0.rebrandingstoreblue.com Open in urlscan Pro
188.114.97.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://luccahealthgroup.com/
Effective URL:
https://0.rebrandingstoreblue.com/index.php?p=gztggyrtgi5dcojxha4q&sub1=corsa&sub2=cert&sub3=spz
Submission: On December 18 via api (December 18th 2024, 4:06:06 pm UTC) from US — Scanned from CH

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 18 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is 0.rebrandingstoreblue.com.
TLS certificate: Issued by WE1 on December 10th 2024. Valid for: 3 months.

This is the only time 0.rebrandingstoreblue.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	157.230.100.90 157.230.100.90	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	172.67.164.190 172.67.164.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.67.192.6 172.67.192.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	7

1 157.230.100.90 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: 468650.cloudwaysapps.com

luccahealthgroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.164.190 (United States)

ASN13335 (CLOUDFLARENET, US)

gb.rdntocdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
de.rdntocdns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

chest.cdntoswitchspirit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.192.6 (United States)

ASN13335 (CLOUDFLARENET, US)

fr2.readytocheckline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fr1.readytocheckline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

rebrandingstoreblue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

0.rebrandingstoreblue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	rebrandingstoreblue.com rebrandingstoreblue.com 0.rebrandingstoreblue.com	17 KB
4	readytocheckline.com fr2.readytocheckline.com — Cisco Umbrella Rank: 999589 Failed fr1.readytocheckline.com — Cisco Umbrella Rank: 984314	4 KB
3	rdntocdns.com gb.rdntocdns.com de.rdntocdns.com	17 KB
1	cdntoswitchspirit.com chest.cdntoswitchspirit.com	6 KB
1	luccahealthgroup.com luccahealthgroup.com	46 KB
0	statisticsong.com Failed api.statisticsong.com Failed
0	perfectlinestarter.com Failed records.perfectlinestarter.com Failed
0	linestoget.com Failed stay.linestoget.com Failed
18	8

	Domain	Requested by
2	0.rebrandingstoreblue.com	luccahealthgroup.com
2	rebrandingstoreblue.com
2	fr1.readytocheckline.com
2	fr2.readytocheckline.com	de.rdntocdns.com
2	gb.rdntocdns.com	luccahealthgroup.com chest.cdntoswitchspirit.com
1	de.rdntocdns.com	gb.rdntocdns.com
1	chest.cdntoswitchspirit.com	luccahealthgroup.com
1	luccahealthgroup.com
0	api.statisticsong.com Failed	luccahealthgroup.com
0	records.perfectlinestarter.com Failed	luccahealthgroup.com
0	stay.linestoget.com Failed	luccahealthgroup.com
18	11

This site contains no links.

Subject Issuer	Validity	Valid
luccahealthgroup.com R11	`2024-11-28` - `2025-02-26`	3 months	crt.sh
rdntocdns.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
cdntoswitchspirit.com WE1	`2024-11-25` - `2025-02-23`	3 months	crt.sh
readytocheckline.com WE1	`2024-12-14` - `2025-03-14`	3 months	crt.sh
rebrandingstoreblue.com WE1	`2024-12-10` - `2025-03-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://0.rebrandingstoreblue.com/index.php?p=gztggyrtgi5dcojxha4q&sub1=corsa&sub2=cert&sub3=spz
Frame ID: B4176B686148FCE66AF74185171AA447
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Überprüfen Ihren Browser

Page URL History Show full URLs

http://luccahealthgroup.com/ HTTP 307
https://luccahealthgroup.com/ Page URL
https://fr2.readytocheckline.com/t2kf4F?ds=https://luccahealthgroup.com Page URL
https://fr1.readytocheckline.com/RYewtyw Page URL
https://rebrandingstoreblue.com/go/gztggyrtgi5dcojxha4q?sub1=corsa&sub2=cert&sub3=spz Page URL
https://0.rebrandingstoreblue.com/index.php?p=gztggyrtgi5dcojxha4q&sub1=corsa&sub2=cert&sub3=spz Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

