Submitted URL: https://scubawarehouse.com.tw/cei?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/
Effective URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Submission: On May 13 via api from IE — Scanned from DE

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 20 HTTP transactions. The main IP is 77.68.25.87, located in United Kingdom and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is beautybop.org.
TLS certificate: Issued by R3 on March 16th 2023. Valid for: 3 months.
This is the only time beautybop.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 2 172.67.167.154 13335 (CLOUDFLAR...)
17 77.68.25.87 8560 (IONOS-AS ...)
1 80.237.207.246 61157 (PLUSSERVE...)
1 2620:1ec:4f:1... 8075 (MICROSOFT...)
20 4
Domain Requested by
17 beautybop.org beautybop.org
2 scubawarehouse.com.tw 1 redirects
1 assets.dpdhl-brands.com beautybop.org
1 dhl-gohelp-dev.metadeploy.com beautybop.org
20 4

This site contains no links.

Subject Issuer Validity Valid
scubawarehouse.com.tw
GTS CA 1P5
2023-04-28 -
2023-07-27
3 months crt.sh
beautybop.org
R3
2023-03-16 -
2023-06-14
3 months crt.sh
dhl-gohelp-dev.metadeploy.com
R3
2023-03-26 -
2023-06-24
3 months crt.sh
assets.dpdhl-brands.com
DigiCert TLS RSA SHA256 2020 CA1
2022-12-01 -
2023-12-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Frame ID: A93E06515226A9FD7F2040EF0F777BC8
Requests: 20 HTTP requests in this frame

Screenshot

Page Title

Globale Logistik - Internationaler Versand | DHL Home | Schweiz

Page URL History Show full URLs

  1. https://scubawarehouse.com.tw/cei?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad1... HTTP 301
    http://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad... HTTP 307
    https://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad... Page URL
  2. https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/ Page URL
  3. https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1261 kB
Transfer

1284 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://scubawarehouse.com.tw/cei?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/ HTTP 301
    http://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/ HTTP 307
    https://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/ Page URL
  2. https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/ Page URL
  3. https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://scubawarehouse.com.tw/cei?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/ HTTP 301
  • http://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/ HTTP 307
  • https://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
scubawarehouse.com.tw/cei/
Redirect Chain
  • https://scubawarehouse.com.tw/cei?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/
  • http://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/
  • https://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/
163 B
481 B
Document
General
Full URL
https://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.167.154 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
6f27fd346651a77b1938d6235b71ea847c683ca21a6f753f4643c8ad25fd19ce
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7c6bd5077c479974-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 13 May 2023 15:11:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pL1btL1f75cdx0lfeVfyxJuHlpGYW6nvPCZ7fI8WceZkKYfDHx4MyI2E3ogRj7FcNEdeIKrhD2FgnETA6%2FhVawIMIOO%2FLGhRYyDaN8WUsMGOph2TfIxaRkno7LUQS4clkh6TMxverX0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
PHP/7.4.33

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://scubawarehouse.com.tw/cei/?ID=15c2406e354dd16c362a2551d9852cf6=57882c053f3f5499a18ce4fb5f3d97a35ad10dae179e9/
Non-Authoritative-Reason
HSTS
/
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/
107 B
328 B
Document
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
5a678047241b4a343715f56b6c0b6959fc0506373ead27c44ca7a3af826403e2

Request headers

Referer
https://scubawarehouse.com.tw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 13 May 2023 15:11:08 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Primary Request /
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
35 KB
8 KB
Document
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
be43a5d67c9666eb9c73a6bcf6ef4fec51571b8602b278de3a35b983ca61d95d

Request headers

Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 13 May 2023 15:11:08 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
bootstrap.css
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
188 KB
189 KB
Stylesheet
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/bootstrap.css
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:08 GMT
Last-Modified
Mon, 29 Aug 2022 17:39:54 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"630cf9ea-2f1f7"
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
193015
Expires
Thu, 31 Dec 2037 23:55:55 GMT
test.css
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
2 KB
2 KB
Stylesheet
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/test.css
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2d6f82521b4bcb57d4540c0f344e8e313a7fee355a4d219fefcf0505db04b460

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:08 GMT
Last-Modified
Mon, 29 Aug 2022 17:39:54 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"630cf9ea-7cc"
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1996
Expires
Thu, 31 Dec 2037 23:55:55 GMT
html5shiv.min.js.t%C3%A9l%C3%A9chargement
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
0
0
Script
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/html5shiv.min.js.t%C3%A9l%C3%A9chargement
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Expires
Wed, 11 Jan 1984 05:00:00 GMT
respond.min.js.t%C3%A9l%C3%A9chargement
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
0
0
Script
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/respond.min.js.t%C3%A9l%C3%A9chargement
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Expires
Wed, 11 Jan 1984 05:00:00 GMT
all.css
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
153 KB
153 KB
Stylesheet
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/all.css
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Origin
https://beautybop.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:08 GMT
Last-Modified
Mon, 29 Aug 2022 17:39:54 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"630cf9ea-26244"
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
156228
Expires
Thu, 31 Dec 2037 23:55:55 GMT
dhl-logo.svg
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
2 KB
2 KB
Image
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/dhl-logo.svg
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Last-Modified
Mon, 29 Aug 2022 17:39:54 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"630cf9ea-643"
Content-Type
image/svg+xml
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1603
Expires
Thu, 31 Dec 2037 23:55:55 GMT
dhl.png
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
22 KB
22 KB
Image
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/dhl.png
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
23ef2b81f53f8fe7619043ac8833eb4a23cdb35c238deee7bb782f4dae7b6c90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Last-Modified
Fri, 12 May 2023 02:04:24 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"645d9ea8-57e5"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22501
Expires
Thu, 31 Dec 2037 23:55:55 GMT
captcha.php
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/scripts/
1 KB
2 KB
Image
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/scripts/captcha.php
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3359cf85599efab4d5aa673d86d3495918a2608cbf8a8071268966fb4d8a13f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 May 2023 15:11:09 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
image/jpeg
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Expires
Thu, 19 Nov 1981 08:52:00 GMT
dhl-simply-delivered-png-logo-11.png
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
26 KB
26 KB
Image
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/dhl-simply-delivered-png-logo-11.png
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f7af590e280092c9e8b0889c8161e4ce8928806acac4bee08a729320d1a2a63d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Last-Modified
Mon, 29 Aug 2022 17:39:54 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"630cf9ea-6853"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
26707
Expires
Thu, 31 Dec 2037 23:55:55 GMT
media.png
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
2 KB
2 KB
Image
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/media.png
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2a032fa265ae439e56a80e3d76f47ac554380de3bfc817a857924d7ea48e1626

