urlscan.io logo urlscan.io
SecurityTrails logo

elektrostehroller.net Open in urlscan Pro
138.201.18.59  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://elektrostehroller.net/.-o/?msmith%40pvamu.edu
Effective URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081...
Submission Tags: falconsandbox
Submission: On January 20 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 17 HTTP transactions. The main IP is 138.201.18.59, located in Landshut, Germany and belongs to HETZNER-AS, DE. The main domain is elektrostehroller.net.
TLS certificate: Issued by R3 on December 25th 2020. Valid for: 3 months.
This is the only time elektrostehroller.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
4 18 138.201.18.59 24940 (HETZNER-AS)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
17 3
Apex Domain
Subdomains		 Transfer
18 elektrostehroller.net
elektrostehroller.net
72 KB
2 google.com
www.google.com
729 B
1 gstatic.com
www.gstatic.com
131 KB
17 3
Domain Requested by
18 elektrostehroller.net 4 redirects elektrostehroller.net
2 www.google.com elektrostehroller.net
www.gstatic.com
1 www.gstatic.com www.google.com
17 3

This site contains no links.

Subject Issuer Validity Valid
*.elektrostehroller.net
R3		 2020-12-25 -
2021-03-25		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Frame ID: DA86F39F81D1BC0A216744B92A2C0675
Requests: 16 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeiQDMaAAAAALmuBfdhiz74cD9AfVFUiInPZ_J0&co=aHR0cHM6Ly9lbGVrdHJvc3RlaHJvbGxlci5uZXQ6NDQz&hl=en&v=r8jtf1oixV0IGff4hgB4EzDF&size=invisible&cb=kpian42p260w
Frame ID: 26B8F698CAB6949B61FA97AECF2B20AB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://elektrostehroller.net/.-o/?msmith%40pvamu.edu HTTP 302
    https://elektrostehroller.net/.-o/proc?referrer=msmith@pvamu.edu HTTP 302
    https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0N... Page URL
  2. https://elektrostehroller.net/.-o/home HTTP 302
    https://elektrostehroller.net/.-o/proceed?data=msmith@pvamu.edu HTTP 302
    https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3u... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

202 kB
Transfer

496 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://elektrostehroller.net/.-o/?msmith%40pvamu.edu HTTP 302
    https://elektrostehroller.net/.-o/proc?referrer=msmith@pvamu.edu HTTP 302
    https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA== Page URL
  2. https://elektrostehroller.net/.-o/home HTTP 302
    https://elektrostehroller.net/.-o/proceed?data=msmith@pvamu.edu HTTP 302
    https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://elektrostehroller.net/.-o/?msmith%40pvamu.edu HTTP 302
  • https://elektrostehroller.net/.-o/proc?referrer=msmith@pvamu.edu HTTP 302
  • https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
proc
elektrostehroller.net/.-o/
Redirect Chain
  • https://elektrostehroller.net/.-o/?msmith%40pvamu.edu
  • https://elektrostehroller.net/.-o/proc?referrer=msmith@pvamu.edu
  • https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
1 KB
982 B 		Document
General
Check archive.org
Download Go to
Full URL
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
cb310f9a318f49ce0a5ab7bb2b2e2d414267c168023b315c1e45ac92f89ea6cc

Request headers

Host
elektrostehroller.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=79535b5529463d42405315a12fb44eed
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:04 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
637
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Wed, 20 Jan 2021 21:00:03 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=79535b5529463d42405315a12fb44eed; path=/
Location
?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
Content-Length
0
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
api.js
www.google.com/recaptcha/ 		884 B
729 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LeiQDMaAAAAALmuBfdhiz74cD9AfVFUiInPZ_J0
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
027d8049a78724303fd3fdf285f1c4a78274fb4733eaf79ce59fc3898db87d72
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 21:00:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
586
x-xss-protection
1; mode=block
expires
Wed, 20 Jan 2021 21:00:04 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/ 		335 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LeiQDMaAAAAALmuBfdhiz74cD9AfVFUiInPZ_J0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d19fffadd3448844a6dbe84367829270272056216face9083c9c01feccbf967e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://elektrostehroller.net
Referer
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 20:00:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3601
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133675
x-xss-protection
0
last-modified
Mon, 11 Jan 2021 03:18:18 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Jan 2022 20:00:03 GMT
anchor
www.google.com/recaptcha/api2/ Frame 26B8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeiQDMaAAAAALmuBfdhiz74cD9AfVFUiInPZ_J0&co=aHR0cHM6Ly9lbGVrdHJvc3RlaHJvbGxlci5uZXQ6NDQz&hl=en&v=r8jtf1oixV0IGff4hgB4EzDF&size=invisible&cb=kpian42p260w
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-qaiybC6RmSDVUMseKLFtaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LeiQDMaAAAAALmuBfdhiz74cD9AfVFUiInPZ_J0&co=aHR0cHM6Ly9lbGVrdHJvc3RlaHJvbGxlci5uZXQ6NDQz&hl=en&v=r8jtf1oixV0IGff4hgB4EzDF&size=invisible&cb=kpian42p260w
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 20 Jan 2021 21:00:04 GMT
content-security-policy
script-src 'report-sample' 'nonce-qaiybC6RmSDVUMseKLFtaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10373
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Primary Request 1cl0ifkun2jtrwe6sx98avyh.php
elektrostehroller.net/.-o/
Redirect Chain
  • https://elektrostehroller.net/.-o/home
  • https://elektrostehroller.net/.-o/proceed?data=msmith@pvamu.edu
  • https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVk...
16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
bdf5cbd845dc385330f53ec907478ff290bf2a80957e97a06e6212ab21ee7e0b

