frisierstube-struwwelliese.de Open in urlscan Pro
2a00:17d8:200::221  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://addata.gov.ae/dataset/download.php?resource_id=12467&type=download&dataset_id=12465&publisher_id=7457&user_id=0&name=nationalaccountsestimates2010-2018&filename=https://bhutanculturalatlas.clcs.edu.bt/dir/ Page URL
2. https://bhutanculturalatlas.clcs.edu.bt/dir/ Page URL
3. https://frisierstube-struwwelliese.de/Doc.html Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	download.php addata.gov.ae/dataset/	782 B 1 KB	1170ms 127ms	Document text/html	185.66.17.2 ADNET
General Check archive.org Show headers Download Go to Full URL https://addata.gov.ae/dataset/download.php?resource_id=12467&type=download&dataset_id=12465&publisher_id=7457&user_id=0&name=nationalaccountsestimates2010-2018&filename=https://bhutanculturalatlas.clcs.edu.bt/dir/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.66.17.2 Abu Dhabi, United Arab Emirates, ASN201678 (ADNET, AE), Reverse DNS data.abudhabi Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 523 Content-Type text/html; charset=UTF-8 Date Wed, 09 Nov 2022 16:16:58 GMT Keep-Alive timeout=5, max=100 Vary Accept-Encoding
GET H2	200	analytics.js www.google-analytics.com/	49 KB 20 KB	52ms 14ms	Script text/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: addata.gov.ae URL: https://addata.gov.ae/dataset/download.php?resource_id=12467&type=download&dataset_id=12465&publisher_id=7457&user_id=0&name=nationalaccountsestimates2010-2018&filename=https://bhutanculturalatlas.clcs.edu.bt/dir/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://addata.gov.ae/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Wed, 09 Nov 2022 15:24:49 GMT last-modified Tue, 27 Sep 2022 22:01:05 GMT server Golfe2 age 3136 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20039 expires Wed, 09 Nov 2022 17:24:49 GMT
GET H/1.1	200 OK	/ bhutanculturalatlas.clcs.edu.bt/dir/	91 B 443 B	1066ms 184ms	Document text/html	103.133.216.72 DRUKREN-MOIC-AS M...
General Check archive.org Show headers Download Go to Full URL https://bhutanculturalatlas.clcs.edu.bt/dir/ Requested by Host: addata.gov.ae URL: https://addata.gov.ae/dataset/download.php?resource_id=12467&type=download&dataset_id=12465&publisher_id=7457&user_id=0&name=nationalaccountsestimates2010-2018&filename=https://bhutanculturalatlas.clcs.edu.bt/dir/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.133.216.72 , Bhutan, ASN134715 (DRUKREN-MOIC-AS Ministry of Information & Communications Thimphu, Bhutan, BT), Reverse DNS Software Apache/2.4.41 (Ubuntu) / Resource Hash Request headers Referer https://addata.gov.ae/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Length 107 Content-Type text/html Date Wed, 09 Nov 2022 16:17:06 GMT ETag "5b-5ed0b481f7e80-gzip" Keep-Alive timeout=5, max=100 Last-Modified Wed, 09 Nov 2022 15:26:34 GMT Server Apache/2.4.41 (Ubuntu) Vary Accept-Encoding
GET H2	200	linkid.js www.google-analytics.com/plugins/ua/	2 KB 1 KB	15ms 15ms	Script text/javascript	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/linkid.js Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://addata.gov.ae/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Wed, 09 Nov 2022 15:32:31 GMT content-encoding gzip x-content-type-options nosniff age 2674 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 859 x-xss-protection 0 last-modified Tue, 22 Oct 2019 18:15:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Wed, 09 Nov 2022 16:32:31 GMT
