packagee.wpengine.com Open in urlscan Pro
35.237.74.13  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response packagee.wpengine.com/sw/log/	19 KB 7 KB	220ms 109ms	Document text/html	35.237.74.13 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Server 35.237.74.13 North Charleston, United States, ASN15169 (GOOGLE, US), Reverse DNS 13.74.237.35.bc.googleusercontent.com Software nginx / WP Engine Resource Hash 9cf5f2798f71b6a9c66b6000cb394bbd5565404db4a757d1efe1cc12f7c727b0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx Date Thu, 03 Mar 2022 01:05:17 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=20 Vary Accept-Encoding Accept-Encoding,Cookie X-Powered-By WP Engine X-Cacheable SHORT Cache-Control max-age=600, must-revalidate X-Cache HIT: 13 X-Cache-Group normal Content-Encoding gzip
GET H/1.1	200 OK	1ef45fad1c Show response bam.nr-data.net/1/	57 B 322 B	435ms 108ms	Script text/javascript	162.247.242.18 NEWRELIC-AS-1
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/1ef45fad1c?a=9259361&sa=1&v=998.365d633&t=Unnamed%20Transaction&rst=864&ref=https://connect.telenordigital.com/id/signin&be=373&fe=470&dc=5&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1583081805093,%22n%22:0,%22u%22:311,%22ue%22:311,%22f%22:5,%22dn%22:5,%22dne%22:5,%22c%22:5,%22ce%22:5,%22rq%22:15,%22rp%22:296,%22rpe%22:300,%22dl%22:314,%22di%22:377,%22ds%22:377,%22de%22:378,%22dc%22:843,%22l%22:843,%22le%22:843%7D,%22navigation%22:%7B%22ty%22:1%7D%7D&jsonp=NREUM.setToken Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 162.247.242.18 , United States, ASN23467 (NEWRELIC-AS-1, US), Reverse DNS bam-6.nr-data.net Software / Resource Hash 5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d Request headers Accept-Language de-DE,de;q=0.9 Referer http://packagee.wpengine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Cross-Origin-Resource-Policy cross-origin Content-Type text/javascript;charset=iso-8859-1 Content-Length 57 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	nr-spa-998.min.js Show response js-agent.newrelic.com/	30 KB 12 KB	26ms 7ms	Script application/javascript	151.101.2.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa-998.min.js Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.2.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 609710f2a6c6aa57a466478ca083443199fd5dbe4f07c6eb0c86af21ebedb788 Request headers Accept-Language de-DE,de;q=0.9 Referer http://packagee.wpengine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-amz-version-id null content-encoding gzip etag "e9ab7706b0962cd9a8d63384981319b5" x-amz-request-id RD0ZH40DAGVM06CA x-cache HIT cross-origin-resource-policy cross-origin content-length 11783 x-amz-id-2 Mg/9VRjtF74CpWQxz9MhUGsv1qYG+gPaOXIvNzFZKvJyx44nUtUPyEMgXb9Obx/Ga5SZepOsAgw= x-served-by cache-hhn4030-HHN last-modified Wed, 28 Feb 2018 23:35:29 GMT server AmazonS3 x-timer S1646269517.146992,VS0,VE0 date Thu, 03 Mar 2022 01:05:17 GMT vary Accept-Encoding content-type application/javascript via 1.1 varnish cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 18
GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/	0 0
GET H/1.1	404 Not Found	snowball-main.f6a8f2c79bb45e96ab83802fb4c09823.css packagee.wpengine.com/id/public/css/legacy/	0 0	102ms 102ms	Stylesheet text/html	35.237.74.13 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://packagee.wpengine.com/id/public/css/legacy/snowball-main.f6a8f2c79bb45e96ab83802fb4c09823.css Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Server 35.237.74.13 North Charleston, United States, ASN15169 (GOOGLE, US), Reverse DNS 13.74.237.35.bc.googleusercontent.com Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 03 Mar 2022 01:05:17 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=20
GET H/1.1	200 OK	logo2.png packagee.wpengine.com/sw/log/	30 KB 31 KB	102ms 102ms	Image image/png	35.237.74.13 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL http://packagee.wpengine.com/sw/log/logo2.png Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Server 35.237.74.13 North Charleston, United States, ASN15169 (GOOGLE, US), Reverse DNS 13.74.237.35.bc.googleusercontent.com Software nginx / Resource Hash 5834b0280b63f25fdc4eb09317696a1851ec4e3e7b17b12e8c54e16ecb136ace Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 03 Mar 2022 01:05:17 GMT Last-Modified Wed, 02 Mar 2022 09:34:25 GMT Server nginx ETag "621f3a21-7968" Vary Accept-Encoding Content-Type image/png Access-Control-Allow-Origin * Cache-Control public, max-age=31536000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=20 Content-Length 31080
GET H/1.1	404 Not Found	jquery.min.3b3832b24b22e5e2c9be3fcabeb23396.js packagee.wpengine.com/id/public/js/legacy/vendor/	0 0	103ms 103ms	Script text/html	35.237.74.13 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://packagee.wpengine.com/id/public/js/legacy/vendor/jquery.min.3b3832b24b22e5e2c9be3fcabeb23396.js Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Server 35.237.74.13 North Charleston, United States, ASN15169 (GOOGLE, US), Reverse DNS 13.74.237.35.bc.googleusercontent.com Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 03 Mar 2022 01:05:17 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=20
GET H/1.1	404 Not Found	snowball-scripts.min.58475eeb551969ae427551a9aeafa063.js packagee.wpengine.com/id/public/js/legacy/	0 0	103ms 103ms	Script text/html	35.237.74.13 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://packagee.wpengine.com/id/public/js/legacy/snowball-scripts.min.58475eeb551969ae427551a9aeafa063.js Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Server 35.237.74.13 North Charleston, United States, ASN15169 (GOOGLE, US), Reverse DNS 13.74.237.35.bc.googleusercontent.com Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 03 Mar 2022 01:05:17 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=20
GET H/1.1	404 Not Found	newrelic_snowball_production.b13b3537305564b794c2cd28a49bfcc7.js packagee.wpengine.com/id/public/js/legacy/vendor/	0 0	102ms 102ms	Script text/html	35.237.74.13 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://packagee.wpengine.com/id/public/js/legacy/vendor/newrelic_snowball_production.b13b3537305564b794c2cd28a49bfcc7.js Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Server 35.237.74.13 North Charleston, United States, ASN15169 (GOOGLE, US), Reverse DNS 13.74.237.35.bc.googleusercontent.com Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 03 Mar 2022 01:05:17 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=20
GET DATA	200 OK	truncated /	239 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e5f5ddf219e08fe7da9b3fef7903e8ac57c9428ed589816cf83f2f77ed957a73 Request headers Accept-Language de-DE,de;q=0.9 Referer http://packagee.wpengine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	371 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2d03184f331f20d72dde8d1df890cbc268303fed99a3109c2d2cf34be25f8f98 Request headers Accept-Language de-DE,de;q=0.9 Referer http://packagee.wpengine.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	404 Not Found	snowball-main.f6a8f2c79bb45e96ab83802fb4c09823.css packagee.wpengine.com/id/public/css/legacy/	0 0	203ms 102ms	Stylesheet text/html	35.237.74.13 GOOGLE
General Check archive.org Show headers Download Go to Full URL http://packagee.wpengine.com/id/public/css/legacy/snowball-main.f6a8f2c79bb45e96ab83802fb4c09823.css Requested by Host: packagee.wpengine.com URL: http://packagee.wpengine.com/sw/log/ Protocol HTTP/1.1 Server 35.237.74.13 North Charleston, United States, ASN15169 (GOOGLE, US), Reverse DNS 13.74.237.35.bc.googleusercontent.com Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 03 Mar 2022 01:05:17 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding Content-Type text/html Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=20

