urlscan.io logo urlscan.io
SecurityTrails logo

monitoring.dev.digital-masters.de Open in urlscan Pro
138.68.110.72  Public Scan

Go To Rescan Add Verdict Report
URL: https://monitoring.dev.digital-masters.de/
Submission Tags: phishingrod
Submission: On September 19 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 138.68.110.72, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is monitoring.dev.digital-masters.de.
TLS certificate: Issued by R3 on September 19th 2023. Valid for: 3 months.
This is the only time monitoring.dev.digital-masters.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 138.68.110.72 14061 (DIGITALOC...)
1 104.16.87.20 13335 (CLOUDFLAR...)
4 104.21.233.225 13335 (CLOUDFLAR...)
1 185.91.106.209 51401 (ARVATO-SY...)
8 4
Apex Domain
Subdomains		 Transfer
4 rsms.me
rsms.me — Cisco Umbrella Rank: 23087
307 KB
2 digital-masters.de
monitoring.dev.digital-masters.de
148 KB
1 hvv.de
www.hvv.de — Cisco Umbrella Rank: 818213
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 558
9 KB
8 4
Domain Requested by
4 rsms.me monitoring.dev.digital-masters.de
rsms.me
2 monitoring.dev.digital-masters.de monitoring.dev.digital-masters.de
1 www.hvv.de monitoring.dev.digital-masters.de
1 cdn.jsdelivr.net monitoring.dev.digital-masters.de
8 4

This site contains links to these domains. Also see Links.

Domain
chrome.google.com
Subject Issuer Validity Valid
monitoring.dev.digital-masters.de
R3		 2023-09-19 -
2023-12-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
rsms.me
E1		 2023-09-02 -
2023-12-01		 3 months crt.sh
*.hvv.de
GeoTrust TLS RSA CA G1		 2023-03-29 -
2024-04-28		 a year crt.sh

This page contains 2 frames:

Primary Page: https://monitoring.dev.digital-masters.de/
Frame ID: D26BAE36B36DD91C66705F41AFD082CA
Requests: 7 HTTP requests in this frame

Frame: https://www.hvv.de/de/fahrplaene/abruf-fahrplaninfos/abfahrten-auf-ihrem-monitor/abfahrten-anzeige?show=49a8e57ae293472aa2a2c71cee065ab6
Frame ID: B1A8FFC4C9C9D98C6C74881768517638
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dashboard

Detected technologies

Overall confidence: 100%
Detected patterns
  • livewire(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /alpine(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

464 kB
Transfer

1205 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
monitoring.dev.digital-masters.de/ 		720 KB
109 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://monitoring.dev.digital-masters.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.68.110.72 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
2a17be7b3670d671770bc5c2cf761bd76683fa6d9c834ab11dc3018004f962c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 19 Sep 2023 02:25:50 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
alpine.min.js
cdn.jsdelivr.net/gh/alpinejs/alpine@v2.x.x/dist/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.x.x/dist/alpine.min.js
Requested by
Host: monitoring.dev.digital-masters.de
URL: https://monitoring.dev.digital-masters.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfbc6f14aa1ece087d34da8e25c9bc329b4a6d3757f87748ca4b5319c8a01d7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://monitoring.dev.digital-masters.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 02:25:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1475
x-jsd-version
2.8.2
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230038-FRA, cache-yyz4520-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"6969-PYk6WU7wXAXPX7qrRZSTVytMicQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wvTo%2BZPoFuZIkAqdQj2i17ZCpI4MbUNnxf2HTkzreRLB1w9sQ8EW8K3lO4UG3NrlEjSLPVYnu49K0sHWi0e9uzz5htJubgNECQvzz1zBRR%2BGDER%2FDDhJOyW3kWbpZXROB%2Fg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
808e61673dc30e48-AMS
inter.css
rsms.me/inter/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rsms.me/inter/inter.css
Requested by
Host: monitoring.dev.digital-masters.de
URL: https://monitoring.dev.digital-masters.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.233.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c14569b287795db20f175729c90108f5e756049018e48f45d6f92c11c31be884

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://monitoring.dev.digital-masters.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-fastly-request-id
bba692a2d52be32e61050c055e8a1a0bce681bc0
date
Tue, 19 Sep 2023 02:25:51 GMT
via
1.1 varnish
content-encoding
br
expires
Tue, 12 Sep 2023 00:48:46 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
330
x-cache
HIT
x-proxy-cache
HIT
alt-svc
h3=":443"; ma=86400
x-served-by
cache-ams21027-AMS
last-modified
Tue, 12 Sep 2023 00:37:37 GMT
server
cloudflare
x-github-request-id
8FD0:29EA:596C9E:5B5C6F:64FFB3EB
x-timer
S1694479454.687443,VS0,VE1
etag
W/"64ffb2d1-1490"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnzUR5db45trvtG1041WsLuBBwWDNyxQG0AnwAawKmlDF3%2FDvr9KlqPwC7Ck4X5zzldmSBjFl1joZAuVEWr1QBQ3j6D2X1KsNAum30fzURpf2AgWRAeOKtUN"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-origin-cache
HIT
cf-ray
808e61672a09b7fb-AMS
x-cache-hits
1
livewire.js
monitoring.dev.digital-masters.de/livewire/ 		149 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://monitoring.dev.digital-masters.de/livewire/livewire.js?id=54d078b2ce39327a1702
Requested by
Host: monitoring.dev.digital-masters.de
URL: https://monitoring.dev.digital-masters.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.68.110.72 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
5fba42a016e326e62e8bc3d69c73bbfafbf461dbbd46689abe5ee657ec57087c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://monitoring.dev.digital-masters.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 02:25:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 28 Apr 2021 15:31:15 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 02:25:50 GMT
Inter-Regular.woff2
rsms.me/inter/font-files/ 		97 KB
97 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://rsms.me/inter/font-files/Inter-Regular.woff2?v=3.19
Requested by
Host: rsms.me
URL: https://rsms.me/inter/inter.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.233.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer
https://rsms.me/inter/inter.css
Origin
https://monitoring.dev.digital-masters.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-fastly-request-id
6abb7b14fa3ab220e0af3659a614566f154274b1
date
Tue, 19 Sep 2023 02:25:51 GMT
via
1.1 varnish
expires
Tue, 12 Sep 2023 00:48:43 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache
HIT
x-cache
HIT
alt-svc
h3=":443"; ma=86400
content-length
98868
x-served-by
cache-ams21037-AMS
last-modified
Tue, 12 Sep 2023 00:37:33 GMT
server
cloudflare
x-github-request-id
B0F2:B3D5:12FB2C6:1363EFA:64FFB3CD
x-timer
S1695090352.628230,VS0,VE1
etag
"64ffb2cd-18234"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ys2IIWxEMLVwvtP18vMMdfCHmRHr3D8vev6044GEx6zk5EaXbe0giHkjWZsBWdAOmE%2F5zOoB1KualVqYB6Zhm%2BOeS4qobWBFtFypYSMTFq%2BkBn%2F0vKfkgKC2"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
x-origin-cache
HIT
cf-ray
808e6169ac1db7a6-AMS
x-cache-hits
1
abfahrten-anzeige
www.hvv.de/de/fahrplaene/abruf-fahrplaninfos/abfahrten-auf-ihrem-monitor/ Frame B1A8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hvv.de/de/fahrplaene/abruf-fahrplaninfos/abfahrten-auf-ihrem-monitor/abfahrten-anzeige?show=49a8e57ae293472aa2a2c71cee065ab6
Requested by
Host: monitoring.dev.digital-masters.de
URL: https://monitoring.dev.digital-masters.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.91.106.209 , Germany, ASN51401 (ARVATO-SYSTEMS-AS Arvato Systems Digital Perdata, DE),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://monitoring.dev.digital-masters.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=0
content-encoding
gzip
content-language
de
content-length
8923
content-security-policy
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de;
content-type
text/html;charset=UTF-8
date
Tue, 19 Sep 2023 02:25:51 GMT
expires
Tue, 19 Sep 2023 02:25:51 GMT
grace
none
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
via
1.1 www.hvv.de 1.1 varnish (Varnish/6.5)
x-cache
uncached
x-content-security-policy
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de;
x-content-type-options
nosniff
x-frame-options
DENY
x-security
checked
x-ua-compatible
IE=edge
x-varnish
184206685
x-webkit-csp
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de;
x-xss-protection
1; mode=block
Inter-Bold.woff2
rsms.me/inter/font-files/ 		104 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://rsms.me/inter/font-files/Inter-Bold.woff2?v=3.19
Requested by
Host: rsms.me
URL: https://rsms.me/inter/inter.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.233.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7

