wp.h2870838.stratoserver.net Open in urlscan Pro
81.169.247.54 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Submission: On December 16 via manual (December 16th 2021, 10:14:51 am UTC) from IT — Scanned from IT

Summary HTTP 157 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 43 IPs in 6 countries across 46 domains to perform 157 HTTP transactions. The main IP is 81.169.247.54, located in Germany and belongs to STRATO STRATO AG, DE. The main domain is wp.h2870838.stratoserver.net.
TLS certificate: Issued by R3 on December 5th 2021. Valid for: 3 months.

This is the only time wp.h2870838.stratoserver.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
38	81.169.247.54 81.169.247.54	6724 (STRATO ST...) (STRATO STRATO AG)
25	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
10	2a03:90c0:999... 2a03:90c0:9996::9996	199524 (GCORE) (GCORE)
4	151.139.241.23 151.139.241.23	33438 (HIGHWINDS2) (HIGHWINDS2)
2	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:9000:215... 2600:9000:2156:4600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	145.239.193.145 145.239.193.145	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:0:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.71 143.204.98.71	16509 (AMAZON-02) (AMAZON-02)
10	31.172.81.226 31.172.81.226	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	54.38.64.100 54.38.64.100	16276 (OVH) (OVH)
1 1	185.86.137.113 185.86.137.113	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a02:26f0:710... 2a02:26f0:7100::1720:ee58	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	145.239.193.51 145.239.193.51	16276 (OVH) (OVH)
1	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
1	2600:1f1c:a99... 2600:1f1c:a99:832c:2615:337c:6c9e:c761	16509 (AMAZON-02) (AMAZON-02)
1	52.210.129.48 52.210.129.48	16509 (AMAZON-02) (AMAZON-02)
1	143.204.101.219 143.204.101.219	16509 (AMAZON-02) (AMAZON-02)
2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	54.36.109.166 54.36.109.166	16276 (OVH) (OVH)
2	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2 2	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 4	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	54.73.127.110 54.73.127.110	16509 (AMAZON-02) (AMAZON-02)
1 1	18.135.35.213 18.135.35.213	16509 (AMAZON-02) (AMAZON-02)
1 1	184.30.20.207 184.30.20.207	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	35.172.63.119 35.172.63.119	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.155.137 34.120.155.137	15169 (GOOGLE) (GOOGLE)
5	79.125.60.160 79.125.60.160	16509 (AMAZON-02) (AMAZON-02)
2 6	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:215... 2600:9000:2156:3200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8 8	116.202.46.140 116.202.46.140	24940 (HETZNER-AS) (HETZNER-AS)
1	54.246.103.100 54.246.103.100	16509 (AMAZON-02) (AMAZON-02)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
1	35.156.33.176 35.156.33.176	16509 (AMAZON-02) (AMAZON-02)
1	88.208.41.101 88.208.41.101	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
157	43

38 81.169.247.54 (Germany)

ASN6724 (STRATO STRATO AG, DE)
PTR: thekasaantimes.de

wp.h2870838.stratoserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.thekasaantimes.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:90c0:9996::9996 (United States)

ASN199524 (GCORE, LU)

st-n.ads1-adnow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.nacontent.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.241.23 (United States)

ASN33438 (HIGHWINDS2, US)

ads.themoneytizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2156:4600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.145 (France)

ASN16276 (OVH, FR)

g.themoneytizer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:0:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-71.fra50.r.cloudfront.net

audit-tcfv2.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 31.172.81.226 (Muehlheim am Main, Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

n.ads1-adnow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.38.64.100 (France)

ASN16276 (OVH, FR)

c.tmyzer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.113 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ww1097.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::1720:ee58 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ced-ns.sascdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.51 (France)

ASN16276 (OVH, FR)

tag.leadplace.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.251 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f1c:a99:832c:2615:337c:6c9e:c761 (San Jose, United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.129.48 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-129-48.eu-west-1.compute.amazonaws.com

p.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.219 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-219.fra50.r.cloudfront.net

d2zur9cc2gf1tx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.36.109.166 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: p10.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.37 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.33.220.150 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.73.127.110 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-127-110.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.135.35.213 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-135-35-213.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.20.207 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-207.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.172.63.119 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-63-119.compute-1.amazonaws.com

obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.155.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.155.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 79.125.60.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-60-160.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany) 2 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:3200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 116.202.46.140 (Grunwald, Germany) 8 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.140.46.202.116.clients.your-server.de

ena-native-ads9.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.103.100 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-103-100.eu-west-1.compute.amazonaws.com

adtrack.adleadevent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.36 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.110 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.33.176 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-33-176.eu-central-1.compute.amazonaws.com

pool.grid-data.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.208.41.101 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

scnd-tr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	stratoserver.net wp.h2870838.stratoserver.net	634 KB
30	wp.com c0.wp.com stats.wp.com pixel.wp.com i1.wp.com	178 KB
12	ads1-adnow.com st-n.ads1-adnow.com n.ads1-adnow.com	89 KB
9	zeotap.com spl.zeotap.com mwzeom.zeotap.com	22 KB
8	nacontent.pro cdn.nacontent.pro	281 KB
8	ena-native-ads9.com 8 redirects ena-native-ads9.com	1 KB
8	consensu.org quantcast.mgr.consensu.org test.quantcast.mgr.consensu.org audit-tcfv2.quantcast.mgr.consensu.org	186 KB
6	facebook.com 2 redirects www.facebook.com	426 B
6	cpx.to p.cpx.to s.cpx.to	8 KB
4	adsrvr.org 3 redirects match.adsrvr.org	2 KB
4	doubleclick.net 3 redirects googleads.g.doubleclick.net cm.g.doubleclick.net	6 KB
4	themoneytizer.com ads.themoneytizer.com	211 KB
3	adnxs.com 3 redirects ib.adnxs.com secure.adnxs.com	3 KB
3	smartadserver.com 2 redirects ww1097.smartadserver.com sync.smartadserver.com	1 KB
3	googleapis.com fonts.googleapis.com ajax.googleapis.com	31 KB
2	pubmatic.com 2 redirects image2.pubmatic.com	631 B
2	demdex.net 2 redirects dpm.demdex.net	2 KB
2	id5-sync.com 1 redirects id5-sync.com	2 KB
2	facebook.net connect.facebook.net	84 KB
2	google-analytics.com www.google-analytics.com	373 B
2	onesignal.com cdn.onesignal.com	72 KB
2	googlesyndication.com pagead2.googlesyndication.com	151 KB
1	scnd-tr.com scnd-tr.com	88 B
1	bidswitch.net pool.grid-data.bidswitch.net	220 B
1	rubiconproject.com token.rubiconproject.com	214 B
1	adleadevent.com adtrack.adleadevent.com	539 B
1	quantcount.com rules.quantcount.com	1 KB
1	casalemedia.com as-sec.casalemedia.com	439 B
1	rlcdn.com api.rlcdn.com	288 B
1	imrworldwide.com 1 redirects obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com	202 B
1	mathtag.com 1 redirects pixel.mathtag.com	754 B
1	agkn.com 1 redirects aa.agkn.com	381 B
1	cloudflare.com cdnjs.cloudflare.com	2 KB
1	indexww.com js-sec.indexww.com	13 KB
1	cloudfront.net d2zur9cc2gf1tx.cloudfront.net	26 KB
1	quantserve.com secure.quantserve.com	10 KB
1	onetag-sys.com onetag-sys.com	814 B
1	leadplace.fr tag.leadplace.fr	6 KB
1	criteo.com gum.criteo.com	369 B
1	sascdn.com ced-ns.sascdn.com	24 KB
1	tmyzer.com c.tmyzer.com	271 B
1	themoneytizer.net g.themoneytizer.net	270 B
1	gravatar.com secure.gravatar.com	2 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	thekasaantimes.de www.thekasaantimes.de	56 KB
1	googletagmanager.com www.googletagmanager.com	61 KB
157	46

	Domain	Requested by
37	wp.h2870838.stratoserver.net	wp.h2870838.stratoserver.net c0.wp.com
25	c0.wp.com	wp.h2870838.stratoserver.net
10	n.ads1-adnow.com	st-n.ads1-adnow.com wp.h2870838.stratoserver.net
8	cdn.nacontent.pro	wp.h2870838.stratoserver.net
8	ena-native-ads9.com	8 redirects
7	mwzeom.zeotap.com	wp.h2870838.stratoserver.net
6	www.facebook.com	2 redirects wp.h2870838.stratoserver.net connect.facebook.net
6	quantcast.mgr.consensu.org	wp.h2870838.stratoserver.net quantcast.mgr.consensu.org
5	s.cpx.to	p.cpx.to wp.h2870838.stratoserver.net
4	match.adsrvr.org	3 redirects js-sec.indexww.com
4	ads.themoneytizer.com	wp.h2870838.stratoserver.net ads.themoneytizer.com
3	cm.g.doubleclick.net	3 redirects
2	sync.smartadserver.com	1 redirects wp.h2870838.stratoserver.net
2	image2.pubmatic.com	2 redirects
2	dpm.demdex.net	2 redirects
2	ib.adnxs.com	2 redirects
2	i1.wp.com	wp.h2870838.stratoserver.net
2	id5-sync.com	1 redirects wp.h2870838.stratoserver.net
2	connect.facebook.net	wp.h2870838.stratoserver.net connect.facebook.net
2	spl.zeotap.com	ads.themoneytizer.com spl.zeotap.com
2	www.google-analytics.com	www.googletagmanager.com
2	cdn.onesignal.com	wp.h2870838.stratoserver.net cdn.onesignal.com
2	st-n.ads1-adnow.com	wp.h2870838.stratoserver.net n.ads1-adnow.com
2	pagead2.googlesyndication.com	wp.h2870838.stratoserver.net pagead2.googlesyndication.com
2	stats.wp.com	wp.h2870838.stratoserver.net
2	fonts.googleapis.com	wp.h2870838.stratoserver.net
1	scnd-tr.com	wp.h2870838.stratoserver.net
1	pool.grid-data.bidswitch.net	wp.h2870838.stratoserver.net
1	secure.adnxs.com	1 redirects
1	token.rubiconproject.com	wp.h2870838.stratoserver.net
1	adtrack.adleadevent.com	ajax.googleapis.com
1	rules.quantcount.com	secure.quantserve.com
1	as-sec.casalemedia.com	js-sec.indexww.com
1	ajax.googleapis.com	d2zur9cc2gf1tx.cloudfront.net
1	api.rlcdn.com	js-sec.indexww.com
1	obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com	1 redirects
1	pixel.mathtag.com	1 redirects
1	aa.agkn.com	1 redirects
1	pixel.wp.com	wp.h2870838.stratoserver.net
1	cdnjs.cloudflare.com	c0.wp.com
1	js-sec.indexww.com	ads.themoneytizer.com
1	d2zur9cc2gf1tx.cloudfront.net	ads.themoneytizer.com
1	p.cpx.to	ads.themoneytizer.com
1	secure.quantserve.com	ads.themoneytizer.com
1	onetag-sys.com	ads.themoneytizer.com
1	tag.leadplace.fr	ads.themoneytizer.com
1	gum.criteo.com	ads.themoneytizer.com
1	ced-ns.sascdn.com	wp.h2870838.stratoserver.net
1	ww1097.smartadserver.com	1 redirects
1	c.tmyzer.com	ads.themoneytizer.com
1	audit-tcfv2.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	test.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	g.themoneytizer.net	ads.themoneytizer.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	secure.gravatar.com	wp.h2870838.stratoserver.net
1	fonts.gstatic.com	fonts.googleapis.com
1	www.thekasaantimes.de	wp.h2870838.stratoserver.net
1	www.googletagmanager.com	wp.h2870838.stratoserver.net
157	58

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com
www.tumblr.com
reddit.com
telegram.me
afflat3e1.com
www.thekasaantimes.de
de.wordpress.org
s848280832.online.de
zrenieblog.ru
www.croatialuxuryrent.com
de.support.wordpress.com
support.google.com
www.vgwort.de
support.twitter.com
policies.google.com
de.gravatar.com
developers.facebook.com
de-de.facebook.com
about.twitter.com
tools.google.com

Subject Issuer	Validity	Valid
wp.h2870838.stratoserver.net R3	`2021-12-05` - `2022-03-05`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
n.ads1-adnow.com R3	`2021-10-11` - `2022-01-09`	3 months	crt.sh
*.themoneytizer.com GoGetSSL RSA DV CA	`2021-02-14` - `2022-03-17`	a year	crt.sh
thekasaantimes.de R3	`2021-11-04` - `2022-02-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2021-04-24` - `2022-05-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
g.themoneytizer.net GoGetSSL RSA DV CA	`2019-10-16` - `2022-01-17`	2 years	crt.sh
c.tmyzer.com R3	`2021-12-01` - `2022-03-01`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.leadplace.fr Gandi Standard SSL CA 2	`2021-09-12` - `2022-09-12`	a year	crt.sh
onetag-sys.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
p.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-25` - `2021-12-24`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
s.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-03` - `2022-02-09`	a year	crt.sh
adtrack.adleadevent.com Amazon	`2021-05-17` - `2022-06-15`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
pool.grid-data.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-03-06` - `2022-03-06`	2 years	crt.sh
scnd-tr.com R3	`2021-10-25` - `2022-01-23`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Frame ID: 13E9FA233D817BF44C1236682C55D054
Requests: 152 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 9D483D4F9B31D013C9E9FC36F006B532
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1639649682400
Frame ID: 4839209B70E1547FCC7D0770F82792F5
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID
Frame ID: FB79FE87145F0C3D53A072108EEC4E29
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID
Frame ID: FAEAFC21E469BC05CA6DC113CCF5B295
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Phishing mit der Hypovereinsbank - The Kasaan Times

Page Statistics

157
Requests

84 %
HTTPS

37 %
IPv6

46
Domains

58
Subdomains

43
IPs

6
Countries

2174 kB
Transfer

7236 kB
Size

34
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/The-Kasaan-Times-Deutsche-Ausgabe-103990888721256
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/KasaanTimesde
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Phishing%20mit%20der%20Hypovereinsbank%20-%20https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button?url=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&media=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fwp-content%2Fuploads%2F2021%2F10%2FScreenshot-931.png&description=Phishing%20mit%20der%20Hypovereinsbank

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&title=Phishing%20mit%20der%20Hypovereinsbank

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&name=Phishing%20mit%20der%20Hypovereinsbank

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&title=Phishing%20mit%20der%20Hypovereinsbank

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&text=Phishing%20mit%20der%20Hypovereinsbank

Search URL Search Domain Scan URL

URL: https://afflat3e1.com/lnk.asp?o=22097&c=157220&a=288654&k=E0FF3DC190E7181DAA09E06CF853BD7C&l=22930
Title: Become a Millionaire with Bitcoin Prime!

