miamihairdoctor.com Open in urlscan Pro
188.114.97.7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Submission: On April 26 via automatic, source openphish (April 26th 2022, 1:06:48 pm UTC) — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 15 HTTP transactions. The main IP is 188.114.97.7, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is miamihairdoctor.com.

This is the only time miamihairdoctor.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	188.114.97.7 188.114.97.7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	219.118.67.12 219.118.67.12	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
15	6

6 188.114.97.7 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

miamihairdoctor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 219.118.67.12 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
PTR: webmail.earth-core.jp

webmail.earth-core.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	miamihairdoctor.com 1 redirects miamihairdoctor.com	47 KB
5	earth-core.jp webmail.earth-core.jp	12 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 610	53 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 524	30 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2248	15 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 212	7 KB
15	6

	Domain	Requested by
6	miamihairdoctor.com	1 redirects miamihairdoctor.com
5	webmail.earth-core.jp	miamihairdoctor.com webmail.earth-core.jp
2	code.jquery.com	miamihairdoctor.com
1	ajax.aspnetcdn.com	miamihairdoctor.com
1	stackpath.bootstrapcdn.com	miamihairdoctor.com
1	cdnjs.cloudflare.com	miamihairdoctor.com
15	6

This site contains no links.

Subject Issuer	Validity	Valid
*.earth-core.jp JPRS Domain Validation Authority - G4	`2020-08-18` - `2022-07-31`	2 years	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Frame ID: 5467F86E3704BA22B4EFF4B43E3D4416
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail :: Welcome to Webmail

Page URL History Show full URLs

http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W HTTP 301
http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

67 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

163 kB
Transfer

406 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W HTTP 301
http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Redirect Chain

http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W
http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

9 KB
4 KB

222ms
221ms

Document
text/html

188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Protocol: HTTP/1.1
Server: 188.114.97.7 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffc0a8d4a37287f66912f3e0fe045359aac0c8da62d43232f2dcc8071ac953f7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 701f89847ca8694f-FRA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Apr 2022 13:06:42 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma: no-cache
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5UoRCMJgSZNRyeZ2vJsJodzErzd65gP%2BwIZpAX8SbqthgNfOcTEjksC4dQ3m3zI%2Bjw0P%2BOWcFtSHyY40o1NA3Va2Q3CHkSHJFdCNiN9rxQPJalCTq4E5p499YL3hJLx36rOm4WOK"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 701f89832a60694f-FRA
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 26 Apr 2022 13:06:41 GMT
Location: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQzzBYKt8yQgXgUjCrAeXWPRa%2BoIiLY135ORu%2F%2FEMNSfuDmgKJXbmgMVmjurBSjjtyUCmqd0%2BpN798PyRwYdgC0vyGiYTjF4%2FISfFrmfxQnPFDuTIKgte6ON1S3tnYhUhwsH3sCF"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK common.min.css
webmail.earth-core.jp/skins/classic/ 14 KB
4 KB 1110ms
251ms Stylesheet
text/css 219.118.67.12
INFOSPHERE NTT PC...

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.earth-core.jp/skins/classic/common.min.css?s=1415172545

Requested by

Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

219.118.67.12 , Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),

Reverse DNS

webmail.earth-core.jp

Software

Apache /

Resource Hash

a6eaf994e7a16aa9b5c156b2e4a96adae87f06c5237c60e559863ace8ac9b02d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:43 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 05 Nov 2014 07:29:05 GMT
Server: Apache
ETag: "2010247c-389f-5071788d73240"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 3757

GET
H/1.1 200
OK jquery-ui-1.9.2.custom.css
webmail.earth-core.jp/plugins/jqueryui/themes/classic/ 34 KB
6 KB 1157ms
262ms Stylesheet
text/css 219.118.67.12
INFOSPHERE NTT PC...

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.earth-core.jp/plugins/jqueryui/themes/classic/jquery-ui-1.9.2.custom.css?s=1415172545

Requested by

Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

219.118.67.12 , Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),

Reverse DNS

webmail.earth-core.jp

Software

Apache /

Resource Hash

fee5a30ddc52ae26830d5e5c91ad1e765f8cfd3f00c093ba9bc804683ee8fa64

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:43 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 05 Nov 2014 07:29:05 GMT
Server: Apache
ETag: "20075895-890c-5071788d73240"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 6245

GET
H/1.1 200
OK style.css
miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/css/ 344 B
926 B 34ms
34ms Stylesheet
text/css 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/css/style.css
Requested by: Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Protocol: HTTP/1.1
Server: 188.114.97.7 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0db96c325cb761552d20fe79ddcf003a2002ae2c581632fd7d9be5315a0e0841

