crm.stempel-wien.at
Open in
urlscan Pro
82.165.99.250
Malicious Activity!
Public Scan
Effective URL: https://crm.stempel-wien.at/demo/x/tracking-load.html
Submission: On September 20 via manual from NZ — Scanned from JP
Summary
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on February 20th 2022. Valid for: a year.
This is the only time crm.stempel-wien.at was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DPD (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 157.7.107.50 157.7.107.50 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
1 14 | 82.165.99.250 82.165.99.250 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
14 | 2 |
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: 157-7-107-50.virt.lolipop.jp
tiers.jp |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
stempel-wien.at
1 redirects
crm.stempel-wien.at |
435 KB |
2 |
tiers.jp
1 redirects
tiers.jp |
686 B |
14 | 2 |
Domain | Requested by | |
---|---|---|
14 | crm.stempel-wien.at |
1 redirects
crm.stempel-wien.at
|
2 | tiers.jp | 1 redirects |
14 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tiers.jp R3 |
2022-09-14 - 2022-12-13 |
3 months | crt.sh |
*.stempel-wien.at Encryption Everywhere DV TLS CA - G1 |
2022-02-20 - 2023-02-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://crm.stempel-wien.at/demo/x/tracking-load.html
Frame ID: B079469913CCCE5D138E429A4257284E
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Follow My ParcelPage URL History Show full URLs
-
https://tiers.jp/mt/stats/0?link.nzpost.co.nz/click/631e2bff8801884d9708af0d/aHR0cHM6Ly93d3cu...
HTTP 301
https://tiers.jp/mt/stats/0/?link.nzpost.co.nz/click/631e2bff8801884d9708af0d/aHR0cHM6Ly93d3c... Page URL
-
https://crm.stempel-wien.at/demo/x?aws.com/start-your-redirection-p2PSID=Google_PPC&cid=RD_FY2122_IM1_SM...
HTTP 301
https://crm.stempel-wien.at/demo/x/?aws.com/start-your-redirection-p2PSID=Google_PPC&cid=RD_FY2122_IM1_S... Page URL
- https://crm.stempel-wien.at/demo/x/tracking-load.html Page URL
Detected technologies
ZURB Foundation (Web Frameworks) ExpandDetected patterns
- <div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tiers.jp/mt/stats/0?link.nzpost.co.nz/click/631e2bff8801884d9708af0d/aHR0cHM6Ly93d3cubnpwb3N0LmNvLm56L3Rvb2xzL3RyYWNraW5nL2l0ZW0vMDA3OTQyMTAzMjA0ODM5Njk0MTQvYXRsP2F1dGhsb2dpbj0zYzA4ZWFiMDU1Mzk3ZDk4MzdlMWQ4MGI3MWQ3ZDRiY2Q3NzgzYWE4NDA3ZGY3NDI2YjdkYzUzYWY3ZWM0ZmQy/56c8f4da27fdb09f148b4569B73d07fd0
HTTP 301
https://tiers.jp/mt/stats/0/?link.nzpost.co.nz/click/631e2bff8801884d9708af0d/aHR0cHM6Ly93d3cubnpwb3N0LmNvLm56L3Rvb2xzL3RyYWNraW5nL2l0ZW0vMDA3OTQyMTAzMjA0ODM5Njk0MTQvYXRsP2F1dGhsb2dpbj0zYzA4ZWFiMDU1Mzk3ZDk4MzdlMWQ4MGI3MWQ3ZDRiY2Q3NzgzYWE4NDA3ZGY3NDI2YjdkYzUzYWY3ZWM0ZmQy/56c8f4da27fdb09f148b4569B73d07fd0 Page URL
-
https://crm.stempel-wien.at/demo/x?aws.com/start-your-redirection-p2PSID=Google_PPC&cid=RD_FY2122_IM1_SM_71700000067825210_58700005921072524&gclid=EAIa
HTTP 301
https://crm.stempel-wien.at/demo/x/?aws.com/start-your-redirection-p2PSID=Google_PPC&cid=RD_FY2122_IM1_SM_71700000067825210_58700005921072524&gclid=EAIa Page URL
- https://crm.stempel-wien.at/demo/x/tracking-load.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://tiers.jp/mt/stats/0?link.nzpost.co.nz/click/631e2bff8801884d9708af0d/aHR0cHM6Ly93d3cubnpwb3N0LmNvLm56L3Rvb2xzL3RyYWNraW5nL2l0ZW0vMDA3OTQyMTAzMjA0ODM5Njk0MTQvYXRsP2F1dGhsb2dpbj0zYzA4ZWFiMDU1Mzk3ZDk4MzdlMWQ4MGI3MWQ3ZDRiY2Q3NzgzYWE4NDA3ZGY3NDI2YjdkYzUzYWY3ZWM0ZmQy/56c8f4da27fdb09f148b4569B73d07fd0 HTTP 301