Search URL Search Domain Scan URL

URL: https://www.thekasaantimes.de/

Search URL Search Domain Scan URL

URL: https://de.wordpress.org/
Title: WordPress.org

Search URL Search Domain Scan URL

URL: https://s848280832.online.de/
Title: Beschissene Hühnerleiter

Search URL Search Domain Scan URL

URL: http://zrenieblog.ru/
Title: ShawnFut

Search URL Search Domain Scan URL

URL: https://www.croatialuxuryrent.com/de/villa/villa-tramonto-istrien-kroatien
Title: Harry Hydrick

Search URL Search Domain Scan URL

URL: https://twitter.com/kasaanmedia
Title: Twitter

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?in_reply_to=
Title: Reply

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/retweet?tweet_id=
Title: Retweet

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/favorite?tweet_id=
Title: Favorite

Search URL Search Domain Scan URL

URL: https://de.support.wordpress.com/cookies/
Title: Zur offiziellen Webseite

Search URL Search Domain Scan URL

URL: https://support.google.com/analytics/answer/6004245
Title: Zur offiziellen Webseite

Search URL Search Domain Scan URL

URL: https://www.vgwort.de/hilfsseiten/datenschutz.html
Title: Zur offiziellen Webseite

Search URL Search Domain Scan URL

URL: https://www.facebook.com/policies/cookies/
Title: Zur offiziellen Webseite

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/cookie_policy
Title: Zur offiziellen Webseite

Search URL Search Domain Scan URL

URL: https://support.twitter.com/articles/20170514
Title: Zur offiziellen Webseite

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Zur offiziellen Webseite

Search URL Search Domain Scan URL

URL: https://de.gravatar.com/
Title: https://de.gravatar.com

Search URL Search Domain Scan URL

URL: https://developers.facebook.com/docs/plugins/?locale=de_DE
Title: https://developers.facebook.com/docs/plugins/?locale=de_DE

Search URL Search Domain Scan URL

URL: https://de-de.facebook.com/about/privacy/
Title: https://de-de.facebook.com/about/privacy/

Search URL Search Domain Scan URL

URL: https://about.twitter.com/de/resources/buttons
Title: https://about.twitter.com/de/resources/buttons

Search URL Search Domain Scan URL

URL: https://twitter.com/privacy?lang=de
Title: https://twitter.com/privacy?lang=de

Search URL Search Domain Scan URL

URL: https://tools.google.com/dlpage/gaoptout?hl=de
Title: https://tools.google.com/dlpage/gaoptout?hl=de

Search URL Search Domain Scan URL

URL: https://support.google.com/analytics/answer/6004245?hl=de
Title: https://support.google.com/analytics/answer/6004245?hl=de

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://ww1097.smartadserver.com/config.js?nwid=1097 HTTP 302
https://ced-ns.sascdn.com/diff/js/smart.js

Request Chain 98

https://id5-sync.com/i/12/9.gif?gdpr=true&gdpr_consent= HTTP 302
https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=

Request Chain 107

https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fadnxs_uid%3D%24UID%26zpartnerid%3D2%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-de47d59d1476%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?adnxs_uid=2392174285152533418&zpartnerid=2&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESELW8Vg7UQgMF_t3pcp0mBQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

Request Chain 109

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-de47d59d1476%26zdid%3D1258 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-de47d59d1476%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?cid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&zpartnerid=6&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

Request Chain 110

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=3f070747-f8d7-48aa-691f-a624f21ec058&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-de47d59d1476%26zdid%3D1258 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=3f070747-f8d7-48aa-691f-a624f21ec058&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-de47d59d1476%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?cid=71271477891164585641097725698928450839&zpartnerid=314&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

Request Chain 111

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=ITA&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1258&cid=jpNwFxk3k3%2BsDZiC0bRdZcwbScxd0Qq2%2BS41iYitP1U%3D

Request Chain 112

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-de47d59d1476%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?cid=817c61bb-1192-4c00-9244-62d3d505d890&env=mWeb&zpartnerid=979&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

Request Chain 113

https://obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-de47d59d1476%26zdid%3D1258 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

Request Chain 127

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg0MzY4JmNyZW9fcGFpcj0wLSUzRTUyMzEmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGNTg2MmMyZmM4NTkxZTNiOTIwNzVhN2RiYzhiOGZiMTMuanBnJmlwPSZvZmZlcl9pZD01MjMxJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/5862c2fc8591e3b92075a7dbc8b8fb13.jpg

Request Chain 129

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg0MzY3JmNyZW9fcGFpcj0wLSUzRTUyMzEmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGNjJjZjEzYzNkNzMxMDU5NWE0MmMwYmNlMTJmNzY1ZGUuanBnJmlwPSZvZmZlcl9pZD01MjMxJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/62cf13c3d7310595a42c0bce12f765de.jpg

Request Chain 131

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MDk5JmNyZW9fcGFpcj0wLSUzRTU3NTMmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGYzZlMTU4ZWM4ZWI3MDk3NjJkOTJkMDJmNWNlNmJlZWEuanBnJmlwPSZvZmZlcl9pZD01NzUzJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/c6e158ec8eb709762d92d02f5ce6beea.jpg

Request Chain 133

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MDk3JmNyZW9fcGFpcj0wLSUzRTU3NTMmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGYjdiMjA3MWE4NTgxN2IxZjQ2ZGE5YjEzNjliNzM2NWYuZ2lmJmlwPSZvZmZlcl9pZD01NzUzJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/b7b2071a85817b1f46da9b1369b7365f.gif

Request Chain 135

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MDk4JmNyZW9fcGFpcj0wLSUzRTU3NTMmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGZjVhNDMxMTE4MmQwN2JlNjQ4NWU3NThjMDExM2RjYzIuanBnJmlwPSZvZmZlcl9pZD01NzUzJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/f5a4311182d07be6485e758c0113dcc2.jpg

Request Chain 137

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2Mzk1JmNyZW9fcGFpcj0wLSUzRTU3NjMmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGNjllNWI3YTE5NDQxMWIzYTgyOThkMzIxNGY3MjQyMzEuanBnJmlwPSZvZmZlcl9pZD01NzYzJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/69e5b7a194411b3a8298d3214f724231.jpg

Request Chain 139

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MTAxJmNyZW9fcGFpcj0wLSUzRTU3NTMmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGZGZkMWU1NGU2ZWQ2NjMxM2NjYjUwNzU4MThhOWMyMTQuZ2lmJmlwPSZvZmZlcl9pZD01NzUzJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/dfd1e54e6ed66313ccb5075818a9c214.gif

Request Chain 141

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg1Nzk2JmNyZW9fcGFpcj0wLSUzRTUyMzEmZW5kcG9pbnQ9c3R1YiZnZW89SVRBJmltZy11cmw9aHR0cHMlM0ElMkYlMkZjZG4ubmFjb250ZW50LnBybyUyRnBpY3R1cmVzJTJGZDNhZmMyZjU5YWZjODc3NWY1ZTlhMzE5MTU2Y2U2NmQuanBnJmlwPSZvZmZlcl9pZD01MjMxJnNob3dfYnJ1dGFsX3JhdGU9MS4wMDAwMDAmc2hvd19zZXhfcmF0ZT0yLjAwMDAwMCZzaXRlX2lkPTQ5OTY5MSZzdWJhY2MzPXRydWUmc3ViY2FtcF9pZD0wJnVzZXJfaWQ9MA== HTTP 303
https://cdn.nacontent.pro/pictures/d3afc2f59afc8775f5e9a319156ce66d.jpg

Request Chain 145

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665 HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665 HTTP 302
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=6EFE0E97-ADE8-4E66-AE93-3E54108F2137&fid=11814066-e013-4ca7-b59e-6d0bb62db665

Request Chain 146

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12761%26ref%3D%26hn_ver%3D20%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665 HTTP 302
https://s.cpx.to/an_fire?app_nexus_uid=2392174285152533418&pid=12761&ref=&hn_ver=20&fid=11814066-e013-4ca7-b59e-6d0bb62db665

Request Chain 147

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
https://s.cpx.to/sync?dsp_uid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&dsp=TTD

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=11814066-e013-4ca7-b59e-6d0bb62db665 HTTP 302
https://s.cpx.to/ca.png?dsp=dbm&fid=11814066-e013-4ca7-b59e-6d0bb62db665&google_gid=CAESELs3SpwP0fJ183LgGAvmTSA&google_cver=1

Request Chain 149

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665&gdpr=0 HTTP 302
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=11814066-e013-4ca7-b59e-6d0bb62db665&gdpr=0&cklb=1

Request Chain 153

https://www.facebook.com/v3.0/plugins/page.php?adapt_container_width=true&app_id=1582375255406633&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe0a227e3eaa38%26domain%3Dwp.h2870838.stratoserver.net%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwp.h2870838.stratoserver.net%252Ff16d046a3e19d4%26relation%3Dparent.parent&container_width=300&height=350&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2FTimesNewsBurlington%2F&locale=de_DE&sdk=joey&show_facepile=false&show_posts=true&small_header=false HTTP 302
https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID

Request Chain 154

https://www.facebook.com/v3.0/plugins/page.php?adapt_container_width=true&app_id=1582375255406633&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c324debf54a%26domain%3Dwp.h2870838.stratoserver.net%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwp.h2870838.stratoserver.net%252Ff16d046a3e19d4%26relation%3Dparent.parent&container_width=0&height=350&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2FTimesNewsBurlington%2F&locale=de_DE&sdk=joey&show_facepile=false&show_posts=true&small_header=false HTTP 302
https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID

157 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request phishing-mit-der-hypovereinsbank Show response
wp.h2870838.stratoserver.net/ 281 KB
60 KB 953ms
868ms Document
text/html 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PHP/7.4.26 PleskLin
Resource Hash: 5223c281c16002a1911864dc98dce01b9ed2b5614c605497033af3dd3c39d324

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: it-IT,it;q=0.9

Response headers

Date: Thu, 16 Dec 2021 10:14:39 GMT
Server: Apache
X-Powered-By: PHP/7.4.26 PleskLin
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 style.min.css
c0.wp.com/c/5.8.1/wp-includes/css/dist/block-library/ 79 KB
10 KB 60ms
16ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Wed, 01 Sep 2021 04:05:58 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/ 11 KB
2 KB 63ms
20ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/ 4 KB
1 KB 63ms
20ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 wc-blocks-vendors-style.css
c0.wp.com/p/woocommerce/5.7.1/packages/woocommerce-blocks/build/ 5 KB
1 KB 63ms
20ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7fcaa4d432eb8627f0ab7efdc3ce11a4e593f29443fc6bb1888f4955c55f868b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 24 Aug 2021 20:39:36 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 wc-blocks-style.css
c0.wp.com/p/woocommerce/5.7.1/packages/woocommerce-blocks/build/ 189 KB
18 KB 63ms
20ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/packages/woocommerce-blocks/build/wc-blocks-style.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9c34d15226af3a3a8f407efb5bf5bf9a26d5e82b3568c8e48a9e2c354e12d490

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 31 Aug 2021 22:24:03 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H/1.1 200
OK styles.css
wp.h2870838.stratoserver.net/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 39ms
38ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.2
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 16 Jul 2021 11:58:22 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "a50-5c73c4de175ce-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 932

GET
H2 200 dashicons.min.css
c0.wp.com/c/5.8.1/wp-includes/css/ 58 KB
34 KB 62ms
21ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/css/dashicons.min.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H/1.1 200
OK plugin.css
wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/css/ 38 KB
4 KB 87ms
47ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/css/plugin.css?ver=5.8.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 3324ff838b98d917d63e029428af0c4f54ef81f3ea1d75b64faab237c994e55e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Jul 2021 12:04:52 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "97c9-5c6af9441c4c9-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4123

GET
H/1.1 200
OK frontend.css
wp.h2870838.stratoserver.net/wp-content/plugins/featured-video-plus/styles/ 2 KB
949 B 109ms
36ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/featured-video-plus/styles/frontend.css?ver=2.3.3
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: b789a3316d55feb569762a2b198d22e8767e1310756e2c0a0ee4067efcad1e2b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:35 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "9a8-5c47e399c12ef-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 605

GET
H/1.1 200
OK single-shortcode.css
wp.h2870838.stratoserver.net/wp-content/plugins/penci-framework/assets/css/ 27 KB
4 KB 111ms
37ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/penci-framework/assets/css/single-shortcode.css?ver=5.8.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 71d67862610b80dc5c9a9ceb03f4bf2e2e6305b17e490a32fec5139c40b00ba1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:30 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "6d1f-5c47e395a3749-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3609

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1023 B 110ms
35ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald%3A400&ver=5.8.1

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

731ee3bbaa9f2fd92879f9087c9fbbf7438d3a52595c6c8a8020bb2a69b7afd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 10:13:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Dec 2021 10:14:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Dec 2021 10:14:40 GMT

GET
H2 200 thickbox.css
c0.wp.com/c/5.8.1/wp-includes/js/thickbox/ 3 KB
880 B 93ms
52ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/thickbox/thickbox.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b390a3efe231d9f38b3a706a5765a2a2f0817e761f60a27556171e9a276980e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 02:25:09 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 woocommerce-layout.css
c0.wp.com/p/woocommerce/5.7.1/assets/css/ 18 KB
2 KB 62ms
21ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/css/woocommerce-layout.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

48052f6267b2e21fb086ad26457c715b3b8b5e8c6fcbcdea42589da06b05e9be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 16 Feb 2021 23:11:32 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 woocommerce.css
c0.wp.com/p/woocommerce/5.7.1/assets/css/ 61 KB
8 KB 62ms
21ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/css/woocommerce.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

37811d4d55ec74751bcaa643b3a9798f1d577ac2910b63c6ca202c2e36544e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 16 Feb 2021 23:11:32 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H/1.1 200
OK font-awesome.min.css
wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/ 33 KB
8 KB 117ms
39ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: ca6507f8b18edebcff32e0e69a3012b3e20ca7bb5f0ed4d5ff73b147654c7c86

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "84c3-5c47e3a6f03d1-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7746

GET
H2 403 css
fonts.googleapis.com/ 0
0 118ms
45ms Stylesheet
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CMukta+Vaani%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CTeko%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CUltra%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CVollkorn%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CGeorgia%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dcyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1 200
OK woocommerce.css
wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/ 49 KB
6 KB 120ms
42ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/woocommerce.css?ver=6.6.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 92145282065994b4adc9121fc2d863c0a6c1be7e113d161bd5c4c181cf52fb69

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "c20b-5c47e3a6ef431-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6134

GET
H/1.1 200
OK portfolio.css
wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/ 22 KB
4 KB 119ms
40ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/portfolio.css?ver=6.6.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 487ef2c201c33553c12eb0d7b9360be8e16ee7770aa7b9b42368e4a442df53fc

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "5643-5c47e3a6ef819-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3552