Request headers

Host
elektrostehroller.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=79535b5529463d42405315a12fb44eed
Upgrade-Insecure-Requests
1
Origin
https://elektrostehroller.net
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://elektrostehroller.net/.-o/proc?csrftoken=MTYxMTE3NjQwM2U3MDRjMDhlZmFhODllZDRiZDE2NmU4ODNlY2E3ZTU0NjQ3YTMxMWU0NzZjYjQwNWY0ZTIwZmI4ZWMxMmVlODI0NjBlNDM0OA==

Response headers

Date
Wed, 20 Jan 2021 21:00:07 GMT
Server
Apache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
4905
Keep-Alive
timeout=5, max=95
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Wed, 20 Jan 2021 21:00:06 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Location
/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Content-Length
0
Keep-Alive
timeout=5, max=96
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
conv.css
elektrostehroller.net/.-o/css/ 		95 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://elektrostehroller.net/.-o/css/conv.css
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
8d4af5ec8c33b5dc0cbc32ca17e405c2f596eb7864257e92280122a1278a1e57

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
17450
Expires
max-age=A10368000, public
mcsft_logo.svg
elektrostehroller.net/.-o/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/mcsft_logo.svg
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=93
Content-Length
1435
Expires
max-age=A10368000, public
arrow_left.svg
elektrostehroller.net/.-o/images/ 		513 B
650 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/arrow_left.svg
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
276
Expires
max-age=A10368000, public
enterpass.png
elektrostehroller.net/.-o/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/enterpass.png
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
706de242e7c3cfc4b16ba8174723f26fb80566c3171e9e795f057476011a5de1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1446
Expires
max-age=A10368000, public
firstmsg.png
elektrostehroller.net/.-o/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/firstmsg.png
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
a786093bdf9daf5be1aed36749e4c052ba78ee135e3c4c38f9371916bde55a4f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Last-Modified
Tue, 04 Feb 2020 18:37:12 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=92
Content-Length
3834
Expires
max-age=A10368000, public
forgetpass.png
elektrostehroller.net/.-o/images/ 		713 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/forgetpass.png
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
e29db32031dc537aee9cb557b408395f3324f1e0f744349c0cdf943a3af39296

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
713
Expires
max-age=A10368000, public
ellipsis_white.svg
elektrostehroller.net/.-o/images/ 		915 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/ellipsis_white.svg
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
263
Expires
max-age=A10368000, public
ellipsis_grey.svg
elektrostehroller.net/.-o/images/ 		915 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/ellipsis_grey.svg
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
263
Expires
max-age=A10368000, public
small-background.jpg
elektrostehroller.net/.-o/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/small-background.jpg
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=91
Content-Length
3006
Expires
max-age=A10368000, public
big-background.jpg
elektrostehroller.net/.-o/images/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/big-background.jpg
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
a33593e9043efefbaf94d9ca220c885ce1c42dd2a7707f30ed072d7d71587da5

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Last-Modified
Sat, 23 May 2020 05:53:24 GMT
Server
Apache
Content-Type
image/jpeg
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
31419
Expires
max-age=A10368000, public
passwrd.png
elektrostehroller.net/.-o/images/ 		902 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/passwrd.png
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/1cl0ifkun2jtrwe6sx98avyh.php?1aire8qlz7xkbhs4jwgo2yt03p9vfdm5cun6etfax3udpyzs6km9qn2j7hbi081og4rwlcv5iv3cq1k74sa5d9hzo8jtpb62n0wgryfuxmel&data=bXNtaXRoQHB2YW11LmVkdQ==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
105c03d3360cdb953585482374b2cc953d090741037502b0609629f5bb0135b7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
902
Expires
max-age=A10368000, public
sigin.png
elektrostehroller.net/.-o/images/ 		736 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elektrostehroller.net/.-o/images/sigin.png
Requested by
Host: elektrostehroller.net
URL: https://elektrostehroller.net/.-o/css/conv.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.201.18.59 Landshut, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
linuxhosting.cloudinhost.com
Software
Apache /
Resource Hash
f32a760f15530284447282af5c7d0825babf8bc4739e073928f6128830819f7a

Request headers

Referer
https://elektrostehroller.net/.-o/css/conv.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 20 Jan 2021 21:00:08 GMT
Last-Modified
Thu, 27 Jun 2019 09:24:46 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
736
Expires
max-age=A10368000, public

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| makeInputHere function| validateForm function| submitForm

0 Cookies