awi.wvn.mybluehost.me Open in urlscan Pro
162.241.225.102 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hab.me/nYuCMIL
Effective URL:
https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/
Submission: On September 21 via manual (September 21st 2024, 8:00:28 am UTC) from DK — Scanned from DK

Summary HTTP 13 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 162.241.225.102, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is awi.wvn.mybluehost.me.
TLS certificate: Issued by R10 on August 26th 2024. Valid for: 3 months.

This is the only time awi.wvn.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.190.2.215 35.190.2.215	15169 (GOOGLE) (GOOGLE)
1 1	195.216.243.155 195.216.243.155	57724 (DDOS-GUARD) (DDOS-GUARD)
1 6	162.241.225.102 162.241.225.102	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
8	18.66.112.76 18.66.112.76	16509 (AMAZON-02) (AMAZON-02)
13	3

1 35.190.2.215 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 215.2.190.35.bc.googleusercontent.com

hab.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.216.243.155 (Moscow, Russian Federation) 1 redirects

ASN57724 (DDOS-GUARD, RU)
PTR: s5.uid.me

u.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.241.225.102 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5256.bluehost.com

awi.wvn.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.66.112.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-76.fra56.r.cloudfront.net

portal.postnord.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	postnord.com portal.postnord.com	10 KB
6	mybluehost.me 1 redirects awi.wvn.mybluehost.me	141 KB
1	u.to 1 redirects u.to — Cisco Umbrella Rank: 529656	362 B
1	hab.me 1 redirects hab.me	121 B
13	4

	Domain	Requested by
8	portal.postnord.com	awi.wvn.mybluehost.me
6	awi.wvn.mybluehost.me	1 redirects awi.wvn.mybluehost.me
1	u.to	1 redirects
1	hab.me	1 redirects
13	4

This site contains links to these domains. Also see Links.

Domain
www.postnord.dk
portal.postnord.com
www.postnord.com
www.postnord.fi
www.postnord.no
www.postnord.se
www.stralfors.com
www.directlink.com

Subject Issuer	Validity	Valid
awi.wvn.mybluehost.me R10	`2024-08-26` - `2024-11-24`	3 months	crt.sh
portal.postnord.com Amazon RSA 2048 M02	`2023-11-14` - `2024-12-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/
Frame ID: 651F569137025B7526368A511BB8BC8B
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Postage | Buy postage code and package label easily and cheaply | PostNord

Page URL History Show full URLs

https://hab.me/nYuCMIL HTTP 301
https://u.to/cdzhIA HTTP 302
https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/ HTTP 302
https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

150 kB
Transfer

324 kB
Size

2
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.postnord.dk/
Title: postnord.dkInformation about PostNord

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/
Title: Customer portalManage your shipments

Search URL Search Domain Scan URL

URL: https://www.postnord.com/
Title: postnord.comInformation about PostNord Group

Search URL Search Domain Scan URL

URL: https://www.postnord.dk/en
Title: PostNord Denmark

Search URL Search Domain Scan URL

URL: https://www.postnord.fi/en
Title: PostNord Finland

Search URL Search Domain Scan URL

URL: https://www.postnord.no/en
Title: PostNord Norway

Search URL Search Domain Scan URL

URL: https://www.postnord.se/en
Title: PostNord Sweden

Search URL Search Domain Scan URL

URL: https://www.postnord.com/en/about-us/our-market/germany
Title: PostNord Germany

Search URL Search Domain Scan URL

URL: https://www.stralfors.com/
Title: PostNord Strålfors

Search URL Search Domain Scan URL

URL: https://www.directlink.com/
Title: Direct Link

Search URL Search Domain Scan URL

URL: https://www.postnord.se/
Title: Sweden

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/pnalerts/
Title: Alle notifikationer

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/skickadirekt/payment
Title: Varekurv

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/tracking/
Title: Track with Shipment ID

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/tracking/reference/
Title: Track with reference

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/onlineporto/
Title: Online Porto

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/claimspublic/
Title: Complaints

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/betalmoms/
Title: Pay VAT

Search URL Search Domain Scan URL

URL: https://www.postnord.dk/kundeservice/kundeservice-erhverv/fa-en-kundeaftale
Title: Create Business Account

