trackexpressdhl.serv00.net Open in urlscan Pro
85.194.246.69 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://flowto.it/ef9gx4qazl
Effective URL:
https://trackexpressdhl.serv00.net/online/
Submission: On October 11 via automatic, source phishtank (October 11th 2024, 9:27:07 pm UTC) — Scanned from IT

Summary HTTP 12 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 5 countries across 7 domains to perform 12 HTTP transactions. The main IP is 85.194.246.69, located in Poland and belongs to ECO-ATMAN-PL ECO-ATMAN-, PL. The main domain is trackexpressdhl.serv00.net.
TLS certificate: Issued by R10 on September 23rd 2024. Valid for: 3 months.

This is the only time trackexpressdhl.serv00.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6812:2bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.18.1.248 104.18.1.248	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:1b::1724:a39e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	94.102.75.131 94.102.75.131	8685 (DORUKNET) (DORUKNET)
1 6	85.194.246.69 85.194.246.69	57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-)
1	80.158.67.40 80.158.67.40	34086 (SCZN-AS) (SCZN-AS)
5	2003:2:2:140:... 2003:2:2:140:62:157:140:200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
12	4

1 2606:4700::6812:2bc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

flowto.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.1.248 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

flowcode.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:1b::1724:a39e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.102.75.131 (Istanbul, Turkey) 2 redirects

ASN8685 (DORUKNET, TR)
PTR: webhostlin01.doruk.net.tr

elipsltd.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 85.194.246.69 (Poland) 1 redirects

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web12.serv00.com

trackexpressdhl.serv00.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.158.67.40 (Germany)

ASN34086 (SCZN-AS, DE)

www.telekom.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2003:2:2:140:62:157:140:200 (Germany)

ASN3320 (DTAG Internet service provider operations, DE)

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	serv00.net 1 redirects trackexpressdhl.serv00.net	156 KB
5	telekom.com accounts.login.idm.telekom.com — Cisco Umbrella Rank: 124089	173 KB
2	elipsltd.com.tr 2 redirects elipsltd.com.tr	538 B
1	telekom.de www.telekom.de — Cisco Umbrella Rank: 215815
1	bing.com www.bing.com — Cisco Umbrella Rank: 53	2 KB
1	flowcode.com 1 redirects flowcode.com — Cisco Umbrella Rank: 66275	761 B
1	flowto.it 1 redirects flowto.it	371 B
12	7

	Domain	Requested by
6	trackexpressdhl.serv00.net	1 redirects www.bing.com trackexpressdhl.serv00.net
5	accounts.login.idm.telekom.com	trackexpressdhl.serv00.net
2	elipsltd.com.tr	2 redirects
1	www.telekom.de	trackexpressdhl.serv00.net
1	www.bing.com
1	flowcode.com	1 redirects
1	flowto.it	1 redirects
12	7

This site contains links to these domains. Also see Links.

Domain
www.telekom.de

Subject Issuer	Validity	Valid
r.bing.com Microsoft Azure ECC TLS Issuing CA 04	`2024-06-24` - `2025-06-19`	a year	crt.sh
*.serv00.net R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
www.telekom.de Telekom Security ServerID OV Class 2 CA	`2024-05-08` - `2025-05-12`	a year	crt.sh
accounts.login.idm.telekom.com Telekom Security ServerID EV Class 3 CA	`2024-07-12` - `2025-07-16`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://trackexpressdhl.serv00.net/online/
Frame ID: 3E2EC6D92D7B4C1D1E704A352CBABDD1
Requests: 11 HTTP requests in this frame

Frame: https://www.telekom.de/ueber-das-unternehmen/emetriq-xdn?zid=a8c3c712-9ed6-4f1a-acea-259fffde7b7c
Frame ID: C4F45D0C5F0B04E73B12C40727E32BB7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telekom Login

Page URL History Show full URLs

https://flowto.it/ef9gx4qazl HTTP 302
https://flowcode.com/p/ef9gx4qazl HTTP 302
https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLT... Page URL
https://elipsltd.com.tr/yay HTTP 301
https://elipsltd.com.tr/yay/ HTTP 302
https://trackexpressdhl.serv00.net/online HTTP 301
https://trackexpressdhl.serv00.net/online/ Page URL

Page Statistics

12
Requests

100 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

4
IPs

5
Countries

331 kB
Transfer

328 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.telekom.de/hilfe/telekom-login
Title: Benötigen Sie Hilfe?

