urlscan.io logo urlscan.io
SecurityTrails logo

safeserversservices.com Open in urlscan Pro
172.105.80.207  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://karlje2.capostalsecure.com/
Effective URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxff...
Submission: On May 17 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 10 domains to perform 18 HTTP transactions. The main IP is 172.105.80.207, located in Frankfurt am Main, Germany and belongs to LINODE-AP Linode, LLC, US. The main domain is safeserversservices.com.
TLS certificate: Issued by R3 on April 21st 2021. Valid for: 3 months.
This is the only time safeserversservices.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canada Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 142.93.236.13 14061 (DIGITALOC...)
1 2 108.61.189.90 20473 (AS-CHOOPA)
5 172.105.80.207 63949 (LINODE-AP...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:f48:2000... 47447 (TTM)
2 2a00:1450:400... 15169 (GOOGLE)
1 185.59.220.194 60068 (CDN77 (^_^)/)
18 9
1    142.93.236.13 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
karlje2.capostalsecure.com
2    108.61.189.90 (Amsterdam, Netherlands)

ASN20473 (AS-CHOOPA, US)
PTR: 108.61.189.90.vultr.com
herelikenicetrck.com
5    172.105.80.207 (Frankfurt am Main, Germany)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li2041-207.members.linode.com
safeserversservices.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
2    2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
2    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:f48:2000:1023::3 (Germany)

ASN47447 (TTM, DE)
tier1.aws-cdn.net
2    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    185.59.220.194 (Frankfurt am Main, Germany)

ASN60068 (CDN77 (^_^)/, GB)
PTR: unn-185-59-220-194.datapacket.com
cdn.perpello.io
Domain Requested by
5 safeserversservices.com safeserversservices.com
2 fonts.gstatic.com fonts.googleapis.com
2 tier1.aws-cdn.net safeserversservices.com
tier1.aws-cdn.net
2 cdnjs.cloudflare.com safeserversservices.com
cdnjs.cloudflare.com
2 unpkg.com safeserversservices.com
2 stackpath.bootstrapcdn.com safeserversservices.com
2 herelikenicetrck.com 1 redirects
1 cdn.perpello.io tier1.aws-cdn.net
1 fonts.googleapis.com safeserversservices.com
1 karlje2.capostalsecure.com 1 redirects
18 10

This site contains no links.

Subject Issuer Validity Valid
herelikenicetrck.com
R3		 2021-05-11 -
2021-08-09		 3 months crt.sh
safeserversservices.com
R3		 2021-04-21 -
2021-07-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-04-13 -
2021-07-06		 3 months crt.sh
tier1.aws-cdn.net
R3		 2021-05-06 -
2021-08-04		 3 months crt.sh
*.google.com
GTS CA 1O1		 2021-04-13 -
2021-07-06		 3 months crt.sh
cdn.perpello.io
R3		 2021-05-11 -
2021-08-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Frame ID: E125261550237CC176E1E50ECFAD908A
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://karlje2.capostalsecure.com/ HTTP 302
    https://herelikenicetrck.com/?flux_fts=tzlzaaxcaalppqxzoipeaplaoxaxqiczttzccc226e6&fname=Ayo&lname=Ogunba... HTTP 307
    https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=105... Page URL
  2. https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=105099... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

18
Requests

100 %
HTTPS

60 %
IPv6

10
Domains

10
Subdomains

9
IPs

3
Countries

282 kB
Transfer

592 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://karlje2.capostalsecure.com/ HTTP 302
    https://herelikenicetrck.com/?flux_fts=tzlzaaxcaalppqxzoipeaplaoxaxqiczttzccc226e6&fname=Ayo&lname=Ogunbade&email=adeade5050@yahoo.com&server=capostalsecure.com&mx=yahoo&do=DI&survey=&ses=142&campaign=139198&male=&female=&lander=&number=&category=6 HTTP 307
    https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich Page URL
  2. https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://karlje2.capostalsecure.com/ HTTP 302
  • https://herelikenicetrck.com/?flux_fts=tzlzaaxcaalppqxzoipeaplaoxaxqiczttzccc226e6&fname=Ayo&lname=Ogunbade&email=adeade5050@yahoo.com&server=capostalsecure.com&mx=yahoo&do=DI&survey=&ses=142&campaign=139198&male=&female=&lander=&number=&category=6 HTTP 307
  • https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.html
herelikenicetrck.com/go/ca/ttcapost/
Redirect Chain
  • https://karlje2.capostalsecure.com/
  • https://herelikenicetrck.com/?flux_fts=tzlzaaxcaalppqxzoipeaplaoxaxqiczttzccc226e6&fname=Ayo&lname=Ogunbade&email=adeade5050@yahoo.com&server=capostalsecure.com&mx=yahoo&do=DI&survey=&ses=142&campa...
  • https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=O...
834 B
937 B 		Document
General
Check archive.org
Download Go to
Full URL
https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.61.189.90 Amsterdam, Netherlands, ASN20473 (AS-CHOOPA, US),
Reverse DNS
108.61.189.90.vultr.com
Software
openresty/1.19.3.1 / PHP/7.3.17
Resource Hash
4c6ebb42fa0054b863ddc446a470c22b36d7440a0571cfae5023973aaed2ba0a

