ref-internet.partnerportal-deutschepost.de Open in urlscan Pro
149.239.115.111 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ref.partnerportal-deutschepost.de/
Effective URL:
https://ref-internet.partnerportal-deutschepost.de/login.html
Submission: On November 29 via automatic, source certstream-suspicious (November 29th 2022, 9:42:17 am UTC) — Scanned from DE

Summary HTTP 11 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 149.239.115.111, located in Germany and belongs to DPAG-AS Deutsche Post AG, DE. The main domain is ref-internet.partnerportal-deutschepost.de.
TLS certificate: Issued by DPDHL Global TLS CA - I5 on November 10th 2022. Valid for: a year.

This is the only time ref-internet.partnerportal-deutschepost.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a02:26f0:130... 2a02:26f0:1300::5f65:e641	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 12	149.239.115.111 149.239.115.111	12291 (DPAG-AS D...) (DPAG-AS Deutsche Post AG)
11	1

1 2a02:26f0:1300::5f65:e641 (Munich, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

ref.partnerportal-deutschepost.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 149.239.115.111 (Germany) 1 redirects

ASN12291 (DPAG-AS Deutsche Post AG, DE)

ref-internet.partnerportal-deutschepost.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	partnerportal-deutschepost.de 2 redirects ref.partnerportal-deutschepost.de ref-internet.partnerportal-deutschepost.de	662 KB
11	1

	Domain	Requested by
12	ref-internet.partnerportal-deutschepost.de	1 redirects ref-internet.partnerportal-deutschepost.de
1	ref.partnerportal-deutschepost.de	1 redirects
11	2

This site contains links to these domains. Also see Links.

Domain
www.deutschepost.de

Subject Issuer	Validity	Valid
ref.partnerportal-deutschepost.de DPDHL Global TLS CA - I5	`2022-11-10` - `2023-11-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ref-internet.partnerportal-deutschepost.de/login.html
Frame ID: 640807A8B3F0179DE3292A15C150429E
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmelden | Deutsche Post Partnerportal

Page URL History Show full URLs

https://ref.partnerportal-deutschepost.de/ HTTP 301
https://ref-internet.partnerportal-deutschepost.de/ HTTP 307
https://ref-internet.partnerportal-deutschepost.de/login.html Page URL

Detected technologies

TYPO3 CMS (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+ href="/?typo3(?:conf|temp)/

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

661 kB
Transfer

2425 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.deutschepost.de/de/u/ueber-uns.html
Title: Über Deutsche Post AG

Search URL Search Domain Scan URL

URL: https://www.deutschepost.de/de/f/footer/impressum.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.deutschepost.de/de/f/footer/rechtlichehinweise.html
Title: Rechtliche Hinweise

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ref.partnerportal-deutschepost.de/ HTTP 301
https://ref-internet.partnerportal-deutschepost.de/ HTTP 307
https://ref-internet.partnerportal-deutschepost.de/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.html Show response
ref-internet.partnerportal-deutschepost.de/
Redirect Chain

https://ref.partnerportal-deutschepost.de/
https://ref-internet.partnerportal-deutschepost.de/
https://ref-internet.partnerportal-deutschepost.de/login.html

10 KB
4 KB

146ms
145ms

Document
text/html

149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

6388821d4d3b24bdc0164ac3218ac021a71752ffa6c9e056e8f2c2c6e7d7fc57

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-cache, no-store
content-encoding: gzip
content-language: de
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
content-type: text/html; charset=utf-8
date: Tue, 29 Nov 2022 09:42:12 GMT
expires: -1
pragma: no-cache
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-request-id: df0e72b365e49
x-ua-compatible: IE=Edge,chrome=1
x-varnish: 856396
x-xss-protection: 1; mode=block

Redirect headers

age: 0
content-length: 0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
content-type: text/html; charset=UTF-8
date: Tue, 29 Nov 2022 09:42:12 GMT
location: https://ref-internet.partnerportal-deutschepost.de/login.html
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=Edge,chrome=1
x-varnish: 1081841
x-xss-protection: 1; mode=block