18
Requests

72 %
HTTPS

17 %
IPv6

8
Domains

11
Subdomains

7
IPs

3
Countries

90 kB
Transfer

139 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://luccahealthgroup.com/ HTTP 307
https://luccahealthgroup.com/ Page URL
https://fr2.readytocheckline.com/t2kf4F?ds=https://luccahealthgroup.com Page URL
https://fr1.readytocheckline.com/RYewtyw Page URL
https://rebrandingstoreblue.com/go/gztggyrtgi5dcojxha4q?sub1=corsa&sub2=cert&sub3=spz Page URL
https://0.rebrandingstoreblue.com/index.php?p=gztggyrtgi5dcojxha4q&sub1=corsa&sub2=cert&sub3=spz Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://luccahealthgroup.com/ HTTP 307
https://luccahealthgroup.com/

18 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response luccahealthgroup.com/ Redirect Chain http://luccahealthgroup.com/ https://luccahealthgroup.com/	57 KB 46 KB	168ms 60ms	Document text/html	157.230.100.90 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://luccahealthgroup.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 157.230.100.90 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS 468650.cloudwaysapps.com Software nginx / Resource Hash `070d8cc45ad51f177e0c54de6986cc458b6a74d3659438273e36f0b0f06f6eb9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 1252 content-encoding gzip content-length 46465 content-type text/html; charset=UTF-8 date Wed, 18 Dec 2024 16:06:00 GMT server nginx vary Accept-Encoding x-cache HIT Redirect headers Location https://luccahealthgroup.com/ Non-Authoritative-Reason HttpsUpgrades
GET		get.js stay.linestoget.com/scripts/	0 0

GET H3	200	6tdzst Show response gb.rdntocdns.com/	13 KB 6 KB	165ms 127ms	Script application/javascript	172.67.164.190 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gb.rdntocdns.com/6tdzst?u=luccahealthgroup.com Requested by Host: luccahealthgroup.com URL: https://luccahealthgroup.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.164.190 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash `3c3e5d8c32f6f45dbb3ed8b9c3f4316801babf0974b7b6e37cd5af2ee166dc9e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://luccahealthgroup.com/ Response headers content-encoding gzip cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bg0i7dsuZO1iz7uCquR2QoxnKP6d35h2AkuOEW%2F4Jz2BNucR%2B9wNvvjI2Q50axWYmMs5x66Y8Lq8ypS7Pj7el017a1JnMZjzJrcK2LJ9SkzMvDQ%2Fdi4GEcQb5kdITUdmSgoN"}],"group":"cf-nel","max_age":604800} expires Wed, 18 Dec 2024 16:06:00 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=23952&min_rtt=20268&rtt_var=9646&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4157&recv_bytes=4386&delivery_rate=619&cwnd=12000&unsent_bytes=0&cid=a4b436b227111ed8&ts=132&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 16:06:00 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding priority u=3,i=?0 cache-control no-cache, no-store, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f4065cc9b278ff4-FRA access-control-allow-origin * x-powered-by PHP/7.4.33 server cloudflare
GET		run.js records.perfectlinestarter.com/scripts/	0 0

GET H3	200	connections.js Show response chest.cdntoswitchspirit.com/scripts/	14 KB 6 KB	93ms 30ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://chest.cdntoswitchspirit.com/scripts/connections.js Requested by Host: luccahealthgroup.com URL: https://luccahealthgroup.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bdde9d75d204c3285d2c25aebb8b7d3aa4a5051e0987dac99621e0a29a086444` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://luccahealthgroup.com/ Response headers content-encoding gzip cf-cache-status HIT age 2593 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5uen%2BLGBFa6m3scHmlIIpd9Ih1Ucrsr4ZDZkpO0Yp%2FbaInt8Mbqgz3s2nc%2FnCasY6ef86SpnAD0DQchXwh41FjawgTCe5JcyyizJLvtKny%2FHkSyfer%2Bhg2O2kDskuN8ieEYItAsTG7ves5Kmv5Q%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET, POST alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=20704&min_rtt=20637&rtt_var=7786&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4200&recv_bytes=4301&delivery_rate=136552&cwnd=12000&unsent_bytes=0&cid=b9e6f9385bb5c6e6&ts=58&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 16:06:00 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding priority u=3,i=?0 access-control-allow-headers X-Requested-With last-modified Wed, 18 Dec 2024 15:22:47 GMT cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f4065ce88d8d2c2-FRA accept-ranges bytes access-control-allow-origin * content-length 5466 server cloudflare
GET		r.js api.statisticsong.com/scripts/	0 0

