poststube-badfredeburg.de Open in urlscan Pro
89.22.106.33 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm
Submission: On February 14 via automatic, source openphish (February 14th 2019, 4:25:59 pm UTC)

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 89.22.106.33, located in Germany and belongs to PROVIDERBOX IPv4 & IPv6 DUS1, DE. The main domain is poststube-badfredeburg.de.

This is the only time poststube-badfredeburg.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address		AS Autonomous System
15	89.22.106.33 89.22.106.33		45031 (PROVIDERB...) (PROVIDERBOX IPv4 & IPv6 DUS1)
15	1

15 89.22.106.33 (Germany)

ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE)
PTR: webbox180.server-home.org

poststube-badfredeburg.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	poststube-badfredeburg.de poststube-badfredeburg.de	29 KB
15	1

	Domain	Requested by
15	poststube-badfredeburg.de	poststube-badfredeburg.de
15	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm
Frame ID: A1A09342248C95E2E87C971004B5EF7C
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

15
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

29 kB
Transfer

100 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request revalidate.htm Show response poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/	26 KB 5 KB	56ms 55ms	Document text/html	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `3007b4f75dfd360fa6355092c286bf488b9431e7ab2dffd9e282cf994c674e14` Request headers Host poststube-badfredeburg.de Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx Date Thu, 14 Feb 2019 16:25:44 GMT Content-Type text/html Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding ETag W/"5612cb94-6979" X-Powered-By PleskLin Content-Encoding gzip
GET H/1.1	200 OK	pp_styles_111402.css poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	18 KB 3 KB	56ms 55ms	Stylesheet text/css	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/pp_styles_111402.css Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `8b8c5f7c34e2f3661e42367ee98e6d096c2c2217fdb5985d4de6f7415ac6660d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Content-Encoding gzip ETag W/"5612cb94-4846" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	core.css poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	19 KB 3 KB	58ms 57ms	Stylesheet text/css	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/core.css Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `e930c796a932ad4fa763bddbe45a8f84f65a5d52e3d426ef9a8d3604046f5e5c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Content-Encoding gzip ETag W/"5612cb94-4ab4" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	marketing.css poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	13 KB 2 KB	55ms 55ms	Stylesheet text/css	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/marketing.css Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `74574a9559e903cfb0492f491b5477fd4fa59fba174765e0c646035125d9f6cb` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Content-Encoding gzip ETag W/"5612cb94-3496" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	v.js Show response poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/	12 KB 3 KB	57ms 57ms	Script application/javascript	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/v.js Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Content-Encoding gzip ETag W/"5612cb94-2e85" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	Pay_Pal_logo.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	1 KB 1 KB	59ms 58ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/Pay_Pal_logo.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `57ec72c70bf1eff7a24b120662527955a6a406f726bb52efcd863146d3891697` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin ETag "5612cb94-45b" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 1115
GET H/1.1	200 OK	btn_circlewitharrow.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	234 B 516 B	66ms 65ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/btn_circlewitharrow.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `d72bd81815abcd3397058ce8ec16fdd73fd931ac8c43dee6cdec6c976305620e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT ETag "ea-521604adb0d00" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Content-Type image/gif X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 234
GET H/1.1	200 OK	cur1.png poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	6 KB 6 KB	63ms 61ms	Image image/png	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/cur1.png Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `85a09b2eabd41c5a7f6b9f2e80ce6451e24471fc7e5bed8356f94112d32b551e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin ETag "5612cb94-1680" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 5760
GET H/1.1	200 OK	pixel.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	43 B 324 B	55ms 53ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/pixel.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT ETag "2b-521604adb0d00" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Content-Type image/gif X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 43
GET H/1.1	200 OK	secure_lock_2.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	95 B 376 B	55ms 54ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/secure_lock_2.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `c306e6baba9b6ae2ef52f60ceab4d4152106d84bc283ef3b6cd7106693356e60` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT ETag "5f-521604adb0d00" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Content-Type image/gif X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 95
GET H/1.1	200 OK	icon_error_40x40.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	407 B 690 B	54ms 53ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/icon_error_40x40.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `447b35f201753bb1d6836b36ec64e8ee2fe7838a303961ff129aa31c1e38f93e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT ETag "197-521604adb0d00" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Content-Type image/gif X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 407
GET H/1.1	200 OK	logo_VIPwhite_66x27.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	1 KB 2 KB	55ms 54ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/logo_VIPwhite_66x27.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `7360a1481214da194abb8f06aade56aecbfe7c636d45403d7077101fd7306cf9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin ETag "5612cb94-5ca" Content-Type image/gif Connection keep-alive Accept-Ranges bytes Content-Length 1482
GET H/1.1	200 OK	s74816239704720.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	43 B 324 B	56ms 55ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/s74816239704720.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT ETag "2b-521604adb0d00" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Content-Type image/gif X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 43
GET H/1.1	200 OK	print.css poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	3 KB 1 KB	49ms 49ms	Stylesheet text/css	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/print.css Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `a3d23493a84970513308a544484305c5b9c957a2a8feeb26c621418ad62d4f08` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT Content-Encoding gzip ETag W/"5612cb94-dac" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	btn_bg_default.gif poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/	53 B 334 B	52ms 51ms	Image image/gif	89.22.106.33 PROVIDERBOX IPv4 ...
General Check archive.org Show headers Download Go to Show image Full URL http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/btn_bg_default.gif Requested by Host: poststube-badfredeburg.de URL: http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/revalidate.htm Protocol HTTP/1.1 Server 89.22.106.33 , Germany, ASN45031 (PROVIDERBOX IPv4 & IPv6 DUS1, DE), Reverse DNS webbox180.server-home.org Software nginx / PleskLin Resource Hash `aef4955ee83ecb48e0b11dbfccb2eb2c9c6cc7c10bde0a6dac13c715e277df81` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host poststube-badfredeburg.de User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/core.css Connection keep-alive Cache-Control no-cache Referer http://poststube-badfredeburg.de/css/1857787f7e068788780c0df845317dc1/img/core.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 14 Feb 2019 16:25:44 GMT ETag "35-521604adb0d00" Last-Modified Mon, 05 Oct 2015 19:12:20 GMT Server nginx X-Powered-By PleskLin Content-Type image/gif X-Accel-Version 0.01 Connection keep-alive Accept-Ranges bytes Content-Length 53

