b2yrk7nm.myraidbox.de Open in urlscan Pro
188.34.203.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.kwconnect.com/redirect?url=%20%20https%3A%2F%2F23272636-82-20170821165537.webstarterz.com%2Fzab%2F#google.com#...
Effective URL:
https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
Submission: On July 07 via manual (July 7th 2023, 5:31:09 pm UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 188.34.203.164, located in Germany and belongs to HETZNER-AS, DE. The main domain is b2yrk7nm.myraidbox.de.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 13th 2023. Valid for: a year.

This is the only time b2yrk7nm.myraidbox.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.148.73.213 34.148.73.213	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	163.44.198.45 163.44.198.45	135161 (GMO-Z-COM...) (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co.)
1 12	188.34.203.164 188.34.203.164	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
13	3

1 34.148.73.213 (North Charleston, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 213.73.148.34.bc.googleusercontent.com

www.kwconnect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.44.198.45 (Bangkok, Thailand) 1 redirects

ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP)
PTR: cpanel05wh.bkk1.cloud.z.com

23272636-82-20170821165537.webstarterz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 188.34.203.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: b2yrk7nm.myraidbox.de

b2yrk7nm.myraidbox.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:86c0:2091::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	myraidbox.de 1 redirects b2yrk7nm.myraidbox.de	667 KB
1	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 4129	72 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433	31 KB
1	webstarterz.com 1 redirects 23272636-82-20170821165537.webstarterz.com	479 B
1	kwconnect.com 1 redirects www.kwconnect.com	567 B
13	5

	Domain	Requested by
12	b2yrk7nm.myraidbox.de	1 redirects b2yrk7nm.myraidbox.de
1	assets.nflxext.com	b2yrk7nm.myraidbox.de
1	ajax.googleapis.com	b2yrk7nm.myraidbox.de
1	23272636-82-20170821165537.webstarterz.com	1 redirects
1	www.kwconnect.com	1 redirects
13	5

This site contains no links.

Subject Issuer	Validity	Valid
*.myraidbox.de Sectigo RSA Domain Validation Secure Server CA	`2023-04-13` - `2024-05-13`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.1.nflxso.net DigiCert Secure Site ECC CA-1	`2023-06-20` - `2023-07-25`	a month	crt.sh

This page contains 2 frames:

Primary Page: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
Frame ID: 040B7201580D0D4FBF6C786EC115F1A5
Requests: 6 HTTP requests in this frame

Frame: https://b2yrk7nm.myraidbox.de/awdi/main/account.php
Frame ID: 4DBB511152DCEDB55F2D2834DA9DF141
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.kwconnect.com/redirect?url=%20%20https%3A%2F%2F23272636-82-20170821165537.webstarterz.com%... HTTP 302
https://23272636-82-20170821165537.webstarterz.com/zab/ HTTP 302
https://b2yrk7nm.myraidbox.de/zabi/main/cgi/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

770 kB
Transfer

2397 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.kwconnect.com/redirect?url=%20%20https%3A%2F%2F23272636-82-20170821165537.webstarterz.com%2Fzab%2F HTTP 302
https://23272636-82-20170821165537.webstarterz.com/zab/ HTTP 302
https://b2yrk7nm.myraidbox.de/zabi/main/cgi/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://b2yrk7nm.myraidbox.de/awdi/main/ HTTP 302
https://b2yrk7nm.myraidbox.de/awdi/main/account.php

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
b2yrk7nm.myraidbox.de/zabi/main/cgi/
Redirect Chain

https://www.kwconnect.com/redirect?url=%20%20https%3A%2F%2F23272636-82-20170821165537.webstarterz.com%2Fzab%2F
https://23272636-82-20170821165537.webstarterz.com/zab/
https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

1 KB
661 B

68ms
10ms

Document
text/html

188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

f76b86e7ccf1083bf8d16a5e7b50f653cbe14b93778c50ea2318013c6ce67d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Fri, 07 Jul 2023 17:31:03 GMT
etag: W/"64a717b6-402"
last-modified: Thu, 06 Jul 2023 19:36:22 GMT
server: nginx
strict-transport-security: max-age=63072000
vary: Accept-Encoding
x-cache-device-type: responsive
x-cache-type: NGINX
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 07 Jul 2023 17:31:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
Pragma: no-cache
Server: Apache
X-Powered-By: PHP/5.6.40

