secureloginaccount.de Open in urlscan Pro
217.160.0.141 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://secureloginaccount.de/
Submission: On June 16 via api (June 16th 2022, 10:31:56 am UTC) from GB — Scanned from DE

Summary HTTP 27 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 27 HTTP transactions. The main IP is 217.160.0.141, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is secureloginaccount.de.

This is the only time secureloginaccount.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Immowelt (Real Estate)

Domain & IP information

	IP Address	AS Autonomous System
1	217.160.0.141 217.160.0.141	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
19	23.205.244.86 23.205.244.86	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	104.75.88.194 104.75.88.194	16625 (AKAMAI-AS) (AKAMAI-AS)
27	5

1 217.160.0.141 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-141.elastic-ssl.ui-r.com

secureloginaccount.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 23.205.244.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-244-86.deploy.static.akamaitechnologies.com

cdnglobal.immowelt.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
navigation.immowelt.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.194 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-194.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	immowelt.org cdnglobal.immowelt.org — Cisco Umbrella Rank: 223252 navigation.immowelt.org — Cisco Umbrella Rank: 218760	371 KB
4	gstatic.com www.gstatic.com	317 KB
2	google.com www.google.com — Cisco Umbrella Rank: 9	3 KB
1	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 951	17 KB
1	secureloginaccount.de secureloginaccount.de	7 KB
27	5

	Domain	Requested by
18	cdnglobal.immowelt.org	secureloginaccount.de navigation.immowelt.org cdnglobal.immowelt.org
4	www.gstatic.com	www.google.com www.gstatic.com
2	www.google.com	secureloginaccount.de www.gstatic.com
1	tags.tiqcdn.com	cdnglobal.immowelt.org
1	navigation.immowelt.org	secureloginaccount.de
1	secureloginaccount.de
27	6

This site contains links to these domains. Also see Links.

Domain
www.immowelt.de
immowelt.de

Subject Issuer	Validity	Valid
www.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://secureloginaccount.de/
Frame ID: E1F548E60DF005A5A18C25F7A99DDBA4
Requests: 23 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Le75mgaAAAAAP4-ibcH7P7VKbOF3j1gPoF0zPsw&co=aHR0cDovL3NlY3VyZWxvZ2luYWNjb3VudC5kZTo4MA..&hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&size=invisible&cb=55n90i39fe2i
Frame ID: CA43AD90D1D573503B8E876BB704B68C
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Immowelt

Page Statistics

27
Requests

22 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

714 kB
Transfer

1330 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.immowelt.de/

Search URL Search Domain Scan URL

URL: http://www.immowelt.de/

Search URL Search Domain Scan URL

URL: https://immowelt.de/zugangsdaten/passwort/vergessen?signin=target%3Dmeinbereich%26path%3D%252Fredirect%26agent%3DWEB
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: http://immowelt.de/myiw/meineimmowelt/index.aspx?registervisible
Title: Jetzt kostenfrei registrieren

Search URL Search Domain Scan URL

URL: http://immowelt.de/immoweltag/datenschutz
Title: Datenschutzerklärung

Search URL Search Domain Scan URL

URL: https://www.immowelt.de/immoweltag/agb
Title: AGB

Search URL Search Domain Scan URL

URL: https://www.immowelt.de/immoweltag/datenschutz
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.immowelt.de/immoweltag/impressum
Title: Impressum

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
secureloginaccount.de/ 32 KB
7 KB 135ms
57ms Document
text/html 217.160.0.141
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 217.160.0.141 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 217-160-0-141.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 3aa07c2708573320992bd1b8417d72d2b92bd4396714912eb4758a0679ffb5b7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 16 Jun 2022 10:31:51 GMT
ETag: W/"8149-5e13e53a26a24"
Keep-Alive: timeout=15
Last-Modified: Sun, 12 Jun 2022 11:18:10 GMT
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK main-immowelt.css
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/ 16 KB
4 KB 113ms
40ms Stylesheet
text/css 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 4ac31fb4a3de4b6c57f8450f9027d415bf15920efa71d687027f8432517f4125

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Connection: keep-alive
Content-Length: 3090
Last-Modified: Sun, 05 Jun 2022 10:26:56 GMT
Server: Akamai Resource Optimizer
ETag: "5165db4dca7b609d952d7c54074b95a1:1654165109.92358"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=4951022, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK navigation.js Show response
navigation.immowelt.org/v1/MINIMAL/0/ 45 KB
10 KB 209ms
119ms Script
application/javascript 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://navigation.immowelt.org/v1/MINIMAL/0/navigation.js
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c72075308daad7c1d79afe05df25f849497f5a43a5a55179270b59276d49866e

Request headers

Referer: http://secureloginaccount.de/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
ETag: "11e5a7f3f47850698b5337a40e664d08"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://www.immowelt.de
Access-Control-Max-Age: 86400
Cache-Control: max-age=1800
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 9633
Expires: Thu, 16 Jun 2022 10:41:43 GMT

GET
H/1.1 200
OK utag.js Show response
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/ 2 KB
1 KB 111ms
38ms Script
application/x-javascript 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/utag.js
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 1c952b451d0431b3afb9305054445f44bee630b74e5df7364dabfeee7d58d7d4

Request headers

Referer: http://secureloginaccount.de/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Connection: keep-alive
Content-Length: 772
Last-Modified: Sat, 04 Jun 2022 10:21:32 GMT
Server: Akamai Resource Optimizer
ETag: "4c6d8d96279fc331b405ccc1cdbfb461:1654165110.100288"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=4951022, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 974 B
1 KB 135ms
46ms Script
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6Le75mgaAAAAAP4-ibcH7P7VKbOF3j1gPoF0zPsw

Requested by

Host: secureloginaccount.de
URL: http://secureloginaccount.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6182b393d07174620e4a0d04c119251aa4151f55fb93ac35515a0ae2c91db322

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://secureloginaccount.de/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 16 Jun 2022 10:31:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 617
x-xss-protection: 1; mode=block
expires: Thu, 16 Jun 2022 10:31:51 GMT

GET
H/1.1 200
OK logo_immowelt.svg
cdnglobal.immowelt.org/global-assets/4.0.1/legacy/0/images/ 4 KB
2 KB 40ms
39ms Image
image/svg+xml 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/global-assets/4.0.1/legacy/0/images/logo_immowelt.svg
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Connection: keep-alive
Content-Length: 1580
Last-Modified: Fri, 22 Apr 2022 13:07:45 GMT
Server: Akamai Resource Optimizer
ETag: "12a36ea277732f464361d90291ad3224:1584713245.120842"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=2874916, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK icon-teaser-magnify.svg
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/icons-iw/ 2 KB
1 KB 42ms
42ms Image
image/svg+xml 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/icons-iw/icon-teaser-magnify.svg
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 95b6af6df04ea28daee05d78c1de48f9b386294a6a87503b9eae94d3e8ceff70

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=4
Connection: keep-alive
Content-Length: 876
Last-Modified: Sun, 05 Jun 2022 10:26:35 GMT
Server: Akamai Resource Optimizer
ETag: "4b6938455aa3d71d0405b5a67e1d5e38:1654165110.510334"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=5184000, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK icon-teaser-arrows.svg
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/icons-iw/ 2 KB
1 KB 42ms
42ms Image
image/svg+xml 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/icons-iw/icon-teaser-arrows.svg
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 667e25b67585a8da45125ea470976ef8ae9df1b8c9413388b32fc7a45549b632

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=4
Connection: keep-alive
Content-Length: 881
Last-Modified: Sun, 05 Jun 2022 10:26:35 GMT
Server: Akamai Resource Optimizer
ETag: "c8551e0ed6f820f4be47c4ad37c67330:1654165110.54297"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=5184000, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK main-immowelt.js Show response
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/ 22 KB
8 KB 113ms
41ms Script
application/x-javascript 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.js
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 76536537cbe5c47170816cd7d75198c2da2de49f280892b4ea59916fb7322c71

Request headers

Referer: http://secureloginaccount.de/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=2
Connection: keep-alive
Content-Length: 7364
Last-Modified: Sun, 05 Jun 2022 10:27:40 GMT
Server: Akamai Resource Optimizer
ETag: "ce8a7ea62cc09ea2cc447ee9ab6d3876:1654165109.952219"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=4951023, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ 367 KB
146 KB 124ms
40ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6Le75mgaAAAAAP4-ibcH7P7VKbOF3j1gPoF0zPsw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506336914f02f937120502bd21ebe49d3720829c2a09f6bc7f933baba246e14c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://secureloginaccount.de/
Origin: http://secureloginaccount.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 10:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148524
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 10:28:23 GMT