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

poststube-badfredeburg.de
89.22.106.33
0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3007b4f75dfd360fa6355092c286bf488b9431e7ab2dffd9e282cf994c674e14
447b35f201753bb1d6836b36ec64e8ee2fe7838a303961ff129aa31c1e38f93e
57ec72c70bf1eff7a24b120662527955a6a406f726bb52efcd863146d3891697
7360a1481214da194abb8f06aade56aecbfe7c636d45403d7077101fd7306cf9
74574a9559e903cfb0492f491b5477fd4fa59fba174765e0c646035125d9f6cb
85a09b2eabd41c5a7f6b9f2e80ce6451e24471fc7e5bed8356f94112d32b551e
8b8c5f7c34e2f3661e42367ee98e6d096c2c2217fdb5985d4de6f7415ac6660d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3d23493a84970513308a544484305c5b9c957a2a8feeb26c621418ad62d4f08
aef4955ee83ecb48e0b11dbfccb2eb2c9c6cc7c10bde0a6dac13c715e277df81
c306e6baba9b6ae2ef52f60ceab4d4152106d84bc283ef3b6cd7106693356e60
d72bd81815abcd3397058ce8ec16fdd73fd931ac8c43dee6cdec6c976305620e
e930c796a932ad4fa763bddbe45a8f84f65a5d52e3d426ef9a8d3604046f5e5c

poststube-badfredeburg.de Open in urlscan Pro 89.22.106.33 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

29 kBTransfer

100 kBSize

0 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

0 Cookies

Indicators

poststube-badfredeburg.de Open in urlscan Pro
89.22.106.33 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

29 kB
Transfer

100 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!