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Last-Modified
Mon, 29 Aug 2022 17:39:54 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"630cf9ea-61e"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1566
Expires
Thu, 31 Dec 2037 23:55:55 GMT
dhl-logo-png-699118.png
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
21 KB
21 KB
Image
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/dhl-logo-png-699118.png
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
6a84361e901540d66f66e867e36d88efac9125ed99b82f5c5f932d7695bcf077

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Last-Modified
Mon, 29 Aug 2022 17:39:54 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"630cf9ea-53a4"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21412
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.5.1.min.js.t%C3%A9l%C3%A9chargement
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
0
0
Script
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/jquery-3.5.1.min.js.t%C3%A9l%C3%A9chargement
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Expires
Wed, 11 Jan 1984 05:00:00 GMT
bootstrap.min.js.t%C3%A9l%C3%A9chargement
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
0
0
Script
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/bootstrap.min.js.t%C3%A9l%C3%A9chargement
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Expires
Wed, 11 Jan 1984 05:00:00 GMT
jquery.payment.min.js.t%C3%A9l%C3%A9chargement
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
0
0
Script
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/jquery.payment.min.js.t%C3%A9l%C3%A9chargement
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Expires
Wed, 11 Jan 1984 05:00:00 GMT
infographic_background.ce90cb56.png
dhl-gohelp-dev.metadeploy.com/csr/en/static/media/
634 KB
635 KB
Image
General
Full URL
https://dhl-gohelp-dev.metadeploy.com/csr/en/static/media/infographic_background.ce90cb56.png
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/test.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.237.207.246 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),
Reverse DNS
c36.mdadmin.de
Software
/
Resource Hash
2ae38bdc63d4bb54b8c15c1235759efff80dfe1add25efa6b6425724e5ded5dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:10 GMT
Strict-Transport-Security
max-age=63072000, max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Connection
Keep-Alive
Content-Length
649398
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Sat, 20 Mar 2021 13:09:03 GMT
Server
X-Download-Options
noopen
Expect-CT
enforce, max-age=21600
Content-Type
image/png
Accept-Ranges
bytes
X-Robots-Tag
all
Keep-Alive
timeout=15, max=100
paper.gif
beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/
564 B
564 B
Image
General
Full URL
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/paper.gif
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/test.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
77.68.25.87 , United Kingdom, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3c8cc37a98346bd0123b35e5ccd87bd07d69914dae04f8b49f61c150d96e9d1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/test.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sat, 13 May 2023 15:11:09 GMT
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
dhl-key-visuals-main-key-visuals-dhl-express.jpg
assets.dpdhl-brands.com/guides/dhl/guides/design-basics/key-visuals/
197 KB
198 KB
Image
General
Full URL
https://assets.dpdhl-brands.com/guides/dhl/guides/design-basics/key-visuals/dhl-key-visuals-main-key-visuals-dhl-express.jpg
Requested by
Host: beautybop.org
URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/test.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
88cf308d80641d9db46360b2a30c090601e118245d6b22c83f19c8be576fac2a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://beautybop.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains; preload
date
Sat, 13 May 2023 15:11:10 GMT
last-modified
Sat, 06 May 2023 08:41:05 GMT
x-amz-meta-s3cmd-attrs
atime:1683283440/ctime:1683283060/gid:20/gname:staff/md5:af26d0df965a6346554d42cf201a214c/mode:33188/mtime:1683283060/uid:501/uname:cstockinger
x-amz-request-id
tx000000000000075b17448-00645fa88e-9733ce3a-fra1b
etag
"af26d0df965a6346554d42cf201a214c"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-cache
CONFIG_NOCACHE
content-type
image/jpeg
x-azure-ref
0jqhfZAAAAABHvyAaXZZWSLBnVX78D3wgRlJBMzFFREdFMDMwNwA3YTcwZWIzYy01OTNiLTQ3N2QtYmNiNi0yYjIyYjcyYTQzZDE=
x-rgw-object-type
Normal
accept-ranges
bytes
content-length
202108

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| sk_opts object| today function| countdown

1 Cookies

Domain/Path Name / Value
beautybop.org/ Name: PHPSESSID
Value: itm49kom3nac7c7mr8sosgh5qn

6 Console Messages

Source Level URL
Text
network error URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/html5shiv.min.js.t%C3%A9l%C3%A9chargement
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/respond.min.js.t%C3%A9l%C3%A9chargement
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/jquery-3.5.1.min.js.t%C3%A9l%C3%A9chargement
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/bootstrap.min.js.t%C3%A9l%C3%A9chargement
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/paper.gif
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://beautybop.org/wp-content/themes/twentytwentyone/assets/css/js/auth-dhl/info_files/jquery.payment.min.js.t%C3%A9l%C3%A9chargement
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN