sponsor.herma.moe Open in urlscan Pro
2606:4700:3032::6815:1e2a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sponsor.herma.moe/
Effective URL:
https://sponsor.herma.moe/
Submission: On June 07 via api (June 7th 2024, 12:51:06 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3032::6815:1e2a, located in United States and belongs to CLOUDFLARENET, US. The main domain is sponsor.herma.moe.
TLS certificate: Issued by GTS CA 1P5 on May 29th 2024. Valid for: 3 months.

This is the only time sponsor.herma.moe was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3032::6815:1e2a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	172.67.150.138 172.67.150.138	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2

1 2606:4700:3032::6815:1e2a (United States)

ASN13335 (CLOUDFLARENET, US)

sponsor.herma.moe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.67.150.138 (United States)

ASN13335 (CLOUDFLARENET, US)

sponsor.herma.moe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	herma.moe sponsor.herma.moe	24 KB
14	1

	Domain	Requested by
14	sponsor.herma.moe	sponsor.herma.moe
14	1

This site contains links to these domains. Also see Links.

Domain
donate.stripe.com
github.com

Subject Issuer	Validity	Valid
herma.moe GTS CA 1P5	`2024-05-29` - `2024-08-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sponsor.herma.moe/
Frame ID: B79189C40E9734E3C5A3A388805E9A31
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Donate/Sponsor Herma

Page URL History Show full URLs

http://sponsor.herma.moe/ HTTP 307
https://sponsor.herma.moe/ Page URL

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

24 kB
Transfer

46 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://donate.stripe.com/8wM0366xM0682yY3cd
Title: Stripe GBP (one-time)

Search URL Search Domain Scan URL

URL: https://donate.stripe.com/bIY3fiaO23ikflK5km
Title: Stripe USD (one-time)

Search URL Search Domain Scan URL

URL: https://github.com/sponsors/hermaplusplus
Title: GitHub Sponsors (one-time/recurring)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sponsor.herma.moe/ HTTP 307
https://sponsor.herma.moe/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response sponsor.herma.moe/ Redirect Chain http://sponsor.herma.moe/ https://sponsor.herma.moe/	4 KB 1 KB	176ms 125ms	Document text/html	2606:4700:3032::6815:1e2a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sponsor.herma.moe/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:1e2a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5fc893131805f20db45ee8c05f01472c65a52a5a58fb2eee47a1994577d27ec3` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8900c5717add2baa-FRA content-encoding br content-type text/html date Fri, 07 Jun 2024 12:51:02 GMT last-modified Sun, 12 Nov 2023 20:07:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yCM77JTVfUhOJLjWI5PaYJI%2BdPz1AIJvmRgNRFdwCMKoRHw99t095pEXYgbrEAzfn2v9DfobGYeCH8k1UZk6e3Tl3ZIEmIH9Zvf%2FNncUYpDeplNbm%2Bseou3yrQdX82ho7L1jUBi3f2q%2Bv4bJ1Fxu5g%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent x-turbo-charged-by LiteSpeed Redirect headers Location https://sponsor.herma.moe/ Non-Authoritative-Reason HttpsUpgrades
GET H3	200	card.svg sponsor.herma.moe/	281 B 708 B	111ms 110ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/card.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8751faa01a9ff5956a525ecf8619873fa2f7fcbc53f469629be3815f65792aa2` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary User-Agent, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRluWC0oaffPhG35gf2Xy7kiPY12VNbFRanU1nnREo8htN0biTv9Ucyi0TzWVGlB1K7XBRTSmMNkVbxnc4l72ayEVfZW%2BJ9BoZEINWP66AKgc5hDEscmFCZ1M45SXtP74ak%2F2A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725ee71c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	paypal.svg sponsor.herma.moe/	1 KB 1 KB	110ms 109ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/paypal.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:45:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a1MmUrrSUG2PNuQOyZTrqOhW35h%2BosQ7kB18T2J0gl8fTGnfqUCkB7JSTsi284kNLtlz%2FkOOp0H8965GQU8yuk0iHK4R8hPkNyf8yLyaNefx0KD%2BSN25BNbLBN4eume7xa0coA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725ef01c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	gpay.svg sponsor.herma.moe/	9 KB 3 KB	84ms 83ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/gpay.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c9f1362fbbcb16105bff124b4996ceff2629e545c6f624729cde844f88f798d3` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9PNG90OyjyGEXRm%2FuKxdeYnwKR8XXl4Mf82f6dDLQ7BxFu%2FuGHBzy2jtpNxEGPmEd%2FDEjmIS8ATnfr%2FK3n7b6eoOm0VQgdIMt6uH3oftrjpp0hZqjTphXMG45cMZdimyCLWUQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725ef31c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	apay.svg sponsor.herma.moe/	2 KB 1 KB	103ms 102ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/apay.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b2fc72291ef2440b307f2cc4cebb0247573131702ea43f7ccc2067bfb392a4d0` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:51:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xyl2NZM2eh1VfPv0NZ8DDLP2IbnEBqIWWSd3U55ehR3DZxb3NQo93mGB9b00hWM739sa8GnViekdee0jJCHitIY90o7LpTnIhVmf1XCTPQEv1ZcjWIxayyioG1EJn%2FslBHHk0g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725ef51c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	visa.svg sponsor.herma.moe/	3 KB 2 KB	100ms 99ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/visa.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d0b63ce61a6e0367ae657102f479f114fa8851a0e95d1894971dd5cddb426725` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xSi7rXH0fuzWZgYyRUpbHxm6ymD16DlevRPqf%2FzP2dDgSBG6%2BKlmvys3rJnB6UuzXcStpUxVEiiIxRtK3reG%2BYft8g0HOZAYDefTR04muwarNyabzvOzuvPBN60op6IkrUXceQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725ef91c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	mastercard.svg sponsor.herma.moe/	523 B 809 B	85ms 84ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/mastercard.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `747fca640bc3ae35c7422e023f27cf4a0953b7fe694bfb8bb528b50b70bd15ce` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tIZzhUOkkjRECrsPvoMMfP1nGwx%2Bu9AjprJJFT0haF%2FQ1Y8Y3qkjJbrQad5IPy2gZS0xbsYLKmHNN0x870dcDXTeXtOIPXSwKenO9KZJ4XsxW9jpVstoN6wrI7StJHA%2Bi%2BsOrw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725efc1c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	amex.svg sponsor.herma.moe/	2 KB 1 KB	146ms 146ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/amex.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `07483f00631032dfd02e79d3de16d990830ec530b691c236b58a641b4b752458` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7VVNKM8ZW4yAJrhCsNe9gUD3lO1PBCDaPnLovquyD2vWIQDB4GjhQsHVlyFTwFLg6ZQGsAWEePeUcLso4yvP0tHuG2Zp5FxOPiw2IGDEhaLPGmjk2qKSG4sxqwUjJYzhA0GUMQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725efe1c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	jcb.svg sponsor.herma.moe/	2 KB 1 KB	139ms 139ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/jcb.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3d1ec759e322c0da35ee5e9b2ee664f4815b157bf59f121559e0f1ac1fa216cf` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ft9Ma1f2GRbiu94I0imMghM0r9ulaTFzsUSEZLYNT1L0POv5zsLUpANBRjgeEmVsHmfSAH8EyTHiuONIaKf6Do2VCLHVavYkSSyn4e005x9Un7tdDyC7LetJectkjMlC8cujtw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725f001c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	unionpay.svg sponsor.herma.moe/	13 KB 6 KB	101ms 101ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/unionpay.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3cd41a77ef3c37c2affe67c940b630dd8f96a16b6e56158088f796a0e62476b9` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJCvM42GAyFvRnhELglauej8LOx01MCMgy1k3G28TbCK%2BB6w6euUzfzLjyVJ4WukP9OLbltHb6zWjDqh3FbE4CWBq8ZJruPyCik3VDKuI645uSUTjSdsOwTZxBYkBep9H777FQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725f021c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	discover.svg sponsor.herma.moe/	6 KB 2 KB	142ms 142ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/discover.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `856072e1bdc38ddb50ad23c7ffaff6ddbb8ed3019620f205b07782ee33fa10ae` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XWxr9XsaJVgxw0eMSW%2Bu%2BajQvJTPNfTC%2B3WxsXz0SvTGVHQBxRkXQwJNRuB%2BqYTtyTzsdPWUR2MWOnCZ3Bp%2F1Zc4snbRUzkqnSi%2FCmFsnobC6k4lLLZvatt%2FNoOUCS5%2Bp3tnQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725f061c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	diners.svg sponsor.herma.moe/	3 KB 1 KB	148ms 148ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/diners.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b4c048d9606a05c5cf4acad544e94d1d4f9c76284a7a69eaf2268af2e44bd95d` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gb1XG2ZQCQrv7zrY0MVxnhWT87DRRtAV8s3%2F6q1PS0oUXt6vAKP%2F%2FKHtN06EFgLxaAyrmIjVPI%2B00OAm%2BmeAtRJrCtkpftId4qturPC4UKnChu2MGnEZW9ypGl1isvnWW76ncw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725f071c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	200	klarna.svg sponsor.herma.moe/	427 B 804 B	106ms 106ms	Image image/svg+xml	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sponsor.herma.moe/klarna.svg Requested by Host: sponsor.herma.moe URL: https://sponsor.herma.moe/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `76d19b013eeb489e996f60812857446dad4ab3ad2061e33e897fb38fe5d69432` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status MISS last-modified Sun, 15 Oct 2023 00:39:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding,User-Agent report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QhhcnxgPmsvwyQEufxFuEDN5vPDEEYavQH1SsheE5DBWvEJOLlkwp7ENaM4omKWyFp5Uw6Zm4LFWZFNyq4ksrzjzT1SNAfMVs%2BJcFkaCGS3ntuBNQxV1z4ps%2F1cJmsBM3tjyOA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8900c5725f081c1c-FRA alt-svc h3=":443"; ma=86400 expires Fri, 14 Jun 2024 12:51:02 GMT
GET H3	404	favicon.ico sponsor.herma.moe/	1 KB 1 KB	97ms 96ms	Other text/html	172.67.150.138 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sponsor.herma.moe/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.150.138 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f81931f052a38cad16e3b96a99325b5e81b50283153254481d605c37f8b02ee2` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://sponsor.herma.moe/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Fri, 07 Jun 2024 12:51:02 GMT content-encoding br cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary User-Agent, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C6fOTOajLVU1YvjH3XFtcI6cU7zWBbjozklXX8oop64rz4NJ9yKH1VVz2E9nrhG9ZLPkXe%2FrOPTXi1qLcDbhbAK1qC2362OEfxDxzfxEbgQW5vBzyPOjOyCNmOPj4IzJ%2FfsKJQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 8900c57358861c1c-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sponsor.herma.moe/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sponsor.herma.moe
172.67.150.138
2606:4700:3032::6815:1e2a
07483f00631032dfd02e79d3de16d990830ec530b691c236b58a641b4b752458
3cd41a77ef3c37c2affe67c940b630dd8f96a16b6e56158088f796a0e62476b9
3d1ec759e322c0da35ee5e9b2ee664f4815b157bf59f121559e0f1ac1fa216cf
5fc893131805f20db45ee8c05f01472c65a52a5a58fb2eee47a1994577d27ec3
747fca640bc3ae35c7422e023f27cf4a0953b7fe694bfb8bb528b50b70bd15ce
76d19b013eeb489e996f60812857446dad4ab3ad2061e33e897fb38fe5d69432
856072e1bdc38ddb50ad23c7ffaff6ddbb8ed3019620f205b07782ee33fa10ae
8751faa01a9ff5956a525ecf8619873fa2f7fcbc53f469629be3815f65792aa2
b2fc72291ef2440b307f2cc4cebb0247573131702ea43f7ccc2067bfb392a4d0
b4c048d9606a05c5cf4acad544e94d1d4f9c76284a7a69eaf2268af2e44bd95d
c9f1362fbbcb16105bff124b4996ceff2629e545c6f624729cde844f88f798d3
d0b63ce61a6e0367ae657102f479f114fa8851a0e95d1894971dd5cddb426725
f81931f052a38cad16e3b96a99325b5e81b50283153254481d605c37f8b02ee2
f9035e34f5734e89ddb03b601b1c0fd58323a93f176c5c7e220d7aa7a2062ed5

sponsor.herma.moe Open in urlscan Pro 2606:4700:3032::6815:1e2a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

24 kBTransfer

46 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

sponsor.herma.moe Open in urlscan Pro
2606:4700:3032::6815:1e2a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

24 kB
Transfer

46 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!