Search URL Search Domain Scan URL

URL: https://www.telekom.de/unterwegs/apps-und-dienste/kommunikation/telekom-e-mail
Title: Telekom Login erstellen

Search URL Search Domain Scan URL

URL: https://www.telekom.de/hilfe/vertrag-meine-daten/login-daten-passwoerter/verimi
Title: Hier informieren über VERIMI

Search URL Search Domain Scan URL

URL: https://www.telekom.de/impressum
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.telekom.de/ueber-das-unternehmen/datenschutz#fragen-und-antworten
Title: Datenschutz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://flowto.it/ef9gx4qazl HTTP 302
https://flowcode.com/p/ef9gx4qazl HTTP 302
https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLTY5MTctMDY3Ni0yN2FkZWE3OTY4ZTcmaW5zaWQ9NTI0MQ&ptn=3&ver=2&hsh=3&fclid=39a2333b-eb43-6917-0676-27adea7968e7&u=a1aHR0cHM6Ly9lbGlwc2x0ZC5jb20udHIveWF5&ntb=1 Page URL
https://elipsltd.com.tr/yay HTTP 301
https://elipsltd.com.tr/yay/ HTTP 302
https://trackexpressdhl.serv00.net/online HTTP 301
https://trackexpressdhl.serv00.net/online/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://flowto.it/ef9gx4qazl HTTP 302
https://flowcode.com/p/ef9gx4qazl HTTP 302
https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLTY5MTctMDY3Ni0yN2FkZWE3OTY4ZTcmaW5zaWQ9NTI0MQ&ptn=3&ver=2&hsh=3&fclid=39a2333b-eb43-6917-0676-27adea7968e7&u=a1aHR0cHM6Ly9lbGlwc2x0ZC5jb20udHIveWF5&ntb=1

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

a Show response
www.bing.com/ck/
Redirect Chain

https://flowto.it/ef9gx4qazl
https://flowcode.com/p/ef9gx4qazl
https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLTY5MTctMDY3Ni0yN2FkZWE3OTY4ZTcmaW5zaWQ9NTI0MQ&ptn=3&ver=2&hsh=3&fclid=39a2333b-eb43-6917-0676-27adea7...

2 KB
2 KB

180ms
71ms

Document
text/html

2a02:26f0:3500:1b::1724:a39e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLTY5MTctMDY3Ni0yN2FkZWE3OTY4ZTcmaW5zaWQ9NTI0MQ&ptn=3&ver=2&hsh=3&fclid=39a2333b-eb43-6917-0676-27adea7968e7&u=a1aHR0cHM6Ly9lbGlwc2x0ZC5jb20udHIveWF5&ntb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:1b::1724:a39e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 43aefc82587279c1d9120f2705f78a8d91c0f6cb83260e43c77b5b05bf59b8e2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
alt-svc: h3=":443"; ma=93600
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1172
content-type: text/html; charset=UTF-8
date: Fri, 11 Oct 2024 21:27:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
vary: Accept-Encoding
x-cdn-traceid: 0.9ea12417.1728682022.b5bbb15
x-msedge-ref: Ref A: C6EDE190746D40A8BE8F22117E081692 Ref B: FRA231050412053 Ref C: 2024-10-11T21:27:02Z

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d11ee8efede83a6-MXP
content-type: text/html; charset=utf-8
date: Fri, 11 Oct 2024 21:27:02 GMT
expires: Thu, 01 Jan 1970 00:00:00 UTC
location: https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLTY5MTctMDY3Ni0yN2FkZWE3OTY4ZTcmaW5zaWQ9NTI0MQ&ptn=3&ver=2&hsh=3&fclid=39a2333b-eb43-6917-0676-27adea7968e7&u=a1aHR0cHM6Ly9lbGlwc2x0ZC5jb20udHIveWF5&ntb=1
pragma: no-cache
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC"
strict-transport-security: max-age=15552000; includeSubDomains; preload

