m.ll-linkt-toll.net
Open in
urlscan Pro
104.21.47.104
Malicious Activity!
Public Scan
Effective URL: https://m.ll-linkt-toll.net/
Submission: On December 20 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by GTS CA 1P5 on December 18th 2023. Valid for: 3 months.
This is the only time m.ll-linkt-toll.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Linkt (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
13 | 104.21.47.104 104.21.47.104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.67.10 142.250.67.10 | 15169 (GOOGLE) (GOOGLE) | |
3 | 45.60.48.24 45.60.48.24 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 172.217.24.35 172.217.24.35 | 15169 (GOOGLE) (GOOGLE) | |
18 | 4 |
ASN15169 (GOOGLE, US)
PTR: syd15s16-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: syd15s20-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
ll-linkt-toll.net
m.ll-linkt-toll.net |
367 KB |
3 |
linkt.com.au
manage.linkt.com.au |
5 KB |
1 |
gstatic.com
fonts.gstatic.com |
48 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29 |
2 KB |
1 |
bit.ly
1 redirects
bit.ly — Cisco Umbrella Rank: 5695 |
287 B |
18 | 5 |
Domain | Requested by | |
---|---|---|
13 | m.ll-linkt-toll.net |
m.ll-linkt-toll.net
|
3 | manage.linkt.com.au |
m.ll-linkt-toll.net
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
m.ll-linkt-toll.net
|
1 | bit.ly | 1 redirects |
18 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ll-linkt-toll.net GTS CA 1P5 |
2023-12-18 - 2024-03-17 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q4 |
2023-11-17 - 2024-05-15 |
6 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-11-27 - 2024-02-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://m.ll-linkt-toll.net/
Frame ID: 70ED666939D081007817116EA2E1E80B
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
linktPage URL History Show full URLs
-
https://bit.ly/41qFxZE
HTTP 301
https://m.ll-linkt-toll.net/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/41qFxZE
HTTP 301
https://m.ll-linkt-toll.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
m.ll-linkt-toll.net/ Redirect Chain
|
828 B 835 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.js
m.ll-linkt-toll.net/ |
60 B 472 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.5f41e082.js
m.ll-linkt-toll.net/js/ |
959 KB 258 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.15421053.js
m.ll-linkt-toll.net/js/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.2b35c01c.css
m.ll-linkt-toll.net/css/ |
206 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.a8c9b542.css
m.ll-linkt-toll.net/css/ |
57 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkIp
m.ll-linkt-toll.net/api/card/fish/ |
41 B 439 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visits
m.ll-linkt-toll.net/api/num/record/ |
41 B 321 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user
m.ll-linkt-toll.net/api/card/websocket-domain/ |
114 B 428 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
linkt_logo.93d970a4.svg
m.ll-linkt-toll.net/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-Transurban.cc5a7e14.png
m.ll-linkt-toll.net/img/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-twitter.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
545 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook-icon.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
494 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-youtube.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
424 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
element-icons.ff18efd1.woff
m.ll-linkt-toll.net/fonts/ |
28 KB 28 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 48 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user
m.ll-linkt-toll.net/api/card/websocket-domain/ |
114 B 378 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Linkt (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| webpackChunklinkt function| clearImmediate function| setImmediate function| _ object| $cookies9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
m.ll-linkt-toll.net/api | Name: JSESSIONID Value: 81CC5B2BC1BE84E96CC51FE42FD41FB7 |
|
.bit.ly/ | Name: _bit Value: nbk6cn-9cc8f89b59174e3b3b-007 |
|
m.ll-linkt-toll.net/ | Name: token Value: null |
|
m.ll-linkt-toll.net/ | Name: domainName Value: wss%3A%2F%2Fss.blt-ly.site%2Fapi%2Fapprove%2F |
|
.linkt.com.au/ | Name: visid_incap_1644040 Value: SQnMeImlSUGftW3r/Vgdj8eFgmUAAAAAQUIPAAAAAACGf3HtJbsbKAJwo1FryR4m |
|
manage.linkt.com.au/ | Name: AWSALBCORS Value: o5zrVm4X/MhSHVCAqEpyj06MTJFYrqTPVgrYu2bUzbUcpzG+bLSgdd7uSHfe0Dyn+PeUuMhyEjLPzH2NxyjBcz519sw/4NuEsa+Cmiys2dLm8jCIr+as+epUyJbV |
|
.linkt.com.au/ | Name: nlbi_1644040 Value: iQCcIbqoVxDvSHV14XKpuwAAAAB9XziMkZXY4AA42wojU0UK |
|
.linkt.com.au/ | Name: incap_ses_343_1644040 Value: qUR0Mmq4nRDyHrsmTZXCBMeFgmUAAAAAC0McQR3CoVLU9m4LX3TgsQ== |
|
m.ll-linkt-toll.net/ | Name: userIp Value: 66.203.112.163 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
fonts.googleapis.com
fonts.gstatic.com
m.ll-linkt-toll.net
manage.linkt.com.au
104.21.47.104
142.250.67.10
172.217.24.35
45.60.48.24
67.199.248.11
0853aaa2d688c7126e27018d557e1ba07d11e1f5f45f1d0c318412006aa8fab8
1d26fb4550d79ddd00ed695c52e9f888abac94e0d3bc3ed161dffbe8b07d9bdb
1dd83f09abd4e154251104814ddbe06a1082711d6f1fcdee64e1c21f797c522a
39f39b80a59f7656580f8cc2f037ed54a49a6415e03cbdb2a09584be63241330
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
55249775ca508b84f9ae864910450bd7d3f884f6a0b4fb9c8a4383e09961181f
67c5e1a39cce0c03cd5f194e9daa6f4c805ede1b6852258158bdfe87f6b3edad
794e4bb51b9f1f7efeadab401b75b6f8c65038238b9f9bd694f0a451962a88bd
85cdaa21c8d06fc4322303a35cea7cd1acdfa9695ad1882598fd107cf3d17522
9fbfd27008b65331500624e892dc227171c779c24bfd257cbb4ac8e35de57d75
ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17
b2e1d4a6e4f37fd8d46d3b131a96a25824e4b7827165784caf31603a4efb9dd6
c1266ab5027e68005bf33635672314bd8349ae481a2a12ee01241e8a15fb35fb
ca0fc9fc303e68e88e2837f5e715b718ac4debc0873eafbdb648fdafcfb7bcef
d5661d91e8d56409f4525f8f58265c356c204e9fde3eda57a61d1a8594483bc1
e879f420aa6ae1bfa6719c539953674ebb131e49fc56c7b438c8b39011f74b09