GET H3	200	yirutyew de.rdntocdns.com/	9 KB 5 KB	138ms 126ms	Script application/javascript	172.67.164.190 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de.rdntocdns.com/yirutyew?u=luccahealthgroup.com Requested by Host: gb.rdntocdns.com URL: https://gb.rdntocdns.com/6tdzst?u=luccahealthgroup.com Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.164.190 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://luccahealthgroup.com/ Response headers content-encoding gzip cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=05y2mHPBqhCnXlQOny0aOV1ahfpnRXvofWcrIlV29%2F0Wr4BViQGANYNgNKbqDLOKqsXcrGNaBNRc2ZiovfDFlQ2TM5TyxaMw3fIltzrpGk1ANo0kfkK%2BU5%2BEexfD7gISZU1m"}],"group":"cf-nel","max_age":604800} expires Wed, 18 Dec 2024 16:06:00 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=22901&min_rtt=20268&rtt_var=5625&sent=18&recv=14&lost=0&retrans=0&sent_bytes=10664&recv_bytes=4797&delivery_rate=316055&cwnd=12000&unsent_bytes=0&cid=a4b436b227111ed8&ts=501&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 16:06:00 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding priority u=3,i=?0 cache-control no-cache, no-store, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f4065ceecad8ff4-FRA access-control-allow-origin * x-powered-by PHP/7.4.33 server cloudflare
GET H3	200	6tdzst gb.rdntocdns.com/	13 KB 6 KB	91ms 90ms	Script application/javascript	172.67.164.190 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gb.rdntocdns.com/6tdzst?u=luccahealthgroup.com Requested by Host: chest.cdntoswitchspirit.com URL: https://chest.cdntoswitchspirit.com/scripts/connections.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.164.190 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://luccahealthgroup.com/ Response headers content-encoding gzip cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K83eFH7CUkgcYVNf9JmPS%2B84PorZ8jS1jtCaZ62iNb6QhscdIn9YCGz6mh3gIs676Ou043JSD0zDa9v5T1OaY0hD0DmQ%2F1l0uWVY8HxqtoF07Hucyqg5mZv6e82BU%2BT3yr%2Fo"}],"group":"cf-nel","max_age":604800} expires Wed, 18 Dec 2024 16:06:00 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=22119&min_rtt=20268&rtt_var=3534&sent=24&recv=17&lost=0&retrans=0&sent_bytes=15840&recv_bytes=5169&delivery_rate=41405&cwnd=12000&unsent_bytes=0&cid=a4b436b227111ed8&ts=595&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 16:06:00 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding priority u=3,i=?0 cache-control no-cache, no-store, must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f4065cfbd2e8ff4-FRA access-control-allow-origin * x-powered-by PHP/7.4.33 server cloudflare
GET		t2kf4F fr2.readytocheckline.com/	0 0