Search URL Search Domain Scan URL

URL: https://portal.postnord.com/discover-dk
Title: Explore

Search URL Search Domain Scan URL

URL: https://www.postnord.dk/personlige-oplysninger
Title: Integritetspolitik

Search URL Search Domain Scan URL

URL: https://www.postnord.dk/cookies
Title: Cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hab.me/nYuCMIL HTTP 301
https://u.to/cdzhIA HTTP 302
https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/ HTTP 302
https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Redirect Chain https://hab.me/nYuCMIL https://u.to/cdzhIA https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/ https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/	183 KB 56 KB	590ms 589ms	Document text/html	162.241.225.102 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.225.102 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5256.bluehost.com Software Apache / Resource Hash `b0e724bab5d0c71b56f89e9b734ae463fcfd06ab8cb4dfbdf0df464a6aa29ef8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Sat, 21 Sep 2024 08:00:22 GMT expires Thu, 19 Nov 1981 08:52:00 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== pragma no-cache server Apache vary Accept-Encoding x-newfold-cache-level 2 Redirect headers cache-control no-store, no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Sat, 21 Sep 2024 08:00:22 GMT expires Thu, 19 Nov 1981 08:52:00 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== location core/ pragma no-cache server Apache x-newfold-cache-level 2
GET H2	200	jquery.js Show response awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/style/	88 KB 39 KB	216ms 216ms	Script application/javascript	162.241.225.102 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/style/jquery.js Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.225.102 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5256.bluehost.com Software Apache / Resource Hash `a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Response headers cache-control max-age=86400 x-newfold-cache-level 2 content-encoding gzip expires Sun, 22 Sep 2024 08:00:23 GMT accept-ranges bytes date Sat, 21 Sep 2024 08:00:23 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== last-modified Fri, 23 Jun 2023 07:41:38 GMT vary Accept-Encoding server Apache content-type application/javascript
GET H2	200	graphics-product-package@2x.png portal.postnord.com/onlineporto/assets/images/parcels/	3 KB 4 KB	277ms 141ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/parcels/graphics-product-package@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `fb9ff1963494c0aed98f0e882bbf1955c35c29cfec718688346142e58d10d975` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "a0858e3b927592950d090ff8d69285ec" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4W9VSM1Y3TB2MAJ alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 3438 x-amz-cf-id 6Nn7NfXXc3B3TAO7_BPa3Enli75V_meDhHFEBRCGw7U2XwQSwQC83g== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:24 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 mrXm8kJsqjdim7ef32/6O3BZ1PdctIaF2nUQ3Ix02iYevZBJ++oDBf8JOgFgbZeKn/VUycujGj0=
GET H2	200	PostNordSans-Regular.woff awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/fonts/	23 KB 23 KB	205ms 204ms	Font font/woff	162.241.225.102 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/fonts/PostNordSans-Regular.woff Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.225.102 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5256.bluehost.com Software Apache / Resource Hash `e5b1ff1ff6c566174e53ad8a64a632b83f520f73a9d8c3a54e4d697dcc1dec2c` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://awi.wvn.mybluehost.me Referer https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Response headers cache-control max-age=86400 x-newfold-cache-level 2 expires Sun, 22 Sep 2024 08:00:23 GMT accept-ranges bytes content-length 23180 date Sat, 21 Sep 2024 08:00:23 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== last-modified Mon, 14 Nov 2022 14:25:32 GMT content-type font/woff server Apache
GET H2	200	icon-30-menu-blue@2x.png portal.postnord.com/onlineporto/assets/images/	253 B 702 B	149ms 147ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/icon-30-menu-blue@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `8e830e5cd5736b8b1784b0f9a7b4c3ad18c2321aa2aea182fed2fe31ee45873a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "b17ebc756732723705d4bf77d4daa328" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4W62KDJKW611PCA alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 253 x-amz-cf-id UCucGBKw8p2QZx8iAD4MGlbPWXHN3JILXWc37eKgPwGFCzVVe5RBAQ== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:19 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 6K5XbBome5ESakTp15hVeuaV8eVDlfbWESz3aDCvJyTKwzrM+nM7Ai0xWzkKtI6vdnnPe/Z0BUU=
GET H2	200	icon-30-address-blue@2x.png portal.postnord.com/onlineporto/assets/images/	889 B 1 KB	207ms 205ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/icon-30-address-blue@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `1f92053319ddbd5b92247182e3c2e19b7ec862115966da2c448eb1d1c4fb5de9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "712b45bec634e7607980e7e126f023fc" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4WA5NJ9XANTVVKQ alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 889 x-amz-cf-id P0adIBfeoNAaFIiCK6YvdMaFcIxJdDRSv6AB9VcqgfmT2DnXjrNVtQ== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:19 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 F1D4w0mWz5qg5VejdFmPKIGjHFQAgBKVF3rWmcoO8LwNH5HkCiyn3f+bKMxIUemFWT7wzvhPuZo=
