urlscan.io logo urlscan.io
SecurityTrails logo

devoltreffer.com Open in urlscan Pro
2a0b:7280:100:0:47c:b6ff:fe00:207a  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://devoltreffer.com/dashboard/email.php
Submission: On April 08 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2a0b:7280:100:0:47c:b6ff:fe00:207a, located in Netherlands and belongs to ASTRALUS, NL. The main domain is devoltreffer.com.
This is the only time devoltreffer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Airbnb (Hospitality)

Domain & IP information

IP Address AS Autonomous System
1 2a0b:7280:100... 48635 (ASTRALUS)
9 2.18.232.67 16625 (AKAMAI-AS)
10 2
Apex Domain
Subdomains		 Transfer
9 muscache.com
a0.muscache.com
217 KB
1 devoltreffer.com
devoltreffer.com
9 KB
10 2
Domain Requested by
9 a0.muscache.com devoltreffer.com
1 devoltreffer.com
10 2

This site contains links to these domains. Also see Links.

Domain
www.airbnb.com
www.airbnbcitizen.com
www.facebook.com
twitter.com
instagram.com
Subject Issuer Validity Valid
www.airbnb.com
DigiCert SHA2 Extended Validation Server CA		 2018-05-31 -
2020-06-04		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://devoltreffer.com/dashboard/email.php
Frame ID: 468AB46416529C233F7E7ECAEC1A4373
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /authenticity_token/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /authenticity_token/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

226 kB
Transfer

531 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request email.php
devoltreffer.com/dashboard/ 		35 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://devoltreffer.com/dashboard/email.php
Protocol
HTTP/1.1
Server
2a0b:7280:100:0:47c:b6ff:fe00:207a , Netherlands, ASN48635 (ASTRALUS, NL),
Reverse DNS
Software
Apache/2 /
Resource Hash
1b279bd7b0236d1df8e5e6198f92fcfb25373438c3c786e584cdfa0bee5af655

Request headers

Host
devoltreffer.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 08 Apr 2019 13:23:29 GMT
Server
Apache/2
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
9054
Keep-Alive
timeout=2, max=100
Content-Type
text/html
common_o2.1-dd6a103de40d51f2c682308fb1ae17fb.css
a0.muscache.com/airbnb/static/packages/ 		208 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://a0.muscache.com/airbnb/static/packages/common_o2.1-dd6a103de40d51f2c682308fb1ae17fb.css
Requested by
Host: devoltreffer.com
URL: http://devoltreffer.com/dashboard/email.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
1779ef0c5ce43b28add69760c5aa602802282ffae29f9f81e55e5867b503f023
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

Referer
http://devoltreffer.com/dashboard/email.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
kVEgw1qzzqSzNTRkcvvzkJjl3Z38bB5q
content-encoding
gzip
x-amz-request-id
BD2B5BD3D095DDB2
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=10886400; includeSubDomains
content-length
26687
x-amz-id-2
lePvzOg35T/VNMbBbp4i+D37V6GXQU8B+33xOBpK7eA+cY9LwLe2jG1L9cTxRp5fPXlCxnYkMHA=
last-modified
Fri, 26 May 2017 05:03:17 GMT
server
AmazonS3
etag
"4f2958c8023647cf922bfedcff051099"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
common-0c35d98711146e8b37d59158a80e0743.css
a0.muscache.com/airbnb/static/packages/ 		122 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://a0.muscache.com/airbnb/static/packages/common-0c35d98711146e8b37d59158a80e0743.css
Requested by
Host: devoltreffer.com
URL: http://devoltreffer.com/dashboard/email.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c83e74cd77e57da5bc7e8a4fc01a5edbd8f55315f0725b61c6e8c30d9705d3bc
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

Referer
http://devoltreffer.com/dashboard/email.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
uu3qhymzJik6nsmxO7fPRJ8Uq5jnGthd
content-encoding
gzip
x-amz-request-id
18DBC14C1D4CBCB9
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
strict-transport-security
max-age=10886400; includeSubDomains
content-length
21744
x-amz-id-2
sZNFEJ7eCF9ACl1D2uIihKLS+RVmi8Y0K9R8bvJT2hvBQJ9FAmLeAX4rL8OYiYtDXp7e7ruXL7E=
last-modified
Thu, 25 May 2017 21:40:46 GMT
server
AmazonS3
etag
"91524dd135fd043d2e1e5d52ff70503e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
signinup-054b06337494ba9bc92696dc56d55dcb.css
a0.muscache.com/airbnb/static/ 		491 B
760 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://a0.muscache.com/airbnb/static/signinup-054b06337494ba9bc92696dc56d55dcb.css
Requested by
Host: devoltreffer.com
URL: http://devoltreffer.com/dashboard/email.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a8aa80553b033481759a0bae4dd0d1875fcebbd18199518989f851d099ea806b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

