urlscan.io logo urlscan.io
SecurityTrails logo

shorten.one Open in urlscan Pro
2a06:98c1:3120::7  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://lnkd.in/gPaYkezn?=44gTH8P8Nr0lfpv
Effective URL: https://shorten.one/LVq3Z
Submission: On February 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is shorten.one.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 29th 2021. Valid for: a year.
This is the only time shorten.one was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 13.107.42.14 8068 (MICROSOFT...)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 1 125.209.210.90 23576 (NHN-AS-KR...)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
4 2
Apex Domain
Subdomains		 Transfer
3 shorten.one
shorten.one
7 KB
1 me2.do
me2.do — Cisco Umbrella Rank: 575607
297 B
1 wl.co
l.wl.co — Cisco Umbrella Rank: 457538
763 B
1 lnkd.in
lnkd.in — Cisco Umbrella Rank: 56246
279 B
4 4
Domain Requested by
3 shorten.one l.wl.co
shorten.one
1 me2.do 1 redirects
1 l.wl.co
1 lnkd.in 1 redirects
4 4

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com
Subject Issuer Validity Valid
*.wl.co
DigiCert SHA2 High Assurance Server CA		 2021-11-19 -
2022-02-15		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-05-29 -
2022-05-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://shorten.one/LVq3Z
Frame ID: 835E9E22D9F0439B4288A4FEDFFAC2A4
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Suspected phishing site | Cloudflare

Page URL History Show full URLs

  1. https://lnkd.in/gPaYkezn?=44gTH8P8Nr0lfpv HTTP 301
    https://l.wl.co/l?u=https://me2.do/xyuf63Ni Page URL
  2. https://me2.do/xyuf63Ni HTTP 307
    https://shorten.one/LVq3Z Page URL

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

8 kB
Transfer

28 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://lnkd.in/gPaYkezn?=44gTH8P8Nr0lfpv HTTP 301
    https://l.wl.co/l?u=https://me2.do/xyuf63Ni Page URL
  2. https://me2.do/xyuf63Ni HTTP 307
    https://shorten.one/LVq3Z Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://lnkd.in/gPaYkezn?=44gTH8P8Nr0lfpv HTTP 301
  • https://l.wl.co/l?u=https://me2.do/xyuf63Ni

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
l
l.wl.co/
Redirect Chain
  • https://lnkd.in/gPaYkezn?=44gTH8P8Nr0lfpv
  • https://l.wl.co/l?u=https://me2.do/xyuf63Ni
217 B
763 B 		Document
General
Check archive.org
Download Go to
Full URL
https://l.wl.co/l?u=https://me2.do/xyuf63Ni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:20e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
90826cd2a707e8d9838eb460b808ed53af40fa353000afc6b7a97e9aa8e935db
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: blob: https://*.wl.co https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

vary
Accept-Encoding
content-encoding
br
refresh
1;URL=https://me2.do/xyuf63Ni
referrer-policy
origin
x-robots-tag
noindex, nofollow
document-policy
force-load-at-top
cross-origin-resource-policy
rollout
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy
default-src 'self' 'unsafe-inline' data: blob: https://*.wl.co https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;
x-frame-options
DENY
content-type
text/html; charset="utf-8"
x-fb-debug
uj+spLL3PnkyiYPjzz2F3s9CHzqmK1iDT7a7uoKNWgnEFCSn0fkslsGKAf0Ku8m7svlOPOiK8/bOFbfHL/+5bw==
date
Tue, 08 Feb 2022 16:06:39 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600

Redirect headers

location
https://l.wl.co/l?u=https://me2.do/xyuf63Ni
vary
Accept-Encoding
x-cache
TCP_HIT
server
Apache-Coyote/1.1
x-li-fabric
prod-lva1
x-li-pop
prod-lva1-x
x-li-proto
http/1.1
x-li-uuid
AAXXZtXcws4b+nyTdDR/0A==
x-msedge-ref
Ref A: 5F5B87A4FBFC4481A1DA1C296C96BC69 Ref B: FRAEDGE0918 Ref C: 2022-02-08T16:06:39Z
date
Tue, 08 Feb 2022 16:06:38 GMT
content-length
0
Primary Request LVq3Z
shorten.one/
Redirect Chain
  • https://me2.do/xyuf63Ni
  • https://shorten.one/LVq3Z
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shorten.one/LVq3Z
Requested by
Host: l.wl.co
URL: https://l.wl.co/l?u=https://me2.do/xyuf63Ni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb679acea5bc5780d9a07df53462d2c1f18ec7caccf0bbf3b466ecf8fac2bf09
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://l.wl.co/l?u=https://me2.do/xyuf63Ni

Response headers

date
Tue, 08 Feb 2022 16:06:40 GMT
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwEBMoIRTt4Dk4BOOSZOT%2BfLqCgv%2FZlmzSMfi%2BvtU9N3RVfH6xcmKbhzGmKLz67ChbM%2FDpKcPGcg0thJxVk2prDMPt2T7sBmsipkRw6hsirk1iX5%2BIJzXAyP8XkLx1ynkX4k3qN1WWchRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
6da61b46bf5d927a-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date
Tue, 08 Feb 2022 16:06:40 GMT
Server
Apache
Pragma
No-cache
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Location
https://shorten.one/LVq3Z
Content-Length
0
Referrer-Policy
unsafe-url
Connection
close
Content-Type
text/html;charset=UTF-8
cf.errors.css
shorten.one/cdn-cgi/styles/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shorten.one/cdn-cgi/styles/cf.errors.css
Requested by
Host: shorten.one
URL: https://shorten.one/LVq3Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16fd28061d42cf29268600418d5aa26b585435027ca599a42141cbc820f2547c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shorten.one/LVq3Z
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 16:06:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 03 Feb 2022 11:07:31 GMT
server
cloudflare
etag
W/"61fbb773-5c88"
x-frame-options
DENY
content-type
text/css
cache-control
max-age=7200, public
cf-ray
6da61b473941927a-FRA
vary
Accept-Encoding
expires
Tue, 08 Feb 2022 18:06:40 GMT
icon-exclamation.png
shorten.one/cdn-cgi/images/ 		452 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shorten.one/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: shorten.one
URL: https://shorten.one/cdn-cgi/styles/cf.errors.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://shorten.one/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 16:06:40 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Feb 2022 11:07:31 GMT
server
cloudflare
etag
"61fbb773-1c4"
x-frame-options
DENY
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
6da61b47599b927a-FRA
vary
Accept-Encoding
content-length
452
expires
Tue, 08 Feb 2022 18:06:40 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _cf_translation

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: blob: https://*.wl.co https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0