www.hm-herz.com Open in urlscan Pro
157.7.107.174 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.frency-mercury.com/wp-includes/wise.html
Effective URL:
https://www.hm-herz.com/wp-includes/pomo/login/fbs/
Submission: On January 28 via api (January 28th 2022, 7:30:42 am UTC) from DE — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 157.7.107.174, located in Japan and belongs to INTERQ GMO Internet,Inc, JP. The main domain is www.hm-herz.com.
TLS certificate: Issued by R3 on November 27th 2021. Valid for: 3 months.

This is the only time www.hm-herz.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wise (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3036::6815:59f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	157.7.107.174 157.7.107.174	7506 (INTERQ GM...) (INTERQ GMO Internet)
1 1	104.16.41.16 104.16.41.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.30.50 104.18.30.50	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	4

1 2606:4700:3036::6815:59f3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.frency-mercury.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 157.7.107.174 (Japan)

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: 157-7-107-174.virt.lolipop.jp

www.hm-herz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.41.16 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

transferwise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.30.50 (None, )

ASN13335 (CLOUDFLARENET, US)

wise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	hm-herz.com www.hm-herz.com	63 KB
1	wise.com wise.com — Cisco Umbrella Rank: 86335	160 KB
1	transferwise.com 1 redirects transferwise.com — Cisco Umbrella Rank: 102857	515 B
1	frency-mercury.com www.frency-mercury.com	711 B
14	4

	Domain	Requested by
12	www.hm-herz.com	www.frency-mercury.com www.hm-herz.com
1	wise.com	www.hm-herz.com
1	transferwise.com	1 redirects
1	www.frency-mercury.com
14	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-12` - `2022-06-11`	a year	crt.sh
hm-herz.com R3	`2021-11-27` - `2022-02-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.hm-herz.com/wp-includes/pomo/login/fbs/
Frame ID: 2807F5BB8785B876141C27B3DE808D3B
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TransferWise - Login

Page URL History Show full URLs

https://www.frency-mercury.com/wp-includes/wise.html Page URL
https://www.hm-herz.com/wp-includes/pomo/login/fbs/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

14
Requests

93 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

223 kB
Transfer

497 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.frency-mercury.com/wp-includes/wise.html Page URL
https://www.hm-herz.com/wp-includes/pomo/login/fbs/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://transferwise.com/assets/login/roof.jpg HTTP 301
https://wise.com/assets/login/roof.jpg

14 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 wise.html
www.frency-mercury.com/wp-includes/ 193 B
711 B 530ms
488ms Document
text/html 2606:4700:3036::6815:59f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.frency-mercury.com/wp-includes/wise.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:59f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 28 Jan 2022 07:30:37 GMT
content-type: text/html
last-modified: Thu, 27 Jan 2022 02:03:48 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2ByYioJy5yvgHQHzbeNG480BK4YGYaCPJa3LTq0l2R6LgH1NTpdVJ5RwZy7H7ooyxzPzzovyQSYfyenSqQpXCgUH0kd2NLlKwHsPvNeWeFD7qQFhszQWtIO9yqntUoYtYI2LmiWZCD4jD2m9s9iYFMfDt1NY%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d488434ef8e694f-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Primary Request / Show response
www.hm-herz.com/wp-includes/pomo/login/fbs/ 7 KB
2 KB 815ms
289ms Document
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/
Requested by: Host: www.frency-mercury.com
URL: https://www.frency-mercury.com/wp-includes/wise.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache /
Resource Hash: f600662751ab0ea0e120784241252398c43d832a3f8aa48a2a84c9d9b2dc90e7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.frency-mercury.com/

Response headers

date: Fri, 28 Jan 2022 07:30:38 GMT
content-type: text/html
content-length: 2004
server: Apache
last-modified: Thu, 27 Jan 2022 16:56:45 GMT
accept-ranges: none
vary: Range,Accept-Encoding
content-encoding: gzip

GET
H2 200 style.css
www.hm-herz.com/wp-includes/pomo/login/fbs/css/ 248 KB
44 KB 308ms
307ms Stylesheet
text/css 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache /
Resource Hash: 0af4cfe38f3225c17047c84f24f9661faea33214db2e984b2ac0ae6384f5e855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:38 GMT
content-encoding: gzip
last-modified: Thu, 27 Jan 2022 16:56:45 GMT
server: Apache
vary: Range,Accept-Encoding
content-type: text/css
accept-ranges: none
content-length: 44412

GET
H2 200 another.css
www.hm-herz.com/wp-includes/pomo/login/fbs/css/ 77 KB
17 KB 826ms
825ms Stylesheet
text/css 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/another.css
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache /
Resource Hash: dc7d7b639c8a558e06957a008ba8e021da6dd57bff8c895af72a276a21e67bb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:38 GMT
content-encoding: gzip
last-modified: Thu, 27 Jan 2022 16:56:45 GMT
server: Apache
vary: Range,Accept-Encoding
content-type: text/css
accept-ranges: none
content-length: 17000

GET
H2

200

roof.jpg
wise.com/assets/login/
Redirect Chain

https://transferwise.com/assets/login/roof.jpg
https://wise.com/assets/login/roof.jpg

159 KB
160 KB

75ms
39ms

Image
image/webp

104.18.30.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wise.com/assets/login/roof.jpg

