myhermes-paketankundigung.de
Open in
urlscan Pro
158.220.82.221
Malicious Activity!
Public Scan
Effective URL: https://myhermes-paketankundigung.de/app/index.php?userid=c1c70b1be49380b96821a9d29e34df9c&ue=031ae1791c2be4461ae3496686d7662d
Submission: On November 09 via manual from SG — Scanned from SG
Summary
TLS certificate: Issued by R3 on November 6th 2023. Valid for: 3 months.
This is the only time myhermes-paketankundigung.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Hermes (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 104.244.42.69 104.244.42.69 | 13414 (TWITTER) (TWITTER) | |
1 | 99.86.91.110 99.86.91.110 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2600:1901:0:4... 2600:1901:0:498c:: | 15169 (GOOGLE) (GOOGLE) | |
1 12 | 158.220.82.221 158.220.82.221 | 51167 (CONTABO) (CONTABO) | |
1 | 52.219.169.102 52.219.169.102 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 6 |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-91-110.cdg50.r.cloudfront.net
www.creditsesame.com |
ASN51167 (CONTABO, DE)
PTR: vmi1491240.contaboserver.net
myhermes-paketankundigung.de |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.eu-central-1.amazonaws.com
tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
myhermes-paketankundigung.de
myhermes-paketankundigung.de Failed |
747 KB |
2 |
t.co
1 redirects
t.co — Cisco Umbrella Rank: 607 |
1 KB |
1 |
amazonaws.com
tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com — Cisco Umbrella Rank: 330021 |
113 KB |
1 |
mxpnl.com
cdn.mxpnl.com — Cisco Umbrella Rank: 3740 |
18 KB |
1 |
creditsesame.com
www.creditsesame.com — Cisco Umbrella Rank: 274947 |
3 KB |
0 |
mixpanel.com
Failed
api-js.mixpanel.com Failed |
|
17 | 6 |
Domain | Requested by | |
---|---|---|
12 | myhermes-paketankundigung.de |
www.creditsesame.com
myhermes-paketankundigung.de |
2 | t.co | 1 redirects |
1 | tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com |
myhermes-paketankundigung.de
|
1 | cdn.mxpnl.com |
www.creditsesame.com
|
1 | www.creditsesame.com |
t.co
|
0 | api-js.mixpanel.com Failed |
cdn.mxpnl.com
|
17 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-01-03 - 2024-01-03 |
a year | crt.sh |
creditsesame.com Sectigo RSA Extended Validation Secure Server CA |
2023-01-24 - 2024-02-24 |
a year | crt.sh |
*.mxpnl.com GeoTrust TLS RSA CA G1 |
2023-07-12 - 2024-08-11 |
a year | crt.sh |
myhermes-paketankundigung.de R3 |
2023-11-06 - 2024-02-04 |
3 months | crt.sh |
*.s3.eu-central-1.amazonaws.com Amazon RSA 2048 M01 |
2023-10-10 - 2024-08-12 |
10 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://myhermes-paketankundigung.de/app/index.php?userid=c1c70b1be49380b96821a9d29e34df9c&ue=031ae1791c2be4461ae3496686d7662d
Frame ID: 76B54EA7FFDB267CE223CD7EA4CE0916
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Hermes SendungsverfolgungPage URL History Show full URLs
-
http://t.co/VKTSBDQ3Sk
HTTP 301
https://t.co/VKTSBDQ3Sk Page URL
- https://www.creditsesame.com/trk/click?url=https%3A%2F%2Fmyhermes-paketankundigung.de%2F Page URL
-
https://myhermes-paketankundigung.de/
HTTP 302
https://myhermes-paketankundigung.de/app/index.php?userid=c1c70b1be49380b96821a9d29e34df9c&ue=031ae1791c2be4461ae... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://t.co/VKTSBDQ3Sk
HTTP 301
https://t.co/VKTSBDQ3Sk Page URL
- https://www.creditsesame.com/trk/click?url=https%3A%2F%2Fmyhermes-paketankundigung.de%2F Page URL
-
https://myhermes-paketankundigung.de/
HTTP 302
https://myhermes-paketankundigung.de/app/index.php?userid=c1c70b1be49380b96821a9d29e34df9c&ue=031ae1791c2be4461ae3496686d7662d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://t.co/VKTSBDQ3Sk HTTP 301
- https://t.co/VKTSBDQ3Sk
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
VKTSBDQ3Sk
t.co/ Redirect Chain
|
420 B 712 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
click
www.creditsesame.com/trk/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mixpanel-2-latest.min.js
cdn.mxpnl.com/libs/ |
52 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
myhermes-paketankundigung.de/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.php
myhermes-paketankundigung.de/app/ Redirect Chain
|
47 KB 47 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
/
api-js.mixpanel.com/track/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9f0a887e351e902a80154506fd43fee1.js
myhermes-paketankundigung.de/app/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