GET
H/1.1 200
OK recipe.css
wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/ 11 KB
2 KB 128ms
41ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/recipe.css?ver=6.6.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 6c3af8eea64aed1d71c3b7482e664683f6a2987265dd89a6f3d509f68b7a27c6

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "2da8-5c47e3a6ef819-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1999

GET
H/1.1 200
OK review.css
wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/ 15 KB
3 KB 146ms
37ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/review.css?ver=6.6.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: b79ff00b8e60e093b5cf12a4b8fb737917e0e72650a95d1f8ab08cd8c7c28ec8

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "3b28-5c47e3a6ef819-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3012

GET
H/1.1 200
OK style.css
wp.h2870838.stratoserver.net/wp-content/themes/pennews/ 1 MB
106 KB 171ms
60ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/style.css?ver=6.6.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 4c46148db5632e8c5e975bfcb73f4236a509b0b5341a6a72e1fc66a487ba3b7e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:49 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "10e8ef-5c47e3a72a19d-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/10.1/css/ 85 KB
16 KB 91ms
52ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/css/jetpack.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4c71cab3e2b7defd9022059c922d2c91359df1ba71dd47e8543b108c70537f25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 07 Sep 2021 15:38:53 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/jquery/ 87 KB
30 KB 92ms
53ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/jquery/jquery.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/jquery/ 11 KB
4 KB 91ms
52ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/related-posts/ 6 KB
2 KB 92ms
53ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/related-posts/related-posts.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9c6975c674a7c3077bd95750428313e78b92d370b90ca5a303b627c71d2afcf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 25 May 2021 17:58:16 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
wp.h2870838.stratoserver.net/wp-includes/js/ 18 KB
5 KB 40ms
40ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Jul 2021 19:34:32 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "4705-5c79324a3b9d4-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 4930

GET
H2 200 woocommerce-smallscreen.css
c0.wp.com/p/woocommerce/5.7.1/assets/css/ 7 KB
1 KB 20ms
18ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/css/woocommerce-smallscreen.css

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Tue, 16 Feb 2021 23:11:32 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H/1.1 200
OK tarteaucitron.min.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/ 91 KB
15 KB 145ms
42ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/tarteaucitron.min.js?ver=5.8.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 05ba083c6437008a0881a7beb53a742cdb258dc40c5f3220fe02711dd390871a

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Jul 2021 12:04:52 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "16d79-5c6af94420731-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15017

GET
H/1.1 200
OK jquery.fitvids.min.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/featured-video-plus/js/ 2 KB
1 KB 143ms
40ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/featured-video-plus/js/jquery.fitvids.min.js?ver=master-2015-08
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 67dfbc60509aaec63d862fc4fe05274920133490fcad222558bae79a7a24b4e5

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:35 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "6b4-5c47e399c2677-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 781

GET
H/1.1 200
OK frontend.min.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/featured-video-plus/js/ 3 KB
1 KB 143ms
40ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/featured-video-plus/js/frontend.min.js?ver=2.3.3
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 797ebd98c91ab2f19847262164e8692b6979a330dd400fd4813ccd583f95999e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:35 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "a7c-5c47e399c2e47-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1100

GET
H2 200 jquery.blockUI.min.js Show response
c0.wp.com/p/woocommerce/5.7.1/assets/js/jquery-blockui/ 9 KB
3 KB 73ms
53ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/js/jquery-blockui/jquery.blockUI.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b49498d1142de7f2e16afc2cd4250d2ba30c5df4de5d291f51d7cf69727efdbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 18 May 2021 17:00:20 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H2 200 add-to-cart.min.js Show response
c0.wp.com/p/woocommerce/5.7.1/assets/js/frontend/ 3 KB
1 KB 73ms
52ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/js/frontend/add-to-cart.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:40 GMT
content-encoding: br
last-modified: Tue, 22 Sep 2020 21:16:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:40 GMT

GET
H/1.1 200
OK woocommerce-add-to-cart.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/js_composer/assets/js/vendors/ 992 B
731 B 148ms
39ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.6.0
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 654aaebdea944313257827be97eb196a8218a2cdfc9ba399db23e2cd4c02bd79

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:31 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "3e0-5c47e395f5f9e-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 374

GET
H2 200 s-202142.js Show response
stats.wp.com/ 16 KB
6 KB 59ms
15ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/s-202142.js
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 21b1c346a04696c68f33050088b8bbda850a1d9c015bd70df23d7bb34f6d0e1c

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
server: nginx
etag: W/"5e98e496-3ec1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Thu, 10 Nov 2022 15:20:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 163 KB
61 KB 117ms
51ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RPQ09C611G

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

806b1de1026a9d0d3dc7ea9c9b67ffef8c3139557861957e18088554472492e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61862
x-xss-protection: 0
expires: Thu, 16 Dec 2021 10:14:41 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 125ms
47ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3031468489437388

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c06c4a0567891cfc53d46e89ee1ce9b55c42fa8c99f12e5da3ce4c504e047a86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wp.h2870838.stratoserver.net/
Origin: https://wp.h2870838.stratoserver.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51855
x-xss-protection: 0
server: cafe
etag: 16336188644021390799
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Dec 2021 10:14:41 GMT

GET
H2 200 a.js Show response
st-n.ads1-adnow.com/js/ 83 KB
32 KB 513ms
282ms Script
application/javascript 2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://st-n.ads1-adnow.com/js/a.js
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: a6162fc6d57eea1323cf7a8dc8400049d9b41b75fc2faf94016705a5fc984cc3

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc7
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
last-modified: Thu, 22 Jul 2021 06:18:31 GMT
server: nginx
etag: W/"60f90db7-14da8"
x-cached-since: 2021-12-16T10:13:25+00:00
content-type: application/javascript
cache-control: max-age=60
cache: REVALIDATED
expires: Thu, 16 Dec 2021 10:15:41 GMT

GET
H2 200 gen.js Show response
ads.themoneytizer.com/s/ 4 KB
2 KB 421ms
347ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/gen.js?type=6
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: c846a0262d82ade117a598538a1e27fa05b9fff6bd028516417f32f6d1613230

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
x-cache: HIT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
accept-ranges: bytes
content-length: 2128
expires: Thu, 23 Dec 2021 10:14:30 GMT

GET
H2 200 requestform.js Show response
ads.themoneytizer.com/s/ 151 KB
17 KB 985ms
911ms Script
text/html 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 2ba282364322b97fe4fc375dae004c9aa7277cd3b75d563efeda41df3892d8d3

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
x-cache: HIT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
accept-ranges: bytes
expires: Thu, 23 Dec 2021 10:14:41 GMT

GET
H/1.1 200
OK cropped-cropped-cropped-Kasaan-1-640x164-2.png
www.thekasaantimes.de/wp-content/uploads/2021/09/ 56 KB
56 KB 183ms
40ms Image
image/png 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thekasaantimes.de/wp-content/uploads/2021/09/cropped-cropped-cropped-Kasaan-1-640x164-2.png
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: f18ff75936d3c8bf008c90160d14e3a2f57bdae9662f4723a6b7d2b175442ab0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Last-Modified: Tue, 28 Sep 2021 15:56:08 GMT
Server: Apache
X-Powered-By: PleskLin
Content-Type: image/png
Connection: keep-alive, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 57271
Expires: max-age=A10368000, public

GET
H/1.1 200
OK submit.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/creative-mail-by-constant-contact/assets/js/block/ 4 KB
2 KB 38ms
37ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/creative-mail-by-constant-contact/assets/js/block/submit.js?ver=1632472772
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 92c811b4ac9b3f23ec0c8eadae3be374682a860d290aac9cde2a8a8911b7412c

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Sep 2021 08:39:32 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "1058-5ccb9afb20475-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1681

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/photon/ 758 B
471 B 19ms
15ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/photon/photon.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H2 200 regenerator-runtime.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/dist/vendor/ 6 KB
2 KB 19ms
15ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/dist/vendor/regenerator-runtime.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Wed, 23 Jun 2021 00:06:13 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/dist/vendor/ 16 KB
6 KB 20ms
16ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Mon, 14 Jun 2021 23:18:11 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H/1.1 200
OK index.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 42ms
39ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 16 Jul 2021 11:58:22 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "32bb-5c73c4de18186-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 4071

GET
H/1.1 200
OK jquery.rateyo.min.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-recipe/js/ 9 KB
5 KB 41ms
39ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-recipe/js/jquery.rateyo.min.js?ver=2.3
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 771176db448d0e5343ef0d95614c157949ab376afec10f1f96669dbe1e3bb983

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:31 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "23c4-5c47e3964458b-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4294

GET
H/1.1 200
OK rating_recipe.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-recipe/js/ 1 KB
897 B 43ms
41ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-recipe/js/rating_recipe.js?ver=2.3.2
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 5bcda0b3357dac22455cb639678e2954b85bc150f606957dc2290d7183ccc931

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:31 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "4cc-5c47e396441a3-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 540

GET
H/1.1 200
OK jquery.easypiechart.min.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-review/js/ 4 KB
2 KB 44ms
41ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-review/js/jquery.easypiechart.min.js?ver=1.0
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: f73f452b5961dbe04bffdc40586dc8c689e172c2dcbfa90353d92acb7a08c444

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:31 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "f96-5c47e3964264b-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1691

GET
H/1.1 200
OK rating_review.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-review/js/ 8 KB
2 KB 40ms
37ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/penci-pennews-review/js/rating_review.js?ver=3.0
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 9c15d9cf25bf4285d5be1a9ec296cbf6ae5b729f719fc95eb5f14461cbc0fa62

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:31 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "1f1f-5c47e39642263-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1955

GET
H2 200 thickbox.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/thickbox/ 13 KB
4 KB 20ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/thickbox/thickbox.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

77a38ebee5730b70e36e9d5ddaa61456b06e905d98c5af6b86d7b7ca214583a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Tue, 23 Feb 2021 10:54:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H2 200 js.cookie.min.js Show response
c0.wp.com/p/woocommerce/5.7.1/assets/js/js-cookie/ 2 KB
955 B 20ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/js/js-cookie/js.cookie.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Tue, 19 Jan 2021 23:55:30 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H2 200 woocommerce.min.js Show response
c0.wp.com/p/woocommerce/5.7.1/assets/js/frontend/ 2 KB
709 B 21ms
17ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/js/frontend/woocommerce.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Tue, 18 May 2021 17:00:20 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H2 200 cart-fragments.min.js Show response
c0.wp.com/p/woocommerce/5.7.1/assets/js/frontend/ 3 KB
989 B 21ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/woocommerce/5.7.1/assets/js/frontend/cart-fragments.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Tue, 25 May 2021 20:19:43 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H/1.1 200
OK script.lib.min.js Show response
wp.h2870838.stratoserver.net/wp-content/themes/pennews/js/ 407 KB
126 KB 47ms
45ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/js/script.lib.min.js?ver=6.6.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 54e026f7f2e18074cbce4e26549c4f30daa4168d226d6f4d048a01638a89ca94

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "65b62-5c47e3a6bf2a6-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97

GET
H/1.1 200
OK script.min.js Show response
wp.h2870838.stratoserver.net/wp-content/themes/pennews/js/ 45 KB
12 KB 42ms
40ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/js/script.min.js?ver=6.6.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: df07904cef6b39bb3662ce3980354f76a18829f78828aed882532bfcac2b93d4

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "b4df-5c47e3a6be6ee-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 11441

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/ 3 KB
1 KB 21ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/comment-reply.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Thu, 18 Mar 2021 17:48:23 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H/1.1 200
OK intersection-observer.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/ 9 KB
3 KB 41ms
41ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?ver=1.1.3
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 550bee253a00a7e6089b3aa136a1f21d904592e93ee0740f08d4d36e4b1dcbe5

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 11:41:18 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "2390-5cb7a5c5217d0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 3102

GET
H/1.1 200
OK lazy-images.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/ 2 KB
1 KB 41ms
41ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?ver=1.1.3
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 0c97c6ce5fdeb2d91e4bc6263d3714ca800b990c1994cf0b6dac0f23c8fbabfe

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 11:41:18 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "98f-5cb7a5c5213e8-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1075

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/ 1 KB
719 B 21ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/wp-embed.min.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 2
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Dec 2022 10:14:41 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 80ms
25ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.8.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88522cca257c7b55886862e9549236b005c2fcbb1246bcd986621476739c2127

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2194
etag: W/"f138f96bdde8c4ff4dce4300db918980"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6be7256c0e55f923-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 19 Dec 2021 10:14:41 GMT

GET
H/1.1 200
OK facebook.js Show response
wp.h2870838.stratoserver.net/wp-content/themes/pennews/js/ 16 B
269 B 637ms
636ms Script
text/js 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/js/facebook.js?ver=4.1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PHP/7.4.26, PleskLin
Resource Hash: 7fea6ebedd553109acb7de5a4639b7c1cf8abc66377abe252aae9605c10295d2

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Server: Apache
Connection: Keep-Alive
X-Powered-By: PHP/7.4.26, PleskLin
Transfer-Encoding: chunked
Keep-Alive: timeout=5, max=96
Content-Type: text/js;charset=UTF-8

GET
H/1.1 200
OK forms.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/mailchimp-for-wp/assets/js/ 6 KB
3 KB 41ms
41ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.6
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: dcbe862273a5d7cb61ffaa1eda7e0a1ecb466ca5e08a592fae3e6d1824960293

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Jul 2021 12:05:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "1842-5c6af9792c062-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2559

GET
H2 200 e-202142.js Show response
stats.wp.com/ 9 KB
3 KB 16ms
15ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202142.js
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Thu, 10 Nov 2022 15:20:45 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/ 3 KB
2 KB 89ms
27ms Script
application/javascript 2600:9000:2156:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f24dc76070927cc3d13b4f52f8ecb898fce1875c32563e7a3fae2450ef6babc

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: br
last-modified: Mon, 13 Sep 2021 14:18:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: W/"a7fa5501113779849b63118ade529910"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control: max-age=900
cross-origin-resource-policy: cross-origin
x-amz-cf-id: TXNAQ7RNRu6IiWZM05lvp08XuhteVDTE8tGgxKv5MeCgqNOwmpoB7w==

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK weathericons-regular-webfont.woff2
wp.h2870838.stratoserver.net/wp-content/themes/pennews/fonts/ 44 KB
44 KB 51ms
37ms Font
application/octet-stream 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/fonts/weathericons-regular-webfont.woff2
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 9327647771c09df82095dba3591c77cca41a9cedca948ae01e7fb70c690dcbd5

Request headers

Referer: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Origin: https://wp.h2870838.stratoserver.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "aeb0-5c47e3a6ccd67"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 44720

GET
H/1.1 200
OK fontawesome-webfont.woff2
wp.h2870838.stratoserver.net/wp-content/themes/pennews/fonts/ 75 KB
76 KB 54ms
36ms Font
application/octet-stream 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Origin: https://wp.h2870838.stratoserver.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "12d68-5c47e3a6cf85f"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 77160

