noticias-casera.net Open in urlscan Pro
104.37.35.104 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://noticias-casera.net/noticias-casera/app/?key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5w...
Effective URL:
http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaior...
Submission: On July 27 via automatic, source phishtank (July 27th 2017, 9:28:25 pm UTC)

Summary HTTP 11 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 104.37.35.104, located in New York, United States and belongs to ONECOM, DK. The main domain is noticias-casera.net.

This is the only time noticias-casera.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
3	104.37.35.104 104.37.35.104	51468 (ONECOM) (ONECOM)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
3	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY - Fastly)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	208.43.241.178 208.43.241.178	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
1	69.4.231.31 69.4.231.31	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
11	7

3 104.37.35.104 (New York, United States)

ASN51468 (ONECOM, DK)
PTR: webcluster16.webpod1-wdc1.one.com

noticias-casera.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.112.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.43.241.178 (Chantilly, United States)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: b2.f1.2bd0.ip4.static.sl-reverse.com

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.4.231.31 (Providence, United States)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: no-rdns.ord02.hostingservicesinc.net

e.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	imgur.com i.imgur.com	5 KB
3	noticias-casera.net noticias-casera.net	10 KB
2	histats.com s10.histats.com s4.histats.com	4 KB
1	dtscout.com e.dtscout.com t.dtscout.com Failed	4 KB
1	googleapis.com ajax.googleapis.com	33 KB
11	5

	Domain	Requested by
3	i.imgur.com	noticias-casera.net
3	noticias-casera.net	noticias-casera.net
1	e.dtscout.com	s4.histats.com
1	s4.histats.com	s10.histats.com
1	s10.histats.com	noticias-casera.net
1	ajax.googleapis.com	noticias-casera.net
0	t.dtscout.com Failed	e.dtscout.com
11	7

This site contains links to these domains. Also see Links.

Domain
www.histats.com

Subject Issuer	Validity	Valid
*.googleapis.com Google Internet Authority G2	`2017-07-19` - `2017-10-11`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Frame ID: 30221.1
Requests: 10 HTTP requests in this frame

Frame: http://t.dtscout.com/idg/
Frame ID: 30221.2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

11
Requests

9 %
HTTPS

17 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

56 kB
Transfer

130 kB
Size

16
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.histats.com/
Title: try {Histats.start(1,3205176,4,0,0,0,""); Histats.track_hits();} catch(err){};

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 6

http://i.imgur.com/FHZpjlj.png
http://i.imgur.com/removed.png

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
noticias-casera.net/noticias-casera/app/
Redirect Chain

http://noticias-casera.net/noticias-casera/app/?key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha...
http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhg...

2 KB
1 KB

94ms
94ms

Document
text/html

104.37.35.104
ONECOM

General

Check archive.org

Show headers Download Go to

Full URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Protocol: HTTP/1.1
Server: 104.37.35.104 New York, United States, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster16.webpod1-wdc1.one.com
Software: Apache / PHP/7.0.15
Resource Hash: 3e1e1b611816d48cb8c161e05d0cc6dd1ac38ceb16e038b04828d8d4e81cf317

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 27 Jul 2017 21:28:14 GMT
Content-Encoding: gzip
Server: Apache
Age: 0
X-Powered-By: PHP/7.0.15
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-15
Via: 1.1 varnish (Varnish/5.1)
Cache-control: private
X-Varnish: 44759228
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1224
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 27 Jul 2017 21:28:13 GMT
Content-Encoding: gzip
Server: Apache
Age: 0
X-Powered-By: PHP/7.0.15
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-15
Location: ?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Cache-control: private
X-Varnish: 39354320
Connection: keep-alive
Content-Length: 1225
Via: 1.1 varnish (Varnish/5.1)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK style.css
noticias-casera.net/noticias-casera/app/ 10 KB
2 KB 94ms
94ms Stylesheet
text/css 104.37.35.104
ONECOM