GET
H2 200 Main_Responsive.css
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Styles/ 336 KB
57 KB 39ms
39ms Stylesheet
text/css 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Styles/Main_Responsive.css?1669147653

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

ffe7d7fc08db002f1fd0eb4a20702c9e6958d06d9d49059e675d5e7cbd197f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
age: 11734
x-dns-prefetch-control: off
content-length: 57681
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:07:33 GMT
server: nginx
etag: W/"637d2c05-540b1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
x-varnish: 1081844 825008
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 06:26:38 GMT

GET
H2 200 OnReadyInit.js Show response
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/ 58 B
433 B 113ms
112ms Script
application/javascript 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/OnReadyInit.js?1669147614

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

aaf88fc23258905c767e7adf439a573efa372aa84c8919efecae2ee647006ea5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
age: 11734
x-dns-prefetch-control: off
content-length: 58
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:06:54 GMT
server: nginx
etag: "637d2bde-3a"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
x-varnish: 1245941 956513
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 06:26:38 GMT

GET
H2 200 piwik.js Show response
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/ 3 KB
2 KB 113ms
113ms Script
application/javascript 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/piwik.js

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

d6b51fa3a8fe009acb8a61b46da68b80ae946b75e877a2a2dce1ff47538d44fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
age: 11734
x-dns-prefetch-control: off
content-length: 1200
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:06:54 GMT
server: nginx
etag: W/"637d2bde-cdb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
x-varnish: 101303 196383
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 06:26:38 GMT

GET
H2 200 logo-mitlasche.svg
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Images/Logos/Production/Reference/ 1 KB
1 KB 66ms
66ms Image
image/svg+xml 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Images/Logos/Production/Reference/logo-mitlasche.svg

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

ad71f796f593aff25eaa547b98efd1b4aad35fedbc5947652424045b05754a78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
age: 0
x-dns-prefetch-control: off
content-length: 789
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:06:54 GMT
server: nginx
etag: W/"637d2bde-5fb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 856401
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 09:42:12 GMT

GET
H2 200 base.min.js Show response
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/ 860 KB
242 KB 38ms
38ms Script
application/javascript 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/base.min.js?1669147634

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

5b6cb3a01943818ac18c89778039c355d23e6e9f2fba71728f083b7f641bfea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
age: 11734
x-dns-prefetch-control: off
content-length: 246676
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:07:14 GMT
server: nginx
etag: W/"637d2bf2-d717c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
x-varnish: 101305 196386
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 06:26:38 GMT

GET
H2 200 OnReadyRun.js Show response
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/ 66 B
441 B 76ms
76ms Script
application/javascript 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/Dist/OnReadyRun.js?1669147614

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

e23bd91b37166325f58fdfa9bdde93e53b27f7c9c6cad4dd0886e8fbc731e643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
age: 11734
x-dns-prefetch-control: off
content-length: 66
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:06:54 GMT
server: nginx
etag: "637d2bde-42"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
x-varnish: 856399 825011
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 06:26:38 GMT

GET
H2 200 main.js Show response
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/ReactApp/ 1 MB
302 KB 66ms
66ms Script
application/javascript 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/JavaScript/ReactApp/main.js?1669147675

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

652957843ba02865db94d1d014ddbddcecfdd4491d4862b3f64eab0b4044bd26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
age: 11734
x-dns-prefetch-control: off
content-length: 308642
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:07:55 GMT
server: nginx
etag: W/"637d2c1b-1229ae"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
x-varnish: 101307 196389
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 06:26:38 GMT

GET
H2 200 teaser-link-bg.png
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Images/ 219 B
576 B 62ms
62ms Image
image/png 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Images/teaser-link-bg.png

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Styles/Main_Responsive.css?1669147653

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

383ba0951aa6c0bb26ddcf5a4c936a63cb5ad9761ce0755c28f24c963e42bc69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Styles/Main_Responsive.css?1669147653
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
age: 11734
x-dns-prefetch-control: off
content-length: 219
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Nov 2022 20:06:54 GMT
server: nginx
etag: "637d2bde-db"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 101309 438664
cache-control: max-age=86400, public
accept-ranges: bytes
expires: Wed, 30 Nov 2022 06:26:38 GMT

