specialthankselsa.com Open in urlscan Pro
134.209.199.15 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://merkel-metallbau.de/
Effective URL:
https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4
Submission: On March 11 via manual (March 11th 2020, 1:44:50 pm UTC) from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 18 HTTP transactions. The main IP is 134.209.199.15, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is specialthankselsa.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 4th 2020. Valid for: 3 months.

This is the only time specialthankselsa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	213.239.241.212 213.239.241.212	24940 (HETZNER-AS) (HETZNER-AS)
1 1	45.9.148.79 45.9.148.79	49447 (NICEIT) (NICEIT)
2	43.225.52.117 43.225.52.117	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
1	134.209.199.15 134.209.199.15	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
18	6

11 213.239.241.212 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: server19.server-centrum.de

merkel-metallbau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.merkel-metallbau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.9.148.79 (Switzerland) 1 redirects

ASN49447 (NICEIT, NL)

tom.verybeatifulantony.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 43.225.52.117 (United Arab Emirates)

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: mail.globalpacificregistry.com

fast.destinyfernandi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.199.15 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

specialthankselsa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	merkel-metallbau.de 1 redirects merkel-metallbau.de www.merkel-metallbau.de	76 KB
2	gstatic.com fonts.gstatic.com	31 KB
2	destinyfernandi.com fast.destinyfernandi.com	731 B
1	specialthankselsa.com specialthankselsa.com Failed	20 KB
1	googleapis.com fonts.googleapis.com	852 B
1	verybeatifulantony.com 1 redirects tom.verybeatifulantony.com room.verybeatifulantony.com Failed	207 B
18	6

	Domain	Requested by
10	www.merkel-metallbau.de	www.merkel-metallbau.de
2	fonts.gstatic.com	specialthankselsa.com
2	fast.destinyfernandi.com	www.merkel-metallbau.de fast.destinyfernandi.com
1	specialthankselsa.com	fast.destinyfernandi.com
1	fonts.googleapis.com	www.merkel-metallbau.de
1	tom.verybeatifulantony.com	1 redirects
1	merkel-metallbau.de	1 redirects
0	room.verybeatifulantony.com Failed	www.merkel-metallbau.de
18	8

This site contains no links.

Subject Issuer	Validity	Valid
merkel-metallbau.de Let's Encrypt Authority X3	`2020-02-17` - `2020-05-17`	3 months	crt.sh
fast.destinyfernandi.com Let's Encrypt Authority X3	`2020-02-08` - `2020-05-08`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
10.specialthankselsa.com Let's Encrypt Authority X3	`2020-03-04` - `2020-06-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4
Frame ID: 9D60D59DC61A41B26111F6F5278EDF38
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://merkel-metallbau.de/ HTTP 301
https://www.merkel-metallbau.de/ Page URL
https://fast.destinyfernandi.com/demos.php Page URL
https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4 Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

89 %
HTTPS

33 %
IPv6

6
Domains

8
Subdomains

6
IPs

4
Countries

129 kB
Transfer

272 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://merkel-metallbau.de/ HTTP 301
https://www.merkel-metallbau.de/ Page URL
https://fast.destinyfernandi.com/demos.php Page URL
https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://merkel-metallbau.de/ HTTP 301
https://www.merkel-metallbau.de/

Request Chain 1

https://tom.verybeatifulantony.com/y.js HTTP 302
https://fast.destinyfernandi.com/7/y.js

18 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
www.merkel-metallbau.de/
Redirect Chain

http://merkel-metallbau.de/
https://www.merkel-metallbau.de/

12 KB
4 KB

60ms
31ms

Document
text/html

213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: 407e3d498edf500da616e8a5d3e821aced00398aec95b5565b2630951252e9fa

Request headers

Host: www.merkel-metallbau.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Server: Apache
Link: <https://www.merkel-metallbau.de/index.php?rest_route=/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3799
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Server: Apache
Location: https://www.merkel-metallbau.de/
Content-Length: 240
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

y.js Show response
fast.destinyfernandi.com/7/
Redirect Chain

https://tom.verybeatifulantony.com/y.js
https://fast.destinyfernandi.com/7/y.js

72 B
307 B

447ms
147ms

Script
application/javascript

43.225.52.117
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.destinyfernandi.com/7/y.js
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.225.52.117 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: mail.globalpacificregistry.com
Software: nginx / PHP/5.6.40
Resource Hash: da79b1c37626d883799db48186ccf536f1340f35ab089293ea03958cea4cbebe

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Server: nginx
X-Powered-By: PHP/5.6.40
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Keep-Alive: timeout=60
Content-Length: 72

Redirect headers

Location: https://fast.destinyfernandi.com/7/y.js
Date: Wed, 11 Mar 2020 13:44:29 GMT
Server: nginx
Connection: keep-alive
Content-Length: 154
Content-Type: text/html

GET t.js
room.verybeatifulantony.com/ 0
0

GET
H/1.1 200
OK style.min.css
www.merkel-metallbau.de/wp-includes/css/dist/block-library/ 25 KB
4 KB 12ms
10ms Stylesheet
text/css 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-includes/css/dist/block-library/style.min.css?ver=5.0.2
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: 57a96eb1ccacae26e452d6e147fb29ca8ca20ce183970a3a4fb5febf8662fcc7