GET		t2kf4F fr2.readytocheckline.com/	0 0

GET H3	200	t2kf4F fr2.readytocheckline.com/	204 B 1 KB	162ms 123ms	Document text/html	172.67.192.6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fr2.readytocheckline.com/t2kf4F?ds=https://luccahealthgroup.com Requested by Host: de.rdntocdns.com URL: https://de.rdntocdns.com/yirutyew?u=luccahealthgroup.com Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.192.6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://luccahealthgroup.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8f4065d00fb96ab9-FRA content-encoding zstd content-type text/html; charset=utf-8 date Wed, 18 Dec 2024 16:06:01 GMT expires Wed, 18 Dec 2024 16:06:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=42L1fTaLjzv4ta3IBPhHwFEgrK9ztlha4fsptRR9zJcbKaZs3yI5HZ96nfffTxDL9M7xdizw0lWMFg374kykkRgKM63skS%2F08J%2F%2Fe9DmNbRz%2BJw3kmoHNFOcIrBbQcBYgfZmeHUM3Uh7wQY%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=20630&min_rtt=20281&rtt_var=3706&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4143&recv_bytes=4534&delivery_rate=603&cwnd=12000&unsent_bytes=0&cid=0f6f607a452ee64a&ts=128&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding
GET H3	200	RYewtyw fr1.readytocheckline.com/	249 B 1 KB	165ms 122ms	Document text/html	172.67.192.6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fr1.readytocheckline.com/RYewtyw Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.192.6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8f4065d128c76ab9-FRA content-encoding zstd content-type text/html; charset=utf-8 date Wed, 18 Dec 2024 16:06:01 GMT expires Wed, 18 Dec 2024 16:06:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9h6%2BPf2PEsFz5m%2Fb31Kc78vN1qpSX7fwaPgFK2KBtvUlrH4mFaDH86cT2Fnc3XFJZhJGZMmviSOT3znUMetkn4SUi4ltOAbW7JeGexc29xBE5QYCWEBRTrABSBapnujHOZjfmEihSCoZn0M%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=20581&min_rtt=20281&rtt_var=2165&sent=16&recv=13&lost=0&retrans=0&sent_bytes=6216&recv_bytes=5491&delivery_rate=7214&cwnd=12000&unsent_bytes=0&cid=0f6f607a452ee64a&ts=310&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding
GET H3	404	favicon.ico fr2.readytocheckline.com/	548 B 804 B	121ms 120ms	Other text/html	172.67.192.6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fr2.readytocheckline.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.192.6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1ktpxyRjsIylrph2wnNRnyxzMP9x2eKBoY0N3g%2Fq%2FxvyqxwVsrpg2nVOnESGH8f5FJMkPeQmylAGG4BgPRPOX6HGiTKWSYWa8gSaD7QGC%2FDlI4VOrbKvD%2B3IhZMrkrd%2FvAEEUgQpua3hCw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f4065d0e8976ab9-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=20597&min_rtt=20281&rtt_var=2844&sent=14&recv=12&lost=0&retrans=0&sent_bytes=5365&recv_bytes=5448&delivery_rate=29155&cwnd=12000&unsent_bytes=0&cid=0f6f607a452ee64a&ts=267&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 16:06:01 GMT content-type text/html; charset=utf-8 vary Accept-Encoding server cloudflare priority u=1,i
GET H2	200	gztggyrtgi5dcojxha4q Show response rebrandingstoreblue.com/go/	12 KB 8 KB	160ms 72ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rebrandingstoreblue.com/go/gztggyrtgi5dcojxha4q?sub1=corsa&sub2=cert&sub3=spz Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `911ac24f22c2448c77c62a29dee72ae7e22a994af4c24c5f297e43955bc1f6dc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8f4065d29e4818f1-FRA content-encoding zstd content-type text/html; charset=UTF-8 date Wed, 18 Dec 2024 16:06:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G9oMU47BkDHlR5znAfARN0mkDk6NAMneIN3H%2FyLUI1gQUvsq1nxFK9Iue%2FouHuv4Y1NRtLvBwgvvgR3AToLmRcj0LSHRLZbFuUuAnEXrqZRCfMZFPg9%2FghXVx%2BJz51MKBv2CjeYTw49njMleqJnFrG3XkVwVpQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=20284&min_rtt=20223&rtt_var=2455&sent=9&recv=12&lost=0&retrans=0&sent_bytes=4355&recv_bytes=2424&delivery_rate=236595&cwnd=255&unsent_bytes=0&cid=7f5e53469ce8c503&ts=88&x=0"
