b12hcmh.myraidbox.de Open in urlscan Pro
159.69.82.233 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://lnk.to/1YpJvL6B
Effective URL:
https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
Submission Tags: falconsandbox
Submission: On August 21 via api (August 21st 2023, 7:34:35 pm UTC) from US — Scanned from DE

Summary HTTP 48 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 14 domains to perform 48 HTTP transactions. The main IP is 159.69.82.233, located in Nuremberg, Germany and belongs to HETZNER-AS, DE. The main domain is b12hcmh.myraidbox.de.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 13th 2023. Valid for: a year.

This is the only time b12hcmh.myraidbox.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aramex (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
4	54.72.222.114 54.72.222.114	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 9	2606:4700::68... 2606:4700::6810:cc2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:e0:... 2606:4700:e0::ac40:660b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
16	159.69.82.233 159.69.82.233	24940 (HETZNER-AS) (HETZNER-AS)
3	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
48	13

4 54.72.222.114 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-222-114.eu-west-1.compute.amazonaws.com

lnk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:cc2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

kkladeka.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e0::ac40:660b (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 159.69.82.233 (Nuremberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: b12hcmh.myraidbox.de

b12hcmh.myraidbox.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	myraidbox.de b12hcmh.myraidbox.de	123 KB
9	clickfunnels.com 1 redirects kkladeka.clickfunnels.com app.clickfunnels.com — Cisco Umbrella Rank: 47189 images.clickfunnels.com — Cisco Umbrella Rank: 92385 assets.clickfunnels.com — Cisco Umbrella Rank: 80562	773 KB
4	lnk.to lnk.to — Cisco Umbrella Rank: 54481	96 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	52 KB
3	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 611	2 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 277	358 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 73	4 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1288	17 KB
1	gstatic.com fonts.gstatic.com	48 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 985	30 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1212	7 KB
1	linkedin.com 1 redirects www.linkedin.com — Cisco Umbrella Rank: 686	3 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 125
0	addevent.com Failed track.addevent.com Failed
48	14

	Domain	Requested by
16	b12hcmh.myraidbox.de	b12hcmh.myraidbox.de
5	app.clickfunnels.com	kkladeka.clickfunnels.com
4	lnk.to	lnk.to
3	cdn.jsdelivr.net	b12hcmh.myraidbox.de
3	js-agent.newrelic.com	kkladeka.clickfunnels.com
2	cdnjs.cloudflare.com	b12hcmh.myraidbox.de
2	fonts.googleapis.com	kkladeka.clickfunnels.com b12hcmh.myraidbox.de
2	use.fontawesome.com	kkladeka.clickfunnels.com
2	kkladeka.clickfunnels.com	1 redirects lnk.to kkladeka.clickfunnels.com static.cloudflareinsights.com
1	fonts.gstatic.com	fonts.googleapis.com
1	code.jquery.com	b12hcmh.myraidbox.de
1	assets.clickfunnels.com
1	static.cloudflareinsights.com	kkladeka.clickfunnels.com
1	images.clickfunnels.com	kkladeka.clickfunnels.com
1	www.linkedin.com	1 redirects
1	pagead2.googlesyndication.com	lnk.to
0	track.addevent.com Failed	kkladeka.clickfunnels.com
48	17

This site contains no links.

Subject Issuer	Validity	Valid
lnk.to Amazon RSA 2048 M02	`2023-07-10` - `2024-08-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-23` - `2024-06-22`	a year	crt.sh
use.fontawesome.com GTS CA 1P5	`2023-07-04` - `2023-10-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.myraidbox.de Sectigo RSA Domain Validation Secure Server CA	`2023-04-13` - `2024-05-13`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
Frame ID: F56146FAAB2C8DFB7B899064D3318B62
Requests: 49 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aramex

Page URL History Show full URLs

https://lnk.to/1YpJvL6B Page URL
https://www.linkedin.com/slink?code=e6g2QJAh??????jksduigsdhgviosdhlbndfklnbldfnmlnfglnmlkfg,nmldf,ml... HTTP 301
https://kkladeka.clickfunnels.com/optinmreco2ia HTTP 302
https://kkladeka.clickfunnels.com/optin1691641998348 Page URL
https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