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 Dec 2018 11:46:10 GMT
Server: Apache
ETag: "63e3-57dff7e30cf5e-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4281

GET
H/1.1 200
OK style.css
www.merkel-metallbau.de/wp-content/themes/radiate/ 35 KB
8 KB 22ms
10ms Stylesheet
text/css 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-content/themes/radiate/style.css?ver=5.0.2
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: 7c5da93099d5f67c235338fd51449d05bcdd26c1688531af57c5b86f85846cec

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Jul 2019 11:17:32 GMT
Server: Apache
ETag: "8dc5-58db6680bb4f4-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 8123

GET
H2 200 css
fonts.googleapis.com/ 6 KB
852 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%7CMerriweather%3A400%2C300&ver=5.0.2

Requested by

Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c917a01f4e0e5b826f263a3dbaa34d223c4e3e2ea07da018db04741bf732326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 11 Mar 2020 13:44:33 GMT
server: ESF
date: Wed, 11 Mar 2020 13:44:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Mar 2020 13:44:33 GMT

GET
H/1.1 200
OK genericons.css
www.merkel-metallbau.de/wp-content/themes/radiate/genericons/ 28 KB
16 KB 35ms
16ms Stylesheet
text/css 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-content/themes/radiate/genericons/genericons.css?ver=3.3.1
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: a767d7e7af88326afb37242f2828280a2c930945cb94b636b1f05a0afb634621

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 Jul 2019 11:17:32 GMT
Server: Apache
ETag: "6f71-58db6680bf374-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 16468

GET
H/1.1 200
OK jquery.js Show response
www.merkel-metallbau.de/wp-includes/js/jquery/ 95 KB
34 KB 36ms
16ms Script
application/javascript 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: 0730bfe7bf7b3f10e57a9351648738d65fba8e86abd5ef49491afa840dc17f5e

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Feb 2020 20:21:41 GMT
Server: Apache
ETag: "17d74-59ecb4da7ac58-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 34000

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.merkel-metallbau.de/wp-includes/js/jquery/ 10 KB
4 KB 35ms
15ms Script
application/javascript 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: d389d85b3b6f42ef0a3db9923a661ee3d73e9a5b0e7cde57b986462802b63574

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Feb 2020 20:21:41 GMT
Server: Apache
ETag: "291c-59ecb4da79cb8-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4255

GET
H/1.1 200
OK navigation.js Show response
www.merkel-metallbau.de/wp-content/themes/radiate/js/ 3 KB
2 KB 34ms
14ms Script
application/javascript 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-content/themes/radiate/js/navigation.js?ver=20120206
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: 8656a3878397c1889bebb72ef33b149946f660e6fbd3579eb49c168c7198e8d0

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Feb 2020 20:21:41 GMT
Server: Apache
ETag: "ddf-59ecb4da12471-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1249

GET
H/1.1 200
OK skip-link-focus-fix.js Show response
www.merkel-metallbau.de/wp-content/themes/radiate/js/ 1 KB
972 B 34ms
14ms Script
application/javascript 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-content/themes/radiate/js/skip-link-focus-fix.js?ver=20130115
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: 3bd4ff6c9f2b998d8188ec4aba0201cae7ed90c1b21ee7d9f3d2c9b683baf484

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Feb 2020 20:21:41 GMT
Server: Apache
ETag: "4cd-59ecb4da12471-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 638

GET
H/1.1 200
OK custom.js Show response
www.merkel-metallbau.de/wp-content/themes/radiate/js/ 2 KB
1 KB 35ms
12ms Script
application/javascript 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-content/themes/radiate/js/custom.js?ver=5.0.2
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: fc4ebe1b4e39705b3982b0accaee1448a82f746cfcfe6ad4c6f754466c2840d9

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Feb 2020 20:21:41 GMT
Server: Apache
ETag: "73d-59ecb4da12471-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 808

GET
H/1.1 200
OK wp-embed.min.js Show response
www.merkel-metallbau.de/wp-includes/js/ 2 KB
1 KB 47ms
9ms Script
application/javascript 213.239.241.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.merkel-metallbau.de/wp-includes/js/wp-embed.min.js?ver=5.0.2
Requested by: Host: www.merkel-metallbau.de
URL: https://www.merkel-metallbau.de/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.239.241.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: server19.server-centrum.de
Software: Apache /
Resource Hash: dcf0c896a0ea5cd50bd13d3f4ad6829a3ddece959a67a2c1f4fa48d9fdfdde2c

Request headers

Referer: https://www.merkel-metallbau.de/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 17 Feb 2020 20:21:42 GMT
Server: Apache
ETag: "74f-59ecb4da9bf9a-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 990