GET H3	404	favicon.ico fr1.readytocheckline.com/	548 B 799 B	35ms 35ms	Other text/html	172.67.192.6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fr1.readytocheckline.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.192.6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status HIT age 145 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0TmGwvtNmGPrdvONjuRHOFhzu66xsVWn%2BrFaCBICkOHL5zevhR0sia5isW3bLYVZ90fROq%2BWdPicqHErfLyMLg5CI5Vp4PKd06M1W8cqAHyjXNRmKa5d36wfckq6jSc1lqwsJYkhBl%2FqotY%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f4065d209456ab9-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=20560&min_rtt=20281&rtt_var=1666&sent=18&recv=14&lost=0&retrans=0&sent_bytes=7412&recv_bytes=6023&delivery_rate=33085&cwnd=12000&unsent_bytes=0&cid=0f6f607a452ee64a&ts=360&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 16:06:01 GMT content-type text/html; charset=utf-8 vary Accept-Encoding server cloudflare priority u=1,i
GET DATA	200 OK	truncated /	748 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET H2	204	favicon.ico rebrandingstoreblue.com/	0 428 B	31ms 31ms	Other text/plain	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rebrandingstoreblue.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://rebrandingstoreblue.com/go/gztggyrtgi5dcojxha4q?sub1=corsa&sub2=cert&sub3=spz Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status HIT age 2058 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tj6xB352rLJpklAzIC%2BMbIOw2pznlwYW3IEWVr9EgxjqB2CYfIX3lLisE0f7o3sOAGJB5HO8EBL9tPjHurjcchpz5jpsNi0Z70pJqfKnvJ3FdKpmtLSclIh5bpuFw0txTK%2BCkSfC5sYAe383QBRGPwH%2B4esfLQ%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f4065d32edd18f1-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=21582&min_rtt=20177&rtt_var=2242&sent=24&recv=26&lost=0&retrans=0&sent_bytes=12924&recv_bytes=2862&delivery_rate=278373&cwnd=258&unsent_bytes=0&cid=7f5e53469ce8c503&ts=139&x=0" date Wed, 18 Dec 2024 16:06:01 GMT vary Accept-Encoding server cloudflare
GET H3	200	Primary Request index.php Show response 0.rebrandingstoreblue.com/	18 KB 9 KB	113ms 74ms	Document text/html	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://0.rebrandingstoreblue.com/index.php?p=gztggyrtgi5dcojxha4q&sub1=corsa&sub2=cert&sub3=spz Requested by Host: luccahealthgroup.com URL: https://luccahealthgroup.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fc26c6d56246070e9b6c4de93f0be25587567ab570f19edf6ef07640c870e417` Request headers Referer https://rebrandingstoreblue.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8f4065dead009f10-FRA content-encoding zstd content-type text/html; charset=UTF-8 date Wed, 18 Dec 2024 16:06:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xthY8SbI%2BNLbVUUyo2i31SsomITLPWbL7oEXJtpCUDLm1wqmv1uF%2F8oNwIqoQFuwj9golYzI8iQtvnsstVCOOlDP0JOAEBb2QBlnInnAjhDvZ6aKUUgOe5gE61zvagu%2FQ1178nmfkFKldx36"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=20409&min_rtt=20336&rtt_var=4349&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4147&recv_bytes=4543&delivery_rate=28664&cwnd=12000&unsent_bytes=0&cid=4adbe591a238b41b&ts=79&x=1" cfExtPri cfHdrFlush;dur=0
GET DATA	200 OK	truncated /	378 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6935876b0112bb2bb5aa7e27c0fdf9be86e190d47a0fbff8eb8e67e25d11f68d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	377 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f9077e9ffe52966b3a279d70797b41c4eba4e6d3928471fe755fcc3856ac4b3e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET H3	204	favicon.ico 0.rebrandingstoreblue.com/	0 637 B	33ms 33ms	Other text/plain	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://0.rebrandingstoreblue.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.rebrandingstoreblue.com/index.php?p=gztggyrtgi5dcojxha4q&sub1=corsa&sub2=cert&sub3=spz Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status HIT age 5756 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kboBHpMeN8bNo9yLS4Ty6AHzU4A%2F94m4XRPfxeryB5ec9j4bt%2FM%2FE%2Fri4LCnk6D0hQ7MgxN5gk30%2B6hKsYN0XpyQBYpgxzXI27QYbp0QZPDwVxNVaExe0dPC%2B1ET4FEpB9s8C1xSyDxxQPjG"}],"group":"cf-nel","max_age":604800} cf-ray 8f4065df3d859f10-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=23390&min_rtt=20336&rtt_var=4522&sent=24&recv=17&lost=0&retrans=0&sent_bytes=13469&recv_bytes=5725&delivery_rate=203408&cwnd=12000&unsent_bytes=0&cid=4adbe591a238b41b&ts=126&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 16:06:03 GMT vary Accept-Encoding server cloudflare priority u=1,i