GET
H/1.1 200
OK minimal-0-header.css
cdnglobal.immowelt.org/navigation-ui/aa895189f75a733d719fc5f2409b0b218494d36b/css/ 1006 B
1 KB 38ms
38ms Stylesheet
text/css 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/navigation-ui/aa895189f75a733d719fc5f2409b0b218494d36b/css/minimal-0-header.css
Requested by: Host: navigation.immowelt.org
URL: http://navigation.immowelt.org/v1/MINIMAL/0/navigation.js
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 8c643cf092aae00273e2163a89a756093f1a44bb79acefc0421f2d164806498a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Connection: keep-alive
Content-Length: 413
Last-Modified: Tue, 19 Apr 2022 11:29:39 GMT
Server: Akamai Resource Optimizer
ETag: "1c83ab44fb80e33960d085b8e11f163c:1649235048.242842"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=4935265, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK logo_immowelt.svg
cdnglobal.immowelt.org/global-assets/4.3.0/legacy/0/images/ 4 KB
2 KB 38ms
38ms Image
image/svg+xml 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/global-assets/4.3.0/legacy/0/images/logo_immowelt.svg
Requested by: Host: secureloginaccount.de
URL: http://secureloginaccount.de/
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Connection: keep-alive
Content-Length: 1580
Last-Modified: Fri, 18 Feb 2022 00:23:44 GMT
Server: Akamai Resource Optimizer
ETag: "12a36ea277732f464361d90291ad3224:1616750426.02394"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=4935265, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK minimal-0-footer.css
cdnglobal.immowelt.org/navigation-ui/aa895189f75a733d719fc5f2409b0b218494d36b/css/ 463 B
886 B 59ms
37ms Stylesheet
text/css 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/navigation-ui/aa895189f75a733d719fc5f2409b0b218494d36b/css/minimal-0-footer.css
Requested by: Host: navigation.immowelt.org
URL: http://navigation.immowelt.org/v1/MINIMAL/0/navigation.js
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 82f4ee0332972e2ff06e0a60eb98a465865e88e0fbd24ba2a03a4114dfe68fa0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Connection: keep-alive
Content-Length: 246
Last-Modified: Fri, 22 Apr 2022 07:00:31 GMT
Server: Akamai Resource Optimizer
ETag: "b2a529235bf5f9f985043c8cc9174af6:1650439616.649062"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=1888569, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK minimal-0-footer.js Show response
cdnglobal.immowelt.org/navigation-ui/aa895189f75a733d719fc5f2409b0b218494d36b/ 2 KB
2 KB 85ms
53ms Script
application/x-javascript 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/navigation-ui/aa895189f75a733d719fc5f2409b0b218494d36b/minimal-0-footer.js
Requested by: Host: navigation.immowelt.org
URL: http://navigation.immowelt.org/v1/MINIMAL/0/navigation.js
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: b80362eb6311ca21a05ad6f71ad69a678e89336e262501f377cb0ac50e7a95b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=2
Connection: keep-alive
Content-Length: 1054
Last-Modified: Wed, 20 Apr 2022 05:45:07 GMT
Server: Akamai Resource Optimizer
ETag: "7316bd6b3bc5951fe377b6d9d828defd:1649235048.14773"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=4935265, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK eye_off.svg
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/ 748 B
1 KB 69ms
41ms Image
image/svg+xml 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/eye_off.svg
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: c9b195475a3f38e0828aded7ea31494e35f49052b44644f9718d4946e81c8f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=4
Connection: keep-alive
Content-Length: 435
Last-Modified: Sun, 05 Jun 2022 10:27:18 GMT
Server: Akamai Resource Optimizer
ETag: "50dba41881ff70430c6589473fc300c4:1654165110.416306"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=5184000, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK arrow-right.svg
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/ 801 B
1 KB 40ms
40ms Image
image/svg+xml 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/arrow-right.svg
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 451770ba091160eee511e9e1ad0ec7681f8d1849614081afa350c8093e9828f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=4
Connection: keep-alive
Content-Length: 487
Last-Modified: Sun, 05 Jun 2022 10:27:05 GMT
Server: Akamai Resource Optimizer
ETag: "c3b166645313ca63e2910da99f97abb4:1654165110.416738"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=5184000, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK lock.svg
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/ 2 KB
1 KB 38ms
38ms Image
image/svg+xml 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/icons/lock.svg
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: ff5a7ccafdf5655b806f5fc619bd47fb43e9858021a5d72e742dd5f647e8ffee

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Connection: keep-alive
Content-Length: 752
Last-Modified: Sun, 05 Jun 2022 10:26:24 GMT
Server: Akamai Resource Optimizer
ETag: "3d56b55f1782f3856540a9389156a995:1654165110.386878"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=4951024, max-age=8640000
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK login-default-lgm.jpg
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/teaser/ 132 KB
133 KB 47ms
47ms Image
image/jpeg 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/images/teaser/login-default-lgm.jpg
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: eee230b896f349558bb52c66ffe6d2428452a5f0de5860fc3ac57c3e161bfb5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Last-Modified: Thu, 02 Jun 2022 10:18:30 GMT
Server: AkamaiNetStorage
Connection: keep-alive
ETag: "0c8b3467f9256fc4e46dca096fdf5c43:1654165110.402149"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=8640000
Access-Control-Allow-Credentials: false
Server-Timing: cdn-cache; desc=HIT, edge; dur=10
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 135408