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v40/ 16 KB
16 KB 97ms
28ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v40/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%3A400&ver=5.8.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://wp.h2870838.stratoserver.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 18:04:41 GMT
x-content-type-options: nosniff
age: 58200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16016
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:16:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 15 Dec 2022 18:04:41 GMT

GET
H/1.1 200
OK line-awesome.woff2
wp.h2870838.stratoserver.net/wp-content/themes/pennews/fonts/ 44 KB
44 KB 39ms
39ms Font
application/octet-stream 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/fonts/line-awesome.woff2?v=1.1.
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0

Request headers

Referer: https://wp.h2870838.stratoserver.net/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Origin: https://wp.h2870838.stratoserver.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Last-Modified: Fri, 11 Jun 2021 14:21:48 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "b034-5c47e3a6cdd07"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 45108

GET
H2 200 2de245b4712df1ae7649bbeb6a1026e3
secure.gravatar.com/avatar/ 2 KB
2 KB 57ms
16ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/2de245b4712df1ae7649bbeb6a1026e3?s=100&d=mm&r=g
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 9e523aba4ee40ec4c2738eb8907fdf92c9b012e949ee20187358f0778dd59934

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 1
date: Thu, 16 Dec 2021 10:14:41 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="2de245b4712df1ae7649bbeb6a1026e3.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/2de245b4712df1ae7649bbeb6a1026e3?s=100&d=mm&r=g>; rel="canonical"
content-length: 1665
expires: Thu, 16 Dec 2021 10:19:41 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 276 KB
99 KB 86ms
52ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3031468489437388&plah=wp.h2870838.stratoserver.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3031468489437388

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfde78c2b85b3aa24855430850dc30e2d508559bf3091843f01c5cf263ce17e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 15499971331086106850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 16 Dec 2021 10:14:41 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 9D48 11 KB
5 KB 100ms
28ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3031468489437388

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 18:37:20 GMT
expires: Wed, 29 Dec 2021 18:37:20 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 56241
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK / Show response
g.themoneytizer.net/g/ 26 B
270 B 158ms
69ms Script
text/html 145.239.193.145
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.themoneytizer.net/g/
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.193.145 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 88d8c2e79f26b4df190f4b97c83f853872e827667261f23ef6e0a56fa46af2a9

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:41 GMT
Server: nginx
X-IPLB-Request-ID: 52661A44:B143_91EFC191:01BB_61BB1191_4D6D595:CC2C
X-IPLB-Instance: 29820
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 moneybile.js Show response
ads.themoneytizer.com/ 38 KB
16 KB 402ms
402ms Script
application/javascript 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/moneybile.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: public
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
server: nginx
etag: "604b9fc7-981e"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=604800
accept-ranges: bytes
content-length: 16267
expires: Thu, 23 Dec 2021 10:14:04 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 179 KB
47 KB 31ms
31ms Script
text/javascript 2600:9000:2156:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.themoneytizer.com
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44d2a42747952b49d0c809d22bbc34ac3bcf9e44c8f6e6147a16c005a60f1eb3

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:14 GMT
content-encoding: gzip
age: 27
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 17:12:27 GMT
server: AmazonS3
etag: W/"b4875f494506c6094876e2841b659712"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Xj1ekaSHLjHN53mM3ZdGB8SN1kcXdBuVY4aspQtreHJBGpk9OJ2c8Q==

POST
H2 204 collect
www.google-analytics.com/g/ 0
356 B 95ms
32ms Ping
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RPQ09C611G&gtm=2oec10&_p=1376991689&sr=1600x1200&ul=en-us&cid=960886120.1639649682&_s=1&dl=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&dt=Phishing%20mit%20der%20Hypovereinsbank%20-%20The%20Kasaan%20Times&sid=1639649681&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RPQ09C611G
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://wp.h2870838.stratoserver.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cmp-list.json Show response
test.quantcast.mgr.consensu.org/GVL-v2/ 9 KB
3 KB 100ms
26ms XHR
application/json 2600:9000:2156:0:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.themoneytizer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:0:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72974cf5c2f0384df6f0b6810376dee8106ab9bb157d8a3c441c6ba418c904da

Request headers

Accept: application/json, text/plain, */*
Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 03:00:35 GMT
content-encoding: gzip
age: 26047
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
access-control-allow-origin: *
last-modified: Sun, 05 Dec 2021 19:52:29 GMT
server: AmazonS3
etag: W/"8e6c34e38aca6825175859c7dd582794"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: qahrklIGWhNop1jsfuctewiwkcaAhdcE
via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: FRA50-C1
content-type: application/json
x-amz-cf-id: OIQeHUPqKCbjaAEpss5ngK1fA0XC-AVkTvwHXj1FBIZyGul45wY2Rg==

GET
H2 200 cmp2ui-de.js Show response
quantcast.mgr.consensu.org/tcfv2/37/ 228 KB
55 KB 28ms
28ms Script
text/javascript 2600:9000:2156:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/37/cmp2ui-de.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.themoneytizer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e5b7b88eef9c0276086fdaefa0b46f3720fc54fd068b88dee11e0f42132eaff5

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 06:52:23 GMT
content-encoding: br
age: 98539
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Thu, 09 Dec 2021 17:12:02 GMT
server: AmazonS3
etag: W/"000d8993f709dbc3b51c7f748b67c7e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: B_QrZopQeaTpwKcFs70jrp4eHA0cty4ISXRcdN4ATZavrokn34DHCg==

GET
H2 200 vendor-list-trimmed-v1.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 278 KB
36 KB 85ms
31ms XHR
application/json 2600:9000:2156:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/vendor-list-trimmed-v1.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.themoneytizer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 951e8a2a9227f5317c0b425aa907c56447549be17b2ef9d27884b45d5cb27c53

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 03:00:35 GMT
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age: 26047
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 16 Dec 2021 03:00:32 GMT
server: AmazonS3
etag: W/"206ba061df2dcb15a8e047fff8a5b020"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
via: 1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
cache-control: max-age=172800
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: dOB-rJl4ErF7QDjXcxwVa6liJs5zI_mAtlWkqmKY-emMHxbEtVFihg==

GET
H2 200 google-atp-list.json Show response
quantcast.mgr.consensu.org/tcfv2/ 154 KB
38 KB 110ms
58ms XHR
application/json 2600:9000:2156:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.themoneytizer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6d3139993c50cefa4e435ed10e9b05e89b04f0d2013e5e0059d3d91f2558c33f

Request headers

Accept: application/json, text/plain, */*
Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 03:03:26 GMT
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age: 25876
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 16 Dec 2021 03:03:23 GMT
server: AmazonS3
etag: W/"622416d5bb2a968b92631e853a1dc1a0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
via: 1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
cache-control: max-age=172800
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: HlwOrGyk3TdQynznHy3VtjnFz4l9BHgosN_Vh4kdy9tuhyCI5dlAYw==

GET
H2 200 / Show response
audit-tcfv2.quantcast.mgr.consensu.org/ 80 B
516 B 114ms
35ms XHR
text/html 143.204.98.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%226Fv0cGNfc_bw8%22%2C%22domain%22%3A%22wp.h2870838.stratoserver.net%22%2C%22publisher%22%3A%22themoneytizer.com%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.37%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22HbxGb%2B34XCkQ4dJL2MD7TA%22%2C%22clientTimestamp%22%3A1639649682194%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-t2j64gsu90gxhj5asflh%22%7D
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/37/cmp2ui-de.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-71.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Accept: application/json, text/plain, */*
Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 03:49:48 GMT
via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
vary: Origin
age: 23094
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 80
last-modified: Tue, 26 Nov 2019 14:21:44 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: ka52Z_SExEkcKkySIW6TEiOjVSj_059h9-4VZlQZYIGKrsM5n_n8Dw==

GET
H2 200 purposes-DE.json Show response
quantcast.mgr.consensu.org/GVL-v2/ 32 KB
5 KB 26ms
26ms XHR
application/json 2600:9000:2156:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/GVL-v2/purposes-DE.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.themoneytizer.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 923c6681b75a6ba02b2c3b1ea1c4c6debf40567b15c4a91bfbbdd505272ded27

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 03:00:36 GMT
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age: 26046
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 16 Dec 2021 03:00:31 GMT
server: AmazonS3
etag: W/"dfae1a5cca5ce348152624b9b43b1401"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
via: 1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
cache-control: max-age=172800
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: gLUqlh9JWkHkn79N3BdzqkiMkqMfx67vBb1UsOeCUKXNhFeRuPy9eA==

GET
H2 200 a Show response
n.ads1-adnow.com/ 84 KB
13 KB 201ms
142ms Script
text/javascript 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to

Full URL: https://n.ads1-adnow.com/a?Id=828197&uid=ssp-f26544c7-1567-6d36-abfe-abfe-beb9fce6a8&sync=0&hours=10&ajax=0&domain=n.ads1-adnow.com&unq=1&cookies=1&_c=e30%3D&RNum=8259&docurl_=aHV2c3c_NTZ_eThzPkVFP0hESkHCh8KJwoh4wozCiMKNwoDCjsKTwoPCkU7Cj8KHwpdTwpXCjsKQwpvCkcKTwpnCk1rCm8KYwqRewpbCmMKmYsKewrDCqMKowrDCoMKuwqLCp8KtwrPCo8KjwrHCrw&client_info=eyJ3aW4iOnsidyI6MTYwMCwiaCI6MTIwMH0sInNjcmVlbiI6eyJ3aWR0aCI6MTYwMCwiaGVpZ2h0IjoxMjAwLCJjb2xvckRlcHRoIjoyNCwicGl4ZWxEZXB0aCI6MjR9LCJuYXZpZ2F0b3IiOnsibGFuZ3VhZ2UiOiJlbi1VUyIsImJyb3dzZXJMYW5ndWFnZSI6IiIsInN5c3RlbUxhbmd1YWdlIjoiIiwidXNlckxhbmd1YWdlIjoiIiwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ2ZW5kb3IiOiJHb29nbGUgSW5jLiIsInRpbWVab25lIjowLCJkYXRlIjoiMjAyMS0xMi0xNlQxMDoxNDo0Mi4yNjdaIiwiaG91ciI6MTAsIndpZHRoIjoxNjAwLCJoZWlnaHQiOjEyMDAsInBsdWdpbnMiOlsiQ2hyb21lIFBERiBQbHVnaW4iLCJDaHJvbWUgUERGIFZpZXdlciIsIk5hdGl2ZSBDbGllbnQiXSwiZmxhc2hWZXJzaW9uIjpmYWxzZSwiY29ubmVjdGlvblR5cGUiOiJ1bmRlZiJ9fQ%3D%3D&doc_inf=eyJ0aXRsZSI6IlBoaXNoaW5nJTIwbWl0JTIwZGVyJTIwSHlwb3ZlcmVpbnNiYW5rJTIwLSUyMFRoZSUyMEthc2FhbiUyMFRpbWVzIiwiZGVzY3JpcHRpb24iOiJFaW4lMjBiZXNvbmRlcnMlMjBwZXJmaWRlcyUyMFBoaXNoaW5ncHJvZ3JhbW0lMjB3aXJkJTIwZGVyemVpdCUyMGltJTIwTmFtZW4lMjBkZXIlMjBIeXBvdmVyZWluc2JhbmslMjB2ZXJzYW5kdC4iLCJjaGFyU2V0IjoiVVRGLTgifQ%3D%3D&set=e30%3D&ver=8&bln=0&bver=5
Requested by: Host: st-n.ads1-adnow.com
URL: https://st-n.ads1-adnow.com/js/a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 016ad8aecbbc1f2263ce2e15889b343adf755d7cf181e56013be90ad8fb13717

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:54 GMT
content-encoding: gzip
server: nginx/1.10.3
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8

GET
H/1.1 200
OK / Show response
c.tmyzer.com/c/ 0
271 B 166ms
40ms XHR
text/html 54.38.64.100
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tmyzer.com/c/?s=24739&f=6&fi=99
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.38.64.100 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 16 Dec 2021 10:14:42 GMT
Server: nginx
X-IPLB-Request-ID: 52661A44:5DEB_36264064:01BB_61BB1191_5072601:280FB
X-IPLB-Instance: 24857
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

smart.js Show response
ced-ns.sascdn.com/diff/js/
Redirect Chain

https://ww1097.smartadserver.com/config.js?nwid=1097
https://ced-ns.sascdn.com/diff/js/smart.js

81 KB
24 KB

185ms
47ms

Script
application/x-javascript

2a02:26f0:7100::1720:ee58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ced-ns.sascdn.com/diff/js/smart.js
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Server: 2a02:26f0:7100::1720:ee58 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8fceb9666c98db92674eadc3bf22b5811f633e794c6400d43d9e1075e9d7618d

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:37:07 GMT
Server: AkamaiNetStorage
ETag: "dd8f4c5a387008ec698123592c1e7a85:1634197388.862531"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23942

Redirect headers

location: https://ced-ns.sascdn.com/diff/js/smart.js
date: Thu, 16 Dec 2021 10:14:41 GMT
content-length: 0

GET
H2 200 sync Show response
gum.criteo.com/ 49 B
369 B 105ms
34ms Script
text/javascript 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; preload;

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1516
strict-transport-security: max-age=86400; preload;
content-length: 165
expires: 60

GET
H2 200 mapper.js Show response
spl.zeotap.com/ 61 KB
20 KB 70ms
27ms Script
application/javascript 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69cd3575e99cc3ae3b5f8b94ec35620146c342126204aadf1586c5deabac1fad

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:41 GMT
via: 1.1 google
cf-cache-status: HIT
age: 4866
cf-polished: origSize=62056
content-encoding: br
last-modified: Thu, 16 Dec 2021 08:53:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: https://www.bmwpassion.com
access-control-allow-credentials: true
cf-ray: 6be725706cc73750-MXP
access-control-allow-headers: *
cf-bgj: minify

GET
H/1.1 200
OK libJsLP.js Show response
tag.leadplace.fr/ 5 KB
6 KB 153ms
35ms Script
application/javascript 145.239.193.51
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.leadplace.fr/libJsLP.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 145.239.193.51 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Last-Modified: Thu, 14 Oct 2021 07:27:52 GMT
Server: nginx/1.14.2
X-IPLB-Request-ID: 52661A44:5485_91EFC133:01BB_61BB1191_48931FD8:17AA7
ETag: "6167dbf8-15ab"
X-IPLB-Instance: 29922
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 5547

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 4839 2 KB
814 B 86ms
26ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1639649682400

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 556ms
181ms Script
application/javascript 2600:1f1c:a99:832c:2615:337c:6c9e:c761
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f1c:a99:832c:2615:337c:6c9e:c761 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 23 Dec 2021 10:14:42 GMT

