fit.ndi.mybluehost.me Open in urlscan Pro
162.241.219.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://reurl.cc/7MGO1b/
Effective URL:
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Submission: On December 04 via api (December 4th 2023, 3:05:00 pm UTC) from IE — Scanned from DE

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 11 domains to perform 22 HTTP transactions. The main IP is 162.241.219.134, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is fit.ndi.mybluehost.me.
TLS certificate: Issued by R3 on November 17th 2023. Valid for: 3 months.

This is the only time fit.ndi.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation) Swiss Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 3	35.185.130.121 35.185.130.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	34.149.98.30 34.149.98.30	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 2	45.33.29.14 45.33.29.14	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	162.241.226.28 162.241.226.28	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 1	104.21.12.138 104.21.12.138	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	162.241.219.134 162.241.219.134	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
22	11

3 35.185.130.121 (Taipei, Taiwan) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com

reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.149.98.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.98.149.34.bc.googleusercontent.com

storage.reurl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.33.29.14 (Richardson, United States) 2 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: aspen.phplist.com

sosnik.hosted.phplist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.241.226.28 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5311.bluehost.com

ryt.muf.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.12.138 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

iplogger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.241.219.134 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5645.bluehost.com

fit.ndi.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

img.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	mybluehost.me 1 redirects ryt.muf.mybluehost.me fit.ndi.mybluehost.me	39 KB
6	reurl.cc 1 redirects reurl.cc — Cisco Umbrella Rank: 116978 storage.reurl.cc — Cisco Umbrella Rank: 432247	3 KB
2	icons8.com img.icons8.com — Cisco Umbrella Rank: 30684	2 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	30 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2842 maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 988	39 KB
2	phplist.com 2 redirects sosnik.hosted.phplist.com	1018 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	88 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	24 KB
1	iplogger.com 1 redirects iplogger.com — Cisco Umbrella Rank: 162901	927 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
22	11

	Domain	Requested by
6	fit.ndi.mybluehost.me	1 redirects ryt.muf.mybluehost.me fit.ndi.mybluehost.me
3	storage.reurl.cc	reurl.cc
3	reurl.cc	1 redirects reurl.cc
2	img.icons8.com	fit.ndi.mybluehost.me
2	cdnjs.cloudflare.com	fit.ndi.mybluehost.me
2	sosnik.hosted.phplist.com	2 redirects
2	connect.facebook.net	storage.reurl.cc connect.facebook.net
1	code.jquery.com	fit.ndi.mybluehost.me
1	maxcdn.bootstrapcdn.com	fit.ndi.mybluehost.me
1	stackpath.bootstrapcdn.com	fit.ndi.mybluehost.me
1	iplogger.com	1 redirects
1	ryt.muf.mybluehost.me	storage.reurl.cc
1	www.facebook.com	reurl.cc
1	www.google-analytics.com	storage.reurl.cc
22	14

This site contains no links.

Subject Issuer	Validity	Valid
reurl.cc R3	`2023-11-18` - `2024-02-16`	3 months	crt.sh
storage.reurl.cc GTS CA 1D4	`2023-10-14` - `2024-01-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-12` - `2023-12-11`	3 months	crt.sh
webdisk.ryt.muf.mybluehost.me R3	`2023-11-28` - `2024-02-26`	3 months	crt.sh
webdisk.fit.ndi.mybluehost.me R3	`2023-11-17` - `2024-02-15`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
1004834818.rsc.cdn77.org R3	`2023-11-26` - `2024-02-24`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Frame ID: ADF7ADB53B19D434C55C8AFE043F5582
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Die Post

Page URL History Show full URLs

https://reurl.cc/7MGO1b/ HTTP 301
https://reurl.cc/7MGO1b Page URL
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwE... HTTP 303
https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php Page URL
https://iplogger.com/29Zm85 HTTP 302
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxWUAFQVgAGAxgBAVgCSwBRUlsUUAcFDksCVQxVDwdTVVYFUgNMVlQAVFc... HTTP 303
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage HTTP 301
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

