benedict-koeln.de
Open in
urlscan Pro
2a01:4f8:d0a:6466::2
Malicious Activity!
Public Scan
URL:
https://benedict-koeln.de/hu/posthu/
Submission Tags: falconsandbox
Submission: On January 16 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On January 16 via api from US — Scanned from DE
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 15 HTTP transactions.
The main IP is 2a01:4f8:d0a:6466::2, located in
Germany and
belongs to HETZNER-AS, DE.
The main domain is benedict-koeln.de.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on January 4th 2023. Valid for: a year.
This is the only time benedict-koeln.de was scanned on urlscan.io!
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on January 4th 2023. Valid for: a year.
This is the only time benedict-koeln.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Magyar Posta (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 15 | 2a01:4f8:d0a:... 2a01:4f8:d0a:6466::2 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 15 | 1 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 15 |
benedict-koeln.de
benedict-koeln.de |
336 KB |
| 15 | 1 |
| Domain | Requested by | |
|---|---|---|
| 15 | benedict-koeln.de |
benedict-koeln.de
|
| 15 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| benedict-koeln.de Encryption Everywhere DV TLS CA - G1 |
2023-01-04 - 2024-01-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://benedict-koeln.de/hu/posthu/
Frame ID: E9AAA3CC19ED5AC1CCFFA6DE0E4A4B7B
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Magyar Posta Zrt. - NyitóDetected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
benedict-koeln.de/hu/posthu/ |
41 KB 42 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
benedict-koeln.de/hu/posthu/ |
30 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Untitled1.css
benedict-koeln.de/hu/posthu/js/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.css
benedict-koeln.de/hu/posthu/js/ |
27 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.12.4.min.js
benedict-koeln.de/hu/posthu/js/ |
95 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.inputmask.min.js
benedict-koeln.de/hu/posthu/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
highmob.png
benedict-koeln.de/hu/posthu/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xx.png
benedict-koeln.de/hu/posthu/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
collie.jfif
benedict-koeln.de/hu/posthu/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xxx.png
benedict-koeln.de/hu/posthu/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
x.png
benedict-koeln.de/hu/posthu/images/ |
379 B 429 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s.png
benedict-koeln.de/hu/posthu/images/ |
218 B 266 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
basmob.png
benedict-koeln.de/hu/posthu/images/ |
34 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
baspc.png
benedict-koeln.de/hu/posthu/images/ |
48 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.css
benedict-koeln.de/hu/posthu/js/ |
27 KB 27 KB |
Image
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Magyar Posta (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| benedict-koeln.de/ | Name: wires Value: 00a48a78f150b953f0c0d135f7bd78f0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
benedict-koeln.de
2a01:4f8:d0a:6466::2
0fb41ab8877699782e17566fafad17e01b8d04b840db658583cb0d3b9508fff4
26a05ddbc6f93bcd865b1a6cc11927006327b8745fda40188bca37e81c32add9
29af2e0b8a8af19a81f246c1cc29ea11da8aa6eb421fff94038764ff90439857
2c9eafdd8ca759fdb000f2f515b0daf01efb20a3c12e1ed3fd17adc6597f57fc
3a5b8544a55ecbdf060aac85bb177af1a40b398193086197ccf77b5d1bb9371a
3ae5d8b5a2806b811378107313b19f0b05baae4b2bbe85e19e9cd223391a0fe3
4aee46fd06311704d292eb39a9a6863a278383bef851467df3d8d3d694dd800b
6aba95aab17d28ab1ddc4c8af369d653a5bf67b19b08e7c386622b40a6fa72e4
6c7ba24b4704001e76f8d581dd48a5c56324e69eb6f74af0c3e9cbd7233e467c
b2b3fde37ccd6c8dab0d32b5802880e44023365b42c2bcf2853af9ebfe9bd1ad
be789ea65bfa401248217d54258c9ce1208db12f06517d4122b57572e4d330f0
d3ef7fd1790155f337f8f18f38ce37229665aca17836f5914227079e152e6ce9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fafbf7a0a7f4d2da968c90db88a517187dd54b3d06f3767ce873b79407f76b9a