GET
H/1.1 200
OK px.js Show response
p.cpx.to/p/12761/ 3 KB
4 KB 221ms
53ms Script
application/javascript 52.210.129.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.cpx.to/p/12761/px.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.129.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-129-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: abc9ef14d09ac2e65192102f688002cca3a04d4cfdb7704ce1aa5c0bdeda5e1f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Cache-Control: max-age=2419200, public
Connection: keep-alive
Content-Length: 3479
Content-Type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK notifyme.js Show response
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/ 25 KB
26 KB 146ms
42ms Script
text/javascript 143.204.101.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.219 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-219.fra50.r.cloudfront.net
Software: Apache /
Resource Hash: b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 07:53:07 GMT
Via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Age: 8498
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 25704
X-Amz-Cf-Id: lRQCiQJQbYe_0zN77MIjO2MFxQzsMMVMvk7cgqup3VtqcVng49tg1w==

GET
H/1.1 200
OK 186329-261067657875242.js Show response
js-sec.indexww.com/ht/p/ 37 KB
13 KB 113ms
37ms Script
text/javascript 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7e176e51c1dff07522d527754e78745b4fe73db4b875ab85be5ec57e2e35346c

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Dec 2021 09:16:42 GMT
Server: Apache
ETag: "da4eec-930b-5d33fe17ac908"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=344
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 12788
Expires: Thu, 16 Dec 2021 10:20:26 GMT

GET
H2 200 prebid.js Show response
ads.themoneytizer.com/moneybid6_3/build/dist/ 585 KB
176 KB 57ms
57ms Script
application/javascript 151.139.241.23
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/moneybid6_3/build/dist/prebid.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=24739&formatId=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: f748268d79676e63d786b6d070d1bdded923a22e0562134ee680dfe8141e8f13

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: public
date: Thu, 16 Dec 2021 10:14:41 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 14:59:06 GMT
server: nginx
etag: "61af76ba-92507"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=604800
accept-ranges: bytes
content-length: 179527
expires: Thu, 23 Dec 2021 10:14:05 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/de_DE/ 3 KB
2 KB 126ms
35ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b03e71853e3c171cbaac3bbe5e88cd4ff7529bc9deae4a4f6ba5996d56308ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Eo/sgQKHIxe2gt4zcQgAbA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: LYyeS5+L+X9ILhD/DZq+aQv3CUohZm1gIP1AcqwaOK243k1h08LNaqbkEOZZRxfI9iv/lkh8vxm98pGRDEGw7w==
x-fb-trip-id: 917726464
x-fb-content-md5: b7cd2e4e98936da5b1b50d5151f3f052
x-frame-options: DENY
date: Thu, 16 Dec 2021 10:14:42 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "15089d698e8737a45b10ceb1aee092d8"
timing-allow-origin: *
expires: Thu, 16 Dec 2021 10:32:04 GMT

GET
H2 200 jquery.mousewheel.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 3 KB
2 KB 60ms
23ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.8.1/wp-includes/js/jquery/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2039404
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1046
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-ad3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZJhL8oKRn9KiHIGpnW5sk5VObl0HRQxu%2BQ3PZ7wVy9Ks%2FPKHv9EC8Tku8x0czb%2BW6Qcw2qHvBBzEKsnx%2BSljZa2ePeHj0g%2BFG9iatpueDJcqi82PZ2rCrEvszGPBkCSkqiJ%2BfxfPqpjB0y0GYeyf%2BXz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6be72570ef953762-MXP
expires: Tue, 06 Dec 2022 10:14:42 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
116 B 22ms
15ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.1&blog=198942295&post=104569&tz=0&srv=wp.h2870838.stratoserver.net&host=wp.h2870838.stratoserver.net&ref=&fcp=1384&rand=0.9236278453982196
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 10:14:42 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK phishing-mit-der-hypovereinsbank Show response
wp.h2870838.stratoserver.net/ 283 KB
59 KB 4906ms
4906ms XHR
text/html 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank?relatedposts=1
Requested by: Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/10.1/_inc/build/related-posts/related-posts.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PHP/7.4.26, PleskLin
Resource Hash: 372b99e1c8fa79bb71235058d052f7aa8a36e3207eee6a9154655c9e1fb448de

Request headers

Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
x-requested-with: XMLHttpRequest
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Apache
X-Powered-By: PHP/7.4.26, PleskLin
X-Pingback: https://wp.h2870838.stratoserver.net/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: Keep-Alive
Link: <https://wp.h2870838.stratoserver.net/wp-json/>; rel="https://api.w.org/", <https://wp.h2870838.stratoserver.net/wp-json/wp/v2/posts/104569>; rel="alternate"; type="application/json", <https://wp.h2870838.stratoserver.net/?p=104569>; rel=shortlink
Keep-Alive: timeout=5, max=95

GET
H/1.1

200

1.gif
id5-sync.com/c/12/0/9/
Redirect Chain

https://id5-sync.com/i/12/9.gif?gdpr=true&gdpr_consent=
https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=

43 B
1009 B

26ms
26ms

Image
image/gif

54.36.109.166
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

HTTP/1.1

Server

54.36.109.166 , France, ASN16276 (OVH, FR),

Reverse DNS

p10.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:32 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

Redirect headers

Location: https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
Date: Thu, 16 Dec 2021 10:14:32 GMT
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 49ms
26ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151512
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.8.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e000e7805a03b275608d64f0ee40fc1140ea80bcb3daa6bc9a5406dd107f9d0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2374
etag: W/"bade15bfdcba7ee19d22e61741b04b27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6be72570ba6d83bb-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 19 Dec 2021 10:14:42 GMT

GET
H/1.1 200
OK loadingAnimation.gif
wp.h2870838.stratoserver.net/wp-includes/js/thickbox/ 15 KB
15 KB 40ms
40ms Image
image/gif 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wp.h2870838.stratoserver.net/wp-includes/js/thickbox/loadingAnimation.gif
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Last-Modified: Mon, 05 Nov 2012 21:00:15 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "3b86-4cdc5c5a4b5c0"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 15238

POST /
wp.h2870838.stratoserver.net/ 0
0

GET
H2 200 cropped-Screenshot-466-1.png
i1.wp.com/wp.h2870838.stratoserver.net/wp-content/uploads/2021/04/ 17 KB
17 KB 57ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/wp.h2870838.stratoserver.net/wp-content/uploads/2021/04/cropped-Screenshot-466-1.png?w=626&ssl=1

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

dad910530be091930b5ebb51b41c831f74c22515e56bbeb67d2acaa9aea088ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT mxp 6
date: Thu, 16 Dec 2021 10:14:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Dec 2021 04:11:27 GMT
server: nginx
etag: "1ddb028a3b2f667b"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://wp.h2870838.stratoserver.net/wp-content/uploads/2021/04/cropped-Screenshot-466-1.png>; rel="canonical"
content-length: 16914
expires: Sat, 16 Dec 2023 16:11:27 GMT

GET
H2 404 Screenshot-931.png
i1.wp.com/wp.h2870838.stratoserver.net/wp-content/uploads/2021/10/ 65 B
65 B 6916ms
6889ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/wp.h2870838.stratoserver.net/wp-content/uploads/2021/10/Screenshot-931.png?w=476&ssl=1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i1.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED mxp 3
date: Thu, 16 Dec 2021 10:14:48 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK tarteaucitron.css
wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/css/ 16 KB
4 KB 37ms
37ms Stylesheet
text/css 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/css/tarteaucitron.css
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/tarteaucitron.min.js?ver=5.8.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 18dfe28878ba6474655c9b32447a456dde3a3aef6dbda5b5fd8329bd97f7dba5

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Jul 2021 12:04:52 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "40ab-5c6af94420731-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3260

GET
H/1.1 200
OK tarteaucitron.de.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/lang/ 3 KB
2 KB 38ms
37ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/lang/tarteaucitron.de.js?v=323
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/tarteaucitron.min.js?ver=5.8.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 219e090bf9d7dc675781afdde55227697683a45391a8f8ea47e94127e7d146d8

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Jul 2021 12:04:52 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "b9f-5c6af9442228a-gzip"
Vary: Accept-Encoding
Content-Language: de
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=5, max=95
Content-Length: 1184

GET
H2 200 / Show response
spl.zeotap.com/ 2 KB
1 KB 38ms
37ms XHR
text/html 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15999014b0d7560442a6e03103287c8bc341176cc1c4b544bd41c630c94bab44

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6be7257208173750-MXP
date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: text/html
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *

GET
H2

200

mw
mwzeom.zeotap.com/
Redirect Chain

https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fadnxs_uid%3D%24UID%26zpartnerid%3D2%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec...
https://mwzeom.zeotap.com/mw?adnxs_uid=2392174285152533418&zpartnerid=2&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

95 B
153 B

55ms
55ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?adnxs_uid=2392174285152533418&zpartnerid=2&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
cf-ray: 6be725745c5d3750-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

Pragma: no-cache
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-Proxy-Origin: 82.102.26.68; 82.102.26.68; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 7db8c16b-776f-4449-ab09-05e9dc6b7bad
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://mwzeom.zeotap.com/mw?adnxs_uid=2392174285152533418&zpartnerid=2&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476...
https://mwzeom.zeotap.com/mw?google_gid=CAESELW8Vg7UQgMF_t3pcp0mBQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-496...

95 B
153 B

40ms
40ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESELW8Vg7UQgMF_t3pcp0mBQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
cf-ray: 6be725745c603750-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESELW8Vg7UQgMF_t3pcp0mBQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 446
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-d...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f21ec058%26reqId%3Dde0dcdf9-c2c1-4664-4969-d...
https://mwzeom.zeotap.com/mw?cid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&zpartnerid=6&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d14...

95 B
153 B

44ms
43ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&zpartnerid=6&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
cf-ray: 6be725745c593750-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:42 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&zpartnerid=6&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 449

GET
H2

200

mw
mwzeom.zeotap.com/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=3f070747-f8d7-48aa-691f-a624f21ec058&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=3f070747-f8d7-48aa-691f-a624f21ec058&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=71271477891164585641097725698928450839&zpartnerid=314&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d5...

95 B
153 B

41ms
40ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=71271477891164585641097725698928450839&zpartnerid=314&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
cf-ray: 6be72574ad463750-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

DCS: dcs-prod-irl1-1-v025-07c569148.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 9oyT6eIqSzc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=71271477891164585641097725698928450839&zpartnerid=314&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

mw
mwzeom.zeotap.com/
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=ITA&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1258&cid=jpNwFxk3k3%2BsDZiC0bRdZcwbScxd0Qq2%2BS41iYitP1U%3D

95 B
153 B

51ms
41ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1258&cid=jpNwFxk3k3%2BsDZiC0bRdZcwbScxd0Qq2%2BS41iYitP1U%3D
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
cf-ray: 6be72573cb3c3750-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:42 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1258&cid=jpNwFxk3k3%2BsDZiC0bRdZcwbScxd0Qq2%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f...
https://mwzeom.zeotap.com/mw?cid=817c61bb-1192-4c00-9244-62d3d505d890&env=mWeb&zpartnerid=979&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969...

95 B
164 B

47ms
38ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=817c61bb-1192-4c00-9244-62d3d505d890&env=mWeb&zpartnerid=979&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
cf-ray: 6be72573cb3b3750-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Server: MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=817c61bb-1192-4c00-9244-62d3d505d890&env=mWeb&zpartnerid=979&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Thu, 16 Dec 2021 10:14:41 GMT

GET
H2

200

mw
mwzeom.zeotap.com/
Redirect Chain

https://obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3D3f070747-f8d7-48aa-691f-a624f...
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258

95 B
153 B

44ms
44ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://wp.h2870838.stratoserver.net
access-control-allow-credentials: true
cf-ray: 6be72574cd723750-MXP
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=pageview&id_mid_4=3f070747-f8d7-48aa-691f-a624f21ec058&reqId=de0dcdf9-c2c1-4664-4969-de47d59d1476&zdid=1258
date: Thu, 16 Dec 2021 10:14:42 GMT
cross-origin-resource-policy: cross-origin
content-length: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
553 B 157ms
50ms XHR
application/json 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=186329
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: d3856ebc7dd3278c4ccd0acb4412a04956db54dde20353eac16332a6594fdfea

Request headers

Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wp.h2870838.stratoserver.net
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Sat, 15 Jan 2022 10:14:42 GMT

GET
H2 204 identity Show response
api.rlcdn.com/api/ 0
288 B 178ms
131ms XHR
text/plain 34.120.155.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.155.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.155.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
via: 1.1 google
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://wp.h2870838.stratoserver.net
cache-control: no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 sdk.js Show response
connect.facebook.net/de_DE/ 290 KB
82 KB 59ms
28ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js?hash=fe3ef15736bfc1dcf4700c156bdae691

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fd32e4c1fcd3015f3ef8aeaebf0ca0b803ece717d1d5547184ce131a4bb152c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://wp.h2870838.stratoserver.net/
Origin: https://wp.h2870838.stratoserver.net
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: iRCryzwwI8HZtisQNwUU/g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 83473
x-fb-rlafr: 0
x-fb-debug: +8hgnwRVjN4iHUx07os5VYX0s4JzUraPwHiXrgT/xQwXUHDix5ebCDm4L48drlob7yaOYIKaFmxBWTfwErrznw==
x-fb-content-md5: 57e57ddd88ea24ddc695d0667f7fbdc6
x-frame-options: DENY
date: Thu, 16 Dec 2021 10:14:42 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "2cda6d51c1a1f62f4da5067d0e746099"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 16 Dec 2022 08:54:31 GMT

GET
H/1.1 200
OK tarteaucitron.services.min.js Show response
wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/ 24 KB
6 KB 38ms
37ms Script
application/javascript 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/tarteaucitron.services.min.js?v=323
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/wp-content/plugins/dsgvo-all-in-one-for-wp/assets/js/tarteaucitron/tarteaucitron.min.js?ver=5.8.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: 8ae73faac3b109f52e0d1e2b8b615eef75b4afbfd42814b15f946c4c64695e71

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Jul 2021 12:04:52 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "5ee0-5c6af94420b19-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 5409

