dhm.nmb.mybluehost.me Open in urlscan Pro
162.241.219.158 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://shf.com.pt/mail/
Effective URL:
https://dhm.nmb.mybluehost.me/swisspass/
Submission: On September 21 via api (September 21st 2024, 7:51:55 am UTC) from US — Scanned from CH

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 16 HTTP transactions. The main IP is 162.241.219.158, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is dhm.nmb.mybluehost.me.
TLS certificate: Issued by R11 on August 19th 2024. Valid for: 3 months.

This is the only time dhm.nmb.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	130.185.84.99 130.185.84.99	24768 (ALMOUROLTEC) (ALMOUROLTEC)
1	2606:4700::68... 2606:4700::6812:ba1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:224... 2600:9000:2240:ac00:3:5f39:2780:93a1	16509 (AMAZON-02) (AMAZON-02)
1 11	162.241.219.158 162.241.219.158	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a06:98c1:320... 2a06:98c1:3200::90:83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
16	7

1 130.185.84.99 (Portugal)

ASN24768 (ALMOUROLTEC, PT)
PTR: cp1.webserver.pt

shf.com.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:ba1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2240:ac00:3:5f39:2780:93a1 (United States)

ASN16509 (AMAZON-02, US)

static-00.iconduck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 162.241.219.158 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5653.bluehost.com

dhm.nmb.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3200::90:83 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.swisspass.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.133 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.alpinresorts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	mybluehost.me 1 redirects dhm.nmb.mybluehost.me	220 KB
1	alpinresorts.com www.alpinresorts.com	23 KB
1	swisspass.ch resources.swisspass.ch	197 KB
1	iconduck.com static-00.iconduck.com — Cisco Umbrella Rank: 191634	64 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 327	1 KB
1	shf.com.pt shf.com.pt	947 B
16	6

	Domain	Requested by
11	dhm.nmb.mybluehost.me	1 redirects shf.com.pt dhm.nmb.mybluehost.me
1	www.alpinresorts.com
1	resources.swisspass.ch	dhm.nmb.mybluehost.me
1	static-00.iconduck.com
1	cdn.jsdelivr.net	shf.com.pt
1	shf.com.pt
16	6

This site contains no links.

Subject Issuer	Validity	Valid
shf.com.pt R10	`2024-09-07` - `2024-12-06`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
static-00.iconduck.com Amazon RSA 2048 M02	`2024-08-26` - `2025-09-24`	a year	crt.sh
www.dhm.nmb.mybluehost.me R11	`2024-08-19` - `2024-11-17`	3 months	crt.sh
swisspass.ch SwissSign RSA TLS DV ICA 2022 - 1	`2024-03-14` - `2025-03-14`	a year	crt.sh
*.alpinresorts.com R10	`2024-07-30` - `2024-10-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dhm.nmb.mybluehost.me/swisspass/
Frame ID: B1C5C9B2819D02FD66D8981A898E3257
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | SwissPass

Page URL History Show full URLs

https://shf.com.pt/mail/ Page URL
https://dhm.nmb.mybluehost.me/swisspass HTTP 301
https://dhm.nmb.mybluehost.me/swisspass/ Page URL

Detected technologies

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

16
Requests

94 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

506 kB
Transfer

1007 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://shf.com.pt/mail/ Page URL
https://dhm.nmb.mybluehost.me/swisspass HTTP 301
https://dhm.nmb.mybluehost.me/swisspass/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
shf.com.pt/mail/ 1 KB
947 B 2070ms
1823ms Document
text/html 130.185.84.99
ALMOUROLTEC

General

Check archive.org

Show headers Download Go to

Full URL: https://shf.com.pt/mail/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 130.185.84.99 , Portugal, ASN24768 (ALMOUROLTEC, PT),
Reverse DNS: cp1.webserver.pt
Software: nginx / PHP/7.4.33
Resource Hash: d8d416522cdfc6fd69963c9d3898f37697c0babfe6131bfefb2f359a7d71c14c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 21 Sep 2024 07:51:48 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
x-scale: YXBvY2FzQGdpdGh1Yg==

GET
H2 200 stylesss.css
cdn.jsdelivr.net/gh/GroozaV2/my-styles@main/ 1 KB
1 KB 136ms
50ms Stylesheet
text/css 2606:4700::6812:ba1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/GroozaV2/my-styles@main/stylesss.css

