myhermespaketversand.de
Open in
urlscan Pro
159.100.13.175
Malicious Activity!
Public Scan
Submitted URL: https://t.co/BsayMIytSA
Effective URL: https://myhermespaketversand.de/app/index.php?userid=d47140fd42a485e3c17334b7d68c7c68&ue=9130ed35bf645a077e25f5a903265ef8
Submission: On September 29 via manual from DE — Scanned from DE
Effective URL: https://myhermespaketversand.de/app/index.php?userid=d47140fd42a485e3c17334b7d68c7c68&ue=9130ed35bf645a077e25f5a903265ef8
Submission: On September 29 via manual from DE — Scanned from DE
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 13 HTTP transactions.
The main IP is 159.100.13.175, located in
Germany and
belongs to DE-FIRSTCOLO www.first-colo.net, DE.
The main domain is myhermespaketversand.de.
TLS certificate: Issued by R3 on September 29th 2023. Valid for: 3 months.
This is the only time myhermespaketversand.de was scanned on urlscan.io!
TLS certificate: Issued by R3 on September 29th 2023. Valid for: 3 months.
This is the only time myhermespaketversand.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Hermes (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 104.244.42.69 104.244.42.69 | 13414 (TWITTER) (TWITTER) | |
| 1 1 | 68.183.64.193 68.183.64.193 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
| 1 12 | 159.100.13.175 159.100.13.175 | 44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net) | |
| 1 | 52.219.47.144 52.219.47.144 | 16509 (AMAZON-02) (AMAZON-02) | |
| 13 | 4 |
1
68.183.64.193
(Frankfurt am Main, Germany)
ASN14061 (DIGITALOCEAN-ASN, US)
ASN14061 (DIGITALOCEAN-ASN, US)
| panel.cloudhotelier.com |
1
52.219.47.144
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.eu-central-1.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.eu-central-1.amazonaws.com
| tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
myhermespaketversand.de
1 redirects
myhermespaketversand.de |
300 KB |
| 1 |
amazonaws.com
tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com — Cisco Umbrella Rank: 505441 |
113 KB |
| 1 |
cloudhotelier.com
1 redirects
panel.cloudhotelier.com |
2 KB |
| 1 |
t.co
t.co — Cisco Umbrella Rank: 707 |
634 B |
| 13 | 4 |
| Domain | Requested by | |
|---|---|---|
| 12 | myhermespaketversand.de |
1 redirects
t.co
myhermespaketversand.de |
| 1 | tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com |
myhermespaketversand.de
|
| 1 | panel.cloudhotelier.com | 1 redirects |
| 1 | t.co | |
| 13 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-05 - 2024-02-05 |
a year | crt.sh |
| myhermespaketversand.de R3 |
2023-09-29 - 2023-12-28 |
3 months | crt.sh |
| *.s3.eu-central-1.amazonaws.com Amazon RSA 2048 M01 |
2023-04-11 - 2024-01-14 |
9 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://myhermespaketversand.de/app/index.php?userid=d47140fd42a485e3c17334b7d68c7c68&ue=9130ed35bf645a077e25f5a903265ef8
Frame ID: 4602434C8BE00B2A9F0A01865CCC8555
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Hermes SendungsverfolgungPage URL History Show full URLs
- https://t.co/BsayMIytSA Page URL
-
https://panel.cloudhotelier.com/pms/email/1238840/wDNDSYpMXchU?method=click&url=https%3A%2F%2Fmyhermespaketv...