Request headers

Host
herelikenicetrck.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=8fc98289427fa688077adcbc1bced55d; csid3=8fc98289427fa688077adcbc1bced55d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
openresty/1.19.3.1
Date
Mon, 17 May 2021 23:03:05 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.3.17
Content-Encoding
gzip
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers
Content-Length,Content-Range

Redirect headers

Server
openresty/1.19.3.1
Date
Mon, 17 May 2021 23:03:05 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.3.17
Set-Cookie
PHPSESSID=8fc98289427fa688077adcbc1bced55d; expires=Mon, 24-May-2021 23:03:05 GMT; Max-Age=604800; path=/; secure; SameSite=None csid3=8fc98289427fa688077adcbc1bced55d; expires=Tue, 17-May-2022 23:03:05 GMT; Max-Age=31536000; path=/; secure; SameSite=None PHPSESSID=8fc98289427fa688077adcbc1bced55d; expires=Tue, 18-May-2021 23:03:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
X-Robots-Tag
noindex, noarchive, nofollow
P3P
CP="This is not a P3P policy"
Location
https://herelikenicetrck.com/go/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers
Content-Length,Content-Range
Primary Request index.html
safeserversservices.com/ca/ttcapost/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.105.80.207 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li2041-207.members.linode.com
Software
openresty/1.17.8.2 /
Resource Hash
097942d22775f7512c75f379d4b361b2d5474bee0f8ec8aa8155caae08282d78

Request headers

Host
safeserversservices.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://herelikenicetrck.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://herelikenicetrck.com/

Response headers

Server
openresty/1.17.8.2
Date
Mon, 17 May 2021 23:03:06 GMT
Content-Type
text/html
Content-Length
5120
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Last-Modified
Tue, 26 Jan 2021 15:17:20 GMT
ETag
"60103280-1400"
Accept-Ranges
bytes
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 		157 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617
age
4838839
cdn-cachedat
2021-03-11 11:57:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a1e2aacb100004ed902a61000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
83aeb3344168e43783be27f1e929c66d
cf-ray
65107a2788044ed9-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
pure-min.css
unpkg.com/purecss@1.0.0/build/ 		16 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/purecss@1.0.0/build/pure-min.css
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
434cc2ad4b3621f5d6631d2e30a25f1bddc2bc5ea8548236d70698b00578ffc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://safeserversservices.com
Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
4845188
vary
Accept-Encoding
cf-request-id
0a1e2aacb100002b12a014e000000001
last-modified
Mon, 05 Jun 2017 15:02:40 GMT
server
cloudflare
etag
W/"4041-Bsbicbly0ELj8EtyGzLkx6K5qmk"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
f68cfd3a206e4c2915e19f2b65d7b515
cache-control
public, max-age=31536000
cf-ray
65107a278bc52b12-FRA
grids-responsive-min.css
unpkg.com/purecss@1.0.0/build/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/purecss@1.0.0/build/grids-responsive-min.css
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62a9e74bf710eef13b81f56375fc7e24c8b91050fa9ba66a75e9a3f35aece8f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
4836520
vary
Accept-Encoding
cf-request-id
0a1e2aacb100002b8943077000000001
last-modified
Mon, 05 Jun 2017 15:02:40 GMT
server
cloudflare
etag
W/"1f60-O8+cDat7roGX29PcEKHeg9pY6j8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
7586257190ac05dd40cf2836fd06c298
cache-control
public, max-age=31536000
cf-ray
65107a2789ac2b89-FRA
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2177176
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10391
cf-request-id
0a1e2aacad00001776dcbaf000000001
timing-allow-origin
*
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-e637"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FnawUkrwzfYOsn5vezHS0ngPd3yE9GP8qMm9h7MPdjH1nUS%2FiQU4Hc4y2VHk8cs9zALz52%2FxI5%2FLjQGHsNJeWPYsQXCYbk5T%2FiTinPH%2BQ5L5WoMORLYNLF9PVL42sALqYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
65107a277afc1776-FRA
expires
Sat, 07 May 2022 23:03:06 GMT
css2
fonts.googleapis.com/ 		4 KB
729 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 17 May 2021 21:48:15 GMT
server
ESF
date
Mon, 17 May 2021 23:03:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 17 May 2021 23:03:06 GMT
custom.css
safeserversservices.com/ca/ttcapost/css/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://safeserversservices.com/ca/ttcapost/css/custom.css
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.105.80.207 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li2041-207.members.linode.com
Software
openresty/1.17.8.2 /
Resource Hash
58843d446a4ac9176eb66d66bbc1788cd32ab4298a7df10d7926b51b38b0ed51