GET
H2 200 style.css
b2yrk7nm.myraidbox.de/zabi/main/cgi/ 2 KB
944 B 12ms
10ms Stylesheet
text/css 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/zabi/main/cgi/style.css

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

215eb83115d728748bef2db4217a8c7e12bbedb2825e146b678e85cc2ef88639

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 19:36:22 GMT
server: nginx
content-encoding: br
etag: W/"64a717b6-6e0"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 38ms
7ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 16:16:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4479
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 16:16:24 GMT

GET
H2 200 logo.svg
b2yrk7nm.myraidbox.de/zabi/main/cgi/ 378 B
507 B 12ms
11ms Image
image/svg+xml 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b2yrk7nm.myraidbox.de/zabi/main/cgi/logo.svg

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

ae9cd11b7615ded2ce4aa11d21b034b5f9707aa6cb27d46596947903ccb92247

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 19:36:22 GMT
server: nginx
content-encoding: br
etag: W/"64a717b6-17a"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2 200 ssl.svg
b2yrk7nm.myraidbox.de/zabi/main/cgi/ 603 B
633 B 11ms
10ms Image
image/svg+xml 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b2yrk7nm.myraidbox.de/zabi/main/cgi/ssl.svg

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

3b439667b653b07d8eec20a02b2c7cb25e4eb2a91acdbdb61f28f9163237067d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 19:36:22 GMT
server: nginx
content-encoding: br
etag: W/"64a717b6-25b"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2 200 script.js Show response
b2yrk7nm.myraidbox.de/zabi/main/cgi/ 3 KB
1 KB 13ms
12ms Script
application/javascript 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/zabi/main/cgi/script.js

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

d7676356c36848f656df2698a8a09b139bc50a7fafdc72202c854c1e440e22ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 19:36:22 GMT
server: nginx
content-encoding: br
etag: W/"64a717b6-ac4"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2

200

account.php Show response
b2yrk7nm.myraidbox.de/awdi/main/ Frame 4DBB
Redirect Chain

https://b2yrk7nm.myraidbox.de/awdi/main/
https://b2yrk7nm.myraidbox.de/awdi/main/account.php

12 KB
3 KB

13ms
13ms

Document
text/html

188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/awdi/main/account.php

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

b595ae0500ba550311cc70957d2565d87d55bb6b7dca3b6a03bf44c9e4bc29aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 07 Jul 2023 17:31:03 GMT
server: nginx
strict-transport-security: max-age=63072000
vary: Accept-Encoding
x-cache: HIT
x-cache-device-type: responsive
x-cache-type: NGINX
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

content-type: text/html; charset=UTF-8
date: Fri, 07 Jul 2023 17:31:03 GMT
location: account.php
server: nginx
strict-transport-security: max-age=63072000
x-cache: HIT
x-cache-device-type: responsive
x-cache-type: NGINX
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 style.css
b2yrk7nm.myraidbox.de/awdi/main/css/ Frame 4DBB 107 KB
15 KB 28ms
27ms Stylesheet
text/css 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/awdi/main/css/style.css

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/awdi/main/account.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

1c22371c656a4b87d3d6e46c4fa03573efc382782fbf74d67af2e7d00a402d1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/awdi/main/account.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 22:28:59 GMT
server: nginx
content-encoding: br
etag: W/"64a7402b-1ad49"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2 200 login.js Show response
b2yrk7nm.myraidbox.de/awdi/main/js/ Frame 4DBB 2 MB
308 KB 87ms
87ms Script
application/javascript 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/awdi/main/js/login.js

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/awdi/main/account.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

76b22adfdb4470bf90d43617d7c1bbf7466313745e8ee2882f721faf43f9dbb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/awdi/main/account.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 22:28:59 GMT
server: nginx
content-encoding: br
etag: W/"64a7402b-1972c3"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2 200 login2.css
b2yrk7nm.myraidbox.de/awdi/main/css/ Frame 4DBB 13 KB
3 KB 30ms
30ms Stylesheet
text/css 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/awdi/main/css/login2.css

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/awdi/main/account.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

d622e7c909d7ddd5d9b3a50f894114345c5b15898a430c5a2fe6928035852c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/awdi/main/account.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 22:28:59 GMT
server: nginx
content-encoding: br
etag: W/"64a7402b-35f5"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2 200 login.css
b2yrk7nm.myraidbox.de/awdi/main/css/ Frame 4DBB 157 KB
19 KB 33ms
32ms Stylesheet
text/css 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b2yrk7nm.myraidbox.de/awdi/main/css/login.css