POST H2	200	collect www.google-analytics.com/j/	4 B 207 B	21ms 21ms	XHR text/plain	2a00:1450:4001:80e::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1400923363&t=pageview&_s=1&dl=https%3A%2F%2Faddata.gov.ae%2Fdataset%2Fdownload.php%3Fresource_id%3D12467%26type%3Ddownload%26dataset_id%3D12465%26publisher_id%3D7457%26user_id%3D0%26name%3Dnationalaccountsestimates2010-2018%26filename%3Dhttps%3A%2F%2Fbhutanculturalatlas.clcs.edu.bt%2Fdir%2F&dp=%2Fdataset%2Fdownload.php%3Fresource_id%3D12467%26type%3Ddownload%26dataset_id%3D12465%26publisher_id%3D7457%26user_id%3D0%26name%3Dnationalaccountsestimates2010-2018%26filename%3Dhttps%3A%2F%2Fbhutanculturalatlas.clcs.edu.bt%2Fdir%2F&ul=en-us&de=UTF-8&dt=Download%20%7C%20nationalaccountsestimates2010-2018&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAEAjAAAAACAAI~&jid=301907143&gjid=1691673677&cid=188148706.1668010626&uid=S56scFYk3z49J1l03u8Pso3g_zqowA_ap4M_Uvv_W88&tid=UA-161517930-1&_gid=689853260.1668010626&_r=1&_slc=1&z=309545686 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://addata.gov.ae/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 09 Nov 2022 16:17:05 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://addata.gov.ae cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect stats.g.doubleclick.net/j/	4 B 440 B	56ms 18ms	XHR text/plain	2a00:1450:400c:c00::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-161517930-1&cid=188148706.1668010626&jid=301907143&uid=S56scFYk3z49J1l03u8Pso3g_zqowA_ap4M_Uvv_W88&gjid=1691673677&_gid=689853260.1668010626&_u=aGBAAEAiAAAAACAAI~&z=1984365062 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://addata.gov.ae/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Wed, 09 Nov 2022 16:17:05 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://addata.gov.ae cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 501 B	106ms 50ms	Image image/gif	2a00:1450:4001:80b::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-161517930-1&cid=188148706.1668010626&jid=301907143&_u=aGBAAEAiAAAAACAAI~&z=1767544311 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://addata.gov.ae/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma no-cache date Wed, 09 Nov 2022 16:17:05 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	84ms 50ms	Image image/gif	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-161517930-1&cid=188148706.1668010626&jid=301907143&_u=aGBAAEAiAAAAACAAI~&z=1767544311 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://addata.gov.ae/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma no-cache date Wed, 09 Nov 2022 16:17:05 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	Primary Request Doc.html Show response frisierstube-struwwelliese.de/	2 KB 1 KB	55ms 15ms	Document text/html	2a00:17d8:200::221 ROUTING Franzstr. 51
General Check archive.org Show headers Download Go to Full URL https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a00:17d8:200::221 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE), Reverse DNS Software Apache / Resource Hash 0838c65e2dc0011f27f1516154112db1f8d8b2be86d4b2c8232253c884ea613e Request headers Referer https://bhutanculturalatlas.clcs.edu.bt/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html date Wed, 09 Nov 2022 16:17:06 GMT etag W/"67a-5ed0b771f2335" last-modified Wed, 09 Nov 2022 15:39:42 GMT server Apache vary Accept-Encoding
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/	90 KB 29 KB	61ms 42ms	Script application/javascript	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js Requested by Host: frisierstube-struwwelliese.de URL: https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://frisierstube-struwwelliese.de/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Wed, 09 Nov 2022 16:17:06 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1117389 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 29363 last-modified Mon, 04 May 2020 16:11:48 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec4-169d5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNQzYSzykGLQU%2BFU7L5HWA2cK3zQGEwxp1ndxEOEk3Lz1BxNXifzZ1YIzqTmUYL0UZO3%2BWkuDtauA6h6xideppzjNnCa9JgzlJck0Nv6MZLYHoC8lF1LvMtrAIy8ulis4seFZ%2FTfyWKURySfloHtaR2b"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 7677db510b409165-FRA expires Mon, 30 Oct 2023 16:17:06 GMT
POST H2	200	__-__.php Show response www.quadrocopterteile.at/	49 KB 7 KB	203ms 125ms	XHR text/html	81.19.159.55 WORLD4YOU