GET
H2

200

Primary Request / Show response
trackexpressdhl.serv00.net/online/
Redirect Chain

https://elipsltd.com.tr/yay
https://elipsltd.com.tr/yay/
https://trackexpressdhl.serv00.net/online
https://trackexpressdhl.serv00.net/online/

10 KB
11 KB

336ms
336ms

Document
text/html

85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://trackexpressdhl.serv00.net/online/
Requested by: Host: www.bing.com
URL: https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLTY5MTctMDY3Ni0yN2FkZWE3OTY4ZTcmaW5zaWQ9NTI0MQ&ptn=3&ver=2&hsh=3&fclid=39a2333b-eb43-6917-0676-27adea7968e7&u=a1aHR0cHM6Ly9lbGlwc2x0ZC5jb20udHIveWF5&ntb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: e251112769131b2564fd61152ab7f6e2758e9399f27ee14a913f223a32477db3

Request headers

Referer: https://www.bing.com/ck/a?!&&p=deda719d8ad09ac9JmltdHM9MTcyODM0NTYwMCZpZ3VpZD0zOWEyMzMzYi1lYjQzLTY5MTctMDY3Ni0yN2FkZWE3OTY4ZTcmaW5zaWQ9NTI0MQ&ptn=3&ver=2&hsh=3&fclid=39a2333b-eb43-6917-0676-27adea7968e7&u=a1aHR0cHM6Ly9lbGlwc2x0ZC5jb20udHIveWF5&ntb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-length: 10745
content-type: text/html
date: Fri, 11 Oct 2024 21:27:04 GMT
etag: "6235ebf4-29f9"
last-modified: Sat, 19 Mar 2022 14:43:00 GMT
server: nginx

Redirect headers

content-length: 250
content-type: text/html; charset=iso-8859-1
date: Fri, 11 Oct 2024 21:27:03 GMT
location: https://trackexpressdhl.serv00.net/online/
server: nginx

GET
H2 200 components.min.css
trackexpressdhl.serv00.net/online/static/factorx/css/ 98 KB
98 KB 125ms
124ms Stylesheet
text/css 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://trackexpressdhl.serv00.net/online/static/factorx/css/components.min.css
Requested by: Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://trackexpressdhl.serv00.net/online/

Response headers

accept-ranges: bytes
content-length: 100523
date: Fri, 11 Oct 2024 21:27:04 GMT
etag: "5fbdee50-188ab"
content-type: text/css
last-modified: Wed, 25 Nov 2020 05:40:32 GMT
server: nginx

GET
H2 200 login-24.16.1.css
trackexpressdhl.serv00.net/online/static/factorx/css/ 18 KB
18 KB 126ms
126ms Stylesheet
text/css 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to

Full URL: https://trackexpressdhl.serv00.net/online/static/factorx/css/login-24.16.1.css
Requested by: Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: 5bd0035d8acae2b84653df0b759c71c859b78fb654a83604eed4246b72fd2c07

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://trackexpressdhl.serv00.net/online/

Response headers

accept-ranges: bytes
content-length: 18646
date: Fri, 11 Oct 2024 21:27:04 GMT
etag: "62317a16-48d6"
content-type: text/css
last-modified: Wed, 16 Mar 2022 05:48:06 GMT
server: nginx

GET
H2 200 t-online-logo-29112019.png
trackexpressdhl.serv00.net/online/static/ 6 KB
6 KB 124ms
124ms Image
image/png 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trackexpressdhl.serv00.net/online/static/t-online-logo-29112019.png
Requested by: Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: 11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://trackexpressdhl.serv00.net/online/

Response headers

accept-ranges: bytes
content-length: 5851
date: Fri, 11 Oct 2024 21:27:04 GMT
etag: "60362a8c-16db"
content-type: image/png
last-modified: Wed, 24 Feb 2021 10:29:32 GMT
server: nginx