54 %
IPv6

11
Domains

14
Subdomains

11
IPs

4
Countries

247 kB
Transfer

843 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://reurl.cc/7MGO1b/ HTTP 301
https://reurl.cc/7MGO1b Page URL
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwEOAAhLUAVeVBQFUQRaSwdYCFYVUQMHVVAJUwgFUVYMSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUwcAXw HTTP 303
https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php Page URL
https://iplogger.com/29Zm85 HTTP 302
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxWUAFQVgAGAxgBAVgCSwBRUlsUUAcFDksCVQxVDwdTVVYFUgNMVlQAVFcFVAVLVl0CUhQFAANcSwRVCgAVVlcDBQBUUgZRBQQCSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUwcAXw HTTP 303
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage HTTP 301
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://reurl.cc/7MGO1b/ HTTP 301
https://reurl.cc/7MGO1b

Request Chain 9

https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwEOAAhLUAVeVBQFUQRaSwdYCFYVUQMHVVAJUwgFUVYMSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUwcAXw HTTP 303
https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

7MGO1b Show response
reurl.cc/
Redirect Chain

https://reurl.cc/7MGO1b/
https://reurl.cc/7MGO1b

807 B
974 B

224ms
224ms

Document
text/html

35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/7MGO1b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 32354d2c0f4bf41e04da234a462a5c49620cdd119086f9780af3d9ee0f546fb8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 15:04:56 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx/1.18.0 (Ubuntu)
target: https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwEOAAhLUAVeVBQFUQRaSwdYCFYVUQMHVVAJUwgFUVYMSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUwcAXw
vary: Accept-Encoding Origin
x-request-id: 32e18f6d-c600-4f3f-b031-478ac17efba1

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-length: 42
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 15:04:55 GMT
location: /7MGO1b
referrer-policy: no-referrer-when-downgrade
server: nginx/1.18.0 (Ubuntu)
vary: Origin
x-request-id: ba1cd5d8-27ef-4bd9-a307-ee495120824e

GET
H2 200 ga2.js Show response
storage.reurl.cc/javascripts/ 536 B
875 B 61ms
17ms Script
text/javascript 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/javascripts/ga2.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/7MGO1b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/7MGO1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:48 GMT
via: 1.1 google
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
age: 24548
vary: Origin
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 536
x-request-id: e4e002c7-3f88-4b2b-ba7a-15fdbe7998c2

GET
H2 200 pixel.js Show response
storage.reurl.cc/javascripts/ 429 B
524 B 61ms
18ms Script
text/javascript 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/javascripts/pixel.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/7MGO1b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/7MGO1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:23:03 GMT
via: 1.1 google
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
age: 24113
vary: Origin
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 429
x-request-id: 59f941e0-4b12-4f0c-9027-f18bd9f7c28d

GET
H2 200 redirect.js Show response
storage.reurl.cc/javascripts/ 112 B
206 B 62ms
18ms Script
text/javascript 34.149.98.30
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.reurl.cc/javascripts/redirect.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/7MGO1b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.98.30 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 30.98.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 0a01cd2c51200f878b658e08c0f37b095cb3ed34e61133f377632b29df9abdaa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/7MGO1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 11:03:19 GMT
via: 1.1 google
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
age: 14497
vary: Origin
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
cache-control: public,max-age=28800
access-control-allow-credentials: true
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-request-id: 8c3b5e52-8002-4ea8-bf2b-ede97392bbf4

GET
H2 200 tagtoo.js Show response
reurl.cc/javascripts/ 729 B
615 B 222ms
222ms Script
application/javascript 35.185.130.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurl.cc/javascripts/tagtoo.js
Requested by: Host: reurl.cc
URL: https://reurl.cc/7MGO1b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.185.130.121 Taipei, Taiwan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 121.130.185.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1a458be2bea44947ad1b1f5e4411f87d27c3d3f6f42db0be2d11332392fb4eb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/7MGO1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:56 GMT
content-encoding: gzip
last-modified: Thu, 16 Nov 2023 03:13:26 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"655588d6-2d9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Tue, 03 Dec 2024 15:04:56 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 176ms
55ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/ga2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/7MGO1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 13:22:35 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6141
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 04 Dec 2023 15:22:35 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 23ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/pixel.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/7MGO1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 04 Dec 2023 15:04:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: A7iTco/gm87CO3QOU7pwoPxDW7xM8r6a6JZcrEsVP3pu307+H18J9B4wwSGZOHIcIApBtztIwVSbCzVbO8WE3w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 1
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 1675200226052423 Show response
connect.facebook.net/signals/config/ 126 KB
33 KB 153ms
153ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1675200226052423?v=2.9.138&r=stable&domain=reurl.cc