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
safeserversservices.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Connection
keep-alive
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 17 May 2021 23:03:06 GMT
Last-Modified
Tue, 26 Jan 2021 15:17:23 GMT
Server
openresty/1.17.8.2
ETag
"60103283-1719"
Vary
Accept-Encoding Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=600 public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5913
Expires
Mon, 17 May 2021 23:13:06 GMT
logo.svg
safeserversservices.com/ca/ttcapost/img/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safeserversservices.com/ca/ttcapost/img/logo.svg
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.105.80.207 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li2041-207.members.linode.com
Software
openresty/1.17.8.2 /
Resource Hash
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
safeserversservices.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Connection
keep-alive
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 17 May 2021 23:03:06 GMT
Last-Modified
Tue, 26 Jan 2021 15:17:26 GMT
Server
openresty/1.17.8.2
ETag
"60103286-3037"
Content-Type
image/svg+xml
Cache-Control
max-age=600 public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
12343
Expires
Mon, 17 May 2021 23:13:06 GMT
security-seals-bw.png
safeserversservices.com/ca/ttcapost/img/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safeserversservices.com/ca/ttcapost/img/security-seals-bw.png
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.105.80.207 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li2041-207.members.linode.com
Software
openresty/1.17.8.2 /
Resource Hash
6eb234f51e4578d93379be744cb10392b2757fe77a582e4e812f0e5718fa5cea

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
safeserversservices.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Connection
keep-alive
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 17 May 2021 23:03:06 GMT
Last-Modified
Tue, 26 Jan 2021 15:17:27 GMT
Server
openresty/1.17.8.2
ETag
"60103287-d4a1"
Content-Type
image/png
Cache-Control
max-age=600 public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
54433
Expires
Mon, 17 May 2021 23:13:06 GMT
jquery-3.4.0.min.js
tier1.aws-cdn.net/jquery/ 		89 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tier1.aws-cdn.net/jquery/jquery-3.4.0.min.js
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software
BunnyCDN-DE1-481 /
Resource Hash
308a3d52ae3ea3e94c720a85dabb2cc5da3220bcd1fedfea04537c38ee73c20c

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
cdn-edgestorageid
481
cdn-storageserver
DE-51
cdn-cachedat
2021-05-08 07:52:24
cdn-pullzone
59966
last-modified
Mon, 15 Apr 2019 10:13:01 GMT
server
BunnyCDN-DE1-481
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
83d4347a-cf7b-4d89-ac00-eead5cec7514
cache-control
public, max-age=2592000
cdn-requestid
bf94cf53cfe95a908734de6086dbfe56
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 		59 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617
age
4841670
cdn-cachedat
2021-03-11 11:57:52
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a1e2aacb100004ed9e1870000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:11 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
76827bc54b503753564b1341103dff23
cf-ray
65107a2788074ed9-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
script.min.js
safeserversservices.com/ca/ttcapost/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safeserversservices.com/ca/ttcapost/js/script.min.js
Requested by
Host: safeserversservices.com
URL: https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.105.80.207 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li2041-207.members.linode.com
Software
openresty/1.17.8.2 /
Resource Hash
09d091c65f50bbc5722438e8debe3ba18cf1c30599253c80b2fc376dd4880ca1

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
safeserversservices.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
Connection
keep-alive
Referer
https://safeserversservices.com/ca/ttcapost/index.html?session=8fc98289427fa688077adcbc1bced55d&fluxf=1050993799566230846&fluxffn=1070674272718205989&ffdomain=herelikenicetrck.com&fname=Ayo&lname=Ogunbade&city=Zurich
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 17 May 2021 23:03:06 GMT
Last-Modified
Tue, 26 Jan 2021 15:17:29 GMT
Server
openresty/1.17.8.2
ETag
"60103289-850"
Vary
Accept-Encoding Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=600 public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2128
Expires
Mon, 17 May 2021 23:13:06 GMT
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c214017962f2b403ee2f8a0dd51333b467aa3f082c5fc93fdb86f0b3d90a19b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
https://safeserversservices.com
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
148127
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
80148
cf-request-id
0a1e2aacdf00004aa301815000000001
timing-allow-origin
*
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-13914"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uH8SZm0J9MQghFTN%2FPK3h7LY3009iHoOAwJfBKO0L%2FZSZTwjQDgVbwxI87Hn5g1vOuAXWHhQJZMzLtWeADJg9Ms8vIo0Cv2Qhi8R0TE%2F9TZwqhJ52atQXTIOq%2BHiOQ6%2F0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
65107a27c9764aa3-FRA
expires
Sat, 07 May 2022 23:03:06 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://safeserversservices.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 01:43:32 GMT
x-content-type-options
nosniff
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
age
422374
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
expires
Fri, 13 May 2022 01:43:32 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://safeserversservices.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 15:35:29 GMT
x-content-type-options
nosniff
last-modified
Mon, 05 Apr 2021 21:10:46 GMT
server
sffe
age
372457
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
expires
Fri, 13 May 2022 15:35:29 GMT
jquery.js
tier1.aws-cdn.net/jquery/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tier1.aws-cdn.net/jquery/jquery.js?_=1621292586317
Requested by
Host: tier1.aws-cdn.net
URL: https://tier1.aws-cdn.net/jquery/jquery-3.4.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f48:2000:1023::3 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software
BunnyCDN-DE1-481 /
Resource Hash
93bfe5cd98a2389220aeb8615aa43e257e70d89e596fe7e5dc73d454a09be0eb