GET H2	200	icon-30-new-blue@2x.png portal.postnord.com/onlineporto/assets/images/	311 B 761 B	149ms 148ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/icon-30-new-blue@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `79b611d29ceeb4cc62f618bc2bd30221db05f048cde1ae8cf66cad1ad1b7e85b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "aacc30a15759f7907826fc405a88353c" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4WAYQMJGDR61M9B alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 311 x-amz-cf-id 318S2RFkFCN-Vz9-FouT7JqEovoydhKNWLciDO-gf-1eFQG6c9TemA== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:19 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 LW4C5r7JMUT/Y57NkT/wknPjKyRyHMgEJADGo+YvTliIVjnEK1T+Lg4Mgg1gpRpq5mdBZ4nPTRM=
GET H2	200	icon-30-pin@2x.png portal.postnord.com/onlineporto/assets/images/	515 B 966 B	148ms 147ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/icon-30-pin@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `dd09f52fb20c2a79b24247607fc0ebdc56e95371b3e8a1fb43a2dbc455fe7ef4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "dd8903331f8875cd30c0dcc95494d189" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4W1EVW0T1BMHGXX alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 515 x-amz-cf-id 0nZknTOwMYT5quZJ9prkv6tRiGhttq0W3e76UDs0q5XXON2yIkjDZw== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:20 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 fSBQTLE01DI5euxynSnNNh2s8FTYvEgG5BOF8jBy4X5kh8NFFbIAW+7R/eZo3DebmRBYnex/vQg=
GET H2	200	icon-30-card@2x.png portal.postnord.com/onlineporto/assets/images/	229 B 679 B	149ms 148ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/icon-30-card@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `7de091b938921965150dbff5acdc7923abc1fa53bdfda1ec16520478caafad67` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "ba3fe186016c8e6db8147be69cd81e94" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4W6TCDJJQG94QPR alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 229 x-amz-cf-id bjP9M7aoout4rSg6B8whGwBgAZRAfoPoEoSbCzEBLsgaAmCRJMjDFw== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:19 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 Zw//lZxMgSvgfKnyUS1zgoILFjXsHjRgmngqguEbkZ6RpsMRFzN7kDpKRghzWxdDJzKHQkojOkc=
GET H2	200	icon-30-postnord@2x.png portal.postnord.com/onlineporto/assets/images/	413 B 861 B	136ms 136ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/icon-30-postnord@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `47cbde4cded1d48b7ec3aa3ed59db7b64e0f8f7aadbe5e8aa92cf3da733cc935` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "5ee11ff8141b1af71770af52b91bb3bd" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4W39R4MCDHP083F alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 413 x-amz-cf-id S1Q0TT8Tw1ZvYPpEcoCt709LWfWZOQiDQUyRuIdLgcyMufuR1JezuQ== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:20 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 rTeddVhHc2ffHxRb06Va/jX+duZ/9DJj9TUUu3xkN/QGPEQbbBhUW7gv5Ux7qUFg07+mJRe0Vb4=
GET H2	200	icon-edit-blue@2x.png portal.postnord.com/onlineporto/assets/images/	608 B 1 KB	131ms 131ms	Image image/png	18.66.112.76 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://portal.postnord.com/onlineporto/assets/images/icon-edit-blue@2x.png Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.76 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-76.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `395ed06518a6c6287ec9c474624783d9a29dfdc585d80293fed48792744aba0c` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/ Response headers cache-control max-age=86400 etag "4eb7e9e25276add08c8d022bc11ce8f4" via 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront) x-amz-request-id N4WAKQ6PV82V0E6Q alt-svc h3=":443"; ma=86400 x-cache Miss from cloudfront content-length 608 x-amz-cf-id _dZfZfKiHwZsFGuYbM3Ak6gMoNMrU9T93m7pT0EN-qO7AbMghQxBJw== date Sat, 21 Sep 2024 08:00:24 GMT content-type image/png last-modified Fri, 20 Sep 2024 13:15:22 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 x-amz-id-2 4OhdmEdC0BMrg7fJqWDVlTYUI/jffr6jhZI6KSe0qOO+SfS6GzVXhi3iaKNYX3hyaTQLioYkfok=
GET DATA	200 OK	truncated /	623 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01392d5f0a1c89b40c066442355bbca5607a7486a2e1248e989dd67d3616150d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET H2	200	PostNordSans-Medium.woff awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/fonts/	23 KB 23 KB	204ms 203ms	Font font/woff	162.241.225.102 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/fonts/PostNordSans-Medium.woff Requested by Host: awi.wvn.mybluehost.me URL: https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.225.102 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5256.bluehost.com Software Apache / Resource Hash `d75a0592ebbc4991535da046298cde7954fe9a9ae5508d062bed24e1b185706f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://awi.wvn.mybluehost.me Referer https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Response headers cache-control max-age=86400 x-newfold-cache-level 2 expires Sun, 22 Sep 2024 08:00:23 GMT accept-ranges bytes content-length 23196 date Sat, 21 Sep 2024 08:00:23 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== last-modified Mon, 14 Nov 2022 14:25:32 GMT content-type font/woff server Apache
GET H2	404	favicon.ico awi.wvn.mybluehost.me/	315 B 399 B	224ms 224ms	Other text/html	162.241.225.102 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://awi.wvn.mybluehost.me/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.225.102 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5256.bluehost.com Software nginx/1.25.5 / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://awi.wvn.mybluehost.me/wp-admin/css/colors/ocean/kunddk/opk/core/ Response headers content-length 315 date Sat, 21 Sep 2024 08:00:24 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-type text/html; charset=iso-8859-1 server nginx/1.25.5