HTTP 302
https://myhermespaketversand.de/ HTTP 302
https://myhermespaketversand.de/app/index.php?userid=d47140fd42a485e3c17334b7d68c7c68&ue=9130ed35bf645a077e2... Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/BsayMIytSA Page URL
-
https://panel.cloudhotelier.com/pms/email/1238840/wDNDSYpMXchU?method=click&url=https%3A%2F%2Fmyhermespaketversand.de
HTTP 302
https://myhermespaketversand.de/ HTTP 302
https://myhermespaketversand.de/app/index.php?userid=d47140fd42a485e3c17334b7d68c7c68&ue=9130ed35bf645a077e25f5a903265ef8 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
BsayMIytSA
t.co/ |
517 B 634 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
index.php
myhermespaketversand.de/app/ Redirect Chain
|
47 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
9f0a887e351e902a80154506fd43fee1.js
myhermespaketversand.de/app/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
marselisweb_woff2.woff2
myhermespaketversand.de/assets/assets/fonts/marselisot/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
myhermespaketversand.de/app/assets/css/ |
462 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
01_sendungsnummer.jpg
tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com/images/ |
113 KB 113 KB |
Image
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
zahlarten_800x127.png
myhermespaketversand.de/app/assets/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
telekom_logo.png
myhermespaketversand.de/app/assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
274 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
218 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
circularhermesweb-regular-woff2.woff2
myhermespaketversand.de/app/assets/fonts/ |
69 KB 69 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
glyphicons-halflings-regular_woff2.woff2
myhermespaketversand.de/app/assets/fonts/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
marselisw05-black_woff2.woff2
myhermespaketversand.de/app/assets/fonts/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
circularhermesweb-medium-woff2.woff2
myhermespaketversand.de/app/assets/fonts/ |
70 KB 70 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
marselisweb_woff2.woff2
myhermespaketversand.de/app/assets/fonts/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Hermes (Transportation)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .t.co/ | Name: muc Value: 2225c2e9-9dd5-4e79-8b84-391a559f771f |
|
| panel.cloudhotelier.com/ | Name: 76e8c6fa7b2bcc3556461e59be9dc182 Value: v7pcjpnntb3k8nqqk0ejjn3rk7 |
|
| panel.cloudhotelier.com/ | Name: plg_chtrack_referer Value: https%3A%2F%2Ft.co%2F |
|
| panel.cloudhotelier.com/ | Name: plg_chtrack_landing Value: https%3A%2F%2Fpanel.cloudhotelier.com%2Fpms%2Femail%2F1238840%2FwDNDSYpMXchU |
|
| panel.cloudhotelier.com/ | Name: plg_chtrack_date Value: 2023-09-29 |
|
| myhermespaketversand.de/ | Name: PHPSESSID Value: ri7tgga8j4pj4867hnajjepkdm |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=0 |
| X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
myhermespaketversand.de
panel.cloudhotelier.com
t.co
tnt-frontend-assets-prd.s3.eu-central-1.amazonaws.com
104.244.42.69
159.100.13.175
52.219.47.144
68.183.64.193
00176f3712a7859d13422c827c6acf4a25c0653353100ccc565b8b5781828fb6
143ff2a1a385241f152e2e0a860cd2f5770c46649bb201312457a26974de4824
3c214e0dab840de69e8534626467a4d53da06992ac2c439e39f4174589836109
465b75cdf1dd2e2512e21a0afc34be22c1ab3f27438147079db6ec77315bebbf
57a5de7a9a73377a247c527c910820f863f3cf84d14a4e0727357c3ebf2540b1
644b41373fbfab7d264ec92d59f32e2005c1ec70299cbe8c04401b13440a311f
76517cfaec1c39240e826a6344d7ede53dd6e8299ff5614ecd887182a39e115f
7706c07ff813ca9b5109be755c068865379f764cf975cf064168db2726e521c0
a3cc4ceb278fe4a777d6ffcfd35657e4ed758af98285c5ab76570a1aadd2d073
bc74bfdef2d67cc3aedbb12f792f33ecc3a5bc51c167ca2b3a0d22048f7a1f2b
c7e77fae0b58ac98dc35e183e862642a69c104bda1de34bb5e48b93474cece5d
c8e504f08186e03d0858c3bc994ec1fea810f5abb612a8b03adde592a64a9aa7
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c