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

096f85ac6d28eb274e8f6bcffc83c4d3baf2041bd4befd0adea68c566b20c57b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/7MGO1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 04 Dec 2023 15:04:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: xY21kQlqB7TTyKzMC5I3BJZJS+D1yYMtiB4s2Yc8dUK8pF2yhNLijcak76MktopgQRjRuPV4/MTKDX5g9jNoYg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 28ms
7ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc&rl=&if=false&ts=1701702296601&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1701702296599.1915732094&cs_est=true&pm=1&hrl=397657&ler=empty&it=1701702296431&coo=false&cs_cc=1&rqm=GET

Requested by

Host: reurl.cc
URL: https://reurl.cc/7MGO1b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://reurl.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 04 Dec 2023 15:04:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2

200

pstdeth.php
ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/
Redirect Chain

https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwEOAAhLUAVeVBQFUQRaSwdYCFYVUQMHVVAJUwgFUVYMSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUw...
https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php

169 B
360 B

735ms
351ms

Document
text/html

162.241.226.28
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php
Requested by: Host: storage.reurl.cc
URL: https://storage.reurl.cc/javascripts/redirect.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.226.28 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5311.bluehost.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://reurl.cc/7MGO1b
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=7200
content-encoding: gzip
content-length: 154
content-type: text/html; charset=UTF-8
date: Mon, 04 Dec 2023 15:04:58 GMT
expires: Mon, 04 Dec 2023 17:04:58 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
server: nginx/1.21.6
vary: Accept-Encoding
x-newfold-cache-level: 2
x-server-cache: false

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Dec 2023 15:04:57 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php
pragma: no-cache
server: Apache/2.4.38 (Debian)

GET
H2

200

Primary Request / Show response
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Redirect Chain

https://iplogger.com/29Zm85
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxWUAFQVgAGAxgBAVgCSwBRUlsUUAcFDksCVQxVDwdTVVYFUgNMVlQAVFcFVAVLVl0CUhQFAANcSwRVCgAVVlcDBQBUUgZRBQQCSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUw...
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/

8 KB
2 KB

304ms
304ms

Document
text/html

162.241.219.134
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Requested by: Host: ryt.muf.mybluehost.me
URL: https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.134 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5645.bluehost.com
Software: nginx/1.21.6 /
Resource Hash: cc2aa0f5d906c907b4a8440d1a91e21d8a35da338613cba4b82c227fab78ed5b

Request headers

Referer: https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=7200
content-encoding: gzip
content-length: 2367
content-type: text/html; charset=UTF-8
date: Mon, 04 Dec 2023 15:04:59 GMT
expires: Mon, 04 Dec 2023 17:04:59 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
server: nginx/1.21.6
vary: Accept-Encoding
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: false

Redirect headers

cache-control: max-age=7200
content-length: 269
content-type: text/html; charset=iso-8859-1
date: Mon, 04 Dec 2023 15:04:59 GMT
expires: Mon, 04 Dec 2023 17:04:59 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
location: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
server: nginx/1.21.6
x-server-cache: false

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/ 152 KB
24 KB 37ms
18ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

Requested by

Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fit.ndi.mybluehost.me/
Origin: https://fit.ndi.mybluehost.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 1078
age: 247313
cdn-cachedat: 10/31/2023 18:59:49
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 9bdabdd60e78151c56bd9b2d007e572c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 8304f1ed5d451e5b-FRA
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/ 85 KB
27 KB 49ms
20ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 561044
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27277
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15283"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONqkfFxTdzwjWwxfXX9bpn54spxP9Hr4mOZmePOQvGSfMNJ3EpEpxtE9d4HSjxdcqu6pylGASDpm%2FmIpeiFiw8ToBqp%2BXQ13Hu7TWt7LGFymuf8FMLJ%2FarY4sLDaTlqTZFpIufk6ZyRcryNzw9L1eIU7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8304f1ed680c362c-FRA
expires: Sat, 23 Nov 2024 15:04:59 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/ 50 KB
15 KB 56ms
26ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js

Requested by

Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 601
age: 2035905
cdn-cachedat: 08/04/2021 06:22:15
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 59449c1b7ccb1cc51395309c366dc448
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 8304f1ed6f6b37d2-FRA
cdn-requestpullsuccess: True