GET
H2 200 services.png
trackexpressdhl.serv00.net/online/static/factorx/images/ 22 KB
22 KB 125ms
124ms Image
image/png 85.194.246.69
ECO-ATMAN-PL ECO-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trackexpressdhl.serv00.net/online/static/factorx/images/services.png
Requested by: Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 85.194.246.69 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL),
Reverse DNS: web12.serv00.com
Software: nginx /
Resource Hash: 14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://trackexpressdhl.serv00.net/online/

Response headers

accept-ranges: bytes
content-length: 22647
date: Fri, 11 Oct 2024 21:27:04 GMT
etag: "5fbdf6b6-5877"
content-type: image/png
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
server: nginx

GET
H2 200 emetriq-xdn
www.telekom.de/ueber-das-unternehmen/ Frame C4F4 0
0 159ms
50ms Document
text/html 80.158.67.40
SCZN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.telekom.de/ueber-das-unternehmen/emetriq-xdn?zid=a8c3c712-9ed6-4f1a-acea-259fffde7b7c

Requested by

Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

80.158.67.40 , Germany, ASN34086 (SCZN-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' accounts.login.idm.telekom.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://trackexpressdhl.serv00.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 2253
cache-control: max-age=3600
content-disposition: inline; filename="emetriq-xdn.htm"
content-encoding: gzip
content-language: de-DE
content-length: 1051
content-security-policy: frame-ancestors 'self' accounts.login.idm.telekom.com;
content-type: text/html;charset=UTF-8
date: Fri, 11 Oct 2024 20:49:31 GMT
server: Apache
server-timing: dtSInfo;desc="0", dtRpid;desc="88927774"
strict-transport-security: max-age=16070400; includeSubDomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-frame-options: DENY
x-oneagent-js-injection: true
x-varnish: 164995681 162090576
x-xss-protection: 1; mode=block
xkey: 698752

GET
H2 200 telegroteskscreen-ultra.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 52 KB
53 KB 151ms
45ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-ultra.woff

Requested by

Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

3b6317d7c6288f6380f182e8bdc16b4cea82df91bc0f0209dfbce457b3e16910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://trackexpressdhl.serv00.net
Referer: https://trackexpressdhl.serv00.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public
expires: Fri, 18 Oct 2024 21:27:05 GMT
accept-ranges: bytes
access-control-allow-origin: https://trackexpressdhl.serv00.net
sh: 4105aead3b7c66615611eecd9f02c7e5
content-length: 53428
p3p: CP="NOI CURa TAIa OUR NOR UNI"
date: Fri, 11 Oct 2024 21:27:05 GMT
last-modified: Wed, 25 Nov 2020 05:40:32 GMT
content-type: application/x-font-woff
server: Apache

GET
H2 200 telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 57 KB
57 KB 198ms
92ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-thin.woff

Requested by

Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://trackexpressdhl.serv00.net
Referer: https://trackexpressdhl.serv00.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public
expires: Fri, 18 Oct 2024 21:27:05 GMT
accept-ranges: bytes
access-control-allow-origin: https://trackexpressdhl.serv00.net
sh: 4105aead3b7c66615611eecd9f02c7e5
content-length: 58248
p3p: CP="NOI CURa TAIa OUR NOR UNI"
date: Fri, 11 Oct 2024 21:27:05 GMT
last-modified: Wed, 25 Nov 2020 05:40:32 GMT
content-type: application/x-font-woff
server: Apache

GET
H2 200 telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 53 KB
54 KB 198ms
92ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-regular.woff

Requested by

Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://trackexpressdhl.serv00.net
Referer: https://trackexpressdhl.serv00.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public
expires: Fri, 18 Oct 2024 21:27:05 GMT
accept-ranges: bytes
access-control-allow-origin: https://trackexpressdhl.serv00.net
sh: 4105aead3b7c66615611eecd9f02c7e5
content-length: 54684
p3p: CP="NOI CURa TAIa OUR NOR UNI"
date: Fri, 11 Oct 2024 21:27:05 GMT
last-modified: Wed, 25 Nov 2020 05:40:32 GMT
content-type: application/x-font-woff
server: Apache