General Check archive.org Show headers Download Go to Full URL https://www.quadrocopterteile.at/__-__.php?_do=layout&email=[email] Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.19.159.55 , Austria, ASN38955 (WORLD4YOU, AT), Reverse DNS www55sni.world4you.com Software Apache / Resource Hash b8d733462c4da4b972934dea97e7f0b048b6cdcf6e5d00d8ced77c3174d95a92 Request headers Accept */* Referer https://frisierstube-struwwelliese.de/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Wed, 09 Nov 2022 16:17:06 GMT content-encoding gzip server Apache vary Accept-Encoding access-control-allow-methods PUT, GET, POST, DELETE, OPTIONS content-type text/html access-control-allow-origin * access-control-allow-headers *
GET H2	200	Converged_v21033__M8MTZS7Nv0I1zR18wdR-g2.css logincdn.msauth.net/16.000/	107 KB 20 KB	413ms 19ms	Stylesheet text/css	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://logincdn.msauth.net/16.000/Converged_v21033__M8MTZS7Nv0I1zR18wdR-g2.css Requested by Host: frisierstube-struwwelliese.de URL: https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CFC) / Resource Hash 6099ca3afb2bad6883021c5aa6941615a9e92428d9936d09c522c371f803cbdc Request headers accept-language de-DE,de;q=0.9 Referer https://frisierstube-struwwelliese.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Wed, 09 Nov 2022 16:17:07 GMT content-encoding gzip content-md5 eRgGUB/DLn4Fqo+te3OPNg== age 4786904 x-cache HIT content-length 19837 x-ms-lease-status unlocked last-modified Sat, 05 Jun 2021 05:23:03 GMT server ECAcc (frc/4CFC) etag 0x8D927E1FE3F2C1E vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 807ac7fe-701e-0052-08cd-c89062000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg logincdn.msauth.net/shared/1.0/content/images/	4 KB 2 KB	403ms 11ms	Image image/svg+xml	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg Requested by Host: frisierstube-struwwelliese.de URL: https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CFA) / Resource Hash 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a Request headers accept-language de-DE,de;q=0.9 Referer https://frisierstube-struwwelliese.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Wed, 09 Nov 2022 16:17:07 GMT content-encoding gzip content-md5 nzaLxFgP7ZB3dfMcaybWzw== age 4805399 x-cache HIT content-length 1435 x-ms-lease-status unlocked last-modified Wed, 22 Jan 2020 00:32:50 GMT server ECAcc (frc/4CFA) etag 0x8D79ED29CF0C29A vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 7e9702ad-301e-0071-45a2-c81d53000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg logincdn.msauth.net/shared/1.0/content/images/	2 KB 758 B	404ms 12ms	Image image/svg+xml	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg Requested by Host: frisierstube-struwwelliese.de URL: https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CF0) / Resource Hash a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea Request headers accept-language de-DE,de;q=0.9 Referer https://frisierstube-struwwelliese.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Wed, 09 Nov 2022 16:17:07 GMT content-encoding gzip content-md5 6dTbAT1RVL9d6geobv3IJg== age 4805386 x-cache HIT content-length 606 x-ms-lease-status unlocked last-modified Wed, 22 Jan 2020 00:32:48 GMT server ECAcc (frc/4CF0) etag 0x8D79ED29BA5E089 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 97bc8c67-e01e-0092-60a2-c89485000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg logincdn.msauth.net/shared/1.0/content/images/	513 B 429 B	414ms 23ms	Image image/svg+xml	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg Requested by Host: frisierstube-struwwelliese.de URL: https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CDC) / Resource Hash 34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58 Request headers accept-language de-DE,de;q=0.9 Referer https://frisierstube-struwwelliese.