bernardoballester.com
Open in
urlscan Pro
213.158.93.12
Malicious Activity!
Public Scan
Effective URL: https://bernardoballester.com/nu/evri/evPostcode.php?sslchannel=true&sessionid=oZkHbEqvFaaXQ9ErVhJsV3jecl12VyG7yBxbS9Bn8H0DPmS...
Submission: On July 11 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by R11 on July 9th 2024. Valid for: 3 months.
This is the only time bernardoballester.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Hermes (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 59.120.118.168 59.120.118.168 | 3462 (HINET Dat...) (HINET Data Communication Business Group) | |
2 2 | 204.44.192.34 204.44.192.34 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
2 2 | 216.218.206.61 216.218.206.61 | 6939 (HURRICANE) (HURRICANE) | |
2 2 | 66.165.234.210 66.165.234.210 | 29802 (HVC-AS) (HVC-AS) | |
2 28 | 213.158.93.12 213.158.93.12 | 34762 (COMBELL-AS) (COMBELL-AS) | |
26 | 1 |
ASN3462 (HINET Data Communication Business Group, TW)
PTR: 59-120-118-168.hinet-ip.hinet.net
ppt.cc |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: s119.servername.online
aim-projects.com |
ASN29802 (HVC-AS, US)
PTR: guarani.lineadns.com
www.aaa.org.uy |
ASN34762 (COMBELL-AS, BE)
PTR: 213.158.93.12.static.teamblue-ops.net
bernardoballester.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
bernardoballester.com
2 redirects
bernardoballester.com |
613 KB |
2 |
aaa.org.uy
2 redirects
www.aaa.org.uy |
622 B |
2 |
leitzgo.ph
2 redirects
leitzgo.ph |
703 B |
2 |
aim-projects.com
2 redirects
aim-projects.com |
553 B |
1 |
ppt.cc
1 redirects
ppt.cc |
320 B |
26 | 5 |
Domain | Requested by | |
---|---|---|
28 | bernardoballester.com |
2 redirects
bernardoballester.com
|
2 | www.aaa.org.uy | 2 redirects |
2 | leitzgo.ph | 2 redirects |
2 | aim-projects.com | 2 redirects |
1 | ppt.cc | 1 redirects |
26 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bernardoballester.com R11 |
2024-07-09 - 2024-10-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bernardoballester.com/nu/evri/evPostcode.php?sslchannel=true&sessionid=oZkHbEqvFaaXQ9ErVhJsV3jecl12VyG7yBxbS9Bn8H0DPmStk9pPY1OX7oTM8oQZbBfHd39f0l5oDU4VADwcv9EP1sIQYCg1i2VGfFDS0lKVmJ0yPZ60GtiwghBJywV2B4
Frame ID: 5D8CEE7EC04F08423CCDA1AE9B5F3F96
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Parcel Tracking UK | Track My Parcel | EvriPage URL History Show full URLs
-
https://ppt.cc/fKptwx
HTTP 302
https://aim-projects.com/block HTTP 301
https://aim-projects.com/block/ HTTP 302
https://leitzgo.ph/assets/block HTTP 301
https://leitzgo.ph/assets/block/ HTTP 302
https://www.aaa.org.uy/wp-includes/blocks/re HTTP 301
https://www.aaa.org.uy/wp-includes/blocks/re/ HTTP 302
https://bernardoballester.com/nu/evri HTTP 301
http://bernardoballester.com/nu/evri/ HTTP 307
https://bernardoballester.com/nu/evri/ HTTP 302
https://bernardoballester.com/nu/evri/evPostcode.php?sslchannel=true&sessionid=oZkHbEqvFaaXQ9ErVhJsV3jecl1... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Nuxt.js (JavaScript Frameworks) Expand
Detected patterns
- <div [^>]*id="__nuxt"
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ppt.cc/fKptwx
HTTP 302
https://aim-projects.com/block HTTP 301
https://aim-projects.com/block/ HTTP 302
https://leitzgo.ph/assets/block HTTP 301
https://leitzgo.ph/assets/block/ HTTP 302
https://www.aaa.org.uy/wp-includes/blocks/re HTTP 301
https://www.aaa.org.uy/wp-includes/blocks/re/ HTTP 302
https://bernardoballester.com/nu/evri HTTP 301
http://bernardoballester.com/nu/evri/ HTTP 307
https://bernardoballester.com/nu/evri/ HTTP 302
https://bernardoballester.com/nu/evri/evPostcode.php?sslchannel=true&sessionid=oZkHbEqvFaaXQ9ErVhJsV3jecl12VyG7yBxbS9Bn8H0DPmStk9pPY1OX7oTM8oQZbBfHd39f0l5oDU4VADwcv9EP1sIQYCg1i2VGfFDS0lKVmJ0yPZ60GtiwghBJywV2B4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
evPostcode.php
bernardoballester.com/nu/evri/ Redirect Chain
|
86 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c2077bd.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
43 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6711dc2.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
21 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
24c52d8.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
1 KB 686 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4ded54c.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e1ff434.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5384f4c.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
