heilpraktikerin-edhofer.de Open in urlscan Pro
2a01:488:42:1000:50ed:8508:ffba:9028 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/index.php
Effective URL:
http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636...
Submission: On February 28 via automatic, source phishtank (February 28th 2017, 5:22:59 pm UTC)

Summary HTTP 11 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 2a01:488:42:1000:50ed:8508:ffba:9028, located in Germany and belongs to . The main domain is heilpraktikerin-edhofer.de.

This is the only time heilpraktikerin-edhofer.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	2a01:488:42:1... 2a01:488:42:1000:50ed:8508:ffba:9028	() ()
1	2a00:1450:400... 2a00:1450:400f:808::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
4	2a00:1450:400... 2a00:1450:400f:808::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
11	4

4 2a01:488:42:1000:50ed:8508:ffba:9028 (Germany)

ASN- ()

heilpraktikerin-edhofer.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400f:808::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400f:808::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	gstatic.com ssl.gstatic.com fonts.gstatic.com	26 KB
4	heilpraktikerin-edhofer.de heilpraktikerin-edhofer.de	78 KB
1	googleapis.com fonts.googleapis.com	833 B
0	youtube.com Failed accounts.youtube.com Failed
11	4

	Domain	Requested by
4	heilpraktikerin-edhofer.de	heilpraktikerin-edhofer.de
3	ssl.gstatic.com	heilpraktikerin-edhofer.de
1	fonts.gstatic.com	heilpraktikerin-edhofer.de
1	fonts.googleapis.com	heilpraktikerin-edhofer.de
0	accounts.youtube.com Failed	heilpraktikerin-edhofer.de
11	5

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
www.google.com

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Frame ID: 2896.1
Requests: 10 HTTP requests in this frame

Frame: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1008331565&timestamp=1488302572734
Frame ID: 2896.2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/index.php Page URL
http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&... Page URL

Page Statistics

11
Requests

0 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

105 kB
Transfer

109 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://support.google.com/accounts/?p=securesignin&hl=en
Title: Learn more

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=NG&hl=en
Title: Privacy & Terms

Search URL Search Domain Scan URL

URL: http://www.google.com/support/accounts?hl=en
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/index.php Page URL
http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK index.php Show response
heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/ 697 B
697 B 40ms
30ms Document
text/html 2a01:488:42:1000:50ed:8508:ffba:9028

General

Check archive.org

Show headers Download Go to

Full URL: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/index.php
Protocol: HTTP/1.1
Server: 2a01:488:42:1000:50ed:8508:ffba:9028 , Germany, ASN (),
Reverse DNS
Software: Apache /
Resource Hash: eaa08ae1b44e191ee2584327b0fea3722643aa864e992603fb755d941de6c23a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: heilpraktikerin-edhofer.de
Accept-Language: en-US,en;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Tue, 28 Feb 2017 17:22:52 GMT
Server: Apache
Connection: keep-alive
Content-Length: 697
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Primary Request login.php Show response
heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/ 71 KB
71 KB 31ms
30ms Document
text/html 2a01:488:42:1000:50ed:8508:ffba:9028

General

Check archive.org

Show headers Download Go to

Full URL: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Requested by: Host: heilpraktikerin-edhofer.de
URL: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/index.php
Protocol: HTTP/1.1
Server: 2a01:488:42:1000:50ed:8508:ffba:9028 , Germany, ASN (),
Reverse DNS
Software: Apache /
Resource Hash: f914c8746fe37f99fd0d0d0ca4b1dd4bfd52d1e5fb448b7fd8326eaa4c49cc11

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: heilpraktikerin-edhofer.de
Accept-Language: en-US,en;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/index.php
Connection: keep-alive
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/index.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Tue, 28 Feb 2017 17:22:52 GMT
Server: Apache
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET favicon.ico
heilpraktikerin-edhofer.de/ 0
0

GET
H/1.1 200
OK css
fonts.googleapis.com/ 5 KB
833 B 74ms
43ms Stylesheet
text/css 2a00:1450:400f:808::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Open+Sans:300,400&lang=en