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on September 21st 2024, 8:05:10 am UTC — From Denmark

Threats: Social Engineering Brand Impersonation Phishing
Brands: PostNord AB SE
Comment: Received text message alleging I have a package inbound which requires customs clearance and wants me to fill out my data. Full text of text message: Din pakke er på vej, men skal igennem tolden. Udfyld venligst formularen for at fortsætte https://hab.me/nYuCMIL

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery function| hidenow

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.u.to/	1970-01-21 08:27:21	Name: lng Value: en
			awi.wvn.mybluehost.me/	1969-12-31 23:59:59	Name: PHPSESSID Value: 616f526fd9c1295c8549c418ed549f76

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://awi.wvn.mybluehost.me/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

awi.wvn.mybluehost.me
hab.me
portal.postnord.com
u.to
162.241.225.102
18.66.112.76
195.216.243.155
35.190.2.215
01392d5f0a1c89b40c066442355bbca5607a7486a2e1248e989dd67d3616150d
1f92053319ddbd5b92247182e3c2e19b7ec862115966da2c448eb1d1c4fb5de9
395ed06518a6c6287ec9c474624783d9a29dfdc585d80293fed48792744aba0c
47cbde4cded1d48b7ec3aa3ed59db7b64e0f8f7aadbe5e8aa92cf3da733cc935
79b611d29ceeb4cc62f618bc2bd30221db05f048cde1ae8cf66cad1ad1b7e85b
7de091b938921965150dbff5acdc7923abc1fa53bdfda1ec16520478caafad67
8e830e5cd5736b8b1784b0f9a7b4c3ad18c2321aa2aea182fed2fe31ee45873a
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
b0e724bab5d0c71b56f89e9b734ae463fcfd06ab8cb4dfbdf0df464a6aa29ef8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d75a0592ebbc4991535da046298cde7954fe9a9ae5508d062bed24e1b185706f
dd09f52fb20c2a79b24247607fc0ebdc56e95371b3e8a1fb43a2dbc455fe7ef4
e5b1ff1ff6c566174e53ad8a64a632b83f520f73a9d8c3a54e4d697dcc1dec2c
fb9ff1963494c0aed98f0e882bbf1955c35c29cfec718688346142e58d10d975

awi.wvn.mybluehost.me Open in urlscan Pro 162.241.225.102 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

150 kBTransfer

324 kBSize

2 Cookies

22 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on September 21st 2024, 8:05:10 am UTC — From Denmark

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

awi.wvn.mybluehost.me Open in urlscan Pro
162.241.225.102 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

150 kB
Transfer

324 kB
Size

2
Cookies

13 HTTP transactions
1 data transactions

Malicious page.url
Submitted on September 21st 2024, 8:05:10 am UTC — From Denmark

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!