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/awdi/main/account.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

dc6c504c324eb03c23b34b2c47e3152bffbf77f4f6a9ae5aa37d0b4dc67046ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/awdi/main/account.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 06 Jul 2023 22:28:59 GMT
server: nginx
content-encoding: br
etag: W/"64a7402b-27433"
x-cache-type: STATIC
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
x-cache-device-type: responsive
x-xss-protection: 1; mode=block
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H2 200 FR-fr-20211220-popsignuptwoweeks-perspective_alpha_website_large.jpg
b2yrk7nm.myraidbox.de/awdi/main/img/ Frame 4DBB 313 KB
314 KB 105ms
105ms Image
image/jpeg 188.34.203.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b2yrk7nm.myraidbox.de/awdi/main/img/FR-fr-20211220-popsignuptwoweeks-perspective_alpha_website_large.jpg

Requested by

Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/awdi/main/account.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.203.164 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b2yrk7nm.myraidbox.de

Software

nginx /

Resource Hash

e83673deb9aea659fb4449f8056ebdead1aac25226efb021ed5b5fbff1745f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b2yrk7nm.myraidbox.de/awdi/main/account.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 17:31:03 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-cache-type: STATIC
content-length: 320920
x-xss-protection: 1; mode=block
pragma: public
last-modified: Thu, 06 Jul 2023 22:28:59 GMT
server: nginx
etag: "64a7402b-4e598"
vary: Accept-Encoding, Accept
content-type: image/jpeg
cache-control: max-age=31536000, public
accept-ranges: bytes
x-cache-device-type: responsive
expires: Sat, 06 Jul 2024 17:31:03 GMT

GET
H/1.1 200
OK nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ Frame 4DBB 72 KB
72 KB 32ms
7ms Font
font/woff 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by: Host: b2yrk7nm.myraidbox.de
URL: https://b2yrk7nm.myraidbox.de/awdi/main/css/login.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

Referer: https://b2yrk7nm.myraidbox.de/
Origin: https://b2yrk7nm.myraidbox.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 07 Jul 2023 17:31:03 GMT
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Server: nginx
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 73572
Expires: Fri, 14 Jul 2023 17:31:04 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			23272636-82-20170821165537.webstarterz.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7fo3d8crc8731s7ic7m2tdk3b6

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://b2yrk7nm.myraidbox.de/awdi/main/account.php Message: The resource https://b2yrk7nm.myraidbox.de/awdi/main/js/login.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

23272636-82-20170821165537.webstarterz.com
ajax.googleapis.com
assets.nflxext.com
b2yrk7nm.myraidbox.de
www.kwconnect.com
163.44.198.45
188.34.203.164
2a00:1450:4001:830::200a
2a00:86c0:2091::1
34.148.73.213
1c22371c656a4b87d3d6e46c4fa03573efc382782fbf74d67af2e7d00a402d1c
215eb83115d728748bef2db4217a8c7e12bbedb2825e146b678e85cc2ef88639
3b439667b653b07d8eec20a02b2c7cb25e4eb2a91acdbdb61f28f9163237067d
76b22adfdb4470bf90d43617d7c1bbf7466313745e8ee2882f721faf43f9dbb8
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
ae9cd11b7615ded2ce4aa11d21b034b5f9707aa6cb27d46596947903ccb92247
b595ae0500ba550311cc70957d2565d87d55bb6b7dca3b6a03bf44c9e4bc29aa
d622e7c909d7ddd5d9b3a50f894114345c5b15898a430c5a2fe6928035852c37
d7676356c36848f656df2698a8a09b139bc50a7fafdc72202c854c1e440e22ea
dc6c504c324eb03c23b34b2c47e3152bffbf77f4f6a9ae5aa37d0b4dc67046ee
e83673deb9aea659fb4449f8056ebdead1aac25226efb021ed5b5fbff1745f4f
f76b86e7ccf1083bf8d16a5e7b50f653cbe14b93778c50ea2318013c6ce67d92
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

b2yrk7nm.myraidbox.de Open in urlscan Pro 188.34.203.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

3 IPs

3 Countries

770 kBTransfer

2397 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

b2yrk7nm.myraidbox.de Open in urlscan Pro
188.34.203.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

770 kB
Transfer

2397 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!