![](/screenshots/f8dcd4f9-149c-4930-815d-bcd9f64f3818.png)
postnord.safedeals.art
Open in
urlscan Pro
45.89.54.167
Public Scan
Submission Tags: https://phish.report @phish_report Search All
Submission: On June 30 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on May 11th 2023. Valid for: 3 months.
This is the only time postnord.safedeals.art was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 45.89.54.167 45.89.54.167 | 61424 (ESERVER-S...) (ESERVER-SK-AS) | |
8 | 178.21.8.220 178.21.8.220 | 197695 (AS-REG) (AS-REG) | |
4 | 52.222.149.32 52.222.149.32 | 16509 (AMAZON-02) (AMAZON-02) | |
18 | 3 |
ASN61424 (ESERVER-SK-AS, SK)
PTR: safedeals.art
postnord.safedeals.art |
ASN197695 (AS-REG, RU)
PTR: chat.cetis.ru
widget.replain.cc | |
app.replain.cc |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-32.cdg52.r.cloudfront.net
portal.postnord.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
replain.cc
widget.replain.cc — Cisco Umbrella Rank: 451215 app.replain.cc — Cisco Umbrella Rank: 449895 |
159 KB |
6 |
safedeals.art
postnord.safedeals.art |
57 KB |
4 |
postnord.com
portal.postnord.com — Cisco Umbrella Rank: 527041 |
74 KB |
18 | 3 |
Domain | Requested by | |
---|---|---|
6 | postnord.safedeals.art |
postnord.safedeals.art
|
5 | widget.replain.cc |
postnord.safedeals.art
widget.replain.cc |
4 | portal.postnord.com |
postnord.safedeals.art
|
3 | app.replain.cc |
widget.replain.cc
|
18 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.postnord.dk |
www.postnord.se |
Subject Issuer | Validity | Valid | |
---|---|---|---|
postnord.safedeals.art R3 |
2023-05-11 - 2023-08-09 |
3 months | crt.sh |
widget.replain.cc R3 |
2023-06-26 - 2023-09-24 |
3 months | crt.sh |
portal.postnord.com Amazon RSA 2048 M02 |
2023-02-28 - 2024-01-12 |
10 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://postnord.safedeals.art/safedeal/39579367ba1773/
Frame ID: 7392F288E6DB0081A86E2B4D181967C4
Requests: 11 HTTP requests in this frame
Frame:
https://widget.replain.cc/dist/js/widget.2bce8a2c.js
Frame ID: 5231A927D8FF965F29B2572B35E5DCE0
Requests: 6 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Kom i kontakt
Search URL Search Domain Scan URL
Title: Privatlivspolitik
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: postnord.dk
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
postnord.safedeals.art/safedeal/39579367ba1773/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pn_style.css
postnord.safedeals.art/static/style/ |
36 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
delivery.svg
postnord.safedeals.art/static/style/img/ |
16 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
box.svg
postnord.safedeals.art/static/style/img/ |
741 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
credit-card.svg
postnord.safedeals.art/static/style/img/ |
572 B 915 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
invoice.svg
postnord.safedeals.art/static/style/img/ |
597 B 938 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.js
widget.replain.cc/dist/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostNordSans-Medium.woff2
portal.postnord.com/fonts/ |
18 KB 19 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostNordSans-Light.woff2
portal.postnord.com/fonts/ |
18 KB 18 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostNordSans-Bold.woff2
portal.postnord.com/fonts/ |
18 KB 19 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostNordSans-Regular.woff2
portal.postnord.com/fonts/ |
18 KB 19 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget.2bce8a2c.js
widget.replain.cc/dist/js/ Frame 5231 |
323 KB 116 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
widget.bbae7d05.css
widget.replain.cc/dist/css/ Frame 5231 |
45 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
auth
app.replain.cc/ Frame |
0 0 |
Preflight
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
auth
app.replain.cc/ Frame 5231 |
320 B 709 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notification.c5bc0cbc.mp3
widget.replain.cc/dist/media/ Frame 5231 |
24 KB 24 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lang-en-json.f971d5a0.js
widget.replain.cc/dist/js/ Frame 5231 |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-default.png
app.replain.cc/ Frame 5231 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend object| replainSettings boolean| replainInitialized object| ReplainWidget function| ReplainAPI0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.replain.cc
portal.postnord.com
postnord.safedeals.art
widget.replain.cc
178.21.8.220
45.89.54.167
52.222.149.32
44a42196b444e47eff7704535d5f2d623a78cadf72ff555fa932f19090ecf59d
51ee66cb94d1f69ff172accdf998a4b0f8ded3a48b5367fa451b9ec41722e2e6
60e4dbab265348f6e8d155d6a650cf0c60d07286d8e7c78efc2e689e28476f7e
612c2f678b0fb829e3413e857fd457e40ad41ca0043ceb0070c7481bd2854be1
7995417643cd115c0991b6495acd30d3a3d08d9b2779857001741b25c78b607a
925c29d9c349984b2c2fa129f9123515d42dddfb9c59fe08a6ac8eb85123d4e6
939817fbaed06365bc2207d21b542430a13f603d587c04e90e22459875db76df
a5907fb0803d2aba227d0c8179633ad5feaab2975bb7883ac09a8657ef933f11
a8ab98142920890b771f9e1e0ac61d349e1b0bf79fd2829eb70f2e8297b804d9
b3c27860935996ad254158082b7e75bacf50aaec182564f215461d8380840905
c3d6ac7c111917aa295e295cf90f5ab148f4b9b004bfcdfade7ad6ccca6da5cc
cb33b31f39c7c5e0b59f023ffa494d951544a4d97d86d83648b4ce9a87e8e838
d29d3345cf4f562771b5b807bc898e977d32a63e49bb4b084dc86acae4597c1e
d5ad7ca667090e9f90788aa060cc408750534ad167b0d0773f175f5cdbfac97f
dc0035dd99d695295370ac72f47c7b7bc32a9514dbaa45c2d353e1ffb8d749f1
f44602b68c878b3ea0a7023e81a299d86838335f14163375277156ac7417810b
fea54feabb1e2ff3890c1082842860ee01972818e519d38be0004ab39e782e92