48
Requests

92 %
HTTPS

77 %
IPv6

14
Domains

17
Subdomains

13
IPs

4
Countries

1508 kB
Transfer

4823 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://lnk.to/1YpJvL6B Page URL
https://www.linkedin.com/slink?code=e6g2QJAh??????jksduigsdhgviosdhlbndfklnbldfnmlnfglnmlkfg,nmldf,mln,mfgln,mlfg,gnmlfg HTTP 301
https://kkladeka.clickfunnels.com/optinmreco2ia HTTP 302
https://kkladeka.clickfunnels.com/optin1691641998348 Page URL
https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://www.linkedin.com/slink?code=e6g2QJAh??????jksduigsdhgviosdhlbndfklnbldfnmlnfglnmlkfg,nmldf,mln,mfgln,mlfg,gnmlfg HTTP 301
https://kkladeka.clickfunnels.com/optinmreco2ia HTTP 302
https://kkladeka.clickfunnels.com/optin1691641998348

48 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 1YpJvL6B Show response
lnk.to/ 93 KB
95 KB 326ms
218ms Document
text/html 54.72.222.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lnk.to/1YpJvL6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.222.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-222-114.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d70c796d0e56a078467f66907481164adf5fc90d4b65e3deb53c5b44050117e2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 21 Aug 2023 19:34:30 GMT
server: nginx
x-redirector-version: redirector-v3

POST
H2 200 /
lnk.to/~/tr/visit/ 70 B
186 B 106ms
106ms XHR
application/json 54.72.222.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lnk.to/~/tr/visit/
Requested by: Host: lnk.to
URL: https://lnk.to/1YpJvL6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.222.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-222-114.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://lnk.to/1YpJvL6B
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 21 Aug 2023 19:34:30 GMT
x-redirector-version: redirector-v3
server: nginx
content-type: application/json; charset=UTF-8

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 246ms
119ms Fetch
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: lnk.to
URL: https://lnk.to/1YpJvL6B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lnk.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50706
x-xss-protection: 0
server: cafe
etag: 2119016953207303757
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 21 Aug 2023 19:34:30 GMT

POST
H2 200 /
lnk.to/~/tr/event/ 70 B
186 B 101ms
101ms XHR
application/json 54.72.222.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lnk.to/~/tr/event/
Requested by: Host: lnk.to
URL: https://lnk.to/1YpJvL6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.222.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-222-114.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://lnk.to/1YpJvL6B
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 21 Aug 2023 19:34:30 GMT
x-redirector-version: redirector-v3
server: nginx
content-type: application/json; charset=UTF-8

GET
H2

200

optin1691641998348 Show response
kkladeka.clickfunnels.com/
Redirect Chain

https://www.linkedin.com/slink?code=e6g2QJAh??????jksduigsdhgviosdhlbndfklnbldfnmlnfglnmlkfg,nmldf,mln,mfgln,mlfg,gnmlfg
https://kkladeka.clickfunnels.com/optinmreco2ia
https://kkladeka.clickfunnels.com/optin1691641998348

88 KB
27 KB

255ms
254ms

Document
text/html

2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kkladeka.clickfunnels.com/optin1691641998348
Requested by: Host: lnk.to
URL: https://lnk.to/1YpJvL6B
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Phusion Passenger Enterprise 6.0.7
Resource Hash: d4c68716c8836c41e6962694c574aedcbcba45044503ec8fe86f58f2db02f8e1

Request headers

Referer: https://lnk.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=60, public, s-maxage=600, r-maxage=10
cf-cache-status: HIT
cf-ray: 7fa5505e2eecca64-HAM
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 21 Aug 2023 19:34:31 GMT
last-modified: Sat, 12 Aug 2023 12:22:09 GMT
server: cloudflare
status: 200 OK
vary: Accept-Encoding
x-content-digest: f454f55cb360fdaa90631f52545d229503dd4e88
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss, store
x-request-id: 9f0ea101ed171f6501205d1aa8d2b1d5
x-runtime: 0.245356

Redirect headers

cache-control: no-cache
cf-cache-status: EXPIRED
cf-ray: 7fa5505c4a59ca64-HAM
content-type: text/html; charset=utf-8
date: Mon, 21 Aug 2023 19:34:31 GMT
location: https://kkladeka.clickfunnels.com/optin1691641998348
server: cloudflare
status: 302 Found
vary: Accept-Encoding
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 1131d0b699d74d24d302e31747fda4be
x-runtime: 0.075557

POST
H2 200 interact
lnk.to/~/tr/ 70 B
186 B 119ms
118ms Fetch
application/json 54.72.222.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lnk.to/~/tr/interact
Requested by: Host: lnk.to
URL: https://lnk.to/1YpJvL6B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.222.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-222-114.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://lnk.to/1YpJvL6B
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 21 Aug 2023 19:34:30 GMT
x-redirector-version: redirector-v3
server: nginx
content-type: application/json; charset=UTF-8

GET
H2 200 lander.css
app.clickfunnels.com/assets/ 425 KB
70 KB 80ms
70ms Stylesheet
text/css 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.css
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Aug 2023 15:46:44 GMT
server: cloudflare
age: 698
etag: W/"64dcef64-6a514"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=1200
cf-ray: 7fa5505fdb0fca64-HAM
expires: Mon, 21 Aug 2023 19:54:31 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.9.0/css/ 55 KB
12 KB 103ms
38ms Stylesheet
text/css 2606:4700:e0::ac40:660b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NPDG9YX0XCWDA1T9
age: 1244407
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8e5BWAceGO/VZvY2zPIcEvZRhXAe3xsKb/D1jY4yP4IyED28Qh7U1hiEFRkodrmdPOY1cMsUY1c=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZkDdMeYH3Htj34RhJrGP1uCVDvErWWqEsGolpaRQUiZxU61AAFazjrO1tSlrRxptGwGuML76TFQvwpdHCCb4uuXV7d78V1YpFXwqyIZ32YQPgNfX986j7E7SkCG0w2W4j6OSfB8O0Ssd%2F8Zu9ybpBBTs"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7fa550603d5f9250-FRA

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 26 KB
5 KB 102ms
37ms Stylesheet
text/css 2606:4700:e0::ac40:660b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: RB5BPRT48JBAE6TP
age: 1907132
alt-svc: h3=":443"; ma=86400
x-amz-id-2: gCI0BCd4N0Ze41wUUC9fQ5XlRt+jkrB7evHnqcM8HM5N2U+Yr/0Hi6JfxMBuYiohKnNmeTq+oho=
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
server: cloudflare
etag: W/"e140a7d32f343530f016095df3cc2ae4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JhCGo5QsVOi1QQqeDxYqbQ3zrUNdjBwSCrlkWxhPECq0JUIo3BJYwvlZTHCLuQgo423fde0M4sv%2BXUgN6FoRcHCeBaBiIym9Mni8kJA4pYyXsAWFKbwDUreqmCBEn3eD%2BkKp1oECBEOJRv97cWk08AS%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7fa550603d619250-FRA

GET
H2 200 css
fonts.googleapis.com/ 47 KB
3 KB 190ms
66ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Requested by

Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

002a53dd1cf9e76d76936ad0c413a03296b0ef4931116370ddca0ac7fdf828b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 21 Aug 2023 18:44:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 21 Aug 2023 19:34:31 GMT

GET
H2 200 application.js
app.clickfunnels.com/assets/userevents/ 5 KB
2 KB 64ms
62ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/userevents/application.js
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Aug 2023 15:46:44 GMT
server: cloudflare
age: 516
etag: W/"64dcef64-147c"
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
cf-ray: 7fa550610da6ca64-HAM
expires: Mon, 21 Aug 2023 19:54:31 GMT

GET
H2 200 lander.js Show response
app.clickfunnels.com/assets/ 2 MB
661 KB 77ms
68ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/lander.js
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90f6e5fa596da0ae7d0d5d5fef04f98ea73e1b6a178a78d8d04fc86c2762ff9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Aug 2023 15:48:25 GMT
server: cloudflare
age: 679
etag: W/"64dcefc9-238758"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=1200
cf-ray: 7fa5505fdb10ca64-HAM
expires: Mon, 21 Aug 2023 19:54:31 GMT

GET
H2 200 ClickfunnelsTag.png
images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ 5 KB
6 KB 67ms
57ms Image
image/webp 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.clickfunnels.com/3d/392630953c4119a324492bb1c05778/ClickfunnelsTag.png
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
cf-cache-status: HIT
x-amz-request-id: SP9YTCF65YFD5Q1W
age: 2027
cf-polished: origFmt=png, origSize=9030
content-disposition: inline; filename="ClickfunnelsTag.webp"
content-length: 5276
x-amz-id-2: Rq6LEe2bvbpVbYcKkd074ZhL6Y/HRC5Me/+Paji9BpXcBgGRGewqCTa38SqJG/D40uAhjLmU0W0=
cf-bgj: imgq:85,h2pri
last-modified: Fri, 03 Jan 2020 17:41:49 GMT
server: cloudflare
etag: "a633777156a5ffeb58c92d3d59fa4e34"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2073600
accept-ranges: bytes
cf-ray: 7fa550611dc0ca64-HAM
expires: Thu, 14 Sep 2023 19:34:31 GMT

GET
H2 200 pushcrew.js
app.clickfunnels.com/assets/ 637 B
453 B 60ms
59ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/assets/pushcrew.js
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Aug 2023 15:46:43 GMT
server: cloudflare
age: 72
etag: W/"64dcef63-27d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=1200
cf-ray: 7fa550610da8ca64-HAM
expires: Mon, 21 Aug 2023 19:54:31 GMT

GET
H2 200 v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 152ms
91ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://kkladeka.clickfunnels.com/
Origin: https://kkladeka.clickfunnels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:31 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7fa550616a2c727c-HAM

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cf.js
app.clickfunnels.com/ 18 KB
5 KB 170ms
170ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.clickfunnels.com/cf.js
Requested by: Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Aug 2023 15:46:44 GMT
server: cloudflare
etag: W/"64dcef64-476a"
vary: Accept-Encoding
content-type: application/x-javascript
cf-ray: 7fa550623fdfca64-HAM

GET /
track.addevent.com/atc/ 0
0

GET
H2 200 async-api.e9f77430-1.237.1.min.js
js-agent.newrelic.com/ 3 KB
2 KB 92ms
28ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/async-api.e9f77430-1.237.1.min.js

Requested by

Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id: Nnzi3DxfGlFxxxaHTHoVoaEtXaaSwSj1
content-encoding: br
via: 1.1 varnish
date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=300
x-amz-request-id: FGM44G2H3T95M0RG
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1384
x-amz-id-2: pYMoGKzxpzTDzhmdjTgFG5JFai/unv5XW+Eo4tyfxeb6QhVr+NUuCnGsSPtGwjMZeEidI8tMaCw=
x-served-by: cache-fra-eddf8230075-FRA
last-modified: Wed, 02 Aug 2023 19:59:07 GMT
server: AmazonS3
x-timer: S1692646472.275736,VS0,VE0
etag: "193a6d6f02af9cfb9888de413246e90b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 3511

GET
H2 200 860.95a91211-1.237.1.min.js
js-agent.newrelic.com/ 14 KB
0 92ms
28ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/860.95a91211-1.237.1.min.js

Requested by

Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id: EoQgbqtiNktUFHe2XcVVByjJaUw3xjmB
content-encoding: br
via: 1.1 varnish
date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=300
x-amz-request-id: FGME0EFST6A5NB5B
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5422
x-amz-id-2: Th5W14ONfFa1hPkjGXdAwsnAcmTWbhXtOnkYTgyxzqjdHoN5/7oAlCp3nkLVz675UvH0slqFSN0=
x-served-by: cache-fra-eddf8230075-FRA
last-modified: Wed, 02 Aug 2023 19:59:08 GMT
server: AmazonS3
x-timer: S1692646472.275753,VS0,VE0
etag: "b550851fb79f7d61442ca34a6120ac44"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 3015

GET
H2 200 session-manager.d080e4cc-1.237.1.min.js
js-agent.newrelic.com/ 1 KB
0 93ms
29ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/session-manager.d080e4cc-1.237.1.min.js

Requested by

Host: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/optin1691641998348

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id: oaOpBoY_R0Emmn1D4qOBGa8Bli_CwZsc
content-encoding: br
via: 1.1 varnish
date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=300
x-amz-request-id: FGM1T0AT17NVAZ13
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 686
x-amz-id-2: O6L3Ip1/4vY5L1/soaX8sXkNC/gXPkvDfaja4IcpjlxbDAWhaXoBV8SjiDx7hZYgttdDgTYrt4U=
x-served-by: cache-fra-eddf8230075-FRA
last-modified: Wed, 02 Aug 2023 19:59:08 GMT
server: AmazonS3
x-timer: S1692646472.275979,VS0,VE0
etag: "a097cb2068fb2d63e521cacf139c921d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 3132

