urlscan.io logo urlscan.io
SecurityTrails logo

keyheroes.de Open in urlscan Pro
159.89.179.189  Public Scan

Go To Rescan Add Verdict Report
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Submission: On January 26 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 4 countries across 8 domains to perform 19 HTTP transactions. The main IP is 159.89.179.189, located in Clifton, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is keyheroes.de.
This is the only time keyheroes.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 159.89.179.189 14061 (DIGITALOC...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 167.99.135.234 14061 (DIGITALOC...)
1 46.105.201.240 16276 (OVH)
1 192.243.59.20 39572 (ADVANCEDH...)
1 192.99.0.58 16276 (OVH)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
19 9
2    159.89.179.189 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
keyheroes.de
2    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    167.99.135.234 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
natsaw.co
1    46.105.201.240 (France)

ASN16276 (OVH, FR)
s10.histats.com
1    192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
texttenderness.com
1    192.99.0.58 (Canada)

ASN16276 (OVH, FR)
PTR: ns500326.ip-192-99-0.net
s4.histats.com
3    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
4 gstatic.com
fonts.gstatic.com
86 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
20 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
158 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 14234
s4.histats.com — Cisco Umbrella Rank: 12293
5 KB
2 natsaw.co
natsaw.co
1 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227
84 KB
2 keyheroes.de
keyheroes.de
86 KB
1 texttenderness.com
texttenderness.com
19 8
Domain Requested by
4 fonts.gstatic.com keyheroes.de
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 www.googletagmanager.com keyheroes.de
2 natsaw.co keyheroes.de
2 cdnjs.cloudflare.com keyheroes.de
cdnjs.cloudflare.com
2 keyheroes.de keyheroes.de
1 s4.histats.com s10.histats.com
1 texttenderness.com natsaw.co
1 s10.histats.com keyheroes.de
19 9

This site contains links to these domains. Also see Links.

Domain
bookson.top
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh
histats.com
R3		 2022-01-21 -
2022-04-21		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Frame ID: C185E89EA828096344737BEFF01A1044
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Chime Bank Accounts Targeted In Phishing Scam Thieves

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

19
Requests

63 %
HTTPS

44 %
IPv6

8
Domains

9
Subdomains

9
IPs

4
Countries

440 kB
Transfer

868 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • http://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ&l=dataLayer&cx=c HTTP 307
  • https://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ&l=dataLayer&cx=c

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request chime-bank-accounts-targeted-in-phishing-scam-thieves.html
keyheroes.de/ 		111 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
HTTP/1.1
Server
159.89.179.189 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
56a5bd0ecaaeef7eda9b70120c85963b2a59934c604fe33d5f034a1cd2e7dc81

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Wed, 26 Jan 2022 14:23:10 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/ 		54 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/all.min.css
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06d6e10886ed7de5561acab1935bce1c46174baa9cbd0bcb319aa3b69594131f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 14:23:11 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
5594574
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9802
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:08 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e60-d78f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VkzOtQU1bk0umF7YgkBz7vpIMpYeLUTjDeOwd9hnOrZ57oUavuvkgLPdLhGTtt47x4jBySadKc9DukWiMws83%2Fq8RO11DEw3%2BHCmq0udFraG4H6JG5A6rZqHPyITi2VVeDZg9ufqkPLgU%2BNPIVfoVHbo"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6d3a65ce2fe16925-FRA
expires
Mon, 16 Jan 2023 14:23:11 GMT
js
www.googletagmanager.com/gtag/ 		165 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f854db04346022d638299581eea650c0488c7e373122b4ef198054bebea24b5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 14:23:11 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62329
x-xss-protection
0
expires
Wed, 26 Jan 2022 14:23:11 GMT
js
www.googletagmanager.com/gtag/ 		90 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-216029935-1
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6ffeeb94fffa148c1849f1d4c1022cc512d4e33f2c1969de7614fae6be59abf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 14:23:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35986
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 26 Jan 2022 14:23:11 GMT
arsae.js
natsaw.co/ 		456 B
571 B 		Script
General
Check archive.org
Download Go to
Full URL
http://natsaw.co/arsae.js
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
HTTP/1.1
Server
167.99.135.234 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
3845c33ea0f346bb30def23931b4807576c49faa06ecaf58c1efe754646eed80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 14:23:11 GMT
Content-Encoding
gzip
Last-Modified
Thu, 11 Nov 2021 17:39:21 GMT
Server
nginx
ETag
W/"1c8-5d086d2992440"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
banner-loading.js
natsaw.co/arsae/ads/ 		341 B
543 B 		Script
General
Check archive.org
Download Go to
Full URL
http://natsaw.co/arsae/ads/banner-loading.js
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
HTTP/1.1
Server
167.99.135.234 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
78b095101e12d7ac95de7bfc3bfce58822b5645bca531b216af175106352f338