GET
H2 200 configurable.js Show response
st-n.ads1-adnow.com/js/ 129 KB
43 KB 113ms
113ms Script
application/javascript 2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://st-n.ads1-adnow.com/js/configurable.js
Requested by: Host: n.ads1-adnow.com
URL: https://n.ads1-adnow.com/a?Id=828197&uid=ssp-f26544c7-1567-6d36-abfe-abfe-beb9fce6a8&sync=0&hours=10&ajax=0&domain=n.ads1-adnow.com&unq=1&cookies=1&_c=e30%3D&RNum=8259&docurl_=aHV2c3c_NTZ_eThzPkVFP0hESkHCh8KJwoh4wozCiMKNwoDCjsKTwoPCkU7Cj8KHwpdTwpXCjsKQwpvCkcKTwpnCk1rCm8KYwqRewpbCmMKmYsKewrDCqMKowrDCoMKuwqLCp8KtwrPCo8KjwrHCrw&client_info=eyJ3aW4iOnsidyI6MTYwMCwiaCI6MTIwMH0sInNjcmVlbiI6eyJ3aWR0aCI6MTYwMCwiaGVpZ2h0IjoxMjAwLCJjb2xvckRlcHRoIjoyNCwicGl4ZWxEZXB0aCI6MjR9LCJuYXZpZ2F0b3IiOnsibGFuZ3VhZ2UiOiJlbi1VUyIsImJyb3dzZXJMYW5ndWFnZSI6IiIsInN5c3RlbUxhbmd1YWdlIjoiIiwidXNlckxhbmd1YWdlIjoiIiwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ2ZW5kb3IiOiJHb29nbGUgSW5jLiIsInRpbWVab25lIjowLCJkYXRlIjoiMjAyMS0xMi0xNlQxMDoxNDo0Mi4yNjdaIiwiaG91ciI6MTAsIndpZHRoIjoxNjAwLCJoZWlnaHQiOjEyMDAsInBsdWdpbnMiOlsiQ2hyb21lIFBERiBQbHVnaW4iLCJDaHJvbWUgUERGIFZpZXdlciIsIk5hdGl2ZSBDbGllbnQiXSwiZmxhc2hWZXJzaW9uIjpmYWxzZSwiY29ubmVjdGlvblR5cGUiOiJ1bmRlZiJ9fQ%3D%3D&doc_inf=eyJ0aXRsZSI6IlBoaXNoaW5nJTIwbWl0JTIwZGVyJTIwSHlwb3ZlcmVpbnNiYW5rJTIwLSUyMFRoZSUyMEthc2FhbiUyMFRpbWVzIiwiZGVzY3JpcHRpb24iOiJFaW4lMjBiZXNvbmRlcnMlMjBwZXJmaWRlcyUyMFBoaXNoaW5ncHJvZ3JhbW0lMjB3aXJkJTIwZGVyemVpdCUyMGltJTIwTmFtZW4lMjBkZXIlMjBIeXBvdmVyZWluc2JhbmslMjB2ZXJzYW5kdC4iLCJjaGFyU2V0IjoiVVRGLTgifQ%3D%3D&set=e30%3D&ver=8&bln=0&bver=5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: a2818739279b01afc774ef894bee940d5f9a7760835246f35abd989c90e85bb7

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc7
date: Thu, 16 Dec 2021 10:14:42 GMT
content-encoding: gzip
last-modified: Thu, 22 Jul 2021 06:18:31 GMT
server: nginx
etag: W/"60f90db7-20475"
x-cached-since: 2021-12-16T10:13:51+00:00
content-type: application/javascript
cache-control: max-age=60
cache: HIT
expires: Thu, 16 Dec 2021 10:15:42 GMT

GET
H/1.1 200
OK fire.js Show response
s.cpx.to/ 957 B
2 KB 208ms
50ms Script
application/javascript 79.125.60.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cpx.to/fire.js?pid=12761&ref=&hn_ver=20&fid=11814066-e013-4ca7-b59e-6d0bb62db665

Requested by

Host: p.cpx.to
URL: https://p.cpx.to/p/12761/px.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

79.125.60.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-79-125-60-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

f3a3e86a43463f00e894146c4605b180d316f56f84a6bdb3ac5e82cbeede89db

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript; charset=UTF-8
Content-Length: 957
Expires: Mon, 06 Dec 2021 16:27:45 UTC

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ 84 KB
30 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

Requested by

Host: d2zur9cc2gf1tx.cloudfront.net
URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 04:39:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 538525
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30186
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Sat, 10 Dec 2022 04:39:17 GMT

GET
H/1.1 200
OK sserdaliame.png
wp.h2870838.stratoserver.net/wp-content/dsgvo-all-in-one-wp/ 230 B
521 B 38ms
37ms Image
image/png 81.169.247.54
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wp.h2870838.stratoserver.net/wp-content/dsgvo-all-in-one-wp/sserdaliame.png
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.169.247.54 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: thekasaantimes.de
Software: Apache / PleskLin
Resource Hash: ac163d8abd96b7eb7e1ff7c67a958ee29fff1f554aa355de03c1277a96a21cf1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:42 GMT
Last-Modified: Thu, 16 Dec 2021 09:27:19 GMT
Server: Apache
X-Powered-By: PleskLin
ETag: "e6-5d340076bafa5"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 230

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
439 B 92ms
38ms XHR
text/plain 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=415712&u=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-AK-INITIAL-GEO: CC:[IT], RC:[], CN:[EU], CIP:[82.102.26.68], XFF:[]
Server: Apache
Access-Control-Allow-Origin: https://wp.h2870838.stratoserver.net
X-CS-CLIENT-GEO: 11
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-AK-CLIENT-GEO: 11
Expires: Thu, 16 Dec 2021 10:14:42 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 96ms
29ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1582375255406633&ev=fb_page_view&dl=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&rl=&if=false&ts=1639649683002&sw=1600&sh=1200&at=

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 16 Dec 2021 10:14:42 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 89ms
29ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1582375255406633&ev=fb_page_view&dl=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&rl=&if=false&ts=1639649683004&sw=1600&sh=1200&at=

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:14:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 16 Dec 2021 10:14:42 GMT

GET
H2 200 rules-p-6Fv0cGNfc_bw8.js Show response
rules.quantcount.com/ 1 KB
1 KB 79ms
25ms Script
application/javascript 2600:9000:2156:3200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 10:02:57 GMT
content-encoding: gzip
age: 706
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Mon, 19 Mar 2018 22:28:36 GMT
server: AmazonS3
etag: W/"9a93052877e57b42aeefaab6e7ec5f90"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Rdv2Bsxqpl1t-hzexmftK-r0tBDEm8qMFbRlCIjF_repGUNlWTf4cQ==

GET
H2 200 st
n.ads1-adnow.com/ 119 B
119 B 29ms
28ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/st?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6MjkuMDg3ODQsImRzcF9wcmljZV91c2QiOjAuMzkzODcyLCJwcmljZSI6MjkuMDg3ODQsImFkdF9mb3JtYXQiOiJudHYtMXgxIiwiY29kZV9zaG93X3R5cGUiOiJub3JtYWwiLCJiaWRpZCI6IlNDQi0zMTgtc3NwLWYyNjU0NGM3LTE1NjctNmQzNi1hYmZlLWFiZmUtYmViOWZjZTZhOC1reDh0MzNvdC1zNG4iLCJpbXBpZCI6IlNDSS0zMTgtODI4MTk3LWt4OHQzM290LWRicCIsImNwYyI6MCwiY3BtIjowLCJ0ZWFzZXJzRGF0YSI6W3siY3BhIjoiYWRjb21ibyIsImNwYV9hY2NvdW50IjoiYW5kcml5ZXRzLmEzQGdtYWlsLmNvbSIsImlhYiI6IklBQjctMTQtMS02IiwidGVhbSI6InRlYW0gYSJ9LHsiY3BhIjoiYWRjb21ibyIsImNwYV9hY2NvdW50IjoiYW5kcml5ZXRzLmEzQGdtYWlsLmNvbSIsImlhYiI6IklBQjctMTQtMS02IiwidGVhbSI6InRlYW0gYSJ9LHsiY3BhIjoiYWRjb21ibyIsImNwYV9hY2NvdW50IjoiYW5kcml5ZXRzLmEzQGdtYWlsLmNvbSIsImlhYiI6IklBQjctMjAtMS05IiwidGVhbSI6InRlYW0gYSJ9LHsiY3BhIjoiYWRjb21ibyIsImNwYV9hY2NvdW50IjoiYW5kcml5ZXRzLmEzQGdtYWlsLmNvbSIsImlhYiI6IklBQjctMjAtMS05IiwidGVhbSI6InRlYW0gYSJ9LHsiY3BhIjoiYWRjb21ibyIsImNwYV9hY2NvdW50IjoiYW5kcml5ZXRzLmEzQGdtYWlsLmNvbSIsImlhYiI6IklBQjctMjAtMS05IiwidGVhbSI6InRlYW0gYSJ9LHsiY3BhIjoiYWRjb21ibyIsImNwYV9hY2NvdW50IjoiYW5kcml5ZXRzLmEzQGdtYWlsLmNvbSIsImlhYiI6IklBQjEwLTEtMS0xIiwidGVhbSI6InRlYW0gYSJ9LHsiY3BhIjoiYWRjb21ibyIsImNwYV9hY2NvdW50IjoiYW5kcml5ZXRzLmEzQGdtYWlsLmNvbSIsImlhYiI6IklBQjctMjAtMS05IiwidGVhbSI6InRlYW0gYSJ9LHsiY3BhIjoib2ZmZXJydW0iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hMUBnbWFpbC5jb20iLCJpYWIiOiJJQUI3LTE0LTEtNiIsInRlYW0iOiJ0ZWFtIGEifV19&r=10827
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

5862c2fc8591e3b92075a7dbc8b8fb13.jpg
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg0MzY4JmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/5862c2fc8591e3b92075a7dbc8b8fb13.jpg

8 KB
8 KB

335ms
106ms

Image
image/jpeg

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/5862c2fc8591e3b92075a7dbc8b8fb13.jpg
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 2c80ea2f28125b3b93ee583601782f801f9d190347f5b8b3ca8510a44409f99f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Fri, 12 Nov 2021 12:20:39 GMT
server: nginx
etag: "618e5c17-211c"
x-cached-since: 2021-12-14T00:03:20+00:00
content-type: image/jpeg
cache: HIT
accept-ranges: bytes
content-length: 8476

Redirect headers

location: https://cdn.nacontent.pro/pictures/5862c2fc8591e3b92075a7dbc8b8fb13.jpg
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 29ms
28ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6ImFkY29tYm8iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hM0BnbWFpbC5jb20iLCJpYWIiOiJJQUI3LTE0LTEtNiIsInRlYW0iOiJ0ZWFtIGEifV19&r=57789
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

62cf13c3d7310595a42c0bce12f765de.jpg
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg0MzY3JmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/62cf13c3d7310595a42c0bce12f765de.jpg

6 KB
6 KB

345ms
116ms

Image
image/jpeg

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/62cf13c3d7310595a42c0bce12f765de.jpg
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: b97a839270c9613d8ff475025808c9628758b6222b3ac57648c0b65f007c7418

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Fri, 12 Nov 2021 12:20:37 GMT
server: nginx
etag: "618e5c15-1714"
x-cached-since: 2021-12-15T15:33:01+00:00
content-type: image/jpeg
cache: HIT
accept-ranges: bytes
content-length: 5908

Redirect headers

location: https://cdn.nacontent.pro/pictures/62cf13c3d7310595a42c0bce12f765de.jpg
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 29ms
28ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6ImFkY29tYm8iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hM0BnbWFpbC5jb20iLCJpYWIiOiJJQUI3LTE0LTEtNiIsInRlYW0iOiJ0ZWFtIGEifV19&r=62749
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

c6e158ec8eb709762d92d02f5ce6beea.jpg
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MDk5JmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/c6e158ec8eb709762d92d02f5ce6beea.jpg

48 KB
48 KB

624ms
408ms

Image
image/jpeg

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/c6e158ec8eb709762d92d02f5ce6beea.jpg
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: cbea8eb0223d6c1987a5016a74d5499a8dc565a78246ed5bcdb28d57b741ed5e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Mon, 13 Dec 2021 14:18:14 GMT
server: nginx
etag: "61b75626-c0b1"
content-type: image/jpeg
cache: MISS
accept-ranges: bytes
content-length: 49329

Redirect headers

location: https://cdn.nacontent.pro/pictures/c6e158ec8eb709762d92d02f5ce6beea.jpg
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 27ms
26ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6ImFkY29tYm8iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hM0BnbWFpbC5jb20iLCJpYWIiOiJJQUI3LTIwLTEtOSIsInRlYW0iOiJ0ZWFtIGEifV19&r=73736
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

b7b2071a85817b1f46da9b1369b7365f.gif
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MDk3JmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/b7b2071a85817b1f46da9b1369b7365f.gif

90 KB
90 KB

636ms
407ms

Image
image/gif

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/b7b2071a85817b1f46da9b1369b7365f.gif
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 448e8db687c59ecf9d302bf2af837710acf98a0575ae47fc00303f58c4ad46f9

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Tue, 07 Dec 2021 14:57:02 GMT
server: nginx
etag: "61af763e-16839"
content-type: image/gif
cache: MISS
accept-ranges: bytes
content-length: 92217

Redirect headers

location: https://cdn.nacontent.pro/pictures/b7b2071a85817b1f46da9b1369b7365f.gif
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 27ms
27ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6ImFkY29tYm8iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hM0BnbWFpbC5jb20iLCJpYWIiOiJJQUI3LTIwLTEtOSIsInRlYW0iOiJ0ZWFtIGEifV19&r=97615
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

f5a4311182d07be6485e758c0113dcc2.jpg
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MDk4JmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/f5a4311182d07be6485e758c0113dcc2.jpg

36 KB
36 KB

636ms
408ms

Image
image/jpeg

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/f5a4311182d07be6485e758c0113dcc2.jpg
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: a8e16d1c8ce4ad8c69d3e86b0f606e2d9aea999e6b668ea8ce28c58224683728

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Tue, 07 Dec 2021 14:57:01 GMT
server: nginx
etag: "61af763d-9032"
content-type: image/jpeg
cache: MISS
accept-ranges: bytes
content-length: 36914

Redirect headers

location: https://cdn.nacontent.pro/pictures/f5a4311182d07be6485e758c0113dcc2.jpg
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 40ms
40ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6ImFkY29tYm8iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hM0BnbWFpbC5jb20iLCJpYWIiOiJJQUI3LTIwLTEtOSIsInRlYW0iOiJ0ZWFtIGEifV19&r=73897
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

69e5b7a194411b3a8298d3214f724231.jpg
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2Mzk1JmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/69e5b7a194411b3a8298d3214f724231.jpg

34 KB
34 KB

340ms
123ms

Image
image/jpeg

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/69e5b7a194411b3a8298d3214f724231.jpg
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 34f685ca13feb94354bf991bf12e26c2b89a01bdacf4bc2e7b45280e3be71eb0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Fri, 19 Nov 2021 12:31:04 GMT
server: nginx
etag: "61979908-865e"
x-cached-since: 2021-12-11T12:48:56+00:00
content-type: image/jpeg
cache: STALE
accept-ranges: bytes
content-length: 34398

Redirect headers

location: https://cdn.nacontent.pro/pictures/69e5b7a194411b3a8298d3214f724231.jpg
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 27ms
27ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6ImFkY29tYm8iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hM0BnbWFpbC5jb20iLCJpYWIiOiJJQUIxMC0xLTEtMSIsInRlYW0iOiJ0ZWFtIGEifV19&r=68983
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

dfd1e54e6ed66313ccb5075818a9c214.gif
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg2MTAxJmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/dfd1e54e6ed66313ccb5075818a9c214.gif

