schnellstart4.de Open in urlscan Pro
185.155.184.150 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://schnellstart4.de/?ho.-mobile-free-recharging
Submission: On January 01 via api (January 1st 2024, 8:13:19 pm UTC) from US — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 185.155.184.150, located in Switzerland and belongs to AS5398, CH. The main domain is schnellstart4.de.

This is the only time schnellstart4.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
9	185.155.184.150 185.155.184.150	5398 (AS5398) (AS5398)
1 2	64.210.151.32 64.210.151.32	29789 (REFLECTED) (REFLECTED)
4	2607:f8b0:400... 2607:f8b0:4004:c09::5e	15169 (GOOGLE) (GOOGLE)
14	3

9 185.155.184.150 (Switzerland)

ASN5398 (AS5398, CH)

schnellstart4.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.210.151.32 (United States) 1 redirects

ASN29789 (REFLECTED, US)

promos.fling.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c09::5e (Ashburn, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	schnellstart4.de schnellstart4.de	254 KB
4	gstatic.com fonts.gstatic.com	83 KB
2	fling.com 1 redirects promos.fling.com — Cisco Umbrella Rank: 273291	353 B
14	3

	Domain	Requested by
9	schnellstart4.de	schnellstart4.de
4	fonts.gstatic.com	schnellstart4.de
2	promos.fling.com	1 redirects schnellstart4.de
14	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://schnellstart4.de/?ho.-mobile-free-recharging
Frame ID: 9918BEE5739E819A288A134C52AA67FF
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get Laid Tonight

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

337 kB
Transfer

327 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://promos.fling.com/geo/txt/location.php?testip= HTTP 302
https://promos.fling.com/geo/txt/location.php?testip=

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
schnellstart4.de/ 9 KB
9 KB 646ms
298ms Document
text/html 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to

Full URL: http://schnellstart4.de/?ho.-mobile-free-recharging
Protocol: HTTP/1.1
Server: 185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),
Reverse DNS
Software: nginx /
Resource Hash: 5d1c759ced7cdf2a023a560652266576dcd5aee6e35008c0de2a8a7a65ca3b88

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: keep-alive
Content-Length: 9116
Content-Type: text/html
Date: Mon, 01 Jan 2024 20:13:14 GMT
Server: nginx
cache-control: private

GET
H/1.1 200
OK fonts.css
schnellstart4.de/media/dating/timer/css/ 1 KB
2 KB 162ms
160ms Stylesheet
text/css 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to

Full URL

http://schnellstart4.de/media/dating/timer/css/fonts.css

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

9306a182adf8e430b0b667162ae85ede56721fbdcc09b6d373c089c012699564

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Amz-Request-Id: 17A6524BC072D4B8
Connection: keep-alive
Content-Length: 1523
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Xss-Protection: 1; mode=block
Last-Modified: Wed, 20 Sep 2023 15:22:53 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:53.770585469Z
ETag: "6daf8e83f941be30fbf4acf7d9d01627"
Vary: Origin, Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1693134505#556012906/gid:0/gname:root/mode:33279/mtime:1655387453#770585469/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:14 GMT

GET
H/1.1 200
OK black.css
schnellstart4.de/media/dating/timer/css/ 9 KB
9 KB 144ms
143ms Stylesheet
text/css 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to

Full URL

http://schnellstart4.de/media/dating/timer/css/black.css

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

bf6a6bcd1a849bb95da78f5126325d51560d0a1041118bccccb472de6e04a5a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Amz-Request-Id: 17A6524BBF6E8B64
Connection: keep-alive
Content-Length: 8790
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 21 Nov 2023 12:30:00 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:53.770585469Z
ETag: "bcced990d6c0950fd70031dc06573821"
Vary: Origin, Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1695223373#263678432/gid:0/gname:root/mode:33279/mtime:1655387453#770585469/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:14 GMT

GET
H/1.1 200
OK jquery.js Show response
schnellstart4.de/media/dating/timer/js/ 91 KB
92 KB 344ms
199ms Script
application/javascript 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to

Full URL

http://schnellstart4.de/media/dating/timer/js/jquery.js

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:14 GMT
Content-Security-Policy: block-all-mixed-content
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Amz-Request-Id: 17A6524BCA458360
Connection: keep-alive
Content-Length: 93100
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 20 Feb 2023 09:32:21 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:53.766585459Z
ETag: "e0e0559014b222245deb26b6ae8bd940"
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1676843393#363753325/gid:0/gname:root/mode:33279/mtime:1655387453#766585459/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:14 GMT

GET
H/1.1 200
OK en.js Show response
schnellstart4.de/media/dating/timer/js/ 3 KB
3 KB 288ms
142ms Script
text/javascript 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to

Full URL

http://schnellstart4.de/media/dating/timer/js/en.js

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

372a69fee04e30bd0bec56898de8354559c63f46337f52f0fb86b91606ba23fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Amz-Request-Id: 17A6524BC812C76E
Connection: keep-alive
Content-Length: 2671
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Xss-Protection: 1; mode=block
Last-Modified: Tue, 21 Nov 2023 12:30:00 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:53.766585459Z
ETag: "bd3d2c4ed0fb7b2824e8d694f2b54891"
Vary: Origin, Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1695223373#363678655/gid:0/gname:root/mode:33279/mtime:1655387453#766585459/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:14 GMT

GET
H/1.1 200
OK utils.js Show response
schnellstart4.de/util/ 7 KB
8 KB 295ms
149ms Script
application/javascript 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to

Full URL

http://schnellstart4.de/util/utils.js

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Amz-Request-Id: 17A6524BC8938954
Connection: keep-alive
Content-Length: 7512
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Xss-Protection: 1; mode=block
Last-Modified: Wed, 20 Sep 2023 15:26:19 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-07-29T09:04:49.684136Z
ETag: "01816d15ca03032751161a746e2fb7c3"
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1693134513#320037197/gid:0/gname:root/mode:33188/mtime:1659085489#684136000/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:14 GMT

GET
H/1.1 200
OK intro_black.gif
schnellstart4.de/media/dating/timer/images/ 116 KB
117 KB 371ms
224ms Image
image/gif 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://schnellstart4.de/media/dating/timer/images/intro_black.gif

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

ad93ebf236149854e02b2dcb7ca0095033c5fb6b9fa3540da68cfb8ec8ec38d6

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:14 GMT
Content-Security-Policy: block-all-mixed-content
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Amz-Request-Id: 17A6524BCB7CEDD4
Connection: keep-alive
Content-Length: 119168
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 20 Feb 2023 09:32:21 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:53.770585469Z
ETag: "d7405c094cdfd65e8201308ca7363f48"
Vary: Origin, Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1676843393#363753325/gid:0/gname:root/mode:33279/mtime:1655387453#770585469/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:14 GMT

GET
H/1.1

200
OK

location.php Show response
promos.fling.com/geo/txt/
Redirect Chain

http://promos.fling.com/geo/txt/location.php?testip=
https://promos.fling.com/geo/txt/location.php?testip=

30 B
222 B

357ms
78ms

Script
text/html

64.210.151.32
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://promos.fling.com/geo/txt/location.php?testip=
Requested by: Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging
Protocol: HTTP/1.1
Server: 64.210.151.32 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: nginx /
Resource Hash: 3acda7baa1a0cb85bc468c764eccee1c78d4747a2335b0e981c3d403c0963ef7

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 20:13:14 GMT
server: nginx
transfer-encoding: chunked
content-type: text/html; charset=UTF-8

Redirect headers

location: https://promos.fling.com/geo/txt/location.php?testip=
cache-control: no-cache
content-length: 0

GET
H/1.1 200
OK loading0.gif
schnellstart4.de/media/dating/timer/images/ 6 KB
6 KB 155ms
154ms Image
image/gif 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://schnellstart4.de/media/dating/timer/images/loading0.gif

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

dfa0ad12a293332f47c0c0b7c4d7681d3670915a2f75f086aaf61b9a2835b24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Amz-Request-Id: 17A6524BEE3324F1
Connection: keep-alive
Content-Length: 5837
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Xss-Protection: 1; mode=block
Last-Modified: Wed, 20 Sep 2023 15:22:53 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:53.770585469Z
ETag: "e7476fddd806e1ad72356ec86ae2a35a"
Vary: Origin, Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1693134505#556012906/gid:0/gname:root/mode:33279/mtime:1655387453#770585469/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:15 GMT

GET
H/1.1 200
OK k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM.woff
fonts.gstatic.com/s/opensans/v10/ 20 KB
21 KB 125ms
61ms Font
font/woff 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v10/k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM.woff

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/media/dating/timer/css/fonts.css

Protocol

HTTP/1.1

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2944acfdff85dc6308cf8a2766b6efce9ec63fc8356fd5118a98001b936e50dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://schnellstart4.de/
Origin: http://schnellstart4.de
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 18:25:52 GMT
X-Content-Type-Options: nosniff
Age: 6443
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 20964
X-XSS-Protection: 0
Last-Modified: Thu, 21 Aug 2014 18:08:16 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Tue, 31 Dec 2024 18:25:52 GMT

GET
H/1.1 200
OK cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff
fonts.gstatic.com/s/opensans/v10/ 20 KB
20 KB 129ms
66ms Font
font/woff 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw.woff

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/media/dating/timer/css/fonts.css