- https://tiers.jp/mt/stats/0/?link.nzpost.co.nz/click/631e2bff8801884d9708af0d/aHR0cHM6Ly93d3cubnpwb3N0LmNvLm56L3Rvb2xzL3RyYWNraW5nL2l0ZW0vMDA3OTQyMTAzMjA0ODM5Njk0MTQvYXRsP2F1dGhsb2dpbj0zYzA4ZWFiMDU1Mzk3ZDk4MzdlMWQ4MGI3MWQ3ZDRiY2Q3NzgzYWE4NDA3ZGY3NDI2YjdkYzUzYWY3ZWM0ZmQy/56c8f4da27fdb09f148b4569B73d07fd0
- https://crm.stempel-wien.at/demo/x?aws.com/start-your-redirection-p2PSID=Google_PPC&cid=RD_FY2122_IM1_SM_71700000067825210_58700005921072524&gclid=EAIa HTTP 301
- https://crm.stempel-wien.at/demo/x/?aws.com/start-your-redirection-p2PSID=Google_PPC&cid=RD_FY2122_IM1_SM_71700000067825210_58700005921072524&gclid=EAIa
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
tiers.jp/mt/stats/0/ Redirect Chain
|
217 B 365 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
crm.stempel-wien.at/demo/x/ Redirect Chain
|
63 B 428 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
tracking-load.html
crm.stempel-wien.at/demo/x/ |
23 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
crm.stempel-wien.at/demo/x/files/ |
183 KB 183 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app2.css
crm.stempel-wien.at/demo/x/files/ |
29 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dpd.png
crm.stempel-wien.at/demo/x/files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
claim.png
crm.stempel-wien.at/demo/x/files/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
warning_red.png
crm.stempel-wien.at/demo/x/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
crm.stempel-wien.at/demo/x/files/ |
17 KB 18 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dpd_group_82x22.png
crm.stempel-wien.at/demo/x/files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plutosansdpdlight-web.woff
crm.stempel-wien.at/demo/x/files/ |
59 KB 60 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico-magnifying-glass-14x14.png
crm.stempel-wien.at/demo/x/files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dpd-mobile.png
crm.stempel-wien.at/demo/x/files/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plutosansdpdregular-web.woff
crm.stempel-wien.at/demo/x/files/ |
59 KB 59 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DPD (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
crm.stempel-wien.at
tiers.jp
157.7.107.50
82.165.99.250
1945f7cbd4804679f1d3a2bd78776dfb44fd5a206739992bfe2375f44e9f9ba7
438df4c1bd39c959c09f81575c789beb3afbcd3b63474e3c9d43b5c95fdd5451
48ca706bc3e10859462d38c5de3a38c69364a9a4f74f596d32f53a7caf962e82
7a89397dda9a9adbd6a118c432895e46317944ce976d794c895f3788d27b0286
7c442b15a0b45f172fa964116dedbf9e300695349fb73ea058b28b9bde17c5d9
7d7224d9babceb8ed6e0b7c860678d49c0ea5b53df49153d8db99c18c1e4a986
85e34065774eebcb0f3d652d24ce47c0ecbfd5c190228a20d3dc7c698eb279e1
863a24f0e0d23c794479143baad6d856fcbdfaec2701a67988fbd5b85b5b1218
9e462606602d426b676f2b6f9c0b6629b02f91204214898f7d4a56749c4e00d0
9e72e47498366f1af8dc4972041ce63172ed73fc49553c3e729c66191e6ff2ea
c99d0b5a290e48d4e4cbb86c29dd12436f465696702a81ded130a411f1e98cd3
d3a9d53bed47724a9a3a6134220f6079537ca8d78c0e5cb70d6adc69f863b90c
e5f09705b4e1052ee58ce24a921810cd38a151051deb168cf58dc25cca746f36