32 KB
32 KB

413ms
204ms

Image
image/gif

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/dfd1e54e6ed66313ccb5075818a9c214.gif
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 4f236a704251724c10867b164045ac5ba5d64ba59dda24ba6adb6e3b8c39df1f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Tue, 07 Dec 2021 14:57:00 GMT
server: nginx
etag: "61af763c-8038"
x-cached-since: 2021-12-14T13:53:21+00:00
content-type: image/gif
cache: HIT
accept-ranges: bytes
content-length: 32824

Redirect headers

location: https://cdn.nacontent.pro/pictures/dfd1e54e6ed66313ccb5075818a9c214.gif
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 28ms
27ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6ImFkY29tYm8iLCJjcGFfYWNjb3VudCI6ImFuZHJpeWV0cy5hM0BnbWFpbC5jb20iLCJpYWIiOiJJQUI3LTIwLTEtOSIsInRlYW0iOiJ0ZWFtIGEifV19&r=55424
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H2

200

d3afc2f59afc8775f5e9a319156ce66d.jpg
cdn.nacontent.pro/pictures/
Redirect Chain

https://ena-native-ads9.com/imp?uid=9bebe209-b390-4e8b-9bdd-579068c99cb5&params=YWRuX2lkPTE3JmFuaW1hdGlvbj0xLjAwMDAwMCZjX3R5cGU9JmNhbXBfaWQ9MCZjcGE9cGVlcmNsaWNrJmNyZWF0aXZlX2lkPTg1Nzk2JmNyZW9fcGFpc...
https://cdn.nacontent.pro/pictures/d3afc2f59afc8775f5e9a319156ce66d.jpg

26 KB
26 KB

413ms
203ms

Image
image/jpeg

2a03:90c0:9996::9996
GCORE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.nacontent.pro/pictures/d3afc2f59afc8775f5e9a319156ce66d.jpg
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Server: 2a03:90c0:9996::9996 , United States, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 3cd25e977d206838a85aaa2b3286dbe228e9a819b82bfa5f4faf6076f5d9cd2a

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-id: ny2-up-gc5
date: Thu, 16 Dec 2021 10:14:43 GMT
last-modified: Tue, 07 Dec 2021 14:57:03 GMT
server: nginx
etag: "61af763f-6803"
x-cached-since: 2021-12-11T14:53:46+00:00
content-type: image/jpeg
cache: STALE
accept-ranges: bytes
content-length: 26627

Redirect headers

location: https://cdn.nacontent.pro/pictures/d3afc2f59afc8775f5e9a319156ce66d.jpg
date: Thu, 16 Dec 2021 10:14:42 GMT
server: openresty/1.15.8.2
content-length: 98
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8

GET
H2 200 stn
n.ads1-adnow.com/ 119 B
119 B 34ms
34ms Image
image/png 31.172.81.226
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://n.ads1-adnow.com/stn?d=eyJ0aW1lIjoxNjM5NjQ5NjgyLCJhZG5faWQiOjE3LCJhZHRfaWQiOjE0LCJjb2RlX2lkIjo4MjgxOTcsInNpdGVfaWQiOjQ5OTY5MSwic3ViX2lkIjoiIiwiY25yX2NvZGUiOiJJVEEiLCJjaXR5IjoiUm9tZSIsImlzX2NhY2hlZCI6MCwiZHNwIjozMTgsImRzcF9wcmljZSI6My42MzU5OCwiZHNwX3ByaWNlX3VzZCI6MC4wNDkyMzQsInByaWNlIjozLjYzNTk4LCJhZHRfZm9ybWF0IjoibnR2LTF4MSIsImNvZGVfc2hvd190eXBlIjoibm9ybWFsIiwiYmlkaWQiOiJTQ0ItMzE4LXNzcC1mMjY1NDRjNy0xNTY3LTZkMzYtYWJmZS1hYmZlLWJlYjlmY2U2YTgta3g4dDMzb3QtczRuIiwiaW1waWQiOiJTQ0ktMzE4LTgyODE5Ny1reDh0MzNvdC1kYnAiLCJjcGMiOjAsImNwbSI6MCwidGVhc2Vyc0RhdGEiOlt7ImNwYSI6Im9mZmVycnVtIiwiY3BhX2FjY291bnQiOiJhbmRyaXlldHMuYTFAZ21haWwuY29tIiwiaWFiIjoiSUFCNy0xNC0xLTYiLCJ0ZWFtIjoidGVhbSBhIn1dfQ&r=66885
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.172.81.226 Muehlheim am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:54 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, no-store
content-type: image/png
content-length: 119

GET
H/1.1 200
OK notifyme.php Show response
adtrack.adleadevent.com/ 0
539 B 224ms
55ms XHR
application/x-javascript 54.246.103.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.103.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-103-100.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Dec 2021 10:14:42 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Dec 2021 10:14:42 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: https://wp.h2870838.stratoserver.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ 0
214 B 130ms
27ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=34010&puid=78d4d3a0ddb3784d&gdpr=0
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=6EFE0E97-ADE8-4E66-AE93-3E54108F2137&fid=11814066-e013-4ca7-b59e-6d0bb62db665

95 B
881 B

51ms
51ms

Image
image/png

79.125.60.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=6EFE0E97-ADE8-4E66-AE93-3E54108F2137&fid=11814066-e013-4ca7-b59e-6d0bb62db665

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

HTTP/1.1

Server

79.125.60.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-79-125-60-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Thu, 16 Dec 2021 10:14:42 UTC

Redirect headers

location: https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=6EFE0E97-ADE8-4E66-AE93-3E54108F2137&fid=11814066-e013-4ca7-b59e-6d0bb62db665
date: Thu, 16 Dec 2021 10:14:42 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

an_fire
s.cpx.to/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12761%26ref%3D%26hn_ver%3D20%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665
https://s.cpx.to/an_fire?app_nexus_uid=2392174285152533418&pid=12761&ref=&hn_ver=20&fid=11814066-e013-4ca7-b59e-6d0bb62db665

95 B
865 B

51ms
51ms

Image
image/png

79.125.60.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/an_fire?app_nexus_uid=2392174285152533418&pid=12761&ref=&hn_ver=20&fid=11814066-e013-4ca7-b59e-6d0bb62db665

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

HTTP/1.1

Server

79.125.60.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-79-125-60-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Thu, 16 Dec 2021 10:14:42 UTC

Redirect headers

Pragma: no-cache
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-Proxy-Origin: 82.102.26.68; 82.102.26.68; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: c811a816-dd6d-4ef6-956b-c404aab0894a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/an_fire?app_nexus_uid=2392174285152533418&pid=12761&ref=&hn_ver=20&fid=11814066-e013-4ca7-b59e-6d0bb62db665
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

sync
s.cpx.to/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
https://s.cpx.to/sync?dsp_uid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&dsp=TTD

95 B
876 B

90ms
50ms

Image
image/png

79.125.60.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/sync?dsp_uid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&dsp=TTD

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

HTTP/1.1

Server

79.125.60.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-79-125-60-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Thu, 16 Dec 2021 10:14:42 UTC

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:42 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://s.cpx.to/sync?dsp_uid=ab0b56b1-5be1-4cc0-afde-18c7da9d2af4&dsp=TTD
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 179

GET
H/1.1

200
OK

ca.png
s.cpx.to/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=11814066-e013-4ca7-b59e-6d0bb62db665
https://s.cpx.to/ca.png?dsp=dbm&fid=11814066-e013-4ca7-b59e-6d0bb62db665&google_gid=CAESELs3SpwP0fJ183LgGAvmTSA&google_cver=1

95 B
804 B

51ms
50ms

Image
image/png

79.125.60.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?dsp=dbm&fid=11814066-e013-4ca7-b59e-6d0bb62db665&google_gid=CAESELs3SpwP0fJ183LgGAvmTSA&google_cver=1

Requested by

Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank

Protocol

HTTP/1.1

Server

79.125.60.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-79-125-60-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Content-Security-Policy: default-src 'self'
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Thu, 16 Dec 2021 10:14:42 GMT
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 95

Redirect headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.cpx.to/ca.png?dsp=dbm&fid=11814066-e013-4ca7-b59e-6d0bb62db665&google_gid=CAESELs3SpwP0fJ183LgGAvmTSA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

getuid
sync.smartadserver.com/
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D11814066-e013-4ca7-b59e-6d0bb62db665&gdpr=0
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=11814066-e013-4ca7-b59e-6d0bb62db665&gdpr=0&cklb=1

0
436 B

37ms
36ms

Image
text/plain

185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=11814066-e013-4ca7-b59e-6d0bb62db665&gdpr=0&cklb=1
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:42 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=11814066-e013-4ca7-b59e-6d0bb62db665&gdpr=0&cklb=1
pragma: no-cache
date: Thu, 16 Dec 2021 10:14:42 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1 200
OK sync
pool.grid-data.bidswitch.net/ 43 B
220 B 233ms
27ms Image
image/gif 35.156.33.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pool.grid-data.bidswitch.net/sync?pid=42
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.33.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-33-176.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 16 Dec 2021 10:14:43 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 204 track.gif
scnd-tr.com/ 0
88 B 125ms
31ms Image
text/plain 88.208.41.101
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scnd-tr.com/track.gif?a=configurable_perf1&b=1081&c=1273&d=523&e=113&f=&g=ssp-f26544c7-1567-6d36-abfe-abfe-beb9fce6a8&h=828197
Requested by: Host: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/phishing-mit-der-hypovereinsbank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.208.41.101 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://wp.h2870838.stratoserver.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Dec 2021 10:14:43 GMT
x-upstream: 192.168.11.101:8085
server: nginx

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 66ms
32ms Ping
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RPQ09C611G&gtm=2oec10&_p=1376991689&sr=1600x1200&ul=en-us&cid=960886120.1639649682&_s=2&dl=https%3A%2F%2Fwp.h2870838.stratoserver.net%2Fphishing-mit-der-hypovereinsbank&dt=Phishing%20mit%20der%20Hypovereinsbank%20-%20The%20Kasaan%20Times&sid=1639649681&sct=1&seg=1&en=page_view&_et=471
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RPQ09C611G
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wp.h2870838.stratoserver.net/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 16 Dec 2021 10:14:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://wp.h2870838.stratoserver.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.facebook.com/oauth/error/ Frame FB79
Redirect Chain

https://www.facebook.com/v3.0/plugins/page.php?adapt_container_width=true&app_id=1582375255406633&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe0...
https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID

0
0

164ms
163ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js?hash=fe3ef15736bfc1dcf4700c156bdae691

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: YGzBdc/fDwb+KdYjUyVpZkgUek+GLAHi5hiasrE8mXUpwksNWEhRHft2Z8Nqah8pyfsrQ6yA4TuccfED64dh9w==
date: Thu, 16 Dec 2021 10:14:49 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

Redirect headers

location: https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: jd7Za+IyBweQVYQWjTtpCs0LJea/sWDBUpp4ZSWPuHX9fK+agBjqwKZu+dncSL8VYou0iIrGXQh/B3vCMpeMGQ==
content-length: 0
date: Thu, 16 Dec 2021 10:14:49 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i

GET
H3

200

/
www.facebook.com/oauth/error/ Frame FAEA
Redirect Chain

https://www.facebook.com/v3.0/plugins/page.php?adapt_container_width=true&app_id=1582375255406633&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3c...
https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID

0
0

168ms
167ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js?hash=fe3ef15736bfc1dcf4700c156bdae691

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: /yIxZMVW+DTWj6B1ye9f567mlw+QtNuF3rjSAyM9RMqV3sGBKoPgE+8HSIveGtwsyVz7wMJJXWijrAbNYqUS1g==
date: Thu, 16 Dec 2021 10:14:49 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

Redirect headers

location: https://www.facebook.com/oauth/error/?error_code=PLATFORM__INVALID_APP_ID
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 2XI6f89nqZp6XPGSIs9VRaKCA01m5xRfPwO+I397Hit3hdyQORNIXiqqXETR6itkf4JDZT4GCSkQhFRau+V4YQ==
content-length: 0
date: Thu, 16 Dec 2021 10:14:49 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: wp.h2870838.stratoserver.net
URL: https://wp.h2870838.stratoserver.net/?wc-ajax=get_refreshed_fragments

Verdicts & Comments Add Verdict or Comment

368 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.stratoserver.net/	1970-01-20 16:58:41	Name: _ga Value: GA1.1.960886120.1639649682
.wp.h2870838.stratoserver.net/	1970-01-19 23:28:19	Name: SC_unique_828197 Value: 1
.stratoserver.net/	1970-01-20 16:58:41	Name: _ga_RPQ09C611G Value: GS1.1.1639649681.1.1.1639649682.0
.stratoserver.net/	1970-01-21 19:15:29	Name: tk_or Value: %22%22
.stratoserver.net/	1970-01-19 23:31:48	Name: tk_r3d Value: %22%22
.stratoserver.net/	1970-01-20 08:13:05	Name: tk_lr Value: %22%22
.id5-sync.com/	1970-01-19 23:27:29	Name: cf Value:
.id5-sync.com/	1970-01-19 23:27:29	Name: cip Value:
.id5-sync.com/	1970-01-19 23:27:29	Name: cnac Value:
.id5-sync.com/	1970-01-19 23:27:29	Name: car Value:
.id5-sync.com/	1970-01-19 23:27:29	Name: gdpr Value:
.id5-sync.com/	1970-01-19 23:27:29	Name: id5 Value: 26282b8d-f9f3-40f8-9b3a-63c842c2313f#1639649672918#1
.id5-sync.com/	1970-01-19 23:27:29	Name: callback Value:
.zeotap.com/	1970-01-20 08:13:05	Name: zc Value: 3f070747-f8d7-48aa-691f-a624f21ec058
.zeotap.com/	1970-01-19 23:28:56	Name: zsc Value: %CD%27%BB%EE%87%DE%FB%3E%F3U%C1%A2A%60sT%7B%88%9B%00k%A4h%C7%B3%9B%23q%ECI%CE%09%A8%5B-+%A5%A8%B3%5C%0F%27+%EF%2C%EF%84%F5L%29k%F1%CD%3F%F5%EB%C1Sz%DD%D8%2B%DD%16%17%F7%F8%C5t+%BC%13p%E6%F7%95vQ%AA%C0%19%DF%23%94%0D%1A%D5b%0B%DF%AD%E9w%8B%3B%1EF%1A%40c%F4%B6%3C%BF%C3
.adnxs.com/	1970-01-20 01:37:05	Name: uuid2 Value: 2392174285152533418
.agkn.com/	1970-01-20 08:13:05	Name: ab Value: 0001%3A6NjoiMO1jt%2BWG5OizCBVQYRfeijVBUy2
.mathtag.com/	1970-01-20 08:53:24	Name: uuid Value: 817c61bb-1192-4c00-9244-62d3d505d890
.adsrvr.org/	1970-01-20 08:13:05	Name: TDID Value: ab0b56b1-5be1-4cc0-afde-18c7da9d2af4
.demdex.net/	1970-01-20 03:46:41	Name: demdex Value: 71271477891164585641097725698928450839
.doubleclick.net/	1970-01-20 08:49:05	Name: IDE Value: AHWqTUkJUZNRx4O-TwWZPi1jjYJPYLaI8AJeQLNXMhQq-6ZvEtDAI9KscRj0_C_v47o
.cpx.to/	1970-01-20 08:13:05	Name: cpSess Value: 78d4d3a0ddb3784d
.dpm.demdex.net/	1970-01-20 03:46:41	Name: dpm Value: 71271477891164585641097725698928450839
.adsrvr.org/	1970-01-20 08:13:05	Name: TDCPM Value: CAEYASABKAIyCwiogKu786GgOhAFOAFaBzBma2Npb3RgAg..
.cpx.to/	1970-01-20 08:13:05	Name: dsp_dbm Value: CAESELs3SpwP0fJ183LgGAvmTSA#1639649682701
.cpx.to/	1970-01-20 08:13:05	Name: dsp_TTD Value: ab0b56b1-5be1-4cc0-afde-18c7da9d2af4#1639649682752
.cpx.to/	1970-01-20 08:13:05	Name: dsp_app_nexus Value: 2392174285152533418#1639649682828
.pubmatic.com/	1970-01-20 01:37:05	Name: KTPCACOOKIE Value: true
.pubmatic.com/	1970-01-20 01:37:05	Name: KADUSERCOOKIE Value: 6EFE0E97-ADE8-4E66-AE93-3E54108F2137
.smartadserver.com/	1970-01-20 08:57:44	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 08:57:44	Name: pbw Value: %24b%3d16960%3b%24o%3d11100
.cpx.to/	1970-01-20 08:13:05	Name: dsp_pubmatic Value: 6EFE0E97-ADE8-4E66-AE93-3E54108F2137#1639649682936
.smartadserver.com/	1970-01-20 08:57:44	Name: pid Value: 6304489774308148896
.smartadserver.com/	1970-01-20 08:57:44	Name: pdomid Value: 13

