b2yrk7nm.myraidbox.de
Open in
urlscan Pro
188.34.203.164
Malicious Activity!
Public Scan
Effective URL: https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
Submission: On July 07 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 13th 2023. Valid for: a year.
This is the only time b2yrk7nm.myraidbox.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 34.148.73.213 34.148.73.213 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 163.44.198.45 163.44.198.45 | 135161 (GMO-Z-COM...) (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co.) | |
1 12 | 188.34.203.164 188.34.203.164 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
13 | 3 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 213.73.148.34.bc.googleusercontent.com
www.kwconnect.com |
ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., JP)
PTR: cpanel05wh.bkk1.cloud.z.com
23272636-82-20170821165537.webstarterz.com |
ASN24940 (HETZNER-AS, DE)
PTR: b2yrk7nm.myraidbox.de
b2yrk7nm.myraidbox.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
myraidbox.de
1 redirects
b2yrk7nm.myraidbox.de |
667 KB |
1 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 4129 |
72 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 433 |
31 KB |
1 |
webstarterz.com
1 redirects
23272636-82-20170821165537.webstarterz.com |
479 B |
1 |
kwconnect.com
1 redirects
www.kwconnect.com |
567 B |
13 | 5 |
Domain | Requested by | |
---|---|---|
12 | b2yrk7nm.myraidbox.de |
1 redirects
b2yrk7nm.myraidbox.de
|
1 | assets.nflxext.com |
b2yrk7nm.myraidbox.de
|
1 | ajax.googleapis.com |
b2yrk7nm.myraidbox.de
|
1 | 23272636-82-20170821165537.webstarterz.com | 1 redirects |
1 | www.kwconnect.com | 1 redirects |
13 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.myraidbox.de Sectigo RSA Domain Validation Secure Server CA |
2023-04-13 - 2024-05-13 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2023-06-20 - 2023-07-25 |
a month | crt.sh |
This page contains 2 frames:
Primary Page:
https://b2yrk7nm.myraidbox.de/zabi/main/cgi/
Frame ID: 040B7201580D0D4FBF6C786EC115F1A5
Requests: 6 HTTP requests in this frame
Frame:
https://b2yrk7nm.myraidbox.de/awdi/main/account.php
Frame ID: 4DBB511152DCEDB55F2D2834DA9DF141
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.kwconnect.com/redirect?url=%20%20https%3A%2F%2F23272636-82-20170821165537.webstarterz.com%...
HTTP 302
https://23272636-82-20170821165537.webstarterz.com/zab/ HTTP 302
https://b2yrk7nm.myraidbox.de/zabi/main/cgi/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.kwconnect.com/redirect?url=%20%20https%3A%2F%2F23272636-82-20170821165537.webstarterz.com%2Fzab%2F
HTTP 302
https://23272636-82-20170821165537.webstarterz.com/zab/ HTTP 302
https://b2yrk7nm.myraidbox.de/zabi/main/cgi/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://b2yrk7nm.myraidbox.de/awdi/main/ HTTP 302
- https://b2yrk7nm.myraidbox.de/awdi/main/account.php
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
b2yrk7nm.myraidbox.de/zabi/main/cgi/ Redirect Chain
|
1 KB 661 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
b2yrk7nm.myraidbox.de/zabi/main/cgi/ |
2 KB 944 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
b2yrk7nm.myraidbox.de/zabi/main/cgi/ |
378 B 507 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ssl.svg
b2yrk7nm.myraidbox.de/zabi/main/cgi/ |
603 B 633 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
b2yrk7nm.myraidbox.de/zabi/main/cgi/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
account.php
b2yrk7nm.myraidbox.de/awdi/main/ Frame 4DBB Redirect Chain
|
12 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
b2yrk7nm.myraidbox.de/awdi/main/css/ Frame 4DBB |
107 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
b2yrk7nm.myraidbox.de/awdi/main/js/ Frame 4DBB |
2 MB 308 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login2.css
b2yrk7nm.myraidbox.de/awdi/main/css/ Frame 4DBB |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
b2yrk7nm.myraidbox.de/awdi/main/css/ Frame 4DBB |
157 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FR-fr-20211220-popsignuptwoweeks-perspective_alpha_website_large.jpg
b2yrk7nm.myraidbox.de/awdi/main/img/ Frame 4DBB |
313 KB 314 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ Frame 4DBB |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| minimize object| square object| exit object| titleBar object| draggable object| title function| enlarge1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
23272636-82-20170821165537.webstarterz.com/ | Name: PHPSESSID Value: 7fo3d8crc8731s7ic7m2tdk3b6 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000 |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
23272636-82-20170821165537.webstarterz.com
ajax.googleapis.com
assets.nflxext.com
b2yrk7nm.myraidbox.de
www.kwconnect.com
163.44.198.45
188.34.203.164
2a00:1450:4001:830::200a
2a00:86c0:2091::1
34.148.73.213
1c22371c656a4b87d3d6e46c4fa03573efc382782fbf74d67af2e7d00a402d1c
215eb83115d728748bef2db4217a8c7e12bbedb2825e146b678e85cc2ef88639
3b439667b653b07d8eec20a02b2c7cb25e4eb2a91acdbdb61f28f9163237067d
76b22adfdb4470bf90d43617d7c1bbf7466313745e8ee2882f721faf43f9dbb8
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
ae9cd11b7615ded2ce4aa11d21b034b5f9707aa6cb27d46596947903ccb92247
b595ae0500ba550311cc70957d2565d87d55bb6b7dca3b6a03bf44c9e4bc29aa
d622e7c909d7ddd5d9b3a50f894114345c5b15898a430c5a2fe6928035852c37
d7676356c36848f656df2698a8a09b139bc50a7fafdc72202c854c1e440e22ea
dc6c504c324eb03c23b34b2c47e3152bffbf77f4f6a9ae5aa37d0b4dc67046ee
e83673deb9aea659fb4449f8056ebdead1aac25226efb021ed5b5fbff1745f4f
f76b86e7ccf1083bf8d16a5e7b50f653cbe14b93778c50ea2318013c6ce67d92
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d