Requested by

Host: heilpraktikerin-edhofer.de
URL: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51

Protocol

HTTP/1.1

Server

2a00:1450:400f:808::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

8ad039a0d4b4e5462fe6059f9f0bc32d7dc48d7a0de55c76e3f8878b47a4ea2b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: fonts.googleapis.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Connection: keep-alive
Cache-Control: no-cache
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Tue, 28 Feb 2017 17:22:52 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Feb 2017 17:22:52 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 1; mode=block
Expires: Tue, 28 Feb 2017 17:22:52 GMT

GET
H/1.1 200
OK webmail.png
heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/ 5 KB
5 KB 36ms
36ms Image
image/png 2a01:488:42:1000:50ed:8508:ffba:9028

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/webmail.png
Requested by: Host: heilpraktikerin-edhofer.de
URL: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Protocol: HTTP/1.1
Server: 2a01:488:42:1000:50ed:8508:ffba:9028 , Germany, ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b46489ae1acb851951d505c371cc4195517c9874a035db09d17d207fe1f03981

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: heilpraktikerin-edhofer.de
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Connection: keep-alive
Cache-Control: no-cache
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Tue, 28 Feb 2017 17:22:52 GMT
Last-Modified: Wed, 25 May 2016 19:02:48 GMT
Server: Apache
ETag: "1527-533af51c96600"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5415

GET
H/1.1 200
OK logo_strip_2x.png
ssl.gstatic.com/accounts/ui/ 10 KB
10 KB 65ms
34ms Image
image/png 2a00:1450:400f:808::2003
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://ssl.gstatic.com/accounts/ui/logo_strip_2x.png

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:400f:808::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

b2d3305551055e5d28aea38f218ee6ff6006afb8c80cc4f206a206bcb758df7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: ssl.gstatic.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Connection: keep-alive
Cache-Control: no-cache
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Mon, 27 Feb 2017 13:06:39 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: sffe
Age: 101773
Content-Type: image/png
Cache-Control: public, max-age=31536000
Content-Length: 10297
X-XSS-Protection: 1; mode=block
Expires: Tue, 27 Feb 2018 13:06:39 GMT

GET
H/1.1 200
OK universal_language_settings-21.png
ssl.gstatic.com/images/icons/ui/common/ 199 B
199 B 65ms
31ms Image
image/png 2a00:1450:400f:808::2003
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:400f:808::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: ssl.gstatic.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Connection: keep-alive
Cache-Control: no-cache
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Wed, 11 Jan 2017 10:25:05 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: sffe
Age: 4172267
Content-Type: image/png
Cache-Control: public, max-age=31536000
Content-Length: 199
X-XSS-Protection: 1; mode=block
Expires: Thu, 11 Jan 2018 10:25:05 GMT

GET
H/1.1 200
OK checkmark.png
ssl.gstatic.com/ui/v1/menu/ 239 B
239 B 66ms
35ms Image
image/png 2a00:1450:400f:808::2003
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://ssl.gstatic.com/ui/v1/menu/checkmark.png

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:400f:808::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: ssl.gstatic.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Connection: keep-alive
Cache-Control: no-cache
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Sat, 25 Feb 2017 22:01:37 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
Server: sffe
Age: 242475
Vary: Origin
Content-Type: image/png
Cache-Control: public, max-age=31536000
Content-Length: 239
X-XSS-Protection: 1; mode=block
Expires: Sun, 25 Feb 2018 22:01:37 GMT

GET
H/1.1 200
OK DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/opensans/v13/ 16 KB
16 KB 58ms
33ms Font
font/woff2 2a00:1450:400f:808::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v13/DXI1ORHCpsQm3Vp6mXoaTegdm0LZdjqr5-oayXSOefg.woff2

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:400f:808::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

1f1ab7f1b22c02d93e5bd37b04e7e848afd14337697f652c1454d14e801676f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Origin: http://heilpraktikerin-edhofer.de
Accept-Encoding: gzip, deflate, sdch
Host: fonts.gstatic.com
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Referer: http://fonts.googleapis.com/css?family=Open+Sans:300,400&lang=en
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Referer: http://fonts.googleapis.com/css?family=Open+Sans:300,400&lang=en
Origin: http://heilpraktikerin-edhofer.de