GET
H2 200 closemodal.png
assets.clickfunnels.com/images/ 672 B
899 B 95ms
85ms Image
image/webp 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.clickfunnels.com/images/closemodal.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kkladeka.clickfunnels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
cf-cache-status: HIT
age: 1219759
cf-polished: origFmt=png, origSize=788
content-disposition: inline; filename="closemodal.webp"
content-length: 672
last-modified: Wed, 26 Jul 2023 14:55:58 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "64c133fe-314"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 7fa550636abeca64-HAM
expires: Thu, 21 Sep 2023 19:34:32 GMT

GET track
app.clickfunnels.com/v1/ 0
0

POST rum
kkladeka.clickfunnels.com/cdn-cgi/ 0
0

GET
H2 200 Primary Request cc.php Show response
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/ 11 KB
2 KB 126ms
31ms Document
text/html 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

82f2640848b1d79bc75c27351befab43e34a53a5d379c278dac6910dea1fa963

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kkladeka.clickfunnels.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 21 Aug 2023 19:34:32 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=63072000
vary: Accept-Encoding
x-cache: HIT
x-cache-device-type: responsive
x-cache-type: NGINX
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST rum
kkladeka.clickfunnels.com/cdn-cgi/ 0
0

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ 157 KB
25 KB 110ms
48ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12960171
x-jsd-version: 4.5.3
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230071-FRA, cache-jnb7027-JNB
x-jsd-version-type: version
server: cloudflare
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxoSWAeFfpdeMMmJ09a5UhPzvfriqPiLGiSwY2URgnTxycyH8i3oo6RiMp6QvEzJUjVqH3HK0dfxiM477WxUu6zo65LE0t1bqqEpNPgnyP%2FBBfjJJfWeJrUBaslZA3oCVJKnKc2I9IHCIN8G02k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7fa55065ba08ca6c-HAM

GET
H2 200 helpers.css
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/css/ 41 KB
3 KB 35ms
35ms Stylesheet
text/css 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/css/helpers.css

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

4f170247e1768f40ceb39a7e08a9250b3e0d1fe5d85e9ac437b6fba12ccf61ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: public
date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Sat, 12 Aug 2023 12:17:06 GMT
server: nginx
content-encoding: br
etag: W/"64d77842-a317"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 style.css
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/css/ 7 KB
2 KB 36ms
36ms Stylesheet
text/css 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/css/style.css

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

cbbe6206c6a7dfa4fe40af1e9778202da64ab18ff63ac90f1b745d77e2a42e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: public
date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Sat, 12 Aug 2023 12:17:05 GMT
server: nginx
content-encoding: br
etag: W/"64d77841-1c7a"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 topmenu.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 4 KB
5 KB 34ms
32ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/topmenu.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

8c3d3b6bfcc139819e992b2aadd3b66a38003d7a64a4817e4b252c12730d745e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 4468
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:13 GMT
server: nginx
etag: "64d77849-1174"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 logo.svg
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 7 KB
2 KB 35ms
33ms Image
image/svg+xml 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/logo.svg

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: public
date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Sat, 12 Aug 2023 12:17:10 GMT
server: nginx
content-encoding: br
etag: W/"64d77846-1c70"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 mainmenu.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 6 KB
6 KB 56ms
54ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/mainmenu.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

e68c19ff1d9a5a8afd8484c3f1cfb97cb69afd7f11078bc500d6f8e761f9f66f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 6241
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:11 GMT
server: nginx
etag: "64d77847-1861"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 mainmenu2.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 1 KB
2 KB 57ms
55ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/mainmenu2.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

83ba66cd40ebbd3beb61d6e95dfefa745903e5eda8da8134cec74b57f981f498

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 1314
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:11 GMT
server: nginx
etag: "64d77847-522"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 mainmenu3.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 555 B
907 B 58ms
56ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/mainmenu3.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

37b9f4c09ef8153cbcfe9e4e65df5eefba1fd1274d700af4e33370b4a2b7cbec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 555
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:11 GMT
server: nginx
etag: "64d77847-22b"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 phone.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 1 KB
2 KB 59ms
58ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/phone.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

2b86d8e4382ccf265ba1868a89cdc559e41468d9c501d56691e4b88bf90d2f0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 1321
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:12 GMT
server: nginx
etag: "64d77848-529"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 email.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 424 B
776 B 61ms
59ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/email.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