GET
H2 200 data_protection.svg
accounts.login.idm.telekom.com/static/factorx/images/ 673 B
894 B 172ms
52ms Image
image/svg+xml 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/factorx/images/data_protection.svg

Requested by

Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/static/factorx/css/login-24.16.1.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://trackexpressdhl.serv00.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public
expires: Fri, 11 Oct 2024 22:27:05 GMT
accept-ranges: bytes
sh: 1b26521a07b2757b93cead392a27c03b
content-length: 673
p3p: CP="NOI CURa TAIa OUR NOR UNI"
date: Fri, 11 Oct 2024 21:27:05 GMT
last-modified: Wed, 25 Nov 2020 05:40:34 GMT
content-type: image/svg+xml
server: Apache

GET
H2 200 teleicon-outline.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ 9 KB
9 KB 150ms
44ms Font
application/x-font-woff 2003:2:2:140:62:157:140:200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-outline.woff

Requested by

Host: trackexpressdhl.serv00.net
URL: https://trackexpressdhl.serv00.net/online/static/factorx/css/components.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2003:2:2:140:62:157:140:200 , Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

Software

Apache /

Resource Hash

01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://trackexpressdhl.serv00.net
Referer: https://trackexpressdhl.serv00.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public
expires: Fri, 18 Oct 2024 21:27:05 GMT
accept-ranges: bytes
access-control-allow-origin: https://trackexpressdhl.serv00.net
sh: 4105aead3b7c66615611eecd9f02c7e5
content-length: 8824
p3p: CP="NOI CURa TAIa OUR NOR UNI"
date: Fri, 11 Oct 2024 21:27:05 GMT
last-modified: Wed, 25 Nov 2020 05:40:32 GMT
content-type: application/x-font-woff
server: Apache

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.flowcode.com/	1970-01-21 00:11:23	Name: __cf_bm Value: .gSI_HnGIa.Smri_AEjhY2ijhMyLQ6V0lzqSpTUI.CY-1728682022-1.0.1.1-PBkNAt.Vf3npYM4pcodbSJaRS3llKHfsOEu01.xJShTsD5gGNzPrsHeUu5e3ZXpHafgYcKC.4E_iyE9RL_9KGg
			.flowcode.com/	1969-12-31 23:59:59	Name: _cfuvid Value: ErBVhJ9Ja8_QEUkJsn39crgop1sqkGVLnIVXfM2fHKk-1728682022573-0.0.1.1-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://trackexpressdhl.serv00.net/online/ Message: [DOM] Found 2 elements with non-unique id #username: (More info: https://goo.gl/9p2vKq) %o %o
security	error	Message: Refused to frame 'https://www.telekom.de/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' accounts.login.idm.telekom.com".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
elipsltd.com.tr
flowcode.com
flowto.it
trackexpressdhl.serv00.net
www.bing.com
www.telekom.de
104.18.1.248
2003:2:2:140:62:157:140:200
2606:4700::6812:2bc
2a02:26f0:3500:1b::1724:a39e
80.158.67.40
85.194.246.69
94.102.75.131
01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
3b6317d7c6288f6380f182e8bdc16b4cea82df91bc0f0209dfbce457b3e16910
3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c
43aefc82587279c1d9120f2705f78a8d91c0f6cb83260e43c77b5b05bf59b8e2
53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316
5bd0035d8acae2b84653df0b759c71c859b78fb654a83604eed4246b72fd2c07
b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97
e251112769131b2564fd61152ab7f6e2758e9399f27ee14a913f223a32477db3
f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1

trackexpressdhl.serv00.net Open in urlscan Pro 85.194.246.69 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

100 %HTTPS

43 %IPv6

7 Domains

7 Subdomains

4 IPs

5 Countries

331 kBTransfer

328 kBSize

2 Cookies

5 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

trackexpressdhl.serv00.net Open in urlscan Pro
85.194.246.69 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

4
IPs

5
Countries

331 kB
Transfer

328 kB
Size

2
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!