lieferung-paket-kundin.srtmw.com
Open in
urlscan Pro
173.231.230.169
Malicious Activity!
Public Scan
URL:
https://lieferung-paket-kundin.srtmw.com/address
Submission Tags: 7784231
Submission: On September 22 via api from CH — Scanned from DE
Submission Tags: 7784231
Submission: On September 22 via api from CH — Scanned from DE
Summary
This website contacted 5 IPs
in 1 countries
across 4 domains to perform 26 HTTP transactions.
The main IP is 173.231.230.169, located in
United States and
belongs to INMOTION, US.
The main domain is lieferung-paket-kundin.srtmw.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 22nd 2022. Valid for: 3 months.
This is the only time lieferung-paket-kundin.srtmw.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 22nd 2022. Valid for: 3 months.
This is the only time lieferung-paket-kundin.srtmw.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swiss Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 15 | 173.231.230.169 173.231.230.169 | 22611 (INMOTION) (INMOTION) | |
| 3 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
| 6 | 172.64.202.28 172.64.202.28 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 26 | 5 |
15
173.231.230.169
(United States)
ASN22611 (INMOTION, US)
PTR: vps.nzathu.com
ASN22611 (INMOTION, US)
PTR: vps.nzathu.com
| lieferung-paket-kundin.srtmw.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
srtmw.com
lieferung-paket-kundin.srtmw.com |
757 KB |
| 7 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1512 ka-f.fontawesome.com — Cisco Umbrella Rank: 2852 |
287 KB |
| 3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 209 |
69 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 392 |
14 KB |
| 26 | 4 |
| Domain | Requested by | |
|---|---|---|
| 15 | lieferung-paket-kundin.srtmw.com |
lieferung-paket-kundin.srtmw.com
|
| 6 | ka-f.fontawesome.com |
kit.fontawesome.com
lieferung-paket-kundin.srtmw.com |
| 3 | cdnjs.cloudflare.com |
lieferung-paket-kundin.srtmw.com
|
| 1 | cdn.jsdelivr.net |
lieferung-paket-kundin.srtmw.com
|
| 1 | kit.fontawesome.com |
lieferung-paket-kundin.srtmw.com
|
| 26 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| lieferung-paket-kundin.srtmw.com cPanel, Inc. Certification Authority |
2022-09-22 - 2022-12-21 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
| *.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
| jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q1 |
2022-03-21 - 2023-04-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lieferung-paket-kundin.srtmw.com/address
Frame ID: 511A8FF4DEDB3031B3874F538C5F585A
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Checkout - Rechnungsadresse |Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Laravel
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
Livewire
(Web frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- livewire(?:\.min)?\.js
Axios
(JavaScript libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- ([\d.]+)/jquery-ui(?:\.min)?\.js
- jquery-ui.*\.js
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
address
lieferung-paket-kundin.srtmw.com/ |
41 KB 42 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.css
lieferung-paket-kundin.srtmw.com/css/ |
195 KB 195 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui.min.css
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ba5491b11c.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
lieferung-paket-kundin.srtmw.com/css/ |
25 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
media.css
lieferung-paket-kundin.srtmw.com/css/ |
5 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.svg
lieferung-paket-kundin.srtmw.com/img/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.6.0.min.js
lieferung-paket-kundin.srtmw.com/js/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
popper.min.js
lieferung-paket-kundin.srtmw.com/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js
lieferung-paket-kundin.srtmw.com/js/ |
62 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.validate.min.js
lieferung-paket-kundin.srtmw.com/js/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
additional-methods.js