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 14:23:11 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Jan 2022 01:46:56 GMT
Server
nginx
ETag
W/"155-5d65e4296c400"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://s10.histats.com/js15_as.js
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
HTTP/1.1
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 14:16:29 GMT
content-encoding
gzip
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip
137.74.120.0/27
etag
W/"-375139978"
x-cacheable
Matched cache
vary
Accept-Encoding
x-iplb-instance
40745
content-type
application/javascript; charset=UTF-8
x-cdn-pop
sbg
accept-ranges
bytes
x-iplb-request-id
D972D783:8FE6_2E69C9F0:0050_61F1594F_15145:27428
content-length
4547
x-request-id
95387876
chime-bank-accounts-targeted-in-phishing-scam-thieves.html
keyheroes.de/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
HTTP/1.1
Server
159.89.179.189 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 14:23:11 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
invoke.js
texttenderness.com/4e28748c470bf5e8bd31734637c17670/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://texttenderness.com/4e28748c470bf5e8bd31734637c17670/invoke.js
Requested by
Host: natsaw.co
URL: http://natsaw.co/arsae/ads/banner-loading.js
Protocol
HTTP/1.1
Server
192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash

Request headers

Referer
http://keyheroes.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 26 Jan 2022 14:23:11 GMT
Server
nginx/1.17.9
Connection
keep-alive
Content-Type
application/javascript
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
0.php
s4.histats.com/stats/ 		50 B
184 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4622024&@f16&@g1&@h1&@i1&@j1643206991161&@k0&@l1&@mChime%20Bank%20Accounts%20Targeted%20In%20Phishing%20Scam%20Thieves&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-19707757&@b3:1643206991&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fkeyheroes.de%2Fchime-bank-accounts-targeted-in-phishing-scam-thieves.html&@w
Requested by
Host: s10.histats.com
URL: http://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.0.58 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns500326.ip-192-99-0.net
Software
/
Resource Hash
c603aa7d03c39b0a2a317d71c25e3b3ef6f1a2c3d855f457cb16377db02f9a91

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 14:23:11 GMT
Connection
close
Content-Length
50
Content-Type
text/html;charset=UTF-8
js
www.googletagmanager.com/gtag/
Redirect Chain
  • http://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ&l=dataLayer&cx=c
  • https://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ&l=dataLayer&cx=c
165 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ&l=dataLayer&cx=c
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9b91dd2d70515ee24d2e081f311212531daa18633d2f1c0f3c43e6614d4ad092
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 14:23:11 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62333
x-xss-protection
0
expires
Wed, 26 Jan 2022 14:23:11 GMT

Redirect headers

Location
https://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ&l=dataLayer&cx=c
Non-Authoritative-Reason
HSTS
collect
www.google-analytics.com/g/ 		0
168 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-8P6GQPN6ZJ&gtm=2oe1o0&_p=100706656&sr=1600x1200&ul=en-us&cid=617551466.1643206991&_s=1&dl=http%3A%2F%2Fkeyheroes.de%2Fchime-bank-accounts-targeted-in-phishing-scam-thieves.html&dt=Chime%20Bank%20Accounts%20Targeted%20In%20Phishing%20Scam%20Thieves&sid=1643206991&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8P6GQPN6ZJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://keyheroes.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 26 Jan 2022 14:23:11 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://keyheroes.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-216029935-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://keyheroes.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2897
date
Wed, 26 Jan 2022 13:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 26 Jan 2022 15:34:54 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=100706656&t=pageview&_s=1&dl=http%3A%2F%2Fkeyheroes.de%2Fchime-bank-accounts-targeted-in-phishing-scam-thieves.html&ul=en-us&de=UTF-8&dt=Chime%20Bank%20Accounts%20Targeted%20In%20Phishing%20Scam%20Thieves&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=174917411&gjid=890994380&cid=617551466.1643206991&tid=UA-216029935-1&_gid=1401760693.1643206991&_r=1&gtm=2ou1o0&z=1332810009
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://keyheroes.de/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 26 Jan 2022 14:23:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://keyheroes.de
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v10/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jL.woff2
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca0b35aa0f48d8359e7fce9feec83f90ed60c0b857cdf29784f0803b70de4e55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://keyheroes.de/
Origin
http://keyheroes.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 18:15:37 GMT
x-content-type-options
nosniff
age
158854
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21244
x-xss-protection
0
last-modified
Mon, 22 Jul 2019 19:21:29 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 24 Jan 2023 18:15:37 GMT
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/webfonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
091c8d18b18ad6979e690fbebe9cab8362beef4fbfc810b8170020013debec8d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/all.min.css
Origin
http://keyheroes.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 14:23:11 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
109718
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
74328
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:08 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e60-12258"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LIPYyh5TwDoEH99oPtp86eI1qtinChDG%2BN7e5O3gFwVOCG9wyLflVsluZ6SsoUbNnubKehWhRwersq4z3Bf8ZD%2Bfdf5sNSpSzFgUvXG512Nmn5EQfFoUfzYHO8DivysiBrRpCBdC3pXh7%2BDEsmKvwhhn"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6d3a65d048625c8c-FRA
expires
Mon, 16 Jan 2023 14:23:11 GMT
va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
fonts.gstatic.com/s/firasans/v10/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92bf2667e3434750097f9212feca904c5e7ac36d9155463d25d79f1415018219
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://keyheroes.de/
Origin
http://keyheroes.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 16:57:20 GMT
x-content-type-options
nosniff
age
77151
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22336
x-xss-protection
0
last-modified
Mon, 22 Jul 2019 19:22:45 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 25 Jan 2023 16:57:20 GMT
va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
fonts.gstatic.com/s/firasans/v10/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0803fe007fad869e084745368c965e8d55f9be108559cfd8a3d802cde1fe34c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://keyheroes.de/
Origin
http://keyheroes.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 17:17:21 GMT
x-content-type-options
nosniff
age
75950
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21304
x-xss-protection
0
last-modified
Mon, 22 Jul 2019 19:21:15 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 25 Jan 2023 17:17:21 GMT
va9C4kDNxMZdWfMOD5VvkrjJYTI.woff2
fonts.gstatic.com/s/firasans/v10/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/firasans/v10/va9C4kDNxMZdWfMOD5VvkrjJYTI.woff2
Requested by
Host: keyheroes.de
URL: http://keyheroes.de/chime-bank-accounts-targeted-in-phishing-scam-thieves.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88f34d90cb970c712d57f802cb4fd4fdcf3ba9a247a359b1c255f2b503b30766
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://keyheroes.de/
Origin
http://keyheroes.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 18:03:54 GMT
x-content-type-options
nosniff
age
159557
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22100
x-xss-protection
0
last-modified
Mon, 22 Jul 2019 19:22:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 24 Jan 2023 18:03:54 GMT