Request headers

Referer
https://rsms.me/inter/inter.css
Origin
https://monitoring.dev.digital-masters.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-fastly-request-id
0c41d30479035d48c0aaf0589a4ce74bb9aeb9ed
date
Tue, 19 Sep 2023 02:25:51 GMT
via
1.1 varnish
expires
Wed, 13 Sep 2023 22:45:40 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache
MISS
x-cache
HIT
alt-svc
h3=":443"; ma=86400
content-length
106140
x-served-by
cache-ams21060-AMS
last-modified
Tue, 12 Sep 2023 00:37:33 GMT
server
cloudflare
x-github-request-id
BC14:0D0A:2F12DFC:3011C15:6502393B
x-timer
S1695090352.628251,VS0,VE1
etag
"64ffb2cd-19e9c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6%2BqsSXsvWK4J20kvS6HTLrbSzbGd3jSgwUVsYaZg1zY207yfFn7F6%2FSUWdL5FE5Y6nZbU8XlXf3lGt0jlzOCoSx%2FSc5kKlDk%2BvcR%2F3uPpE9iUq6UGSoQeO3"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
x-origin-cache
HIT
cf-ray
808e6169ac20b7a6-AMS
x-cache-hits
1
Inter-Medium.woff2
rsms.me/inter/font-files/ 		103 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://rsms.me/inter/font-files/Inter-Medium.woff2?v=3.19
Requested by
Host: rsms.me
URL: https://rsms.me/inter/inter.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.233.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b498b959e5b7decbf9185803591d25bc1fbf83e798372ed30d32d5c79d82ff6

Request headers

Referer
https://rsms.me/inter/inter.css
Origin
https://monitoring.dev.digital-masters.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-fastly-request-id
973d48658d35035378a90080fd177c7ba2756da4
date
Tue, 19 Sep 2023 02:25:51 GMT
via
1.1 varnish
expires
Tue, 12 Sep 2023 00:51:29 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache
MISS
x-cache
HIT
alt-svc
h3=":443"; ma=86400
content-length
105924
x-served-by
cache-ams21075-AMS
last-modified
Tue, 12 Sep 2023 00:37:33 GMT
server
cloudflare
x-github-request-id
B432:EA00:134BF86:13B4945:64FFB3B8
x-timer
S1695090352.627462,VS0,VE0
etag
"64ffb2cd-19dc4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FS8TJmXgcO9KEDqBDpo4pMGophF4jSPvdOFU3Pll76%2Fdma3B7JY1cYgWBLwxtGtGjwQzfvHomhMLGpz4udQ4IH7HnWKXh5V432pd%2FgKvLTxJWOiZzaIvYbxx"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
x-origin-cache
HIT
cf-ray
808e6169ac1eb7a6-AMS
x-cache-hits
2

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| clock object| Livewire object| livewire string| livewire_app_url string| livewire_token function| deferLoadingAlpine object| Alpine

2 Cookies

Domain/Path Name / Value
monitoring.dev.digital-masters.de/ Name: XSRF-TOKEN
Value: eyJpdiI6IkQzMVczQzBnMDk3aXUrSERReVpiWkE9PSIsInZhbHVlIjoiWVVId1h6cXoyazloSGZZUHdNSnpPK3NNVERHcTZ1NmJJdlpLcEQyNys5RkZWcGgrVWxnT3o4Y2xTNFJmTG44QlNRVVdheGJxMDM3Z3VDWmFqaHNCVFFUbmozY3k4ZGk2QmdNdUp2NURGVHNxdU1UeDlOOEMvbGtuU0V6OWxnaTAiLCJtYWMiOiJjOGZiOTI4ZDNmNGEzOTQ5ZjFjNDcxYTE1NjdlZTE2YmQxZmQ2MzFhMTViZGIxNmFjMDNlMzQ5NmM4MzU1MTJmIn0%3D
monitoring.dev.digital-masters.de/ Name: das_auge_session
Value: eyJpdiI6IjR6NHB5MlgrcTlJNDMreWFrb0d0U0E9PSIsInZhbHVlIjoiTnh3MXZtVHVNWW90Y2Z0dVZ6K2dRWTJjZ2lSb29nYy9rQVRJbGhOVC9yczNIcGNXTENWQXlrcDhvd29KbmFGeTNYaW1FbGQ3N0srMlpDQitzZWZ0SlgzaFAyU0M0YXBldGw4TmRkUXN6dDhkWFh0UzkyamdhZ1JydDdnbW9sU1YiLCJtYWMiOiI0MWZiMjYwZTZjMzE0NTc2MTZlNmJlNjM1OTliMGMxZjI2NDFhN2VhMjk2OTljYjMwMjVlYzY3YTIzMDljYmQ5In0%3D

1 Console Messages

Source Level URL
Text
security error
Message:
Refused to frame 'https://www.hvv.de/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block