559a944338db2f3adee6be15854629b7d9042928ab9034f48438385a4d70018a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 424
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:09 GMT
server: nginx
etag: "64d77845-1a8"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 network.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 2 KB
2 KB 64ms
62ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/network.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

2827052ff2f39ff8dc865661f7ed2a528636e3c10cbd39a819716214ffb0dfa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 1602
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:12 GMT
server: nginx
etag: "64d77848-642"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 a.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 677 B
1 KB 65ms
63ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/a.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

f1e8231c6f3bf3a4cbfc92a5f8beaff846a3014c21fe8396ed212bb0d0244db9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 677
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:08 GMT
server: nginx
etag: "64d77844-2a5"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 b.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 643 B
995 B 66ms
64ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/b.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

58ead390cc509331a0ef667a2ed6df336c32af6d03f3c4342d84412f776188ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 643
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:08 GMT
server: nginx
etag: "64d77844-283"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 search.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 797 B
1 KB 66ms
65ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/search.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

26672ffc5edf4c733fafc6988864f8ad7c85ecf1bb296ac493ce1928e15f682f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 797
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:13 GMT
server: nginx
etag: "64d77849-31d"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 108ms
34ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-15d84"
vary: Accept-Encoding
x-hw: 1692646472.dop216.am5.t,1692646472.cds211.am5.hn,1692646472.cds312.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30879

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ 82 KB
22 KB 102ms
50ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 15591646
x-jsd-version: 4.5.3
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230067-FRA, cache-yyz4562-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kLNXEXn0MXxWgX3D5gk8g6iE2RXIxMKTJylrWVUockzmUSBACepgBlGsF%2F2KDeoQGBQxMOrxBiz6Ok5VU6p5pdoejJGpVnsXPRET%2B%2FXeT80fD9xmyoBxUZO0%2Fq4DxCtmqWLN7HOYdhKPPhrFmYw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7fa55065ba0aca6c-HAM

GET
H2 200 all.min.js Show response
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/ 1 MB
355 KB 108ms
37ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 20991679
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 362308
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f7b5b5f-123bd0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFeVuQd5SqxMikJrrIOF3WW9RVpopyfAhZcuzC4m9k7LKZkTg652lNBfnUK84966E1K96teb3kXznRmvS08gzwHCIS5iuEwDHrV%2BmP9wqqRQO0qQvfOQw30ywleFUigybWC%2FyiBM5lB3isYSLrpyagNl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7fa55065cd724163-HAM
expires: Sat, 10 Aug 2024 19:34:32 GMT

GET
H2 200 jquery.payment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/ 8 KB
3 KB 141ms
70ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 7159747
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2420
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-210b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q4INKpqrp21uh4VAnYI3ibZfi5ximIMtjbs3cdbrYYLOhi19yQCYELN8h%2F00RQeM8YrKfpCABozl7KuzodQTUnrj00BMt%2F3X6mPi%2FNojqe0YNtZU7JmfhWoSVhkqDQCUsdkIjMZrUVL2bJY1JEpkzA1i"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7fa55065cd744163-HAM
expires: Sat, 10 Aug 2024 19:34:32 GMT

GET
H2 200 simpleUpload.min.js Show response
cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/ 13 KB
5 KB 134ms
82ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery-simple-upload@1.1.0/simpleUpload.min.js

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c94328682edabda584a8380131d5cabb0c7dea7a7ae74d18cd0f6e577421c55c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2444888
x-jsd-version: 1.1.0
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230030-FRA, cache-yyz4558-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"329c-RzBAtgi48hLo/t0xThhVsDizgmM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3YVt9lMFEDd1ovIa%2F3mY5U2AjlN28tKnDj80xPaexPKUYx0eWk0phGS8z97DvrpLxa5N%2BYav9CEOigJsJKXiBgPIGYZHt1X0Y%2BEZOlj%2Fm2ggTi31Iz%2B3Y59ViYdf9rE2edu5Z5F75WYSQ2LWQA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7fa55065ba0bca6c-HAM

GET
H2 200 script.js Show response
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/js/ 150 B
433 B 34ms
31ms Script
application/javascript 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/js/script.js