Requested by

Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/another.css

Protocol

Server

104.18.30.50 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d9eec67bbbc1166613d3374bc4a525bc778ad94ea7d547659d5d6d822a0ae4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hm-herz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 149734
cf-polished: origFmt=jpeg, origSize=222249
x-envoy-upstream-service-time: 3
content-disposition: inline; filename="roof.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 162620
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: login/roof-ead47c7a25b6abbf5da2f18ef35790e8.jpg
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
content-type: image/webp
vary: Accept
cache-control: public, max-age=31536000
x-envoy-attempt-count: 1
accept-ranges: bytes
cf-ray: 6d4884437f5568fb-FRA

Redirect headers

date: Fri, 28 Jan 2022 07:30:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
age: 189
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=iso-8859-1
location: https://wise.com/assets/login/roof.jpg
strict-transport-security: max-age=31536000
cf-ray: 6d488442fc0b92a1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a776652f608c53fcbde2ff9f424b5628ed720e285acf4dd152b91d4926368981

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 433 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90d6281e201564268ac285eb97962fffc8a6d3214791d2e2865c95321057d7ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 417 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 042e08ce5a48b76e3e639d8b507d1f24cdf850981e303978e518f676e55ccde3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16dda0331d978757e75dfca7d9d091c053139ebffd0e3f3af9322bff8ef10cdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 640 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c887f82d761cb10403d0f14cfdc40a5d08c32635b14ddd0c98a501183ef8f522

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 500 TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 484ms
484ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:39 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 493ms
492ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:39 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 532ms
532ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:39 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 536ms
535ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:40 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 584ms
584ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:40 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 521ms
521ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:40 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 453ms
453ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:40 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 543ms
526ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:40 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 500 TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf
www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/ 0
0 505ms
498ms Font
text/html 157.7.107.174
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf
Requested by: Host: www.hm-herz.com
URL: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.107.174 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: 157-7-107-174.virt.lolipop.jp
Software: Apache / PHP/7.4.12
Resource Hash

Request headers

Referer: https://www.hm-herz.com/wp-includes/pomo/login/fbs/css/style.css
Origin: https://www.hm-herz.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 07:30:40 GMT
server: Apache
x-powered-by: PHP/7.4.12
content-length: 0
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wise (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.transferwise.com/	1970-01-20 00:29:16	Name: __cf_bm Value: 6HLmB_OlgbSCoh1SL2d.VdoVFY3q3aLE9lGvJgVXlPA-1643355039-0-AeyaNEL8Nuli+N7TqsAmQFPEXv5zLGbt+Tt27JHDX5FuJ23NfQujflZonvhgM3qREDWzBTsWMDk3t4APcJ8CnsE=
			.wise.com/	1970-01-20 00:29:16	Name: __cf_bm Value: GKFTgFP22rNvRCf.5fzeIBjyFvxhe4Y2uVkQQgRlcKY-1643355039-0-AfN1VltVE4V3RL4HlqyzfnQDA8qsfpzysNHuKENEknaKtNs2QfFcKUUOVE0kTU7gg9yd82bnKPPzEoDdbZIgqB9R21KIvareCuObUshw3sB+

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-0ba8a14820a94bbecfeb5c043ddfd409.woff2 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-68f06d694edcfab46fe56aaa33f07cf2.woff2 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-e0037ebb1d64dbfb4521af1ae0ec656b.woff2 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-fc3e4a7ec72f95c49514fe7112878854.woff Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-1d6d0aa41e2fb4b0073132359b508d13.woff Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-d19822d886630bdb27029ccc068057c5.woff Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Bold-227bddcf6067a5fcebe19653694a358c.ttf Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Semibold-acd8b3778d5a69f36f11e6b9f1e44058.ttf Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://www.hm-herz.com/static-assets/app/_next/static/chunks/fonts/TW-Averta-Regular-cfc5d4b830a3857c2365834792aeb698.ttf Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

transferwise.com
wise.com
www.frency-mercury.com
www.hm-herz.com
104.16.41.16
104.18.30.50
157.7.107.174
2606:4700:3036::6815:59f3
042e08ce5a48b76e3e639d8b507d1f24cdf850981e303978e518f676e55ccde3
0af4cfe38f3225c17047c84f24f9661faea33214db2e984b2ac0ae6384f5e855
16dda0331d978757e75dfca7d9d091c053139ebffd0e3f3af9322bff8ef10cdd
6d9eec67bbbc1166613d3374bc4a525bc778ad94ea7d547659d5d6d822a0ae4b
90d6281e201564268ac285eb97962fffc8a6d3214791d2e2865c95321057d7ce
a776652f608c53fcbde2ff9f424b5628ed720e285acf4dd152b91d4926368981
c887f82d761cb10403d0f14cfdc40a5d08c32635b14ddd0c98a501183ef8f522
dc7d7b639c8a558e06957a008ba8e021da6dd57bff8c895af72a276a21e67bb4
f600662751ab0ea0e120784241252398c43d832a3f8aa48a2a84c9d9b2dc90e7

www.hm-herz.com Open in urlscan Pro 157.7.107.174 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

223 kBTransfer

497 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

9 Console Messages

Indicators

www.hm-herz.com Open in urlscan Pro
157.7.107.174 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

223 kB
Transfer

497 kB
Size

2
Cookies

14 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!