Referer
http://devoltreffer.com/dashboard/email.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
Df1a4K5RjgZrCSvWGVLKttR99v.9gJMc
content-encoding
gzip
x-amz-request-id
40A81BD4C7A8C357
x-amz-server-side-encryption
AES256
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=10886400; includeSubDomains
content-length
279
x-amz-id-2
PjSA3p7kCin6xRfOJedYVUUV2mFaW6080XZHaMvyaKEBIMvN7rF3TgfNYTwN1d0DI+Bb4Hcowh8=
last-modified
Tue, 26 Mar 2019 05:33:10 GMT
server
AmazonS3
etag
"0b8dd5ce2934388c2b2ec95aed0df848"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
lifesaver-alt-gray-557e9de11a54d4680ed38b5cf5704cb2.png
a0.muscache.com/airbnb/static/header/ 		970 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a0.muscache.com/airbnb/static/header/lifesaver-alt-gray-557e9de11a54d4680ed38b5cf5704cb2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5044429ff04937d3479ad32b5d9bca8a391e341f2fb44f873a7e690ec29d3faf
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

Referer
https://a0.muscache.com/airbnb/static/packages/common-0c35d98711146e8b37d59158a80e0743.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
d_hHZooX7W37z2276UvdtUg2.JqKJ6Vl
x-amz-request-id
79DE72490C54D7E4
x-amz-server-side-encryption
AES256
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
x-amz-replication-status
COMPLETED
content-length
970
x-amz-id-2
GoBg0oOZrFYcSa6N3mPNteEKDcF/8Z+ijWOecrs80mKB9yXPSejbd4jy0lKr2efqr5fL2Ml33CE=
last-modified
Tue, 26 Mar 2019 06:17:18 GMT
server
AmazonS3
etag
"f1f0f61bcb5fa95433edfc2e0bc3b7dc"
strict-transport-security
max-age=10886400; includeSubDomains
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
search-alt-gray-b9612402680689a7e0520832f0d2db3f.png
a0.muscache.com/airbnb/static/header/ 		282 B
688 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a0.muscache.com/airbnb/static/header/search-alt-gray-b9612402680689a7e0520832f0d2db3f.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
fd49a19bd76311e3c99ea977a2cd21e02a44b69819b580a9c239a1a5cf873f07
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

Referer
https://a0.muscache.com/airbnb/static/packages/common-0c35d98711146e8b37d59158a80e0743.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
yBb4ihSj2gCDqKpTFkSzDWNEsAcp5iHU
x-amz-request-id
82245AAEC0FB814E
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
content-length
282
x-amz-id-2
Gp8oLZhQPydKOreqmZKm/P9yOT3l9e27SlZdfVrfdHuKv1tEw4VxWNhuOpg0cIPjJTTP2ATMBNA=
last-modified
Fri, 26 May 2017 22:55:12 GMT
server
AmazonS3
etag
"6b8a316f9efc675cb047a60245f55abc"
strict-transport-security
max-age=10886400; includeSubDomains
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
Circular_Air-Book-1f5a0275bdd69dbbeadffab401c698a2.woff2
a0.muscache.com/airbnb/static/airbnb-o2/fonts/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://a0.muscache.com/airbnb/static/airbnb-o2/fonts/Circular_Air-Book-1f5a0275bdd69dbbeadffab401c698a2.woff2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
feb89b2659dd4b8b4aa5e8b9cec1f92855bac5c7ac5a11e45c16286750c82527
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://a0.muscache.com/airbnb/static/packages/common_o2.1-dd6a103de40d51f2c682308fb1ae17fb.css
Origin
http://devoltreffer.com