General

Check archive.org

Show headers Download Go to

Full URL: http://noticias-casera.net/noticias-casera/app/style.css
Requested by: Host: noticias-casera.net
URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Protocol: HTTP/1.1
Server: 104.37.35.104 New York, United States, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster16.webpod1-wdc1.one.com
Software: Apache /
Resource Hash: d5fc3c313f0d425da5886277481e1f8148142ce3b9d91abc03d0825093ee1ceb

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Jun 2016 03:12:29 GMT
Server: Apache
Age: 0
ETag: "9fc6e84e-26c2-534a78f2a9878"
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 varnish (Varnish/5.1)
X-Varnish: 108724731
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2302

GET
S 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ 93 KB
33 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:820::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Requested by

Host: noticias-casera.net
URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 16 May 2017 15:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6243022
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 33845
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 May 2018 15:17:52 GMT

GET
H/1.1 200
OK E9Fn1cV.png
i.imgur.com/ 4 KB
4 KB 12ms
6ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://i.imgur.com/E9Fn1cV.png
Requested by: Host: noticias-casera.net
URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Protocol: HTTP/1.1
Server: 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: efda031a4fd71d0bd48a3438d752b037e4b195172b46c0c7f83343f9d48cf8dd

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Age: 2987684
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 4038
X-Served-By: cache-iad2137-IAD, cache-hhn1523-HHN
Last-Modified: Fri, 13 Feb 2015 03:15:41 GMT
Server: cat factory 1.0
cache-control: public, max-age=31536000
X-Timer: S1501190894.139147,VS0,VE1
ETag: "e3986679c34edd5fe900b364bb5e236d"
Vary: Accept, Accept
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Fastly-Debug-Digest: 582fa204ab02c05eb4b89db0e13b8d2772c78a7464cb7ebcce51b68fcb72a2d6
Accept-Ranges: bytes
X-Cache-Hits: 1, 1

GET
H/1.1 200
OK LE87vI1.png
i.imgur.com/ 282 B
282 B 6ms
6ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://i.imgur.com/LE87vI1.png
Requested by: Host: noticias-casera.net
URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Protocol: HTTP/1.1
Server: 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: b2a9c99239fa0a487f1dc690afab1585a4ea7e79751e60d59d709f496ead4fc5

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Age: 5657405
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 282
X-Served-By: cache-iad2146-IAD, cache-hhn1523-HHN
Last-Modified: Fri, 13 Feb 2015 04:14:18 GMT
Server: cat factory 1.0
cache-control: public, max-age=31536000
X-Timer: S1501190894.145482,VS0,VE1
ETag: "177479222edd3185d802a198f5729616"
Vary: Accept, Accept
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Fastly-Debug-Digest: 39ed7a040273277400307e6c15ec2e452b6a0aaf4982216031892110375e5ccf
Accept-Ranges: bytes
X-Cache-Hits: 46, 1

GET
H/1.1 200
OK js15.js Show response
s10.histats.com/ 10 KB
4 KB 17ms
8ms Script
text/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://s10.histats.com/js15.js
Requested by: Host: noticias-casera.net
URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Protocol: HTTP/1.1
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 0120e77cb4349901e77ba8f52a043fe09c04887b406150daf19fb111becbe657

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 27 Jul 2017 21:23:52 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jun 2017 15:26:32 GMT
X-CDN-Pop-IP: 137.74.120.0/27
ETag: "927317778"
X-Cacheable: Matched cache
Vary: Accept-Encoding
X-IPLB-Instance: 4761
Content-Type: text/javascript
X-CDN-Pop: sbg
Accept-Ranges: bytes
Content-Length: 4101

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 379 B
379 B 182ms
91ms Script
text/html 208.43.241.178
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: http://s4.histats.com/stats/0.php?3205176&@f16&@g1&@h1&@i1&@j1501190894221&@k0&@l1&@mFacebook-Anwendung&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@vhttp%3A%2F%2Fnoticias-casera.net%2Fnoticias-casera%2Fapp%2F%3Flang%3Dde%26key%3Dbioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1&@w
Requested by: Host: s10.histats.com
URL: http://s10.histats.com/js15.js
Protocol: HTTP/1.1
Server: 208.43.241.178 Chantilly, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: b2.f1.2bd0.ip4.static.sl-reverse.com
Software: /
Resource Hash: 53c4d77d181624715612e72ce05e5cc4b44bf322a711b04ec69443dd93a57d31

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Connection: close
Content-Length: 379
Content-Type: text/html;charset=UTF-8

GET
H/1.1

200
OK

removed.png
i.imgur.com/
Redirect Chain

http://i.imgur.com/FHZpjlj.png
http://i.imgur.com/removed.png

503 B
503 B

5ms
5ms

Image
image/png

151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://i.imgur.com/removed.png
Requested by: Host: noticias-casera.net
URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Protocol: HTTP/1.1
Server: 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/style.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Age: 5664537
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 503
X-Served-By: cache-iad2149-IAD, cache-hhn1523-HHN
Last-Modified: Wed, 14 May 2014 05:44:36 GMT
Server: cat factory 1.0
cache-control: public, max-age=31536000
X-Timer: S1501190894.353825,VS0,VE0
ETag: "d835884373f4d6c8f24742ceabe74946"
Vary: Accept, Accept
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Fastly-Debug-Digest: fe29cadb5c88e99f9d993f03a8d2720892bf45940d6129d3d703f6ce96907978
Accept-Ranges: bytes
X-Cache-Hits: 1, 2399

Redirect headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Age: 0
X-Cache: MISS, MISS
Connection: keep-alive
Content-Length: 0
X-Served-By: cache-iad2139-IAD, cache-hhn1523-HHN
Server: cat factory 1.0
X-Timer: S1501190894.252716,VS0,VE95
Location: http://i.imgur.com/removed.png
Vary: Accept
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Fastly-Debug-Digest: d586d19c60ec4afa162aae0412e6d6a8594ce6f764bef135214c9103bc3ca2a6
Accept-Ranges: bytes
Retry-After: 0
X-Cache-Hits: 0, 0

GET
H/1.1 200
OK TopNav-de.PNG
noticias-casera.net/noticias-casera/app/img/ 7 KB
7 KB 93ms
93ms Image
image/png 104.37.35.104
ONECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://noticias-casera.net/noticias-casera/app/img/TopNav-de.PNG
Requested by: Host: noticias-casera.net
URL: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
Protocol: HTTP/1.1
Server: 104.37.35.104 New York, United States, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster16.webpod1-wdc1.one.com
Software: Apache /
Resource Hash: 948d7d64f3dd7ed7549ceb38e785d355d854a234063732da470565016f611290

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Via: 1.1 varnish (Varnish/5.1)
Last-Modified: Tue, 07 Jun 2016 03:12:26 GMT
Server: Apache
Age: 0
ETag: "2b666cb7-1a8f-534a78ef572ac"
X-Varnish: 80201379
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 6799

GET
H/1.1 200
OK / Show response
e.dtscout.com/e/ 4 KB
4 KB 182ms
91ms Script
application/javascript 69.4.231.31
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: http://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=http%3A%2F%2Fnoticias-casera.net%2Fnoticias-casera%2Fapp%2F%3Flang%3Dde%26key%3Dbioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1&j=
Requested by: Host: s4.histats.com
URL: http://s4.histats.com/stats/0.php?3205176&@f16&@g1&@h1&@i1&@j1501190894221&@k0&@l1&@mFacebook-Anwendung&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@vhttp%3A%2F%2Fnoticias-casera.net%2Fnoticias-casera%2Fapp%2F%3Flang%3Dde%26key%3Dbioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1&@w
Protocol: HTTP/1.1
Server: 69.4.231.31 Providence, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: no-rdns.ord02.hostingservicesinc.net
Software: /
Resource Hash: a60398b6c3c17a3a0a4ae9688444c5f59a44ed05ec8e536aee8fd353d4156f57

Request headers

Referer: http://noticias-casera.net/noticias-casera/app/?lang=de&key=bioj7a03cx47fendy81hohvxnl2z4idhdvgbnsac9lkdgkr8hjo5iavthucaiorkm1ckp5wkd0oy0m9hfpjkyu1vxljm8jbrgyudskut4qwlfitx8spmlhg9hbryos7kfxmhp3dhgt2zrprha7ifpnhfx0zynxfblwib1ex1gwc9knhghsgjwnq7nnta1filozyxmqs1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 27 Jul 2017 21:28:14 GMT
Cache-Control: no-cache
Connection: close
Content-Type: application/javascript
X-Z: E
Transfer-Encoding: chunked
Expires: Thu, 27 Jul 2017 21:28:13 GMT

GET /
t.dtscout.com/idg/ Frame 3022 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: t.dtscout.com
URL: http://t.dtscout.com/idg/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dtscout.com/	2022-07-26 21:28:14	Name: d Value: null
noticias-casera.net/	1970-01-01 00:00:00	Name: PHPSESSID Value: 2b7enqvvunbptc8444020m33o7
.dtscout.com/	2017-07-28 21:28:14	Name: ah Value: 1
.dtscout.com/	2017-07-27 21:58:14	Name: m Value: 1
.dtscout.com/	2017-07-28 05:28:14	Name: es Value: 1
noticias-casera.net/	2018-07-27 21:28:14	Name: HstCfa3205176 Value: 1501190894221
.dtscout.com/	2017-07-28 05:28:14	Name: ey Value: 1
noticias-casera.net/	2018-07-27 21:28:14	Name: HstCla3205176 Value: 1501190894221
noticias-casera.net/	2018-07-27 21:28:14	Name: HstCmu3205176 Value: 1501190894221
.dtscout.com/	2037-12-31 23:55:55	Name: l Value: RQTnH1l6Wu6t3Fx7qSwFAg==
noticias-casera.net/	2018-07-27 21:28:14	Name: HstPt3205176 Value: 1
noticias-casera.net/	2018-07-27 21:28:14	Name: HstCns3205176 Value: 1
.dtscout.com/	2017-07-28 05:28:14	Name: b Value: 1
.dtscout.com/	2019-07-27 21:28:14	Name: df Value: 1501190894
noticias-casera.net/	2018-07-27 21:28:14	Name: HstPn3205176 Value: 1
noticias-casera.net/	2018-07-27 21:28:14	Name: HstCnv3205176 Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
e.dtscout.com
i.imgur.com
noticias-casera.net
s10.histats.com
s4.histats.com
t.dtscout.com
t.dtscout.com
104.37.35.104
151.101.112.193
208.43.241.178
2a00:1450:4001:820::200a
46.105.201.240
69.4.231.31
0120e77cb4349901e77ba8f52a043fe09c04887b406150daf19fb111becbe657
3e1e1b611816d48cb8c161e05d0cc6dd1ac38ceb16e038b04828d8d4e81cf317
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
53c4d77d181624715612e72ce05e5cc4b44bf322a711b04ec69443dd93a57d31
948d7d64f3dd7ed7549ceb38e785d355d854a234063732da470565016f611290
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
a60398b6c3c17a3a0a4ae9688444c5f59a44ed05ec8e536aee8fd353d4156f57
b2a9c99239fa0a487f1dc690afab1585a4ea7e79751e60d59d709f496ead4fc5
d5fc3c313f0d425da5886277481e1f8148142ce3b9d91abc03d0825093ee1ceb
efda031a4fd71d0bd48a3438d752b037e4b195172b46c0c7f83343f9d48cf8dd

noticias-casera.net Open in urlscan Pro 104.37.35.104 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

11 Requests

9 %HTTPS

17 %IPv6

5 Domains

7 Subdomains

7 IPs

3 Countries

56 kBTransfer

130 kBSize

16 Cookies

1 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

16 Cookies

Indicators

noticias-casera.net Open in urlscan Pro
104.37.35.104 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

9 %
HTTPS

17 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

56 kB
Transfer

130 kB
Size

16
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!