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

fdcgdnkidjaadafnichfpabhfomcebme

URL

chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swisscom (Telecommunication)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored object| reportedErrors object| a number| b function| loadCss function| closeMsg string| emptyInstructions

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 7f4b7f88404961c7

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: http://packagee.wpengine.com/id/public/css/legacy/snowball-main.f6a8f2c79bb45e96ab83802fb4c09823.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://packagee.wpengine.com/id/public/js/legacy/vendor/jquery.min.3b3832b24b22e5e2c9be3fcabeb23396.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://packagee.wpengine.com/id/public/js/legacy/snowball-scripts.min.58475eeb551969ae427551a9aeafa063.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://packagee.wpengine.com/id/public/js/legacy/vendor/newrelic_snowball_production.b13b3537305564b794c2cd28a49bfcc7.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://packagee.wpengine.com/id/public/css/legacy/snowball-main.f6a8f2c79bb45e96ab83802fb4c09823.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
fdcgdnkidjaadafnichfpabhfomcebme
js-agent.newrelic.com
packagee.wpengine.com
fdcgdnkidjaadafnichfpabhfomcebme
151.101.2.137
162.247.242.18
35.237.74.13
2d03184f331f20d72dde8d1df890cbc268303fed99a3109c2d2cf34be25f8f98
5834b0280b63f25fdc4eb09317696a1851ec4e3e7b17b12e8c54e16ecb136ace
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
609710f2a6c6aa57a466478ca083443199fd5dbe4f07c6eb0c86af21ebedb788
9cf5f2798f71b6a9c66b6000cb394bbd5565404db4a757d1efe1cc12f7c727b0
e5f5ddf219e08fe7da9b3fef7903e8ac57c9428ed589816cf83f2f77ed957a73