Protocol

HTTP/1.1

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

615494a93f61434c21c6a35e51b508950d66d7784b2f4deb10b7a904b4cca17c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://schnellstart4.de/
Origin: http://schnellstart4.de
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:15 GMT
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 20216
X-XSS-Protection: 0
Last-Modified: Thu, 21 Aug 2014 18:06:58 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Tue, 31 Dec 2024 20:13:15 GMT

GET
H/1.1 200
OK MTP_ySUJH_bn48VBG8sNSnhCUOGz7vYGh680lGh-uXM.woff
fonts.gstatic.com/s/opensans/v10/ 20 KB
21 KB 152ms
90ms Font
font/woff 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v10/MTP_ySUJH_bn48VBG8sNSnhCUOGz7vYGh680lGh-uXM.woff

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/media/dating/timer/css/fonts.css

Protocol

HTTP/1.1

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7dba3aa0f98ede7a500a1890b229671735b8ddc2f29552254dd7dd12673d931

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://schnellstart4.de/
Origin: http://schnellstart4.de
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:15 GMT
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 20792
X-XSS-Protection: 0
Last-Modified: Thu, 21 Aug 2014 18:07:47 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Tue, 31 Dec 2024 20:13:15 GMT

GET
H/1.1 200
OK loading0.gif
schnellstart4.de/media/dating/timer/images/ 6 KB
6 KB 159ms
159ms Image
image/gif 185.155.184.150
AS5398

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://schnellstart4.de/media/dating/timer/images/loading0.gif

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/?ho.-mobile-free-recharging

Protocol

HTTP/1.1

Server

185.155.184.150 , Switzerland, ASN5398 (AS5398, CH),

Reverse DNS

Software

nginx /

Resource Hash

dfa0ad12a293332f47c0c0b7c4d7681d3670915a2f75f086aaf61b9a2835b24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: http://schnellstart4.de/?ho.-mobile-free-recharging
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Amz-Request-Id: 17A6524BEE3324F1
Connection: keep-alive
Content-Length: 5837
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Xss-Protection: 1; mode=block
Last-Modified: Wed, 20 Sep 2023 15:22:53 GMT
Server: nginx
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:53.770585469Z
ETag: "e7476fddd806e1ad72356ec86ae2a35a"
Vary: Origin, Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-amz-meta-mc-attrs: atime:1693134505#556012906/gid:0/gname:root/mode:33279/mtime:1655387453#770585469/uid:0/uname:root
Expires: Tue, 31 Dec 2024 20:13:15 GMT

GET
H/1.1 200
OK xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk.woff
fonts.gstatic.com/s/opensans/v10/ 19 KB
20 KB 114ms
61ms Font
font/woff 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v10/xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk.woff

Requested by

Host: schnellstart4.de
URL: http://schnellstart4.de/media/dating/timer/css/fonts.css

Protocol

HTTP/1.1

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7cb51e5f7e50af96e52535af4780bd909377448151f833dc366a1883dcf8b78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://schnellstart4.de/
Origin: http://schnellstart4.de
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 20:13:15 GMT
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 19600
X-XSS-Protection: 0
Last-Modified: Thu, 21 Aug 2014 18:06:24 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Tue, 31 Dec 2024 20:13:15 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			schnellstart4.de/	1969-12-31 23:59:59	Name: sid Value: t8~1et4lhuloakl1wxy4neu5cne

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
promos.fling.com
schnellstart4.de
185.155.184.150
2607:f8b0:4004:c09::5e
64.210.151.32
2944acfdff85dc6308cf8a2766b6efce9ec63fc8356fd5118a98001b936e50dc
372a69fee04e30bd0bec56898de8354559c63f46337f52f0fb86b91606ba23fa
3acda7baa1a0cb85bc468c764eccee1c78d4747a2335b0e981c3d403c0963ef7
5d1c759ced7cdf2a023a560652266576dcd5aee6e35008c0de2a8a7a65ca3b88
615494a93f61434c21c6a35e51b508950d66d7784b2f4deb10b7a904b4cca17c
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea
9306a182adf8e430b0b667162ae85ede56721fbdcc09b6d373c089c012699564
ad93ebf236149854e02b2dcb7ca0095033c5fb6b9fa3540da68cfb8ec8ec38d6
b7cb51e5f7e50af96e52535af4780bd909377448151f833dc366a1883dcf8b78
bf6a6bcd1a849bb95da78f5126325d51560d0a1041118bccccb472de6e04a5a2
dfa0ad12a293332f47c0c0b7c4d7681d3670915a2f75f086aaf61b9a2835b24a
e7dba3aa0f98ede7a500a1890b229671735b8ddc2f29552254dd7dd12673d931

schnellstart4.de Open in urlscan Pro 185.155.184.150 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

337 kBTransfer

327 kBSize

1 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

1 Cookies

Indicators

schnellstart4.de Open in urlscan Pro
185.155.184.150 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

337 kB
Transfer

327 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!