GET
H2 200 Delivery_Rg.woff2
ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Fonts/ 33 KB
33 KB 62ms
62ms Font
font/woff2 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to

Full URL

https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Fonts/Delivery_Rg.woff2

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Styles/Main_Responsive.css?1669147653

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

aad2e62bcbb49d968f8c6d59a0fa6d6bbf239bd508b5749997c9f89e2f67aaa4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ref-internet.partnerportal-deutschepost.de/typo3conf/ext/pt_dppp_site/Resources/Public/Styles/Main_Responsive.css?1669147653
Origin: https://ref-internet.partnerportal-deutschepost.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:12 GMT
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
age: 0
x-dns-prefetch-control: off
content-length: 33604
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: same-origin
last-modified: Tue, 22 Nov 2022 20:06:54 GMT
server: nginx
etag: "637d2bde-8344"
x-frame-options: SAMEORIGIN
content-type: font/woff2
x-varnish: 856404
accept-ranges: bytes

GET
H2 200 csm_banner-login-seite-v1_a7c497aca2.png
ref-internet.partnerportal-deutschepost.de/fileadmin/_processed_/1/9/ 19 KB
19 KB 59ms
58ms Image
image/png 149.239.115.111
DPAG-AS Deutsche ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ref-internet.partnerportal-deutschepost.de/fileadmin/_processed_/1/9/csm_banner-login-seite-v1_a7c497aca2.png

Requested by

Host: ref-internet.partnerportal-deutschepost.de
URL: https://ref-internet.partnerportal-deutschepost.de/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

149.239.115.111 , Germany, ASN12291 (DPAG-AS Deutsche Post AG, DE),

Reverse DNS

Software

nginx /

Resource Hash

814ebe352b9275df73ac84f68bde51246eec360da0e3183f4f944920822e7bd2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ref-internet.partnerportal-deutschepost.de/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 09:42:13 GMT
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
age: 11734
x-dns-prefetch-control: off
content-length: 19085
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
pragma: no-cache
referrer-policy: same-origin
last-modified: Wed, 02 Mar 2022 00:07:12 GMT
server: nginx
etag: "621eb530-4a8d"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 101311 825014
cache-control: no-cache, no-store
accept-ranges: bytes
expires: -1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.ref.partnerportal-deutschepost.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; connect-src 'self' data: https://piwik.ref.partnerportal-deutschepost.de; frame-src *
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ref-internet.partnerportal-deutschepost.de
ref.partnerportal-deutschepost.de
149.239.115.111
2a02:26f0:1300::5f65:e641
383ba0951aa6c0bb26ddcf5a4c936a63cb5ad9761ce0755c28f24c963e42bc69
5b6cb3a01943818ac18c89778039c355d23e6e9f2fba71728f083b7f641bfea9
6388821d4d3b24bdc0164ac3218ac021a71752ffa6c9e056e8f2c2c6e7d7fc57
652957843ba02865db94d1d014ddbddcecfdd4491d4862b3f64eab0b4044bd26
814ebe352b9275df73ac84f68bde51246eec360da0e3183f4f944920822e7bd2
aad2e62bcbb49d968f8c6d59a0fa6d6bbf239bd508b5749997c9f89e2f67aaa4
aaf88fc23258905c767e7adf439a573efa372aa84c8919efecae2ee647006ea5
ad71f796f593aff25eaa547b98efd1b4aad35fedbc5947652424045b05754a78
d6b51fa3a8fe009acb8a61b46da68b80ae946b75e877a2a2dce1ff47538d44fc
e23bd91b37166325f58fdfa9bdde93e53b27f7c9c6cad4dd0886e8fbc731e643
ffe7d7fc08db002f1fd0eb4a20702c9e6958d06d9d49059e675d5e7cbd197f66

ref-internet.partnerportal-deutschepost.de Open in urlscan Pro 149.239.115.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

1 Domains

2 Subdomains

1 IPs

1 Countries

661 kBTransfer

2425 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

57 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ref-internet.partnerportal-deutschepost.de Open in urlscan Pro
149.239.115.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

661 kB
Transfer

2425 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!