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

786729996e8cfc06306966f638c2f38b4e7b782b68d3dbcdf572c922b68269eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/clients/cc.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: public
date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Sat, 12 Aug 2023 12:17:16 GMT
server: nginx
content-encoding: br
etag: W/"64d7784c-96"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 css2
fonts.googleapis.com/ 11 KB
903 B 66ms
66ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1888959b5858af3cd658a6aa00118d4db9656ee9d2dec1eb0d0bc68a6c4cc670

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 21 Aug 2023 19:34:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 21 Aug 2023 18:21:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 21 Aug 2023 19:34:32 GMT

GET
H2 200 map.png
b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/ 92 KB
92 KB 34ms
32ms Image
image/png 159.69.82.233
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/imgs/map.png

Requested by

Host: b12hcmh.myraidbox.de
URL: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/css/style.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.82.233 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b12hcmh.myraidbox.de

Software

nginx /

Resource Hash

e5d820987db3c395fa069e88ddaec100f7ad679ea9d425a9c0f24ad1a01d8bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b12hcmh.myraidbox.de/wp-content/plugins/aramex/sar/assets/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 19:34:32 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 93866
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 12 Aug 2023 12:17:12 GMT
server: nginx
etag: "64d77848-16eaa"
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Tue, 20 Aug 2024 19:34:32 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 47 KB
48 KB 177ms
55ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://b12hcmh.myraidbox.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 09:02:59 GMT
x-content-type-options: nosniff
age: 297093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 09:02:59 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: track.addevent.com
URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=0f171ca8-c198-40c5-f87f-764f5d40853a&url=https%3A%2F%2Fkkladeka.clickfunnels.com%2Foptin1691641998348&cache=1692646472026

Domain: app.clickfunnels.com
URL: https://app.clickfunnels.com/v1/track?_unique=0.8741682753729771&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//kkladeka.clickfunnels.com/optin1691641998348&_referrer=ttps%3A//lnk.to/&_title=My%20Awesome%20Landing%20Page%20-%20Powered%20by%20ClickFunnels.com&_key=ejhac5ky&_page_key=cbbvqk4d6aupv89j&_fid=13125783&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://kkladeka.clickfunnels.com/optin1691641998348&_referrer=https://lnk.to/

Domain: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/cdn-cgi/rum?

Domain: kkladeka.clickfunnels.com
URL: https://kkladeka.clickfunnels.com/cdn-cgi/rum?

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aramex (Transportation)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lnk.to/	1970-01-20 14:12:12	Name: LF_nativeCount_amazon-music Value: 0-1692732870000-3
.lnk.to/	1970-01-20 14:12:12	Name: LF_nativeCount_tidal Value: 0-1692732870000-3
.lnk.to/	1970-01-20 14:12:12	Name: LF_nativeCount_spotify Value: 0-1692732870000-3
.lnk.to/	1970-01-20 14:10:47	Name: LF_session_91d56ca5e94ae50ad1a27d6776845332 Value: 1
.linkedin.com/	1970-01-20 22:56:22	Name: bcookie Value: "v=2&2085fe2d-7fa0-405d-856e-63b3522c582c"
.www.linkedin.com/	1970-01-20 22:56:22	Name: bscookie Value: "v=1&202308211934307d3476ac-3af9-43bd-8734-c1c14f4fb66cAQHZPsNcrFbpAhqHkcrK6RafCL8DYvrI"
.linkedin.com/	1970-01-20 18:29:58	Name: li_gc Value: MTswOzE2OTI2NDY0NzA7MjswMjGdMoN/pZeMQ9y1gW/eJvPLYQnNsrxMy4I7ECnOucp8nw==
.linkedin.com/	1970-01-20 14:12:12	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3065:u=1:x=1:i=1692646470:t=1692732870:v=2:sig=AQESV7VJms17wjhx1Z7E8WuIbCIunXPE"
.clickfunnels.com/	1970-01-20 14:10:48	Name: __cf_bm Value: CbYpb6nAfTMGTJzQUXMR0Dr5s9w8nbu7EsGUGDAqxe8-1692646471-0-ARsaPV84DwVW6svvFNBZ/3teFWR90KEDPeVyFmI0TBc+4Wk/v/hmkIupUuN/w7mLUS965L0IynoFc8w3UH+chdTQt/awua0cFiYn6bp13wCV
.clickfunnels.com/	1969-12-31 23:59:59	Name: _cfuvid Value: CBGrBdaFqWhMnNceyPePwZY5lS73uePFO5RBBpo5yxY-1692646471357-0-604800000
kkladeka.clickfunnels.com/	1970-01-20 22:56:22	Name: addevent_track_cookie Value: 0f171ca8-c198-40c5-f87f-764f5d40853a
b12hcmh.myraidbox.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5pf6rjblcfclo09olgr6f4j9fs