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer object| _Hasync string| ars object| atOptions function| chfh function| chfh2 string| _HST_cntval object| Histats object| google_tag_manager object| google_tag_data object| gaGlobal string| GoogleAnalyticsObject function| ga object| gaplugins object| gaData object| coll number| animationDelay function| calcMaxHeight function| onYouTubeIframeAPIReady object| _HistatsCounterGraphics_0_setValues

11 Cookies

Domain/Path Name / Value
keyheroes.de/ Name: HstCfa4622024
Value: 1643206991161
keyheroes.de/ Name: HstCla4622024
Value: 1643206991161
keyheroes.de/ Name: HstCmu4622024
Value: 1643206991161
keyheroes.de/ Name: HstPn4622024
Value: 1
keyheroes.de/ Name: HstPt4622024
Value: 1
keyheroes.de/ Name: HstCnv4622024
Value: 1
keyheroes.de/ Name: HstCns4622024
Value: 1
.keyheroes.de/ Name: _ga_8P6GQPN6ZJ
Value: GS1.1.1643206991.1.0.1643206991.0
.keyheroes.de/ Name: _ga
Value: GA1.2.617551466.1643206991
.keyheroes.de/ Name: _gid
Value: GA1.2.1401760693.1643206991
.keyheroes.de/ Name: _gat_gtag_UA_216029935_1
Value: 1

3 Console Messages

Source Level URL
Text
javascript warning URL: http://natsaw.co/arsae/ads/banner-loading.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://texttenderness.com/4e28748c470bf5e8bd31734637c17670/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: http://natsaw.co/arsae/ads/banner-loading.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://texttenderness.com/4e28748c470bf5e8bd31734637c17670/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: http://texttenderness.com/4e28748c470bf5e8bd31734637c17670/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fonts.gstatic.com
keyheroes.de
natsaw.co
s10.histats.com
s4.histats.com
texttenderness.com
www.google-analytics.com
www.googletagmanager.com
159.89.179.189
167.99.135.234
192.243.59.20
192.99.0.58
2606:4700::6810:125e
2a00:1450:4001:802::2003
2a00:1450:4001:810::200e
2a00:1450:4001:82f::2008
46.105.201.240
06d6e10886ed7de5561acab1935bce1c46174baa9cbd0bcb319aa3b69594131f
0803fe007fad869e084745368c965e8d55f9be108559cfd8a3d802cde1fe34c1
091c8d18b18ad6979e690fbebe9cab8362beef4fbfc810b8170020013debec8d
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
3845c33ea0f346bb30def23931b4807576c49faa06ecaf58c1efe754646eed80
56a5bd0ecaaeef7eda9b70120c85963b2a59934c604fe33d5f034a1cd2e7dc81
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ffeeb94fffa148c1849f1d4c1022cc512d4e33f2c1969de7614fae6be59abf1
78b095101e12d7ac95de7bfc3bfce58822b5645bca531b216af175106352f338
88f34d90cb970c712d57f802cb4fd4fdcf3ba9a247a359b1c255f2b503b30766
92bf2667e3434750097f9212feca904c5e7ac36d9155463d25d79f1415018219
9b91dd2d70515ee24d2e081f311212531daa18633d2f1c0f3c43e6614d4ad092
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
c603aa7d03c39b0a2a317d71c25e3b3ef6f1a2c3d855f457cb16377db02f9a91
ca0b35aa0f48d8359e7fce9feec83f90ed60c0b857cdf29784f0803b70de4e55
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f854db04346022d638299581eea650c0488c7e373122b4ef198054bebea24b5c