fit.ndi.mybluehost.me
Open in
urlscan Pro
162.241.219.134
Malicious Activity!
Public Scan
Effective URL: https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Submission: On December 04 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by R3 on November 17th 2023. Valid for: 3 months.
This is the only time fit.ndi.mybluehost.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation) Swiss Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 35.185.130.121 35.185.130.121 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
3 | 34.149.98.30 34.149.98.30 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
2 2 | 45.33.29.14 45.33.29.14 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
1 | 162.241.226.28 162.241.226.28 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 1 | 104.21.12.138 104.21.12.138 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 6 | 162.241.219.134 162.241.219.134 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a02:6ea0:c70... 2a02:6ea0:c700::19 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
22 | 11 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.130.185.35.bc.googleusercontent.com
reurl.cc |
ASN15169 (GOOGLE, US)
PTR: 30.98.149.34.bc.googleusercontent.com
storage.reurl.cc |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN32934 (FACEBOOK, US)
www.facebook.com |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: aspen.phplist.com
sosnik.hosted.phplist.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5311.bluehost.com
ryt.muf.mybluehost.me |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5645.bluehost.com
fit.ndi.mybluehost.me |
ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com | |
maxcdn.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
mybluehost.me
1 redirects
ryt.muf.mybluehost.me fit.ndi.mybluehost.me |
39 KB |
6 |
reurl.cc
1 redirects
reurl.cc — Cisco Umbrella Rank: 116978 storage.reurl.cc — Cisco Umbrella Rank: 432247 |
3 KB |
2 |
icons8.com
img.icons8.com — Cisco Umbrella Rank: 30684 |
2 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 |
30 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2842 maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 988 |
39 KB |
2 |
phplist.com
2 redirects
sosnik.hosted.phplist.com |
1018 B |
2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 168 |
88 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 735 |
24 KB |
1 |
iplogger.com
1 redirects
iplogger.com — Cisco Umbrella Rank: 162901 |
927 B |
1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 98 |
185 B |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27 |
21 KB |
22 | 11 |
Domain | Requested by | |
---|---|---|
6 | fit.ndi.mybluehost.me |
1 redirects
ryt.muf.mybluehost.me
fit.ndi.mybluehost.me |
3 | storage.reurl.cc |
reurl.cc
|
3 | reurl.cc |
1 redirects
reurl.cc
|
2 | img.icons8.com |
fit.ndi.mybluehost.me
|
2 | cdnjs.cloudflare.com |
fit.ndi.mybluehost.me
|
2 | sosnik.hosted.phplist.com | 2 redirects |
2 | connect.facebook.net |
storage.reurl.cc
connect.facebook.net |
1 | code.jquery.com |
fit.ndi.mybluehost.me
|
1 | maxcdn.bootstrapcdn.com |
fit.ndi.mybluehost.me
|
1 | stackpath.bootstrapcdn.com |
fit.ndi.mybluehost.me
|
1 | iplogger.com | 1 redirects |
1 | ryt.muf.mybluehost.me |
storage.reurl.cc
|
1 | www.facebook.com |
reurl.cc
|
1 | www.google-analytics.com |
storage.reurl.cc
|
22 | 14 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
reurl.cc R3 |
2023-11-18 - 2024-02-16 |
3 months | crt.sh |
storage.reurl.cc GTS CA 1D4 |
2023-10-14 - 2024-01-12 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-09-12 - 2023-12-11 |
3 months | crt.sh |
webdisk.ryt.muf.mybluehost.me R3 |
2023-11-28 - 2024-02-26 |
3 months | crt.sh |
webdisk.fit.ndi.mybluehost.me R3 |
2023-11-17 - 2024-02-15 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2023-11-30 - 2024-02-28 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
1004834818.rsc.cdn77.org R3 |
2023-11-26 - 2024-02-24 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/
Frame ID: ADF7ADB53B19D434C55C8AFE043F5582
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Die PostPage URL History Show full URLs
-
https://reurl.cc/7MGO1b/
HTTP 301
https://reurl.cc/7MGO1b Page URL
-
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwE...
HTTP 303
https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php Page URL
-
https://iplogger.com/29Zm85
HTTP 302
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxWUAFQVgAGAxgBAVgCSwBRUlsUUAcFDksCVQxVDwdTVVYFUgNMVlQAVFc... HTTP 303
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage HTTP 301
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Facebook (Widgets) Expand
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://reurl.cc/7MGO1b/
HTTP 301
https://reurl.cc/7MGO1b Page URL
-
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwEOAAhLUAVeVBQFUQRaSwdYCFYVUQMHVVAJUwgFUVYMSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUwcAXw
HTTP 303
https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php Page URL
-
https://iplogger.com/29Zm85
HTTP 302
https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxWUAFQVgAGAxgBAVgCSwBRUlsUUAcFDksCVQxVDwdTVVYFUgNMVlQAVFcFVAVLVl0CUhQFAANcSwRVCgAVVlcDBQBUUgZRBQQCSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUwcAXw HTTP 303
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage HTTP 301
https://fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://reurl.cc/7MGO1b/ HTTP 301
- https://reurl.cc/7MGO1b
- https://sosnik.hosted.phplist.com/lists/lt.php?tid=LUxXVQZTBlFRBRgHAVgCSwBQAAMUCFBYCktSVlpQCFVTUgVUBAVMVQMCVwEOAAhLUAVeVBQFUQRaSwdYCFYVUQMHVVAJUwgFUVYMSFUCAAMNB15RFFdXBFpLUlgJVBUNAVIAGwlVBAcFAlYCUwcAXw HTTP 303
- https://ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/pstdeth.php
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
7MGO1b
reurl.cc/ Redirect Chain
|
807 B 974 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga2.js
storage.reurl.cc/javascripts/ |
536 B 875 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pixel.js
storage.reurl.cc/javascripts/ |
429 B 524 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
redirect.js
storage.reurl.cc/javascripts/ |
112 B 206 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tagtoo.js
reurl.cc/javascripts/ |
729 B 615 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
202 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1675200226052423
connect.facebook.net/signals/config/ |
126 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
0 185 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pstdeth.php
ryt.muf.mybluehost.me/.website_7a270d17/.well-known/acme-challenge/ Redirect Chain
|
169 B 360 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/ Redirect Chain
|
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/ |
152 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/ |
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/css/ |
2 KB 742 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa.png
img.icons8.com/color/36/000000/ |
813 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mastercard.png
img.icons8.com/color/36/000000/ |
655 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.payment.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.slim.min.js
code.jquery.com/ |
71 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/js/ |
79 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
fit.ndi.mybluehost.me/Deutchpost/de/Packaging/manage/file/js/ |
1 KB 493 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation) Swiss Post (Transportation)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery object| bootstrap5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.reurl.cc/ | Name: _fbp Value: fb.1.1701702296599.1915732094 |
|
sosnik.hosted.phplist.com/ | Name: SERVERID Value: pqserver1|ZW3qn|ZW3qn |
|
iplogger.com/ | Name: 515581803117783939 Value: 3 |
|
iplogger.com/ | Name: clhf03028ja Value: 185.213.155.131 |
|
.phplist.com/ | Name: WebblerSession Value: nppgl7vr1c81kl54p7og9fsomv |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
fit.ndi.mybluehost.me
img.icons8.com
iplogger.com
maxcdn.bootstrapcdn.com
reurl.cc
ryt.muf.mybluehost.me
sosnik.hosted.phplist.com
stackpath.bootstrapcdn.com
storage.reurl.cc
www.facebook.com
www.google-analytics.com
104.21.12.138
162.241.219.134
162.241.226.28
2606:4700::6811:190e
2606:4700::6812:acf
2a00:1450:4001:813::200e
2a02:6ea0:c700::19
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:200::649
34.149.98.30
35.185.130.121
45.33.29.14
096f85ac6d28eb274e8f6bcffc83c4d3baf2041bd4befd0adea68c566b20c57b
0a01cd2c51200f878b658e08c0f37b095cb3ed34e61133f377632b29df9abdaa
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20
1a458be2bea44947ad1b1f5e4411f87d27c3d3f6f42db0be2d11332392fb4eb3
231d6a2add6bd0136a02d47ba03de40f9be01887aab7ec4032660aa0b27c37e9
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698
32354d2c0f4bf41e04da234a462a5c49620cdd119086f9780af3d9ee0f546fb8
329d7cca64024afc31daa040d50fc6cbea2fb21ed714202ef69a92ebcc08e8a6
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
7c17230abe3611902ee2a60e37008710a0c22756ef1821d60bd7d8fa419722c1
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8ba07634bb6e5d90377a12095c82654ff11a7b5993d32701907e84f66f275b62
c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef
cc2aa0f5d906c907b4a8440d1a91e21d8a35da338613cba4b82c227fab78ed5b
d4adc45ed4f0dfd02beda6cac9cb52270cf6e6e61482188310fed8c309327e66
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
ed8dfd8f52d0599e0f22682191e06debf0a8a7bb9fe395451098bcbc29df65c4