cdn.jsdelivr.net/npm/jquery-validation@1.19.3/dist/ |
51 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.24.0/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script.js
lieferung-paket-kundin.srtmw.com/js/ |
142 B 397 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
counter.js
lieferung-paket-kundin.srtmw.com/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/ |
248 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
livewire.js
lieferung-paket-kundin.srtmw.com/vendor/livewire/ |
156 KB 156 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
100 KB 23 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
823 B 710 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
frutiger_regular.ttf
lieferung-paket-kundin.srtmw.com/fonts/ |
36 KB 36 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
frutiger_bold.ttf
lieferung-paket-kundin.srtmw.com/fonts/ |
35 KB 35 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Frutiger_LT_65_Bold.ttf
lieferung-paket-kundin.srtmw.com/fonts/ |
57 KB 57 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v6.2.0/webfonts/ |
105 KB 106 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.2.0/webfonts/ |
147 KB 148 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swiss Post (Transportation)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| FontAwesomeKitConfig function| $ function| jQuery function| Popper object| bootstrap function| axios object| Livewire object| livewire string| livewire_app_url string| livewire_token function| deferLoadingAlpine2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| lieferung-paket-kundin.srtmw.com/ | Name: XSRF-TOKEN Value: eyJpdiI6InhvK0tKM1dIRy81bkhTeWZnS29DTUE9PSIsInZhbHVlIjoiVlgyK3pzRnNiYWFTbzgveG1lQzAwaXczQTZTcHFHYzFxcUtCUzdLVHNQSmJqVkw3VjdLTkxKSGlCc1cvK0xkZGVKaTBnV3VFOTlRMUlXaTZpaVNyN1V6b1ZmNEcxZStWekMrYmVRdUVGNzFCcHdnQTkvOXZ4cmJjWmRkSzMwM0EiLCJtYWMiOiIxZTBkNDNhZWJiZjQ0YmFkOWEzMjJlMTcyNDMxOGVkMTAxMzBkOTJmNWRmMTc4NDNjYjVhOWVlZGE4NjQwMzdiIiwidGFnIjoiIn0%3D |
|
| lieferung-paket-kundin.srtmw.com/ | Name: laravel_session Value: eyJpdiI6IklHUnE5b1o2Y3dKVSsyVlhpMzl3WVE9PSIsInZhbHVlIjoiWk9DR01mQ0o4TnZtdVJIa2NOd3M5Ynl2bTlkQUc5bzZYTzFlRHNvRzU5Mmc3STR3c3ZHTVgrQ01vSGI4aU5pM0ZRWjdnVm12dmc0amJ2Smk3NitqTHFKZmRheFRQSjFkVTlxSWtFQS9SMnJDa215TldDSk9jWE8yZ2lwOEllYkIiLCJtYWMiOiJlODcyMGZlNTUxYjczNGQwMDIwODk0YjVlYWZjNWRjN2FiMDc0OGU1ZmRmYjZkNDBkNGE3OTUxN2ZkMTNkNGE1IiwidGFnIjoiIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
ka-f.fontawesome.com
kit.fontawesome.com
lieferung-paket-kundin.srtmw.com
172.64.202.28
173.231.230.169
2606:4700::6811:190e
2606:4700::6812:1634
2a04:4e42:200::485
07ef63cd9842e99556038c49f2fc07b849edc61e4577ddd4644f9ca0845e200e
11b77c55feeef9515846e545d400b3ac6fe5fa72acc4f4ef3536815ab931aea2
17e97452418b8595f162bfbd40f3fb96d1153cda5d2b0a49b0d0a05b01fce385
1b89c653011c414bf5b9e166440c8c92b74c2a31431633b0fd1a07797702882c
22b33536f2585278142eda58b643514bb8c42924183053e5512e2c958a7119d5
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
34b8d08084f0fafcde91f5c2e8b4b852e135c646a6ec25d1ec207d2e01896166
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
61bc05483ccc3ca099da0b327dc0b554e0b978107d5e21fd141e1419b24412fb
657b38d408d6552df456c765be754c08e6dee14da828fcfc3a05d25567d01521
66909991487a411a536c226f3d2bd04b86d8ccd973b74ebe8773ae0c3809e191
6fd6d75d8052df6156a783b08cbc9338247b21b1ddfa3dd1df0738c8b3f8056d
830b9ad1280be91582a0d6d851508fe5ab46b6b7578b07e292a15441bbe1e390
8e1067bd02326817437ccaabc56bbdd261b5874d6d2cdd9d3974765ec6f9160e
ac1c8f94750b39b12327a5d0c56fdf946dabfb6d91e5d2a202879ff9a5d67e29
ad28ece0bf48b1488c82aaf700201d7f6b56a62e11b5b6a0a12481780c8a3417
aed6ac78b8249a9c7cff0030f3b921ee9f771cb1684164f3e679e1023a4d5c69
af24b8992585daf5e60bfd165cf968a5d7e46098e809f272bfd3378f67325177
c1081c5c02309927ef4aa2929fc0e14122fb47302d81ea4118acb9d643a1c65e
c22aba3fb12027fa3dd7d0175af7ef8401839d9f78d6e1bc95bb8e6cff12702f
c6c1651291bdbeeaf76023bf75ea9e024acecc85244905df86a5bd98e294e3c0
c8c014c730b7402f4a0d8b695c135278ce4d8eb3ee419c31939195c3cecfbeb5
dc792254ef4c8a22f88b38f5554a1a7323a57e3159e2b5f574eb775a4da1a6f1
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e