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:42 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Thu, 02 Sep 2021 21:50:22 GMT
Server: cloudflare
Age: 3783
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXlgMoJK8xg6j27M7db%2B9FmyXOL6iujPDa2vbQnVo8gsQCn7F2fcuokUlCgkTvu%2BzTg6axFVZOMC1szaMuHrIUFcnafIsjZMFHA3FqQOTia%2BGaS4aJ9gAMy9gHDFntgXCMSvWEyG"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 701f89860f49694f-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK no-logo.png
webmail.earth-core.jp/skins/default/images/ 182 B
489 B 1168ms
264ms Image
image/png 219.118.67.12
INFOSPHERE NTT PC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webmail.earth-core.jp/skins/default/images/no-logo.png

Requested by

Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

219.118.67.12 , Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),

Reverse DNS

webmail.earth-core.jp

Software

Apache /

Resource Hash

4cbb138f810bdde4e309dc7b9e6d3d09510f7df1e139d95666253c43f16708d0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:43 GMT
Last-Modified: Wed, 01 Apr 2015 05:22:07 GMT
Server: Apache
ETag: "10000175-b6-512a2e5767b16"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 182

GET
H/1.1 200
OK loading.gif
miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/img/ 38 KB
38 KB 256ms
217ms Image
image/gif 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/img/loading.gif
Requested by: Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Protocol: HTTP/1.1
Server: 188.114.97.7 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:42 GMT
CF-Cache-Status: REVALIDATED
Last-Modified: Sat, 11 Aug 2018 17:03:52 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bEQhHrDXpo21zi3IcDt%2BLvaP3FRimhwILn%2BL38eZ3YlTi3VVcycMc017ZxOmhEGDR1G2dKFBaEDhqSH9V8brNBRzjUeTpucY%2FS6KWAa3FaQNhTTR4hb8rN3HOXYYGWGrdsLHlSSZ"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 701f8986593b91db-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 38636

GET
H/1.1 200
OK email-decode.min.js Show response
miamihairdoctor.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 39ms
38ms Script
application/javascript 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://miamihairdoctor.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

Protocol

HTTP/1.1

Server

188.114.97.7 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 20 Apr 2022 15:47:34 GMT
Server: cloudflare
ETag: W/"62602b16-4d7"
X-Frame-Options: DENY
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B0lOxmezmIy%2Be45buJn2lW8Tkpm5yPUyNzYezz58CyTSJKcPuDjGRY8x6KySmn%2FqWFlLwXJ71KTOWP%2BJJjyEWGLf%2F%2FUzigKDUyDt4G56R5tOImvLnoYoR8OazSxl6XZvC8s0FC3O"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=172800, public
CF-RAY: 701f898618c491db-FRA
Expires: Thu, 28 Apr 2022 13:06:42 GMT

GET
H2 200 jquery-3.2.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 92ms
24ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.min.js
Requested by: Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:06:42 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15283"
vary: Accept-Encoding
x-hw: 1650978402.dop229.fr8.t,1650978402.cds232.fr8.hn,1650978402.cds133.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30125

GET
H2 200 jquery-3.3.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 91ms
23ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by: Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

Referer: http://miamihairdoctor.com/
Origin: http://miamihairdoctor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:06:42 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-1111d"
vary: Accept-Encoding
x-hw: 1650978402.dop211.fr8.t,1650978402.cds236.fr8.hn,1650978402.cds274.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 24038

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ 20 KB
7 KB 332ms
15ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js

Requested by

Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://miamihairdoctor.com/
Origin: http://miamihairdoctor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:06:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3690810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6458
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-500f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utTTdWHf3rk5F6JDiTYc%2BNvBEUFF3V%2BuAE8NUV0SJCnv8DjpFVIqr1pM%2F%2F91Q6yb8986C2s7ZOiFKXiEUY4iIxP8IvylTES9T96TWnKc5W%2Bi4LKIfa%2FuPNPNhe9a4ovYeFN%2FaDmP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 701f8987fe6d996e-FRA
expires: Sun, 16 Apr 2023 13:06:42 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ 49 KB
15 KB 339ms
22ms Script
application/javascript 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js