3 KB 1017 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2fa3c1e.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6b5e13a.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3e3d0a7.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0fba873.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
2 KB 660 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2fa3c1e(1).css
bernardoballester.com/nu/evri/evv_assetz/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6b5e13a(1).css
bernardoballester.com/nu/evri/evv_assetz/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3e3d0a7(1).css
bernardoballester.com/nu/evri/evv_assetz/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0fba873(1).css
bernardoballester.com/nu/evri/evv_assetz/css/ |
2 KB 660 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7dccfde.css
bernardoballester.com/nu/evri/evv_assetz/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poppins-semibold-webfont.392d12d.woff2
bernardoballester.com/nu/evri/evv_assetz/fonts/ |
19 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poppins-regular-webfont.7930357.woff2
bernardoballester.com/nu/evri/evv_assetz/fonts/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d9d833c5-7e4f-479f-bf68-52d33b648f94_track-landing.svg
bernardoballester.com/nu/evri/evv_assetz/img/ |
7 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
04410bfb-dbe7-4036-8ac9-9795932c4fbe_my-places.svg
bernardoballester.com/nu/evri/evv_assetz/img/ |
2 KB 893 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c617b390-f0c4-46b4-80de-91649bd81367_divert-your-parcel.svg
bernardoballester.com/nu/evri/evv_assetz/img/ |
11 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0966996d-ba7a-4c24-a313-0a1671b3fb5a_need-help-tracking.svg
bernardoballester.com/nu/evri/evv_assetz/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9c7da113-f365-4237-a354-013bc51f4942_courier+holding+parcels+whole+walking+down+street.jpg
bernardoballester.com/nu/evri/evv_assetz/img/ |
140 KB 140 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
070fb904-68fe-40d8-a7c0-88e1b3e33e2f_Customer+using+app.jpg
bernardoballester.com/nu/evri/evv_assetz/img/ |
213 KB 213 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0a4cb457-32eb-4ca9-bc8c-7e73bae98e53_courier+scanning+parcel+with+smartphone+outdoors.jpg
bernardoballester.com/nu/evri/evv_assetz/img/ |
163 KB 164 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
bernardoballester.com/nu/evri/evv_assetz/img/ |
4 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Hermes (Transportation)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ppt.cc/ | Name: PHPSESSID Value: qis584ng25knmf9qeko5sg16r0 |
|
aim-projects.com/ | Name: PHPSESSID Value: 70dde005b92d10ac88a496e5b1702c3d |
|
leitzgo.ph/ | Name: PHPSESSID Value: 8566193fd52a77ab125ec3d06a2a90eb |
|
www.aaa.org.uy/ | Name: PHPSESSID Value: e250cc7f210152e4cc489721170d4459 |
|
bernardoballester.com/ | Name: PHPSESSID Value: v526109v54aon5mrtnoegq6100 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aim-projects.com
bernardoballester.com
leitzgo.ph
ppt.cc
www.aaa.org.uy
204.44.192.34
213.158.93.12
216.218.206.61
59.120.118.168
66.165.234.210
067b66273ba2a156d2f6ca5529e4aeb9949408e47e06bd2d38e2093edc3bbab1
06e065bab5a4cb362d4d00864f36088f0053b372598f7a7ad7edbad73712112f
0f23068adfcb216dd91d3f94e19eb86652afd5a8a31e0d47b77b944993e9ec54
154373ff1eeba51fdb467428c9cf2d3e968ee102408c786e41ff01114fbf1f48
1e1aeafacba1cc56db1719fb59ff474a17c92a25431dec9151476012a0f6b96b
1e96dc039f74cd11bf5098a94bb5bf1476aa53d0653254da8d4062e2bb3aa4c9
26732190d7470ef90f27f0b4dddb5f9fd9e82c5c6aae6a233108383cc4c87f5f
349105090787437ba498fdfb21c48559b3834461bfff8282fbe2b0f278452c66
38159f6cbad6a5fe64ab38c7ccd2698810d77141378d6f617da357c41fadce7f
5805b5c786e9d2a4ef962597ae6f2ad133b015b182ab5ff0747e1ae373a20c26
63cdd20cbfcac91ad58c1a088889d0bd80970a7e5d15b7fd1894c2ee0ffcd782
68bfa84654289be09858a11e3aa032af1e48a31f3c2aeaff65a777130b573ba9
7f841ee26c544975d1d31f87ecbf2995c888b3f1ee7aed213a09bffd6818f1fd
b098fd9c15a65107f902f2992c277043b866eb2402880c8ca5837eb4f870a25b
c2cb70ff9dbbd78f4573e51c58643faf642eae63ee2bb8ef525c29053647bab7
c9ce5009171219035a75d24a565f1e3dbf5fe9a54823e4620779f9d5de76fdb5
ce6a1a1065dd43f61036e4df46e4c48ec93a64929f6f2906d8a51104921dfd9e
d8821e1bad4d7e8a329e2decb9229740b8e9446d8362063c629e55b9733b8490
e290bdbff0b796f7f57499534d28ffb583fe6f8c6e45f56b3ce3da7244976275
fb80823e63872a7b009f31f8151f0e1709a6dab4fd1064b67286907af6d38476
fc5353130a076a7ab678bdbc213fa9c539e4c9ab4be1e19fc284f55a08209723
ffb81e3b15f8ac3722236fb7793dc196c9e7ad850904d98b9c874aa61d9aab84