GET
H/1.1 200
OK OpenSans-Light.woff2
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/ 45 KB
45 KB 74ms
38ms Font
font/woff2 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/OpenSans-Light.woff2
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1e2ca939c8ea6e474d75968c821c6b0e9a7d326dab593bb97478012372b20617

Request headers

Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Origin: http://secureloginaccount.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Last-Modified: Thu, 02 Jun 2022 10:18:30 GMT
Server: AkamaiNetStorage
Connection: keep-alive
ETag: "39d27e13dce3dfe4cdc70a281ccdf113:1654165110.114715"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=8640000
Access-Control-Allow-Credentials: false
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 45900

GET
H/1.1 200
OK OpenSans-Regular.woff2
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/ 46 KB
46 KB 84ms
48ms Font
font/woff2 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/OpenSans-Regular.woff2
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3

Request headers

Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Origin: http://secureloginaccount.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Last-Modified: Thu, 02 Jun 2022 10:18:30 GMT
Server: AkamaiNetStorage
Connection: keep-alive
ETag: "55835483c304eaa8477fea2c36abba17:1654165110.245182"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=8640000
Access-Control-Allow-Credentials: false
Server-Timing: cdn-cache; desc=HIT, edge; dur=11
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 47016

GET
H/1.1 200
OK OpenSans-Bold.woff2
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/ 46 KB
46 KB 75ms
38ms Font
font/woff2 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/OpenSans-Bold.woff2
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c1c24d6a7ce4bd24b1f3f51ab6f74667c94263fa4b109cc3ff32f4f22848087f

Request headers

Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Origin: http://secureloginaccount.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Last-Modified: Thu, 02 Jun 2022 10:18:30 GMT
Server: AkamaiNetStorage
Connection: keep-alive
ETag: "3326e4d74d3924ee1c882c29f5b571c0:1654165110.182725"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=8640000
Access-Control-Allow-Credentials: false
Server-Timing: cdn-cache; desc=HIT, edge; dur=2
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 46676

GET
H/1.1 200
OK OpenSans-Semibold.woff2
cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/ 62 KB
63 KB 74ms
38ms Font
font/woff2 23.205.244.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/fonts/OpenSans-Semibold.woff2
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Protocol: HTTP/1.1
Server: 23.205.244.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-244-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: df0231affb521137bf135898b6ce4c2ce59a79e3e23068a673868366c7ac68bb

Request headers

Referer: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.css
Origin: http://secureloginaccount.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:51 GMT
Last-Modified: Thu, 02 Jun 2022 10:18:30 GMT
Server: AkamaiNetStorage
Connection: keep-alive
ETag: "08952b029e4decbc8ef9fb553cae8cea:1654165110.178134"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=8640000
Access-Control-Allow-Credentials: false
Server-Timing: cdn-cache; desc=HIT, edge; dur=1
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 63728

GET
H/1.1 200
OK utag.js Show response
tags.tiqcdn.com/utag/immoweltgroup/web.immowelt.secure/prod/ 68 KB
17 KB 280ms
228ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://tags.tiqcdn.com/utag/immoweltgroup/web.immowelt.secure/prod/utag.js
Requested by: Host: cdnglobal.immowelt.org
URL: http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/utag.js
Protocol: HTTP/1.1
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1288bb79539e4074ec9ea2a6606a0be436e6d3a630e659ed7cd62a3afc69c672

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://secureloginaccount.de/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 10:31:52 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 May 2022 16:53:12 GMT
Server: AkamaiNetStorage
ETag: "f4b0cedb4cbc063c78179667f2d4b859:1652115192.56263"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=300
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16746
Expires: Thu, 16 Jun 2022 10:36:52 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame CA43 8 KB
2 KB 48ms
47ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Le75mgaAAAAAP4-ibcH7P7VKbOF3j1gPoF0zPsw&co=aHR0cDovL3NlY3VyZWxvZ2luYWNjb3VudC5kZTo4MA..&hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&size=invisible&cb=55n90i39fe2i