Response headers

Date: Thu, 23 Feb 2017 19:53:17 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Apr 2015 23:46:44 GMT
Server: sffe
Age: 422975
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Timing-Allow-Origin: *
Content-Length: 16152
X-XSS-Protection: 1; mode=block
Expires: Fri, 23 Feb 2018 19:53:17 GMT

GET CheckConnection
accounts.youtube.com/accounts/ Frame 2896 0
0

GET
H/1.1 200
OK favicon.ico
heilpraktikerin-edhofer.de/ 1 KB
1 KB 29ms
29ms Other
image/x-icon 2a01:488:42:1000:50ed:8508:ffba:9028

General

Check archive.org

Show headers Download Go to

Full URL: http://heilpraktikerin-edhofer.de/favicon.ico
Protocol: HTTP/1.1
Server: 2a01:488:42:1000:50ed:8508:ffba:9028 , Germany, ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 3550474f9a466ace7857064d81db50a25ba7c81de043bc9df8289bd90e32e411

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, sdch
Host: heilpraktikerin-edhofer.de
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: image/webp,image/*,*/*;q=0.8
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
Connection: keep-alive
Cache-Control: no-cache
Referer: http://heilpraktikerin-edhofer.de/wp-includes/pomo/webmail1/provider/provider/webmail/login.php?TYPE=33554432&REALMOID=06-0009e636-2168-1136-8a29-43140ac41026&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-wV%2fCpi8JK9vR1wGBfQLKhfjnzz0qWk9phIDhj0NxAcm2IHB9RdAN2UPeEjvfQs1c&TARGET=cfab62da0a1e39f0da9ac6f3ee7aaf51cfab62da0a1e39f0da9ac6f3ee7aaf51
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response headers

Date: Tue, 28 Feb 2017 17:22:52 GMT
Last-Modified: Tue, 10 Jul 2012 07:43:06 GMT
Server: Apache
ETag: "47e-4c474e189d680"
Content-Type: image/x-icon
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1150

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: heilpraktikerin-edhofer.de
URL: http://heilpraktikerin-edhofer.de/favicon.ico

Domain: accounts.youtube.com
URL: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1008331565&timestamp=1488302572734

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.youtube.com
fonts.googleapis.com
fonts.gstatic.com
heilpraktikerin-edhofer.de
ssl.gstatic.com
accounts.youtube.com
heilpraktikerin-edhofer.de
2a00:1450:400f:808::2003
2a00:1450:400f:808::200a
2a01:488:42:1000:50ed:8508:ffba:9028
1f1ab7f1b22c02d93e5bd37b04e7e848afd14337697f652c1454d14e801676f2
2210e36b5b21e54cd4dc2ccdcc06138db8598d704ebf19052e5caa84edb4a675
3550474f9a466ace7857064d81db50a25ba7c81de043bc9df8289bd90e32e411
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
8ad039a0d4b4e5462fe6059f9f0bc32d7dc48d7a0de55c76e3f8878b47a4ea2b
b2d3305551055e5d28aea38f218ee6ff6006afb8c80cc4f206a206bcb758df7c
b46489ae1acb851951d505c371cc4195517c9874a035db09d17d207fe1f03981
eaa08ae1b44e191ee2584327b0fea3722643aa864e992603fb755d941de6c23a
f914c8746fe37f99fd0d0d0ca4b1dd4bfd52d1e5fb448b7fd8326eaa4c49cc11

heilpraktikerin-edhofer.de Open in urlscan Pro 2a01:488:42:1000:50ed:8508:ffba:9028 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

11 Requests

0 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

4 IPs

2 Countries

105 kBTransfer

109 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

heilpraktikerin-edhofer.de Open in urlscan Pro
2a01:488:42:1000:50ed:8508:ffba:9028 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

105 kB
Transfer

109 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!