GET
H2 200 style.css
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/css/ 2 KB
742 B 181ms
181ms Stylesheet
text/css 162.241.219.134
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/css/style.css
Requested by: Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.134 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5645.bluehost.com
Software: Apache /
Resource Hash: 231d6a2add6bd0136a02d47ba03de40f9be01887aab7ec4032660aa0b27c37e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
content-encoding: gzip
x-nginx-cache: WordPress
last-modified: Tue, 13 Apr 2021 05:50:08 GMT
server: Apache
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 640
expires: Wed, 03 Jan 2024 15:04:59 GMT

GET
H2 200 logo.png
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/img/ 4 KB
4 KB 180ms
180ms Image
image/png 162.241.219.134
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/img/logo.png
Requested by: Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.134 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5645.bluehost.com
Software: Apache /
Resource Hash: d4adc45ed4f0dfd02beda6cac9cb52270cf6e6e61482188310fed8c309327e66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
x-nginx-cache: WordPress
last-modified: Mon, 09 May 2022 01:44:34 GMT
server: Apache
x-endurance-cache-level: 2
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4139
expires: Tue, 03 Dec 2024 15:04:59 GMT

GET
H2 200 visa.png
img.icons8.com/color/36/000000/ 813 B
1 KB 61ms
7ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/color/36/000000/visa.png

Requested by

Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

ed8dfd8f52d0599e0f22682191e06debf0a8a7bb9fe395451098bcbc29df65c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Dec 2023 15:04:59 GMT
strict-transport-security: max-age=15724800; includeSubDomains
version: 0.0.29
x-age-lb: 164079
icon-format: png
x-77-cache: HIT
x-accel-date: 1701538220
content-length: 813
x-77-nzt: EgwBw7WqEQH374ACAAwB1GY4nAH3ehYAAA
x-accel-expires: @1701834654
x-77-age: 169833
x-cache-lb: HIT
not-found-platform: false
icon-size: 36
last-modified: Tue, 28 Nov 2023 08:52:18
from-mongo-cache: true
server: CDN77-Turbo
x-77-nzt-ray: 4c15622445e4e2c49bea6d655d17152e
vary: Origin
from-redis-cache: false
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=302400
accept-ranges: bytes
icon-id: 13608

GET
H2 200 mastercard.png
img.icons8.com/color/36/000000/ 655 B
1 KB 8ms
8ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/color/36/000000/mastercard.png

Requested by

Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

8ba07634bb6e5d90377a12095c82654ff11a7b5993d32701907e84f66f275b62

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Mon, 04 Dec 2023 15:04:59 GMT
strict-transport-security: max-age=15724800; includeSubDomains
version: 0.0.29
x-age-lb: 81763
icon-format: png
x-77-cache: HIT
x-accel-date: 1701620536
content-length: 655
x-77-nzt: EgwBw7WqEQH3Yz8BAAwB1GY4nAH3Hh4AAA
x-accel-expires: @1701922824
x-77-age: 89473
x-cache-lb: HIT
not-found-platform: false
icon-size: 36
last-modified: Fri, 24 Nov 2023 13:13:20
from-mongo-cache: true
server: CDN77-Turbo
x-77-nzt-ray: 4c15622445e4e2c49bea6d6507c2a62e
vary: Origin
from-redis-cache: false
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=302400
accept-ranges: bytes
icon-id: 13610

GET
H2 200 jquery.payment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/ 8 KB
3 KB 21ms
20ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js

Requested by

Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 376232
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2420
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-210b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vYNl%2BR%2F5jG%2Ff3hAIKn%2BTrk0DvnqsXy7sF1a4j6UbN5DCpDQDClEfKcLkRykF14LJ%2FUcspNVwQ3BxzP2oI0MRMUZhmK3qET0I%2Fhhal%2B6fO4K4rgvWVxzAsi9%2BqU0j8F5OcE7XeyZ2pwciP0pxq0dSP1TZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8304f1eda85a362c-FRA
expires: Sat, 23 Nov 2024 15:04:59 GMT

GET
H2 200 jquery-3.5.1.slim.min.js Show response
code.jquery.com/ 71 KB
24 KB 47ms
6ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.slim.min.js
Requested by: Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

Request headers

Referer: https://fit.ndi.mybluehost.me/
Origin: https://fit.ndi.mybluehost.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1754800
x-cache: HIT, HIT
content-length: 24606
x-served-by: cache-lga21954-LGA, cache-fra-eddf8230104-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701702300.830163,VS0,VE0
etag: W/"28feccc0-11abc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 55, 27718