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Wed, 09 Nov 2022 16:17:07 GMT content-encoding gzip content-md5 TjUQkZ0p0Y7rbj6LJofS9Q== age 4805397 x-cache HIT content-length 276 x-ms-lease-status unlocked last-modified Wed, 22 Jan 2020 00:32:44 GMT server ECAcc (frc/4CDC) etag 0x8D79ED2994A7074 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 169d3ace-401e-004c-03a2-c8eea4000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	signin-options_4e48046ce74f4b89d45037c90576bfac.svg logincdn.msauth.net/shared/1.0/content/images/	2 KB 772 B	407ms 16ms	Image image/svg+xml	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg Requested by Host: frisierstube-struwwelliese.de URL: https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CA3) / Resource Hash 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93 Request headers accept-language de-DE,de;q=0.9 Referer https://frisierstube-struwwelliese.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Wed, 09 Nov 2022 16:17:07 GMT content-encoding gzip content-md5 R2FAVxfpONfnQAuxVxXbHg== age 4805396 x-cache HIT content-length 621 x-ms-lease-status unlocked last-modified Tue, 10 Nov 2020 03:41:25 GMT server ECAcc (frc/4CA3) etag 0x8D8852A7FCCA219 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 93218147-e01e-003f-78a2-c8201f000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	2_bc3d32a696895f78c19df6c717586a5d.svg logincdn.msauth.net/shared/1.0/content/images/backgrounds/	2 KB 1 KB	399ms 8ms	Image image/svg+xml	192.229.221.185 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg Requested by Host: frisierstube-struwwelliese.de URL: https://frisierstube-struwwelliese.de/Doc.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.185 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/4CE3) / Resource Hash 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68 Request headers accept-language de-DE,de;q=0.9 Referer https://frisierstube-struwwelliese.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Wed, 09 Nov 2022 16:17:07 GMT content-encoding gzip content-md5 DhdidjYrlCeaRJJRG/y9mA== age 4805399 x-cache HIT content-length 673 x-ms-lease-status unlocked last-modified Wed, 12 Feb 2020 22:01:42 GMT server ECAcc (frc/4CE3) etag 0x8D7B00724D9E930 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 4ff4f2cf-b01e-0074-1ba2-c808f2000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| ctf string| eml string| lnk string| hdata function| $ function| jQuery function| getUrlParameter function| loadJs function| isEmptyObject function| isObjectEmpty

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			addata.gov.ae/	1969-12-31 23:59:59	Name: BIGipServerADDATA-POOL Value: !9Ei8OT6V62sszZwZswebPBy7F8eouzDVhCl85IKi8+EicZsr3GYNQD0/eSdCZ9hzBAU4cbbcfJTE4YUjHtn+oMzrq/qz1l35iULwc8yBrCwcc+9bbVyRPdwyaS1th4F1bDP9Cyawk834QFx37/N9IRlL31LwJ2M=
			.addata.gov.ae/	1969-12-31 23:59:59	Name: TS015cfa68 Value: 011bd6b250373fb7b868763379311bc22558ac678e7e089235b2fafbd58cea34fb0be44621ef257311842041cff52e8093483ec9bb61923f3183d0edad0b94112e27b0f463
			.addata.gov.ae/	1970-01-20 16:56:10	Name: _ga Value: GA1.3.188148706.1668010626
			.addata.gov.ae/	1970-01-20 07:21:37	Name: _gid Value: GA1.3.689853260.1668010626
			.addata.gov.ae/	1970-01-20 07:20:10	Name: _gat Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://frisierstube-struwwelliese.de/Doc.html(Line 10) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://frisierstube-struwwelliese.de/Doc.html(Line 10) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addata.gov.ae
bhutanculturalatlas.clcs.edu.bt
cdnjs.cloudflare.com
frisierstube-struwwelliese.de
logincdn.msauth.net
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.quadrocopterteile.at
103.133.216.72
185.66.17.2
192.229.221.185
2606:4700::6811:190e
2a00:1450:4001:806::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:80e::200e
2a00:1450:400c:c00::9d
2a00:17d8:200::221
81.19.159.55
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0838c65e2dc0011f27f1516154112db1f8d8b2be86d4b2c8232253c884ea613e
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
6099ca3afb2bad6883021c5aa6941615a9e92428d9936d09c522c371f803cbdc
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
b8d733462c4da4b972934dea97e7f0b048b6cdcf6e5d00d8ced77c3174d95a92
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4