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: stay.linestoget.com
URL: https://stay.linestoget.com/scripts/get.js?ver=8.8.8

Domain: records.perfectlinestarter.com
URL: https://records.perfectlinestarter.com/scripts/run.js

Domain: api.statisticsong.com
URL: https://api.statisticsong.com/scripts/r.js

Domain: fr2.readytocheckline.com
URL: https://fr2.readytocheckline.com/t2kf4F?ds=https://luccahealthgroup.com

Domain: fr2.readytocheckline.com
URL: https://fr2.readytocheckline.com/t2kf4F?ds=https://luccahealthgroup.com

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| urlB64ToUint8Array

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fr2.readytocheckline.com/	1970-01-21 02:33:36	Name: _subid Value: 3umd9ri2gq2v9
fr2.readytocheckline.com/	1970-01-21 01:50:24	Name: 7b22a Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM0XCI6MTczNDUzNzk2MX0sXCJjYW1wYWlnbnNcIjp7XCI0XCI6MTczNDUzNzk2MX0sXCJ0aW1lXCI6MTczNDUzNzk2MX0ifQ.VMpG2Ab-TXLI1pSM35nosUJsXT0GFjJpQniF28VRKwM
fr1.readytocheckline.com/	1970-01-21 02:33:36	Name: _subid Value: 3umd9ri2gq2vb
fr1.readytocheckline.com/	1970-01-21 01:50:24	Name: 7b22a Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjUyXCI6MTczNDUzNzk2MX0sXCJjYW1wYWlnbnNcIjp7XCI3XCI6MTczNDUzNzk2MX0sXCJ0aW1lXCI6MTczNDUzNzk2MX0ifQ.VZypjFp4Za47T1I83ujrK51XREj_qaZ3j99IDcNwkmI
.rebrandingstoreblue.com/	1970-01-21 02:32:09	Name: uuid Value: 656c27f0-d6dd-48da-8b60-6db310d2e8f2
.0.rebrandingstoreblue.com/	1970-01-21 02:32:09	Name: uuid Value: 656c27f0-d6dd-48da-8b60-6db310d2e8f2

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.statisticsong.com/scripts/r.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://fr2.readytocheckline.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://fr1.readytocheckline.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.rebrandingstoreblue.com
api.statisticsong.com
chest.cdntoswitchspirit.com
de.rdntocdns.com
fr1.readytocheckline.com
fr2.readytocheckline.com
gb.rdntocdns.com
luccahealthgroup.com
rebrandingstoreblue.com
records.perfectlinestarter.com
stay.linestoget.com
api.statisticsong.com
fr2.readytocheckline.com
records.perfectlinestarter.com
stay.linestoget.com
157.230.100.90
172.67.164.190
172.67.192.6
188.114.96.3
188.114.97.3
2a06:98c1:3121::3
070d8cc45ad51f177e0c54de6986cc458b6a74d3659438273e36f0b0f06f6eb9
3c3e5d8c32f6f45dbb3ed8b9c3f4316801babf0974b7b6e37cd5af2ee166dc9e
6935876b0112bb2bb5aa7e27c0fdf9be86e190d47a0fbff8eb8e67e25d11f68d
911ac24f22c2448c77c62a29dee72ae7e22a994af4c24c5f297e43955bc1f6dc
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23
bdde9d75d204c3285d2c25aebb8b7d3aa4a5051e0987dac99621e0a29a086444
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f9077e9ffe52966b3a279d70797b41c4eba4e6d3928471fe755fcc3856ac4b3e
fc26c6d56246070e9b6c4de93f0be25587567ab570f19edf6ef07640c870e417

0.rebrandingstoreblue.com Open in urlscan Pro 188.114.97.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

72 %HTTPS

17 %IPv6

8 Domains

11 Subdomains

7 IPs

3 Countries

90 kBTransfer

139 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

6 Cookies

3 Console Messages

Indicators

0.rebrandingstoreblue.com Open in urlscan Pro
188.114.97.3 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

72 %
HTTPS

17 %
IPv6

8
Domains

11
Subdomains

7
IPs

3
Countries

90 kB
Transfer

139 kB
Size

6
Cookies

18 HTTP transactions
3 data transactions