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
cdn-edgestorageid
481
cdn-storageserver
DE-51
cdn-cachedat
2021-05-15 00:46:04
cdn-pullzone
59966
last-modified
Wed, 10 Mar 2021 20:12:13 GMT
server
BunnyCDN-DE1-481
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
83d4347a-cf7b-4d89-ac00-eead5cec7514
cache-control
public, max-age=2592000
cdn-requestid
35ca4d8b33fd468acc41f4965b3c16d6
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
perpello.js
cdn.perpello.io/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perpello.io/perpello.js?_=1621292586318
Requested by
Host: tier1.aws-cdn.net
URL: https://tier1.aws-cdn.net/jquery/jquery-3.4.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.59.220.194 Frankfurt am Main, Germany, ASN60068 (CDN77 (^_^)/, GB),
Reverse DNS
unn-185-59-220-194.datapacket.com
Software
BunnyCDN-DE1-713 /
Resource Hash
0334dd97236be16e5a0ce82e2ceb4f1efccfcc3e74b36b6e8900b31234688a32

Request headers

Referer
https://safeserversservices.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 17 May 2021 23:03:06 GMT
content-encoding
br
cdn-edgestorageid
632
cdn-storageserver
DE-51
cdn-cachedat
2021-05-17 14:55:50
cdn-pullzone
78643
last-modified
Tue, 16 Mar 2021 09:29:54 GMT
server
BunnyCDN-DE1-713
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
83d4347a-cf7b-4d89-ac00-eead5cec7514
cache-control
public, max-age=2592000
cdn-requestid
61167135794216e479cf57bf437f511a
cdn-requestcountrycode
CH
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canada Post (Transportation)

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| a124a_0x64b8 function| a124a_0x3c53 function| a124a_0x3dcae7 function| a124a_0x2e541b function| $ function| jQuery object| bootstrap function| load function| getUrlParameter object| d number| year string| lpdomain string| ffurl string| ffdomain string| host string| fname string| lname string| city string| session string| fluxf string| fluxffn function| loading function| hideShow function| Action function| ActionRedirect function| ActionUpdate function| OSRedirect function| getUrlVariable string| perpellourl object| Perpello

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.perpello.io
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
herelikenicetrck.com
karlje2.capostalsecure.com
safeserversservices.com
stackpath.bootstrapcdn.com
tier1.aws-cdn.net
unpkg.com
108.61.189.90
142.93.236.13
172.105.80.207
185.59.220.194
2606:4700::6810:125e
2606:4700::6810:7eaf
2606:4700::6812:bcf
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::200a
2a00:f48:2000:1023::3
0334dd97236be16e5a0ce82e2ceb4f1efccfcc3e74b36b6e8900b31234688a32
097942d22775f7512c75f379d4b361b2d5474bee0f8ec8aa8155caae08282d78
09d091c65f50bbc5722438e8debe3ba18cf1c30599253c80b2fc376dd4880ca1
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
308a3d52ae3ea3e94c720a85dabb2cc5da3220bcd1fedfea04537c38ee73c20c
434cc2ad4b3621f5d6631d2e30a25f1bddc2bc5ea8548236d70698b00578ffc4
4c6ebb42fa0054b863ddc446a470c22b36d7440a0571cfae5023973aaed2ba0a
58843d446a4ac9176eb66d66bbc1788cd32ab4298a7df10d7926b51b38b0ed51
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
62a9e74bf710eef13b81f56375fc7e24c8b91050fa9ba66a75e9a3f35aece8f5
6eb234f51e4578d93379be744cb10392b2757fe77a582e4e812f0e5718fa5cea
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
93bfe5cd98a2389220aeb8615aa43e257e70d89e596fe7e5dc73d454a09be0eb
9c214017962f2b403ee2f8a0dd51333b467aa3f082c5fc93fdb86f0b3d90a19b
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87