgDSsAAA==
X-FS-UUID
5bdaba67ac2dcc1500e2cbd2962b0000
Last-Modified
Mon, 05 Nov 2012 04:00:51 GMT
Server
ECAcc (frc/8EA2)
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control
max-age=31536000, immutable
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Li-Fabric
prod-lor1
Expires
Fri, 09 Oct 2020 04:09:48 GMT
39q1xngfynmqegl2ijphoun57
static.licdn.com/sc/h/br/ 		63 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.licdn.com/sc/h/br/39q1xngfynmqegl2ijphoun57
Requested by
Host: gtdiv.com
URL: http://gtdiv.com/wp-includes/js/jcrop/porc.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1a99:2aa:1474:167d:2694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8EA8) /
Resource Hash
7a911a2da379cea15d972eceae5a13918db397ae2110e20349d7323c60b1e446

Request headers

Referer
http://gtdiv.com/wp-includes/js/jcrop/porc.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

X-LI-Proto
http/1.1
Date
Thu, 12 Mar 2020 22:00:12 GMT
Content-Encoding
br
NEL
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
X-CDN
ECST
Age
1977312
X-FS-TXN-ID
2b5b049054e0
X-Cache
HIT
X-CDN-Proto
HTTP1
X-LI-Static-Content
1
X-Li-Pop
prod-efr5
Content-Length
16606
X-LI-UUID
ORN1Mhqn9BWgj+8MWysAAA==
X-FS-UUID
17f5666f2f90f415000001dc592b0000
Last-Modified
Mon, 05 Nov 2012 04:00:51 GMT
Server
ECAcc (frc/8EA8)
X-CDN-CLIENT-IP-VERSION
IPV6
Vary
Accept-Encoding
Report-To
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control
max-age=31536000, immutable
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Li-Fabric
prod-lva1
Expires
Wed, 17 Feb 2021 17:45:02 GMT
%2Fcheckpoint-frontend%2Fstylesheets%2Flogin%2Forganic%2Fdesktop_en_US.css
static.licdn.com/sc/p/com.linkedin.checkpoint%3Acheckpoint-static-content%2B2.0.647/f/ 		156 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.licdn.com/sc/p/com.linkedin.checkpoint%3Acheckpoint-static-content%2B2.0.647/f/%2Fcheckpoint-frontend%2Fstylesheets%2Flogin%2Forganic%2Fdesktop_en_US.css
Requested by
Host: gtdiv.com
URL: http://gtdiv.com/wp-includes/js/jcrop/porc.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1a99:2aa:1474:167d:2694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E99) /
Resource Hash
203eaa07150030c25a469cc308b564930ece1e9268fc2cdd21de491036810b51

Request headers

Referer
http://gtdiv.com/wp-includes/js/jcrop/porc.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

X-LI-Proto
http/1.1
Date
Thu, 12 Mar 2020 22:00:12 GMT
Content-Encoding
gzip
X-CDN-CLIENT-IP-VERSION
IPV6
X-CDN
ECST
Age
1977312
X-FS-TXN-ID
2ae1624f6a60
X-Cache
HIT
X-CDN-Proto
HTTP1
X-LI-Static-Content
1
X-Li-Pop
prod-tln1
Content-Length
18214
X-LI-UUID
VHfTNBqn9BVgg0eu9ioAAA==
X-FS-UUID
3ed11fbf6a95eb15b05a32f0312b0000
Last-Modified
Mon, 05 Nov 2012 04:00:51 GMT
Server
ECAcc (frc/8E99)
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-CDN, X-CDN-CLIENT-IP-VERSION, X-CDN-Proto
Cache-Control
max-age=31536000, immutable
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Li-Fabric
prod-lor1
Expires
Tue, 19 Jan 2021 11:39:40 GMT
track
gtdiv.com/li/ 		12 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://gtdiv.com/li/track
Requested by
Host: static.licdn.com
URL: https://static.licdn.com/sc/h/br/39q1xngfynmqegl2ijphoun57
Protocol
HTTP/1.1
Server
162.241.230.102 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5282.bluehost.com
Software
Apache /
Resource Hash
7fae05ce57f55c0e4a3109fb50d86b3d58792622c8db5d841a5ffae72a47ddb7

Request headers

Csrf-Token
Origin
http://gtdiv.com
Referer
http://gtdiv.com/wp-includes/js/jcrop/porc.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/json

Response headers

Date
Thu, 12 Mar 2020 22:00:13 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
Link
<https://gtdiv.com/wp-json/>; rel="https://api.w.org/"
Content-Length
5049
Expires
Wed, 11 Jan 1984 05:00:00 GMT
track
gtdiv.com/li/ 		12 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://gtdiv.com/li/track
Requested by
Host: static.licdn.com
URL: https://static.licdn.com/sc/h/br/39q1xngfynmqegl2ijphoun57
Protocol
HTTP/1.1
Server
162.241.230.102 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5282.bluehost.com
Software
Apache /
Resource Hash
7fae05ce57f55c0e4a3109fb50d86b3d58792622c8db5d841a5ffae72a47ddb7

Request headers

Referer
http://gtdiv.com/wp-includes/js/jcrop/porc.html
Origin
http://gtdiv.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type
application/json

Response headers

Date
Thu, 12 Mar 2020 22:00:13 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Upgrade
h2,h2c
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Upgrade
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Type
text/html; charset=UTF-8
Link
<https://gtdiv.com/wp-json/>; rel="https://api.w.org/"
Content-Length
5049
Expires
Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: LinkedIn (Social Network)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| LI object| artdeco object| _artdecoBakedCurves object| Fingerprinting function| Ubba_fetch object| rumTracking

0 Cookies

1 Console Messages

Source Level URL
Text
console-api error URL: https://static.licdn.com/sc/h/br/39q1xngfynmqegl2ijphoun57(Line 27)
Message:
[object XMLHttpRequest]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block