GET
H2 200 bootstrap.bundle.min.js Show response
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/js/ 79 KB
31 KB 327ms
327ms Script
application/javascript 162.241.219.134
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/js/bootstrap.bundle.min.js
Requested by: Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.134 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5645.bluehost.com
Software: Apache /
Resource Hash: 7c17230abe3611902ee2a60e37008710a0c22756ef1821d60bd7d8fa419722c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
content-encoding: gzip
x-nginx-cache: WordPress
last-modified: Thu, 21 May 2020 22:53:26 GMT
server: Apache
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: application/javascript
cache-control: max-age=21600
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expires: Mon, 04 Dec 2023 21:04:59 GMT

GET
H2 200 script.js Show response
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/js/ 1 KB
493 B 184ms
183ms Script
application/javascript 162.241.219.134
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/js/script.js
Requested by: Host: fit.ndi.mybluehost.me
URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.219.134 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5645.bluehost.com
Software: Apache /
Resource Hash: 329d7cca64024afc31daa040d50fc6cbea2fb21ed714202ef69a92ebcc08e8a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:04:59 GMT
content-encoding: gzip
x-nginx-cache: WordPress
last-modified: Fri, 22 May 2020 02:32:06 GMT
server: Apache
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: application/javascript
cache-control: max-age=21600
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 383
expires: Mon, 04 Dec 2023 21:04:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation) Swiss Post (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery object| bootstrap

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reurl.cc/	1970-01-20 18:51:18	Name: _fbp Value: fb.1.1701702296599.1915732094
sosnik.hosted.phplist.com/	1969-12-31 23:59:59	Name: SERVERID Value: pqserver1\|ZW3qn\|ZW3qn
iplogger.com/	1970-01-21 01:28:44	Name: 515581803117783939 Value: 3
iplogger.com/	1970-01-21 01:28:44	Name: clhf03028ja Value: 185.213.155.131
.phplist.com/	1969-12-31 23:59:59	Name: WebblerSession Value: nppgl7vr1c81kl54p7og9fsomv

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
fit.ndi.mybluehost.me
img.icons8.com
iplogger.com
maxcdn.bootstrapcdn.com
reurl.cc
ryt.muf.mybluehost.me
sosnik.hosted.phplist.com
stackpath.bootstrapcdn.com
storage.reurl.cc
www.facebook.com
www.google-analytics.com
104.21.12.138
162.241.219.134
162.241.226.28
2606:4700::6811:190e
2606:4700::6812:acf
2a00:1450:4001:813::200e
2a02:6ea0:c700::19
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:200::649
34.149.98.30
35.185.130.121
45.33.29.14
096f85ac6d28eb274e8f6bcffc83c4d3baf2041bd4befd0adea68c566b20c57b
0a01cd2c51200f878b658e08c0f37b095cb3ed34e61133f377632b29df9abdaa
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
1a458be2bea44947ad1b1f5e4411f87d27c3d3f6f42db0be2d11332392fb4eb3
231d6a2add6bd0136a02d47ba03de40f9be01887aab7ec4032660aa0b27c37e9
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
32354d2c0f4bf41e04da234a462a5c49620cdd119086f9780af3d9ee0f546fb8
329d7cca64024afc31daa040d50fc6cbea2fb21ed714202ef69a92ebcc08e8a6
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
7c17230abe3611902ee2a60e37008710a0c22756ef1821d60bd7d8fa419722c1
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ba07634bb6e5d90377a12095c82654ff11a7b5993d32701907e84f66f275b62
c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef
cc2aa0f5d906c907b4a8440d1a91e21d8a35da338613cba4b82c227fab78ed5b
d4adc45ed4f0dfd02beda6cac9cb52270cf6e6e61482188310fed8c309327e66
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
ed8dfd8f52d0599e0f22682191e06debf0a8a7bb9fe395451098bcbc29df65c4

fit.ndi.mybluehost.me Open in urlscan Pro 162.241.219.134 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

54 %IPv6

11 Domains

14 Subdomains

11 IPs

4 Countries

247 kBTransfer

843 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

5 Cookies

Indicators

fit.ndi.mybluehost.me Open in urlscan Pro
162.241.219.134 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

54 %
IPv6

11
Domains

14
Subdomains

11
IPs

4
Countries

247 kB
Transfer

843 kB
Size

5
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!