Response headers

x-amz-version-id
XtOcGTkaabZwD57Y5LH5vhyFTq.eub.Z
x-amz-request-id
F160CCED6F7BD883
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
content-length
55144
x-amz-id-2
CmkRB6+QhmbILi5hKe7e+wTBisJ2+jjQiHn3a+LAM7C3hi+v7ZASPU6zEK6TMe0lLoKFdyEqPZs=
last-modified
Fri, 26 May 2017 05:02:50 GMT
server
AmazonS3
etag
"bbac613ebb35608e3bb2845115e091b3"
strict-transport-security
max-age=10886400; includeSubDomains
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
text-field-icons-72d5ec863b1ef7c22391015ec8af5906.png
a0.muscache.com/airbnb/static/signinup/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a0.muscache.com/airbnb/static/signinup/text-field-icons-72d5ec863b1ef7c22391015ec8af5906.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
93fa04524dd4d53e5a06985f8bc7b60f294b221d4cf4acdb2eff8004377ea6b8
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

Referer
https://a0.muscache.com/airbnb/static/packages/common-0c35d98711146e8b37d59158a80e0743.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
Hhei3TDshYXn4Gz1_u.BrPLzMNwkYNQc
x-amz-request-id
6270DB23281450C4
x-amz-server-side-encryption
AES256
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
x-amz-replication-status
COMPLETED
content-length
5138
x-amz-id-2
PFHZgBL6XL5EtB7BUaPUH6lUDuqarLgkdiNvHpL2mDcculI9U6cYDbBNGm+65bGn+FTcprgj/fY=
last-modified
Tue, 26 Mar 2019 05:33:10 GMT
server
AmazonS3
etag
"df897019d1ae69e374b9f6ad240a702f"
strict-transport-security
max-age=10886400; includeSubDomains
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
Circular_Air-Bold-7ceb09864a7ed03b9c10cfa2f7281315.woff2
a0.muscache.com/airbnb/static/airbnb-o2/fonts/ 		58 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://a0.muscache.com/airbnb/static/airbnb-o2/fonts/Circular_Air-Bold-7ceb09864a7ed03b9c10cfa2f7281315.woff2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
96354cc960a5ead629b0ced5b9d0c43aa64f8e14418d2cdc868d6e80a5b0cc74
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://a0.muscache.com/airbnb/static/packages/common_o2.1-dd6a103de40d51f2c682308fb1ae17fb.css
Origin
http://devoltreffer.com

Response headers

x-amz-version-id
f6WOWJ_y9VKycXCSQEEhUuOlh_y1ySBC
x-amz-request-id
3FF1C273124A35DA
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
content-length
58904
x-amz-id-2
xbyEucovZ/T1o6KxcZiQjWC16EsDGY31S4cWsab+k08MPBKDac9dbUcXLNbUi+YSUFQAuSZH0P4=
last-modified
Fri, 26 May 2017 05:02:50 GMT
server
AmazonS3
etag
"3c312e2440ccb9b2c3a5b9cc3b56afbe"
strict-transport-security
max-age=10886400; includeSubDomains
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT
airglyphs-bb873ab4254c83409cf1fa6f4759fa3e.woff
a0.muscache.com/airbnb/static/airbnb-o2/fonts/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://a0.muscache.com/airbnb/static/airbnb-o2/fonts/airglyphs-bb873ab4254c83409cf1fa6f4759fa3e.woff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.67 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-67.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
6e07c25796f31968c649c16a04b3333b08fce1a8312f7001fad89338106d76c1
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://a0.muscache.com/airbnb/static/packages/common_o2.1-dd6a103de40d51f2c682308fb1ae17fb.css
Origin
http://devoltreffer.com

Response headers

x-amz-version-id
S67jhLt1lJjqKFgAJHokMSlCZse5tTK2
x-amz-request-id
E44FD51B25B1A573
status
200
date
Mon, 08 Apr 2019 13:23:10 GMT
content-length
48808
x-amz-id-2
Q5esUna/D58uNLQpLwLzxnSSOoDLh3C1DhHAQyWxKECep2pSfqkgzjy3pOqp4ezz/ZZ4pGdosu8=
last-modified
Wed, 07 Feb 2018 08:26:31 GMT
server
AmazonS3
etag
"620dd13f3dd353046349d9b0e5898bb0"
strict-transport-security
max-age=10886400; includeSubDomains
access-control-allow-methods
GET
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Apr 2020 13:23:10 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Airbnb (Hospitality)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies