m.linkttoll.org
Open in
urlscan Pro
172.67.156.191
Malicious Activity!
Public Scan
Effective URL: https://m.linkttoll.org/
Submission: On April 28 via api from AU — Scanned from AU
Summary
TLS certificate: Issued by GTS CA 1P5 on April 21st 2024. Valid for: 3 months.
This is the only time m.linkttoll.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Linkt (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
15 | 172.67.156.191 172.67.156.191 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 45.60.48.24 45.60.48.24 | 19551 (INCAPSULA) (INCAPSULA) | |
18 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
linkttoll.org
m.linkttoll.org |
1 MB |
3 |
linkt.com.au
manage.linkt.com.au |
5 KB |
1 |
bit.ly
1 redirects
bit.ly — Cisco Umbrella Rank: 6218 |
284 B |
18 | 3 |
Domain | Requested by | |
---|---|---|
15 | m.linkttoll.org |
m.linkttoll.org
|
3 | manage.linkt.com.au |
m.linkttoll.org
|
1 | bit.ly | 1 redirects |
18 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
linkttoll.org GTS CA 1P5 |
2024-04-21 - 2024-07-20 |
3 months | crt.sh |
imperva.com GlobalSign Atlas R3 DV TLS CA 2024 Q1 |
2024-02-20 - 2024-08-18 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://m.linkttoll.org/
Frame ID: 9180DE6EBCCB3EAAFBE8826534B7B576
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
AUS postPage URL History Show full URLs
-
https://bit.ly/4bcCQ1f
HTTP 301
https://m.linkttoll.org/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/4bcCQ1f
HTTP 301
https://m.linkttoll.org/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
m.linkttoll.org/ Redirect Chain
|
746 B 810 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
config.js
m.linkttoll.org/ |
89 B 564 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
chunk-vendors.bfa8ac96.js
m.linkttoll.org/js/ |
967 KB 261 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.5cbd5e22.js
m.linkttoll.org/js/ |
79 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
chunk-vendors.ab49d789.css
m.linkttoll.org/css/ |
206 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.d616cf06.css
m.linkttoll.org/css/ |
1 MB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
about.2c6a7303.css
m.linkttoll.org/css/ |
6 MB 869 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
about.f3125f96.js
m.linkttoll.org/js/ |
268 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
checkIp
m.linkttoll.org/api/card/fish/ |
41 B 535 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
user
m.linkttoll.org/api/card/websocket-domain/ |
167 B 579 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
visits
m.linkttoll.org/api/num/record/ |
41 B 482 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
linkt_logo.93d970a4.svg
m.linkttoll.org/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo-Transurban.cc5a7e14.png
m.linkttoll.org/img/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-twitter.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
545 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook-icon.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
494 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-youtube.png
manage.linkt.com.au/retailweb/resources/retailer/linkt/img/icons/ |
424 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
element-icons.ff18efd1.woff
m.linkttoll.org/fonts/ |
28 KB 28 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
m.linkttoll.org/ |
4 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Linkt (Transportation)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackChunkaustralia_post function| clearImmediate function| setImmediate function| _ object| $cookies9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
m.linkttoll.org/api | Name: JSESSIONID Value: A31AF9CE6F7B5873FAB40A5DF74FB721 |
|
.bit.ly/ | Name: _bit Value: o3sikg-157e5716a6a8e95be0-00A |
|
m.linkttoll.org/ | Name: token Value: null |
|
m.linkttoll.org/ | Name: domainName Value: wss%3A%2F%2Fcz.tolls.site%2Fapi%2Fapprove%2F |
|
.linkt.com.au/ | Name: visid_incap_1644040 Value: WhOZiKNmS9maKs2zxrCSrmCTLmYAAAAAQUIPAAAAAABoYDRyK+OytQH2+tL4DVGI |
|
manage.linkt.com.au/ | Name: AWSALBCORS Value: k42LdCoDjd0vEG0f/1emyrAxoLGsgrFGg1JwAJxrpQSsvtEDfMIJ/DoIDCw5NSAUQnfb/3sE5OiQa5hMdXE0J2e0GhFXK+a6h/aydIUFdSfDbCAdOSQmjcr026Gi |
|
.linkt.com.au/ | Name: nlbi_1644040 Value: SQjrE2cma0g233+S4XKpuwAAAAB88oU5pylgOAbKSJKBnMiO |
|
.linkt.com.au/ | Name: incap_ses_971_1644040 Value: T8rxfOA5AmJhBDRNZK95DWCTLmYAAAAA4s8WJx4W5UFE8Y3/VW2Ikw== |
|
m.linkttoll.org/ | Name: userIp Value: 66.203.112.165 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
m.linkttoll.org
manage.linkt.com.au
172.67.156.191
45.60.48.24
67.199.248.11
03f112bacc697abe36ea55b08b24e54e45372400619af239869f10dc41eb8ff9
0d8d865d09c3f3038ff963dd211432085a0939a8495eda8864f6b2b4b916ba70
1d26fb4550d79ddd00ed695c52e9f888abac94e0d3bc3ed161dffbe8b07d9bdb
55249775ca508b84f9ae864910450bd7d3f884f6a0b4fb9c8a4383e09961181f
562ac3c3807e43523b7ef82e7b7845ae240bf49dcd6df805e6e9b3de18ff8c10
67c5e1a39cce0c03cd5f194e9daa6f4c805ede1b6852258158bdfe87f6b3edad
794e4bb51b9f1f7efeadab401b75b6f8c65038238b9f9bd694f0a451962a88bd
7d21109ba73c08cbaa0fd1b93ec135bf8a947de2d1cf978531124d433ffe9dc9
85cdaa21c8d06fc4322303a35cea7cd1acdfa9695ad1882598fd107cf3d17522
a7167ac82e30f59be01f6ee00393691040c20609811ef1985355cff7a24a1167
ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17
c4b78211fc2ddedbfdfc14c5166c6e29b7d673602304e426ff6f2a10d7ef5e3b
d5661d91e8d56409f4525f8f58265c356c204e9fde3eda57a61d1a8594483bc1
db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445
f198e9d9887645992d66ec17a7e66c257ed7e422d5bf0724a18d3d8e632001e1
f2ca3e701b519f9032c31b5d4cc1f9c04648d1c1579c44c215c991732625144d
f57620d7f40cb1da85bc45403e83ad7268d1975bef6474996c79f6154a818023