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=0f171ca8-c198-40c5-f87f-764f5d40853a&url=https%3A%2F%2Fkkladeka.clickfunnels.com%2Foptin1691641998348&cache=1692646472026 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.clickfunnels.com
assets.clickfunnels.com
b12hcmh.myraidbox.de
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
images.clickfunnels.com
js-agent.newrelic.com
kkladeka.clickfunnels.com
lnk.to
pagead2.googlesyndication.com
static.cloudflareinsights.com
track.addevent.com
use.fontawesome.com
www.linkedin.com
app.clickfunnels.com
kkladeka.clickfunnels.com
track.addevent.com
151.101.66.137
159.69.82.233
2001:4de0:ac18::1:a:3b
2606:4700::6810:3865
2606:4700::6810:5714
2606:4700::6810:cc2
2606:4700::6811:180e
2606:4700:e0::ac40:660b
2620:1ec:21::14
2a00:1450:4001:803::200a
2a00:1450:4001:810::2003
2a00:1450:4001:827::2002
54.72.222.114
002a53dd1cf9e76d76936ad0c413a03296b0ef4931116370ddca0ac7fdf828b1
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
1888959b5858af3cd658a6aa00118d4db9656ee9d2dec1eb0d0bc68a6c4cc670
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72
26672ffc5edf4c733fafc6988864f8ad7c85ecf1bb296ac493ce1928e15f682f
2827052ff2f39ff8dc865661f7ed2a528636e3c10cbd39a819716214ffb0dfa7
2b86d8e4382ccf265ba1868a89cdc559e41468d9c501d56691e4b88bf90d2f0d
37b9f4c09ef8153cbcfe9e4e65df5eefba1fd1274d700af4e33370b4a2b7cbec
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
4f170247e1768f40ceb39a7e08a9250b3e0d1fe5d85e9ac437b6fba12ccf61ba
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
559a944338db2f3adee6be15854629b7d9042928ab9034f48438385a4d70018a
58ead390cc509331a0ef667a2ed6df336c32af6d03f3c4342d84412f776188ef
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
786729996e8cfc06306966f638c2f38b4e7b782b68d3dbcdf572c922b68269eb
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
82f2640848b1d79bc75c27351befab43e34a53a5d379c278dac6910dea1fa963
83ba66cd40ebbd3beb61d6e95dfefa745903e5eda8da8134cec74b57f981f498
8c3d3b6bfcc139819e992b2aadd3b66a38003d7a64a4817e4b252c12730d745e
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
90f6e5fa596da0ae7d0d5d5fef04f98ea73e1b6a178a78d8d04fc86c2762ff9a
c94328682edabda584a8380131d5cabb0c7dea7a7ae74d18cd0f6e577421c55c
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
cbbe6206c6a7dfa4fe40af1e9778202da64ab18ff63ac90f1b745d77e2a42e17
d4c68716c8836c41e6962694c574aedcbcba45044503ec8fe86f58f2db02f8e1
d70c796d0e56a078467f66907481164adf5fc90d4b65e3deb53c5b44050117e2
e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773
e5d820987db3c395fa069e88ddaec100f7ad679ea9d425a9c0f24ad1a01d8bee
e68c19ff1d9a5a8afd8484c3f1cfb97cb69afd7f11078bc500d6f8e761f9f66f
f1e8231c6f3bf3a4cbfc92a5f8beaff846a3014c21fe8396ed212bb0d0244db9
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

b12hcmh.myraidbox.de Open in urlscan Pro 159.69.82.233 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

48 Requests

92 %HTTPS

77 %IPv6

14 Domains

17 Subdomains

13 IPs

4 Countries

1508 kBTransfer

4823 kBSize

12 Cookies

0 Outgoing links

Page URL History

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

b12hcmh.myraidbox.de Open in urlscan Pro
159.69.82.233 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

92 %
HTTPS

77 %
IPv6

14
Domains

17
Subdomains

13
IPs

4
Countries

1508 kB
Transfer

4823 kB
Size

12
Cookies

48 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!