GET
H/1.1 200
OK demos.php Show response
fast.destinyfernandi.com/ 218 B
424 B 147ms
146ms Document
text/html 43.225.52.117
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.destinyfernandi.com/demos.php
Requested by: Host: fast.destinyfernandi.com
URL: https://fast.destinyfernandi.com/7/y.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 43.225.52.117 , United Arab Emirates, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: mail.globalpacificregistry.com
Software: nginx / PHP/5.6.40
Resource Hash: 8f21ec7b6a17488a69d530e2a02eb52e1866e43f4aeffd8dab38cf6996402351

Request headers

Host: fast.destinyfernandi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.merkel-metallbau.de/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Referer: https://www.merkel-metallbau.de/

Response headers

Server: nginx
Date: Wed, 11 Mar 2020 13:44:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 218
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.6.40

GET /
specialthankselsa.com/ 0
0

GET
H2 200 Primary Request / Show response
specialthankselsa.com/ 20 KB
20 KB 51ms
20ms Document
text/html 134.209.199.15
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4

Requested by

Host: fast.destinyfernandi.com
URL: https://fast.destinyfernandi.com/demos.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

134.209.199.15 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

fc248756d5ffbe2e2a236c968c4c0fade229bf3397406b503ffe498d36ef3434

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: specialthankselsa.com
:scheme: https
:path: /?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://fast.destinyfernandi.com/demos.php
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Referer: https://fast.destinyfernandi.com/demos.php

Response headers

status: 200
server: nginx
date: Wed, 11 Mar 2020 13:44:34 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6c38ba35-1efb-46d8-9bd8-e93e5e4ef550; expires=Fri, 10-Apr-2020 13:44:34 GMT; Max-Age=2592000; path=/; domain=specialthankselsa.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests

GET
DATA 200
OK truncated
/ 748 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: specialthankselsa.com
URL: https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4
Origin: https://specialthankselsa.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 25 Feb 2020 02:07:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:43 GMT
server: sffe
age: 1337831
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 15440
x-xss-protection: 0
expires: Wed, 24 Feb 2021 02:07:23 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: specialthankselsa.com
URL: https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4
Origin: https://specialthankselsa.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 27 Feb 2020 10:46:55 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 1133859
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 15552
x-xss-protection: 0
expires: Fri, 26 Feb 2021 10:46:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: room.verybeatifulantony.com
URL: https://room.verybeatifulantony.com/t.js

Domain: specialthankselsa.com
URL: https://specialthankselsa.com/?p=mvstqmjwmy5gi3bpgeztmoa&sub2=demons4

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.specialthankselsa.com/	1970-01-19 08:42:06	Name: uuid Value: 6c38ba35-1efb-46d8-9bd8-e93e5e4ef550

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fast.destinyfernandi.com
fonts.googleapis.com
fonts.gstatic.com
merkel-metallbau.de
room.verybeatifulantony.com
specialthankselsa.com
tom.verybeatifulantony.com
www.merkel-metallbau.de
room.verybeatifulantony.com
specialthankselsa.com
134.209.199.15
213.239.241.212
2a00:1450:4001:820::2003
2a00:1450:4001:821::200a
43.225.52.117
45.9.148.79
0730bfe7bf7b3f10e57a9351648738d65fba8e86abd5ef49491afa840dc17f5e
3bd4ff6c9f2b998d8188ec4aba0201cae7ed90c1b21ee7d9f3d2c9b683baf484
407e3d498edf500da616e8a5d3e821aced00398aec95b5565b2630951252e9fa
4c917a01f4e0e5b826f263a3dbaa34d223c4e3e2ea07da018db04741bf732326
57a96eb1ccacae26e452d6e147fb29ca8ca20ce183970a3a4fb5febf8662fcc7
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
7c5da93099d5f67c235338fd51449d05bcdd26c1688531af57c5b86f85846cec
8656a3878397c1889bebb72ef33b149946f660e6fbd3579eb49c168c7198e8d0
8f21ec7b6a17488a69d530e2a02eb52e1866e43f4aeffd8dab38cf6996402351
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23
a767d7e7af88326afb37242f2828280a2c930945cb94b636b1f05a0afb634621
d389d85b3b6f42ef0a3db9923a661ee3d73e9a5b0e7cde57b986462802b63574
da79b1c37626d883799db48186ccf536f1340f35ab089293ea03958cea4cbebe
dcf0c896a0ea5cd50bd13d3f4ad6829a3ddece959a67a2c1f4fa48d9fdfdde2c
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf
fc248756d5ffbe2e2a236c968c4c0fade229bf3397406b503ffe498d36ef3434
fc4ebe1b4e39705b3982b0accaee1448a82f746cfcfe6ad4c6f754466c2840d9

specialthankselsa.com Open in urlscan Pro 134.209.199.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

89 %HTTPS

33 %IPv6

6 Domains

8 Subdomains

6 IPs

4 Countries

129 kBTransfer

272 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

1 Cookies

Indicators

specialthankselsa.com Open in urlscan Pro
134.209.199.15 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

33 %
IPv6

6
Domains

8
Subdomains

6
IPs

4
Countries

129 kB
Transfer

272 kB
Size

1
Cookies

18 HTTP transactions
1 data transactions