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

24b347da4d7433fb091a4ffef539555f5eecf6d937853aabc35543128e755c66

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VV2FjZ32pSzwCxg_Cw-P_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://secureloginaccount.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 1132
content-security-policy: script-src 'report-sample' 'nonce-VV2FjZ32pSzwCxg_Cw-P_Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 10:31:52 GMT
expires: Thu, 16 Jun 2022 10:31:52 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ Frame CA43 51 KB
24 KB 120ms
40ms Stylesheet
text/css 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Le75mgaAAAAAP4-ibcH7P7VKbOF3j1gPoF0zPsw&co=aHR0cDovL3NlY3VyZWxvZ2luYWNjb3VudC5kZTo4MA..&hl=de&v=g9jXH0OtfQet-V0Aewq23c7K&size=invisible&cb=55n90i39fe2i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 10:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 10:28:23 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/ Frame CA43 367 KB
145 KB 118ms
40ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506336914f02f937120502bd21ebe49d3720829c2a09f6bc7f933baba246e14c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 16 Jun 2022 10:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148524
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 04:02:41 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 10:28:23 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame CA43 2 KB
2 KB 37ms
37ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/g9jXH0OtfQet-V0Aewq23c7K/styles__ltr.css
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Tue, 14 Jun 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 142324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 21 Jun 2022 18:59:48 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Immowelt (Real Estate)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: http://secureloginaccount.de/(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://navigation.immowelt.org/v1/MINIMAL/0/navigation.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://secureloginaccount.de/(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://navigation.immowelt.org/v1/MINIMAL/0/navigation.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://secureloginaccount.de/(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/utag.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://secureloginaccount.de/(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.google.com/recaptcha/enterprise.js?render=6Le75mgaAAAAAP4-ibcH7P7VKbOF3j1gPoF0zPsw, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://secureloginaccount.de/(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://cdnglobal.immowelt.org/signin-ui/d3aaac2a5fd16f3d5e24ffe5dadb900efb84a129/main-immowelt.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnglobal.immowelt.org
navigation.immowelt.org
secureloginaccount.de
tags.tiqcdn.com
www.google.com
www.gstatic.com
104.75.88.194
217.160.0.141
23.205.244.86
2a00:1450:4001:803::2004
2a00:1450:4001:810::2003
1288bb79539e4074ec9ea2a6606a0be436e6d3a630e659ed7cd62a3afc69c672
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c952b451d0431b3afb9305054445f44bee630b74e5df7364dabfeee7d58d7d4
1e2ca939c8ea6e474d75968c821c6b0e9a7d326dab593bb97478012372b20617
23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a
24b347da4d7433fb091a4ffef539555f5eecf6d937853aabc35543128e755c66
3aa07c2708573320992bd1b8417d72d2b92bd4396714912eb4758a0679ffb5b7
451770ba091160eee511e9e1ad0ec7681f8d1849614081afa350c8093e9828f2
4ac31fb4a3de4b6c57f8450f9027d415bf15920efa71d687027f8432517f4125
4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3
506336914f02f937120502bd21ebe49d3720829c2a09f6bc7f933baba246e14c
6182b393d07174620e4a0d04c119251aa4151f55fb93ac35515a0ae2c91db322
667e25b67585a8da45125ea470976ef8ae9df1b8c9413388b32fc7a45549b632
76536537cbe5c47170816cd7d75198c2da2de49f280892b4ea59916fb7322c71
82f4ee0332972e2ff06e0a60eb98a465865e88e0fbd24ba2a03a4114dfe68fa0
8c643cf092aae00273e2163a89a756093f1a44bb79acefc0421f2d164806498a
95b6af6df04ea28daee05d78c1de48f9b386294a6a87503b9eae94d3e8ceff70
b80362eb6311ca21a05ad6f71ad69a678e89336e262501f377cb0ac50e7a95b6
c1c24d6a7ce4bd24b1f3f51ab6f74667c94263fa4b109cc3ff32f4f22848087f
c72075308daad7c1d79afe05df25f849497f5a43a5a55179270b59276d49866e
c9b195475a3f38e0828aded7ea31494e35f49052b44644f9718d4946e81c8f63
df0231affb521137bf135898b6ce4c2ce59a79e3e23068a673868366c7ac68bb
eee230b896f349558bb52c66ffe6d2428452a5f0de5860fc3ac57c3e161bfb5a
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
ff5a7ccafdf5655b806f5fc619bd47fb43e9858021a5d72e742dd5f647e8ffee

secureloginaccount.de Open in urlscan Pro 217.160.0.141 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

27 Requests

22 %HTTPS

40 %IPv6

5 Domains

6 Subdomains

5 IPs

1 Countries

714 kBTransfer

1330 kBSize

0 Cookies

8 Outgoing links

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

5 Console Messages

secureloginaccount.de Open in urlscan Pro
217.160.0.141 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

22 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

714 kB
Transfer

1330 kB
Size

0
Cookies

27 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!