Requested by

Host: shf.com.pt
URL: https://shf.com.pt/mail/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e50feaa569641f7c30bcec73b0ec97fd24a9ef67f71298d8a849a922d6eeac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://shf.com.pt/

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"56e-ibSe31Pmqp0ApHeDVG+IoKYo2x4"
age: 14110
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pJsWknwcQHwI3tz9OTnQ8kupi1OUVDTl4iZxz7h%2Fpphz1wV62jGSBvhcNf%2B9BPEljWCZptnTfvp%2FAtTZfA8LjuBXkZf8dbdtzPOkER1YcygfEHeoX8xa9SqPbTQc20Q2M9T1JXjVO2FSjWUNwH4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: branch
x-cache: HIT, MISS
date: Sat, 21 Sep 2024 07:51:48 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-eddf8230122-FRA, cache-lga21927-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c6878e06c5b65d2-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 350
server: cloudflare
x-jsd-version: main

GET
H2 200 cloudflare-icon-2048x2048-k5hf9ugn.png
static-00.iconduck.com/assets.00/ 64 KB
64 KB 124ms
29ms Other
image/png 2600:9000:2240:ac00:3:5f39:2780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-00.iconduck.com/assets.00/cloudflare-icon-2048x2048-k5hf9ugn.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:ac00:3:5f39:2780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 148f4f0ede7f40b5a5db50271832469cb52c4af1167269dfb982141c968de3b7

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://shf.com.pt/

Response headers

etag: "5d4ada858dd508180fa3ea3ca769fad4"
age: 6596
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 65241
x-amz-cf-id: MlQpGUgeRb4pqFk_0rskoXXYlHHw8fOkQFX2R9DnYYm6BFT4EwRzLQ==
date: Sat, 21 Sep 2024 06:34:44 GMT
content-type: image/png
last-modified: Fri, 03 Sep 2021 09:07:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
vary: Origin

GET
H2

200

Primary Request / Show response
dhm.nmb.mybluehost.me/swisspass/
Redirect Chain

https://dhm.nmb.mybluehost.me/swisspass
https://dhm.nmb.mybluehost.me/swisspass/

397 KB
186 KB

523ms
522ms

Document
text/html

162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/
Requested by: Host: shf.com.pt
URL: https://shf.com.pt/mail/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 9705d64eb88323300f2fa0c03a79600fbd9157e2258cfa8c168bc9d93bf1b393

Request headers

Referer: https://shf.com.pt/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 21 Sep 2024 07:51:49 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
pragma: no-cache
server: Apache
vary: Accept-Encoding

Redirect headers

content-length: 248
content-type: text/html; charset=iso-8859-1
date: Sat, 21 Sep 2024 07:51:49 GMT
location: https://dhm.nmb.mybluehost.me/swisspass/
server: Apache

GET
H2 200 styles.293b78715b3ccf3b.css
dhm.nmb.mybluehost.me/swisspass/Scriptat/ 180 KB
33 KB 612ms
612ms Stylesheet
text/css 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/Scriptat/styles.293b78715b3ccf3b.css
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 3592a02fb8eab1ecadad87fac0550c25430ce4433f134c9e725715c0f87e18f7

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

content-encoding: gzip
accept-ranges: bytes
date: Sat, 21 Sep 2024 07:51:50 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Wed, 18 Sep 2024 20:14:07 GMT
vary: Accept-Encoding
server: Apache
content-type: text/css

GET
DATA 200
OK truncated
/ 137 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 login_bg.jpg
resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/ 196 KB
197 KB 193ms
49ms Image
image/jpeg 2a06:98c1:3200::90:83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.swisspass.ch/content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg

Requested by

Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3200::90:83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/

Response headers

cf-bgj: h2pri
etag: "310e5-62299a2f30479"
age: 5804
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Sat, 21 Sep 2024 13:51:51 GMT
x-url: /content/dam/swisspass/co-branding/swiss_ch/login_bg.jpg
x-varnish: 600830032
x-cache: MISS
date: Sat, 21 Sep 2024 07:51:51 GMT
content-type: image/jpeg
last-modified: Sat, 21 Sep 2024 04:31:59 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=16070400; includeSubDomains
cache-control: public, max-age=21600
referrer-policy: same-origin
cf-ray: 8c6878f109c395b7-LUX
accept-ranges: bytes
content-length: 200933
x-plattform: cprod
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 404 SBBWeb-Light.3f0cdd23274e17f7.woff2
dhm.nmb.mybluehost.me/swisspass/Scriptat/ 0
0 233ms
233ms Font
text/html 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/Scriptat/SBBWeb-Light.3f0cdd23274e17f7.woff2
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/Scriptat/styles.293b78715b3ccf3b.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://dhm.nmb.mybluehost.me
Referer: https://dhm.nmb.mybluehost.me/swisspass/Scriptat/styles.293b78715b3ccf3b.css

Response headers

content-length: 315
date: Sat, 21 Sep 2024 07:51:51 GMT
content-type: text/html; charset=iso-8859-1
server: Apache

GET
H2 404 favicon.ico
dhm.nmb.mybluehost.me/swisspass/assets/custom/img/ 315 B
343 B 228ms
227ms Other
text/html 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/assets/custom/img/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

content-length: 315
date: Sat, 21 Sep 2024 07:51:51 GMT
content-type: text/html; charset=iso-8859-1
server: Apache

GET
H2 200 check_redirect.php Show response
dhm.nmb.mybluehost.me/swisspass/anti/ 45 B
110 B 232ms
230ms Fetch
application/json 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/anti/check_redirect.php
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 46a3adfdd4f5442e958777dde5448b1b8b4f8f53c5ea83726bd5b59109b3f02f

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
expires: Thu, 19 Nov 1981 08:52:00 GMT
content-length: 65
date: Sat, 21 Sep 2024 07:51:51 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/json
vary: Accept-Encoding
server: Apache

GET
H2 200 swisspass_logo.png
www.alpinresorts.com/assetz/assets/swisspass/ 23 KB
23 KB 97ms
21ms Other
image/png 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.alpinresorts.com/assetz/assets/swisspass/swisspass_logo.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/ Express

Resource Hash

1e3dcf0dd6f7af41a3413fb8668e59a41fa70ef395416bd0a0d378911fc53384

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/

Response headers

etag: W/"5b42-190ba60bb60"
age: 1115611
x-cache: HIT, HIT
date: Sat, 21 Sep 2024 07:51:51 GMT
content-type: image/png
x-served-by: cache-fra-eddf8230110-FRA, cache-mxp6983-MXP
x-cache-hits: 104, 1
last-modified: Tue, 16 Jul 2024 07:10:20 GMT
vary: X-Currency, X-Beta-Auth-Cookie, Authorization
strict-transport-security: max-age=31557600
cache-control: max-age=31536000, stale-while-revalidate=691200, stale-if-error=86400
x-envoy-upstream-service-time: 2
x-timer: S1726905112.680082,VS0,VE1
x-envoy-decorator-operation: lb-alpinresorts-angular-service.prod.svc.cluster.local:80/*
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 23362
x-powered-by: Express

GET check_redirect.php
dhm.nmb.mybluehost.me/swisspass/anti/ 0
0

GET
H2 200 check_redirect.php Show response
dhm.nmb.mybluehost.me/swisspass/anti/ 45 B
98 B 231ms
231ms Fetch
application/json 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/anti/check_redirect.php
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 46a3adfdd4f5442e958777dde5448b1b8b4f8f53c5ea83726bd5b59109b3f02f

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
expires: Thu, 19 Nov 1981 08:52:00 GMT
content-length: 65
date: Sat, 21 Sep 2024 07:51:52 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/json
vary: Accept-Encoding
server: Apache

GET
H2 200 check_redirect.php Show response
dhm.nmb.mybluehost.me/swisspass/anti/ 45 B
121 B 229ms
228ms Fetch
application/json 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/anti/check_redirect.php
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 46a3adfdd4f5442e958777dde5448b1b8b4f8f53c5ea83726bd5b59109b3f02f

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
expires: Thu, 19 Nov 1981 08:52:00 GMT
content-length: 65
date: Sat, 21 Sep 2024 07:51:53 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/json
vary: Accept-Encoding
server: Apache

GET
H2 200 check_redirect.php Show response
dhm.nmb.mybluehost.me/swisspass/anti/ 45 B
98 B 232ms
231ms Fetch
application/json 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/anti/check_redirect.php
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 46a3adfdd4f5442e958777dde5448b1b8b4f8f53c5ea83726bd5b59109b3f02f

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
expires: Thu, 19 Nov 1981 08:52:00 GMT
content-length: 65
date: Sat, 21 Sep 2024 07:51:53 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/json
vary: Accept-Encoding
server: Apache

GET
H2 200 check_redirect.php Show response
dhm.nmb.mybluehost.me/swisspass/anti/ 45 B
121 B 228ms
228ms Fetch
application/json 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/anti/check_redirect.php
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 46a3adfdd4f5442e958777dde5448b1b8b4f8f53c5ea83726bd5b59109b3f02f

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
expires: Thu, 19 Nov 1981 08:52:00 GMT
content-length: 65
date: Sat, 21 Sep 2024 07:51:54 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/json
vary: Accept-Encoding
server: Apache

GET
H2 200 check_redirect.php Show response
dhm.nmb.mybluehost.me/swisspass/anti/ 45 B
98 B 236ms
236ms Fetch
application/json 162.241.219.158
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhm.nmb.mybluehost.me/swisspass/anti/check_redirect.php
Requested by: Host: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.158 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5653.bluehost.com
Software: Apache /
Resource Hash: 46a3adfdd4f5442e958777dde5448b1b8b4f8f53c5ea83726bd5b59109b3f02f

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://dhm.nmb.mybluehost.me/swisspass/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
expires: Thu, 19 Nov 1981 08:52:00 GMT
content-length: 65
date: Sat, 21 Sep 2024 07:51:54 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/json
vary: Accept-Encoding
server: Apache

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dhm.nmb.mybluehost.me
URL: https://dhm.nmb.mybluehost.me/swisspass/anti/check_redirect.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| playAlertSound function| isDesktop

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
shf.com.pt/	1969-12-31 23:59:59	Name: PHPSESSID Value: 486af49caa017361657be56726bc3d64
dhm.nmb.mybluehost.me/	1969-12-31 23:59:59	Name: PHPSESSID Value: bd8c4a4ccd089fd24eaa83c052ca560b
.swisspass.ch/	1970-01-20 23:41:46	Name: __cf_bm Value: yFPsVMUZhVwIg6SIyn2CO2U49Hh4V0hZCS.bU1oiu5I-1726905111-1.0.1.1-286mIkkRTGQlzI0UN6vd0pOXLcixS4KIU3sVdAZ7aWvl12UckXAUw0yMYzyZq0qxh2JRb8sGNLpNwd3hCOlePg

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://dhm.nmb.mybluehost.me/swisspass/ Message: [DOM] Password forms should have (optionally hidden) username fields for accessibility: (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://dhm.nmb.mybluehost.me/swisspass/Scriptat/SBBWeb-Light.3f0cdd23274e17f7.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://dhm.nmb.mybluehost.me/swisspass/assets/custom/img/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
dhm.nmb.mybluehost.me
resources.swisspass.ch
shf.com.pt
static-00.iconduck.com
www.alpinresorts.com
dhm.nmb.mybluehost.me
130.185.84.99
151.101.194.133
162.241.219.158
2600:9000:2240:ac00:3:5f39:2780:93a1
2606:4700::6812:ba1f
2a06:98c1:3200::90:83
0e50feaa569641f7c30bcec73b0ec97fd24a9ef67f71298d8a849a922d6eeac9
148f4f0ede7f40b5a5db50271832469cb52c4af1167269dfb982141c968de3b7
1e3dcf0dd6f7af41a3413fb8668e59a41fa70ef395416bd0a0d378911fc53384
3592a02fb8eab1ecadad87fac0550c25430ce4433f134c9e725715c0f87e18f7
46a3adfdd4f5442e958777dde5448b1b8b4f8f53c5ea83726bd5b59109b3f02f
58a037c0bde953b48561826f3df16031f7ddfce33c4018619d3f39c6af6eec1b
9705d64eb88323300f2fa0c03a79600fbd9157e2258cfa8c168bc9d93bf1b393
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d8d416522cdfc6fd69963c9d3898f37697c0babfe6131bfefb2f359a7d71c14c
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

dhm.nmb.mybluehost.me Open in urlscan Pro 162.241.219.158 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

94 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

7 IPs

2 Countries

506 kBTransfer

1007 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

3 Cookies

3 Console Messages

Indicators

dhm.nmb.mybluehost.me Open in urlscan Pro
162.241.219.158 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

506 kB
Transfer

1007 kB
Size

3
Cookies

16 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!