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CMukta+Vaani%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CTeko%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CUltra%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CVollkorn%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CGeorgia%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dcyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://i1.wp.com/wp.h2870838.stratoserver.net/wp-content/uploads/2021/10/Screenshot-931.png?w=476&ssl=1 Message: Failed to load resource: the server responded with a status of 404 ()
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
ads.themoneytizer.com
adtrack.adleadevent.com
ajax.googleapis.com
api.rlcdn.com
as-sec.casalemedia.com
audit-tcfv2.quantcast.mgr.consensu.org
c.tmyzer.com
c0.wp.com
cdn.nacontent.pro
cdn.onesignal.com
cdnjs.cloudflare.com
ced-ns.sascdn.com
cm.g.doubleclick.net
connect.facebook.net
d2zur9cc2gf1tx.cloudfront.net
dpm.demdex.net
ena-native-ads9.com
fonts.googleapis.com
fonts.gstatic.com
g.themoneytizer.net
googleads.g.doubleclick.net
gum.criteo.com
i1.wp.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
js-sec.indexww.com
match.adsrvr.org
mwzeom.zeotap.com
n.ads1-adnow.com
obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com
onetag-sys.com
p.cpx.to
pagead2.googlesyndication.com
pixel.mathtag.com
pixel.wp.com
pool.grid-data.bidswitch.net
quantcast.mgr.consensu.org
rules.quantcount.com
s.cpx.to
scnd-tr.com
secure.adnxs.com
secure.gravatar.com
secure.quantserve.com
spl.zeotap.com
st-n.ads1-adnow.com
stats.wp.com
sync.smartadserver.com
tag.leadplace.fr
test.quantcast.mgr.consensu.org
token.rubiconproject.com
wp.h2870838.stratoserver.net
ww1097.smartadserver.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.thekasaantimes.de
wp.h2870838.stratoserver.net
116.202.46.140
142.250.184.194
143.204.101.219
143.204.98.71
145.239.193.145
145.239.193.51
151.139.241.23
18.135.35.213
184.30.20.207
185.64.190.80
185.86.137.110
185.86.137.113
192.0.76.3
192.0.77.2
192.0.77.37
2.18.234.21
2600:1f1c:a99:832c:2615:337c:6c9e:c761
2600:9000:2156:0:3:a4cd:8380:93a1
2600:9000:2156:3200:6:44e3:f8c0:93a1
2600:9000:2156:4600:9:46dc:4700:93a1
2606:4700:10::6816:1957
2606:4700::6810:125e
2606:4700::6812:e134
2a00:1450:4001:801::2002
2a00:1450:4001:808::200a
2a00:1450:4001:827::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2008
2a02:2638::1c
2a02:26f0:7100::1720:ee58
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a03:90c0:9996::9996
2a04:fa87:fffe::c000:4902
3.33.220.150
31.172.81.226
34.120.155.137
35.156.33.176
35.172.63.119
37.252.172.36
37.252.172.37
51.89.9.251
52.210.129.48
54.246.103.100
54.36.109.166
54.38.64.100
54.73.127.110
69.173.144.138
79.125.60.160
81.169.247.54
88.208.41.101
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
016ad8aecbbc1f2263ce2e15889b343adf755d7cf181e56013be90ad8fb13717
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05ba083c6437008a0881a7beb53a742cdb258dc40c5f3220fe02711dd390871a
063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0
070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf
0c97c6ce5fdeb2d91e4bc6263d3714ca800b990c1994cf0b6dac0f23c8fbabfe
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
15999014b0d7560442a6e03103287c8bc341176cc1c4b544bd41c630c94bab44
18dfe28878ba6474655c9b32447a456dde3a3aef6dbda5b5fd8329bd97f7dba5
219e090bf9d7dc675781afdde55227697683a45391a8f8ea47e94127e7d146d8
21b1c346a04696c68f33050088b8bbda850a1d9c015bd70df23d7bb34f6d0e1c
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2ba282364322b97fe4fc375dae004c9aa7277cd3b75d563efeda41df3892d8d3
2c80ea2f28125b3b93ee583601782f801f9d190347f5b8b3ca8510a44409f99f
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
3324ff838b98d917d63e029428af0c4f54ef81f3ea1d75b64faab237c994e55e
34f685ca13feb94354bf991bf12e26c2b89a01bdacf4bc2e7b45280e3be71eb0
372b99e1c8fa79bb71235058d052f7aa8a36e3207eee6a9154655c9e1fb448de
37811d4d55ec74751bcaa643b3a9798f1d577ac2910b63c6ca202c2e36544e05
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612
3cd25e977d206838a85aaa2b3286dbe228e9a819b82bfa5f4faf6076f5d9cd2a
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3
448e8db687c59ecf9d302bf2af837710acf98a0575ae47fc00303f58c4ad46f9
44d2a42747952b49d0c809d22bbc34ac3bcf9e44c8f6e6147a16c005a60f1eb3
46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681
48052f6267b2e21fb086ad26457c715b3b8b5e8c6fcbcdea42589da06b05e9be
487ef2c201c33553c12eb0d7b9360be8e16ee7770aa7b9b42368e4a442df53fc
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
4c46148db5632e8c5e975bfcb73f4236a509b0b5341a6a72e1fc66a487ba3b7e
4c71cab3e2b7defd9022059c922d2c91359df1ba71dd47e8543b108c70537f25
4f236a704251724c10867b164045ac5ba5d64ba59dda24ba6adb6e3b8c39df1f
5223c281c16002a1911864dc98dce01b9ed2b5614c605497033af3dd3c39d324
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54e026f7f2e18074cbce4e26549c4f30daa4168d226d6f4d048a01638a89ca94
550bee253a00a7e6089b3aa136a1f21d904592e93ee0740f08d4d36e4b1dcbe5
5bcda0b3357dac22455cb639678e2954b85bc150f606957dc2290d7183ccc931
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
654aaebdea944313257827be97eb196a8218a2cdfc9ba399db23e2cd4c02bd79
67dfbc60509aaec63d862fc4fe05274920133490fcad222558bae79a7a24b4e5
69cd3575e99cc3ae3b5f8b94ec35620146c342126204aadf1586c5deabac1fad
6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135
6c3af8eea64aed1d71c3b7482e664683f6a2987265dd89a6f3d509f68b7a27c6
6d3139993c50cefa4e435ed10e9b05e89b04f0d2013e5e0059d3d91f2558c33f
71d67862610b80dc5c9a9ceb03f4bf2e2e6305b17e490a32fec5139c40b00ba1
72974cf5c2f0384df6f0b6810376dee8106ab9bb157d8a3c441c6ba418c904da
731ee3bbaa9f2fd92879f9087c9fbbf7438d3a52595c6c8a8020bb2a69b7afd6
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
771176db448d0e5343ef0d95614c157949ab376afec10f1f96669dbe1e3bb983
77a38ebee5730b70e36e9d5ddaa61456b06e905d98c5af6b86d7b7ca214583a4
797ebd98c91ab2f19847262164e8692b6979a330dd400fd4813ccd583f95999e
7e176e51c1dff07522d527754e78745b4fe73db4b875ab85be5ec57e2e35346c
7fcaa4d432eb8627f0ab7efdc3ce11a4e593f29443fc6bb1888f4955c55f868b
7fea6ebedd553109acb7de5a4639b7c1cf8abc66377abe252aae9605c10295d2
806b1de1026a9d0d3dc7ea9c9b67ffef8c3139557861957e18088554472492e0
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8
88522cca257c7b55886862e9549236b005c2fcbb1246bcd986621476739c2127
88d8c2e79f26b4df190f4b97c83f853872e827667261f23ef6e0a56fa46af2a9
8ae73faac3b109f52e0d1e2b8b615eef75b4afbfd42814b15f946c4c64695e71
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8f24dc76070927cc3d13b4f52f8ecb898fce1875c32563e7a3fae2450ef6babc
8fceb9666c98db92674eadc3bf22b5811f633e794c6400d43d9e1075e9d7618d
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
92145282065994b4adc9121fc2d863c0a6c1be7e113d161bd5c4c181cf52fb69
923c6681b75a6ba02b2c3b1ea1c4c6debf40567b15c4a91bfbbdd505272ded27
92c811b4ac9b3f23ec0c8eadae3be374682a860d290aac9cde2a8a8911b7412c
9327647771c09df82095dba3591c77cca41a9cedca948ae01e7fb70c690dcbd5
951e8a2a9227f5317c0b425aa907c56447549be17b2ef9d27884b45d5cb27c53
9c15d9cf25bf4285d5be1a9ec296cbf6ae5b729f719fc95eb5f14461cbc0fa62
9c34d15226af3a3a8f407efb5bf5bf9a26d5e82b3568c8e48a9e2c354e12d490
9c6975c674a7c3077bd95750428313e78b92d370b90ca5a303b627c71d2afcf3
9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b
9e000e7805a03b275608d64f0ee40fc1140ea80bcb3daa6bc9a5406dd107f9d0
9e523aba4ee40ec4c2738eb8907fdf92c9b012e949ee20187358f0778dd59934
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8
a2818739279b01afc774ef894bee940d5f9a7760835246f35abd989c90e85bb7
a6162fc6d57eea1323cf7a8dc8400049d9b41b75fc2faf94016705a5fc984cc3
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501
a8e16d1c8ce4ad8c69d3e86b0f606e2d9aea999e6b668ea8ce28c58224683728
abc9ef14d09ac2e65192102f688002cca3a04d4cfdb7704ce1aa5c0bdeda5e1f
ac163d8abd96b7eb7e1ff7c67a958ee29fff1f554aa355de03c1277a96a21cf1
b03e71853e3c171cbaac3bbe5e88cd4ff7529bc9deae4a4f6ba5996d56308ea0
b390a3efe231d9f38b3a706a5765a2a2f0817e761f60a27556171e9a276980e3
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
b49498d1142de7f2e16afc2cd4250d2ba30c5df4de5d291f51d7cf69727efdbe
b789a3316d55feb569762a2b198d22e8767e1310756e2c0a0ee4067efcad1e2b
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b79ff00b8e60e093b5cf12a4b8fb737917e0e72650a95d1f8ab08cd8c7c28ec8
b97a839270c9613d8ff475025808c9628758b6222b3ac57648c0b65f007c7418
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bfde78c2b85b3aa24855430850dc30e2d508559bf3091843f01c5cf263ce17e5
c06c4a0567891cfc53d46e89ee1ce9b55c42fa8c99f12e5da3ce4c504e047a86
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c846a0262d82ade117a598538a1e27fa05b9fff6bd028516417f32f6d1613230
ca6507f8b18edebcff32e0e69a3012b3e20ca7bb5f0ed4d5ff73b147654c7c86
cbea8eb0223d6c1987a5016a74d5499a8dc565a78246ed5bcdb28d57b741ed5e
d3856ebc7dd3278c4ccd0acb4412a04956db54dde20353eac16332a6594fdfea
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
dad910530be091930b5ebb51b41c831f74c22515e56bbeb67d2acaa9aea088ba
dcbe862273a5d7cb61ffaa1eda7e0a1ecb466ca5e08a592fae3e6d1824960293
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df07904cef6b39bb3662ce3980354f76a18829f78828aed882532bfcac2b93d4
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b7b88eef9c0276086fdaefa0b46f3720fc54fd068b88dee11e0f42132eaff5
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f18ff75936d3c8bf008c90160d14e3a2f57bdae9662f4723a6b7d2b175442ab0
f3a3e86a43463f00e894146c4605b180d316f56f84a6bdb3ac5e82cbeede89db
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f73f452b5961dbe04bffdc40586dc8c689e172c2dcbfa90353d92acb7a08c444
f748268d79676e63d786b6d070d1bdded923a22e0562134ee680dfe8141e8f13
fd32e4c1fcd3015f3ef8aeaebf0ca0b803ece717d1d5547184ce131a4bb152c2

wp.h2870838.stratoserver.net Open in urlscan Pro 81.169.247.54 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

157 Requests

84 %HTTPS

37 %IPv6

46 Domains

58 Subdomains

43 IPs

6 Countries

2174 kBTransfer

7236 kBSize

34 Cookies

33 Outgoing links

Redirected requests

157 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

wp.h2870838.stratoserver.net Open in urlscan Pro
81.169.247.54 Public Scan

Screenshot
Live screenshot

Full Image

157
Requests

84 %
HTTPS

37 %
IPv6

46
Domains

58
Subdomains

43
IPs

6
Countries

2174 kB
Transfer

7236 kB
Size

34
Cookies

157 HTTP transactions
-1 data transactions