Requested by

Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://miamihairdoctor.com/
Origin: http://miamihairdoctor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:06:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 718, 718
age: 32150
cdn-cachedat: 2021-06-08 18:02:12
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: f0c81e7a024ddf084a2473bcb092ae16
cf-ray: 701f89880a2d917d-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
30 KB 135ms
26ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lha/8D4D) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 13:06:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 907053
x-cache: HIT
content-length: 30394
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (lha/8D4D)
etag: "80288516b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK actions.js Show response
miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/js/ 1 KB
1 KB 78ms
46ms Script
application/javascript 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/js/actions.js
Requested by: Host: miamihairdoctor.com
URL: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
Protocol: HTTP/1.1
Server: 188.114.97.7 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://miamihairdoctor.com/wuclou/cloud/webmail.earth-core.jp2/W/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:42 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Mon, 18 Jan 2021 20:00:58 GMT
Server: cloudflare
Age: 3783
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNUWT5JwtUwjihL%2B7gHIS%2BjpqcWPK%2B%2BVSvlATmBZbgkuvRbbhyj1DF%2BvX8g4nxwWba8VGu%2BpG8wx%2Blt0KkFiBJzz67zvZg5dOqF5mqpbA8uID9rRfiHAekgsRbv6bsGn4lL3likr"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 701f89864fa5694f-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK listheader.gif
webmail.earth-core.jp/skins/classic/images/ 314 B
621 B 260ms
260ms Image
image/gif 219.118.67.12
INFOSPHERE NTT PC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webmail.earth-core.jp/skins/classic/images/listheader.gif?v=ab42.314

Requested by

Host: webmail.earth-core.jp
URL: https://webmail.earth-core.jp/skins/classic/common.min.css?s=1415172545

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

219.118.67.12 , Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),

Reverse DNS

webmail.earth-core.jp

Software

Apache /

Resource Hash

cf8e517f37fafd1177b366b0b39d616c71bcee9fec89ae17f6108dca319de1a0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://webmail.earth-core.jp/skins/classic/common.min.css?s=1415172545
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:43 GMT
Last-Modified: Wed, 05 Nov 2014 07:29:05 GMT
Server: Apache
ETag: "2016354a-13a-5071788d73240"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 314

GET
H/1.1 200
OK bg.gif
webmail.earth-core.jp/skins/classic/images/buttons/ 196 B
502 B 250ms
250ms Image
image/gif 219.118.67.12
INFOSPHERE NTT PC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webmail.earth-core.jp/skins/classic/images/buttons/bg.gif?v=30b2.196

Requested by

Host: webmail.earth-core.jp
URL: https://webmail.earth-core.jp/skins/classic/common.min.css?s=1415172545

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

219.118.67.12 , Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),

Reverse DNS

webmail.earth-core.jp

Software

Apache /

Resource Hash

581d7ca4ed46235b1b20393209eea721cc12937269a882e5a0299215cbf793c1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://webmail.earth-core.jp/skins/classic/common.min.css?s=1415172545
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Tue, 26 Apr 2022 13:06:43 GMT
Last-Modified: Wed, 05 Nov 2014 07:29:05 GMT
Server: Apache
ETag: "3012c333-c4-5071788d73240"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 196

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			miamihairdoctor.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ca3a5093a6f75e6c06e2989b2d1b31e2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
cdnjs.cloudflare.com
code.jquery.com
miamihairdoctor.com
stackpath.bootstrapcdn.com
webmail.earth-core.jp
104.17.24.14
104.18.11.207
152.199.19.160
188.114.97.7
2001:4de0:ac18::1:a:2b
219.118.67.12
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
0db96c325cb761552d20fe79ddcf003a2002ae2c581632fd7d9be5315a0e0841
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
4cbb138f810bdde4e309dc7b9e6d3d09510f7df1e139d95666253c43f16708d0
581d7ca4ed46235b1b20393209eea721cc12937269a882e5a0299215cbf793c1
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34
70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a6eaf994e7a16aa9b5c156b2e4a96adae87f06c5237c60e559863ace8ac9b02d
cf8e517f37fafd1177b366b0b39d616c71bcee9fec89ae17f6108dca319de1a0
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
fee5a30ddc52ae26830d5e5c91ad1e765f8cfd3f00c093ba9bc804683ee8fa64
ffc0a8d4a37287f66912f3e0fe045359aac0c8da62d43232f2dcc8071ac953f7

miamihairdoctor.com Open in urlscan Pro 188.114.97.7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

67 %HTTPS

17 %IPv6

6 Domains

6 Subdomains

6 IPs

4 Countries

163 kBTransfer

406 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

Indicators

miamihairdoctor.com Open in urlscan Pro
188.114.97.7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

67 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

163 kB
Transfer

406 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!