marselisweb_woff2.woff2
myhermes-paketankundigung.de/assets/assets/fonts/marselisot/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
myhermes-paketankundigung.de/app/assets/css/ |
462 KB 462 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
01_sendungsnummer.jpg
tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com/images/ |
113 KB 113 KB |
Image
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
zahlarten_800x127.png
myhermes-paketankundigung.de/app/assets/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telekom_logo.png
myhermes-paketankundigung.de/app/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
274 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
218 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circularhermesweb-regular-woff2.woff2
myhermes-paketankundigung.de/app/assets/fonts/ |
69 KB 69 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glyphicons-halflings-regular_woff2.woff2
myhermes-paketankundigung.de/app/assets/fonts/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
marselisw05-black_woff2.woff2
myhermes-paketankundigung.de/app/assets/fonts/ |
33 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circularhermesweb-medium-woff2.woff2
myhermes-paketankundigung.de/app/assets/fonts/ |
70 KB 70 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
marselisweb_woff2.woff2
myhermes-paketankundigung.de/app/assets/fonts/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- myhermes-paketankundigung.de
- URL
- https://myhermes-paketankundigung.de/
- Domain
- api-js.mixpanel.com
- URL
- https://api-js.mixpanel.com/track/?verbose=1&ip=1&_=1699537382178
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Hermes (Transportation)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: c398b420-6114-48f7-80aa-12449630653b |
|
.t.co/ | Name: muc_ads Value: c398b420-6114-48f7-80aa-12449630653b |
|
.creditsesame.com/ | Name: cs-api-sessid Value: session-1699537380aybt63dvww |
|
.creditsesame.com/ | Name: trk Value: 129924510 |
|
.creditsesame.com/ | Name: inbound_trk_params Value: %7B%22Affiliate%20Tracking%20ID%22%3A%22129924510%22%2C%22marketingUrl%22%3A%22https%3A%2F%2Fwww.creditsesame.com%2Ftrk%2Fclick%3Furl%3Dhttps%253A%252F%252Fmyhermes-paketankundigung.de%252F%22%2C%22initial_referrer_url%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22initial_referrer_url_domain%22%3A%22t.co%22%2C%22Client%20IP%22%3A%22209.58.162.208%22%2C%22Session%20Identifier%22%3A%22session-1699537380aybt63dvww%22%2C%22Page%20Form%20Factor%22%3A%22Public%20Web%22%7D |
|
.creditsesame.com/ | Name: clientIP Value: 209.58.162.208 |
|
.creditsesame.com/ | Name: vid Value: ClhwTWVM4eQZihCzGLwNAg== |
|
.creditsesame.com/ | Name: mp_6dc5ae47a9f2d0f00f01818995ca6fa2_mixpanel Value: %7B%22distinct_id%22%3A%20%22%24device%3A18bb45264744d1-06714197266c0f-66385e53-1d4c00-18bb45264744d1%22%2C%22%24device_id%22%3A%20%2218bb45264744d1-06714197266c0f-66385e53-1d4c00-18bb45264744d1%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Ft.co%2F%22%2C%22%24initial_referring_domain%22%3A%20%22t.co%22%7D |
|
myhermes-paketankundigung.de/ | Name: PHPSESSID Value: 8081cb27e779b71d13199ba0f656ac86 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-js.mixpanel.com
cdn.mxpnl.com
myhermes-paketankundigung.de
t.co
tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com
www.creditsesame.com
api-js.mixpanel.com
myhermes-paketankundigung.de
104.244.42.69
158.220.82.221
2600:1901:0:498c::
52.219.169.102
99.86.91.110
00176f3712a7859d13422c827c6acf4a25c0653353100ccc565b8b5781828fb6
0143e8ff1d215cbf1fe47899d14bbda2fc37c872ac20ebbe80a6f490abca617a
143ff2a1a385241f152e2e0a860cd2f5770c46649bb201312457a26974de4824
3489e85944ab4eec25fad37f247f015f829e8260073126fd1bd958bfa3acc6dc
3c214e0dab840de69e8534626467a4d53da06992ac2c439e39f4174589836109
465b75cdf1dd2e2512e21a0afc34be22c1ab3f27438147079db6ec77315bebbf
57a5de7a9a73377a247c527c910820f863f3cf84d14a4e0727357c3ebf2540b1
644b41373fbfab7d264ec92d59f32e2005c1ec70299cbe8c04401b13440a311f
76517cfaec1c39240e826a6344d7ede53dd6e8299ff5614ecd887182a39e115f
7706c07ff813ca9b5109be755c068865379f764cf975cf064168db2726e521c0
7e18fd6fb7dfac50035847761df183c57886691827ddd303b9ed74637581e40c
a3cc4ceb278fe4a777d6ffcfd35657e4ed758af98285c5ab76570a1aadd2d073
c7e77fae0b58ac98dc35e183e862642a69c104bda1de34bb5e48b93474cece5d
c8e504f08186e03d0858c3bc994ec1fea810f5abb612a8b03adde592a64a9aa7
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c