b3punv.myraidbox.de
Open in
urlscan Pro
159.69.115.231
Malicious Activity!
Public Scan
Effective URL: https://b3punv.myraidbox.de/OVH/index.html
Submission Tags: 7476928
Submission: On April 01 via api from US — Scanned from FR
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 1st 2020. Valid for: 2 years.
This is the only time b3punv.myraidbox.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OVH (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.194.198.48 54.194.198.48 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 159.69.115.231 159.69.115.231 | 24940 (HETZNER-AS) (HETZNER-AS) | |
12 | 51.38.17.223 51.38.17.223 | 16276 (OVH) (OVH) | |
13 | 2 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-198-48.eu-west-1.compute.amazonaws.com
318640.seu2.cleverreach.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
ovh.com
eu.api.ovh.com |
488 KB |
2 |
myraidbox.de
1 redirects
b3punv.myraidbox.de |
11 KB |
1 |
cleverreach.com
1 redirects
318640.seu2.cleverreach.com |
528 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
12 | eu.api.ovh.com |
b3punv.myraidbox.de
|
2 | b3punv.myraidbox.de | 1 redirects |
1 | 318640.seu2.cleverreach.com | 1 redirects |
13 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ovh.com |
docs.ovh.com |
www.ovh.es |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.myraidbox.de Sectigo RSA Domain Validation Secure Server CA |
2020-05-01 - 2022-08-03 |
2 years | crt.sh |
eu.api.ovh.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-26 - 2022-10-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://b3punv.myraidbox.de/OVH/index.html
Frame ID: FBD8BC14B40C48796A892E44D3D0CD74
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Control panel - OVHPage URL History Show full URLs
-
https://318640.seu2.cleverreach.com/c/69951101/80a658a24de6-r9ni39
HTTP 302
https://b3punv.myraidbox.de/OVH/ HTTP 302
https://b3punv.myraidbox.de/OVH/index.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: More about your username
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: our dedicated form
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://318640.seu2.cleverreach.com/c/69951101/80a658a24de6-r9ni39
HTTP 302
https://b3punv.myraidbox.de/OVH/ HTTP 302
https://b3punv.myraidbox.de/OVH/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
b3punv.myraidbox.de/OVH/ Redirect Chain
|
70 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
eu.api.ovh.com/js/jquery/1.10.2/ |
91 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
eu.api.ovh.com/bootstrap/css/ |
121 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-responsive.css
eu.api.ovh.com/bootstrap/css/ |
21 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
eu.api.ovh.com/css/ |
10 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-ovhcloud.png
eu.api.ovh.com/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.min.471cab8e35e82e.js
eu.api.ovh.com/assets/ |
0 511 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.min.54e8f4e444ab0c.js
eu.api.ovh.com/js/soc/ |
124 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
search.svg
eu.api.ovh.com/images/ |
263 B 730 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
zxcvbn.js
eu.api.ovh.com/js/soc/ |
28 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SourceSansPro-Semibold.woff
eu.api.ovh.com/fonts/source-sans-pro/semibold/ |
121 KB 121 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SourceSansPro-Bold.woff
eu.api.ovh.com/fonts/source-sans-pro/bold/ |
122 KB 122 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SourceSansPro-Regular.woff
eu.api.ovh.com/fonts/source-sans-pro/regular/ |
119 KB 120 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OVH (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery object| _0x1357 function| _0x5daf function| Fingerprint2 function| computeSecurityToken object| _0x5c56 function| _0x3eb2 function| zxcvbn object| forgotPasswordButton object| forgotPasswordContainer object| forgotPasswordToggler object| forgotPasswordForm object| forgotPasswordLoader object| forgotPasswordFailure object| forgotPasswordSuccess object| loginForm object| forgotPasswordIdentifiant4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
318640.seu2.cleverreach.com/ | Name: PHPSESSID Value: kTl2%2COLOGdw8PKH6cvtY-h3BNf89Yepn1TrAZ%2CFASmvmJcec |
|
318640.seu2.cleverreach.com/ | Name: cr_user Value: 19942 |
|
318640.seu2.cleverreach.com/ | Name: cr_client Value: 318640 |
|
318640.seu2.cleverreach.com/ | Name: cr_mailing Value: 13495072 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
318640.seu2.cleverreach.com
b3punv.myraidbox.de
eu.api.ovh.com
159.69.115.231
51.38.17.223
54.194.198.48
0d67491007d9aa13f3f4e1b04866ec2d3177c5011d8aaea50145f803b1410a35
1150eaae722be87d3b4f968c4994a3257b001986ec3c5509527da25b5a236441
209f176a41ecf09e48412acb60b6d9ad5e177acb0dd1e9f09a7c06498661a223
34beb8307459d04719789002534a6749e1b7a40021de510bebcbc550d6507006
5d553a18e45a5709aec82c93424d64ed4ba9b9f95cc68793c5ce8618a3b4fe3e
641841d43a263f56d25aa179d313e32d7810616ee6df4017c24bd3a88d3e9ab0
767c321a970efab2ec747611d60563bf98774f5d9ce8fa101c04af78cdc00184
7de8582bfa70bfc9474928687649c6efb6dc990fab02a7820d0b9b522c7edea1
85c75b66893b6883d4b424b4ceae6d8eeb7bcf48cb4bce70f3d49a3b5d97a8a4
9d21ecb10eea231ff03f4ee0cb0e5d3b7c0a2bfcb50dc3d9e79bfff77cbbef6d
a9329269840290927606ede18ef3bf0a9f5378973e3c395f117677f7dedda593
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8857a16de64c694e2df0f866a6abbe3e3da054f26cb56b3ef4b617db03bb6e3