b3punv.myraidbox.de Open in urlscan Pro
159.69.115.231 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://318640.seu2.cleverreach.com/c/69951101/80a658a24de6-r9ni39
Effective URL:
https://b3punv.myraidbox.de/OVH/index.html
Submission Tags: 7476928
Submission: On April 01 via api (April 1st 2022, 1:32:56 pm UTC) from US — Scanned from FR

Summary HTTP 13 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 159.69.115.231, located in Germany and belongs to HETZNER-AS, DE. The main domain is b3punv.myraidbox.de.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 1st 2020. Valid for: 2 years.

This is the only time b3punv.myraidbox.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OVH (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.194.198.48 54.194.198.48	16509 (AMAZON-02) (AMAZON-02)
1 2	159.69.115.231 159.69.115.231	24940 (HETZNER-AS) (HETZNER-AS)
12	51.38.17.223 51.38.17.223	16276 (OVH) (OVH)
13	2

1 54.194.198.48 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-198-48.eu-west-1.compute.amazonaws.com

318640.seu2.cleverreach.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.69.115.231 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: b3punv.myraidbox.de

b3punv.myraidbox.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 51.38.17.223 (France)

ASN16276 (OVH, FR)
PTR: api.ovh.com

eu.api.ovh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	ovh.com eu.api.ovh.com	488 KB
2	myraidbox.de 1 redirects b3punv.myraidbox.de	11 KB
1	cleverreach.com 1 redirects 318640.seu2.cleverreach.com	528 B
13	3

	Domain	Requested by
12	eu.api.ovh.com	b3punv.myraidbox.de
2	b3punv.myraidbox.de	1 redirects
1	318640.seu2.cleverreach.com	1 redirects
13	3

This site contains links to these domains. Also see Links.

Domain
www.ovh.com
docs.ovh.com
www.ovh.es

Subject Issuer	Validity	Valid
*.myraidbox.de Sectigo RSA Domain Validation Secure Server CA	`2020-05-01` - `2022-08-03`	2 years	crt.sh
eu.api.ovh.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-26` - `2022-10-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://b3punv.myraidbox.de/OVH/index.html
Frame ID: FBD8BC14B40C48796A892E44D3D0CD74
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Control panel - OVH

Page URL History Show full URLs

https://318640.seu2.cleverreach.com/c/69951101/80a658a24de6-r9ni39 HTTP 302
https://b3punv.myraidbox.de/OVH/ HTTP 302
https://b3punv.myraidbox.de/OVH/index.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

498 kB
Transfer

837 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ovh.com/

Search URL Search Domain Scan URL

URL: https://docs.ovh.com/gb/en/customer/all-about-your-username/
Title: More about your username

Search URL Search Domain Scan URL

URL: https://www.ovh.es/soporte/documentos_legales/version/CondicionesGeneralesServicio_2015-07-22.pdf
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.ovh.es/proteccion-datos-personales/ejercer-derechos
Title: our dedicated form

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://318640.seu2.cleverreach.com/c/69951101/80a658a24de6-r9ni39 HTTP 302
https://b3punv.myraidbox.de/OVH/ HTTP 302
https://b3punv.myraidbox.de/OVH/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
b3punv.myraidbox.de/OVH/
Redirect Chain

https://318640.seu2.cleverreach.com/c/69951101/80a658a24de6-r9ni39
https://b3punv.myraidbox.de/OVH/
https://b3punv.myraidbox.de/OVH/index.html

70 KB
11 KB

31ms
30ms

Document
text/html

159.69.115.231
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://b3punv.myraidbox.de/OVH/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

159.69.115.231 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

b3punv.myraidbox.de

Software

nginx /

Resource Hash

a9329269840290927606ede18ef3bf0a9f5378973e3c395f117677f7dedda593

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: br
content-type: text/html
date: Fri, 01 Apr 2022 13:32:52 GMT
etag: W/"6246baa2-1165d"
last-modified: Fri, 01 Apr 2022 08:41:06 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache-device-type: responsive
x-cache-type: NGINX
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

content-type: text/html; charset=UTF-8
date: Fri, 01 Apr 2022 13:32:52 GMT
location: index.html
server: nginx
strict-transport-security: max-age=31536000
x-cache: HIT
x-cache-device-type: responsive
x-cache-type: NGINX
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK jquery.min.js Show response
eu.api.ovh.com/js/jquery/1.10.2/ 91 KB
38 KB 116ms
19ms Script
application/javascript 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/js/jquery/1.10.2/jquery.min.js

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

85c75b66893b6883d4b424b4ceae6d8eeb7bcf48cb4bce70f3d49a3b5d97a8a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Jun 2020 08:06:23 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B6:D054_0A5DF004:01BB_6246FF04_A3A9C5:3445, 253BA461:A116_332611DF:01BB_6246FF04_9BF206:22A6
ETag: W/"16bad-5a93488e4065b"
X-IPLB-Instance: 21903
x-frame-options: DENY
Content-Type: application/javascript
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.css
eu.api.ovh.com/bootstrap/css/ 121 KB
24 KB 106ms
18ms Stylesheet
text/css 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/bootstrap/css/bootstrap.css

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

767c321a970efab2ec747611d60563bf98774f5d9ce8fa101c04af78cdc00184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Jun 2020 08:06:23 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B7:D9CC_0A5DF004:01BB_6246FF04_9E7C51:1FB60, 253BA461:A118_332611DF:01BB_6246FF04_A31C96:28BDE
ETag: W/"1e53f-5a93488e3e71b"
X-IPLB-Instance: 21901
x-frame-options: DENY
Content-Type: text/css
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK bootstrap-responsive.css
eu.api.ovh.com/bootstrap/css/ 21 KB
6 KB 107ms
18ms Stylesheet
text/css 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/bootstrap/css/bootstrap-responsive.css

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

209f176a41ecf09e48412acb60b6d9ad5e177acb0dd1e9f09a7c06498661a223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Jun 2020 16:52:31 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B9:A1F8_0A5DF004:01BB_6246FF04_9BC291:229C, 253BA461:A11A_332611DF:01BB_6246FF04_9BF205:22A6
ETag: W/"54f7-5a82240bc61c6"
X-IPLB-Instance: 21903
x-frame-options: DENY
Content-Type: text/css
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK main.css
eu.api.ovh.com/css/ 10 KB
4 KB 108ms
18ms Stylesheet
text/css 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/css/main.css

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

5d553a18e45a5709aec82c93424d64ed4ba9b9f95cc68793c5ce8618a3b4fe3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Jun 2020 16:52:31 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B6:D02A_0A5DF004:01BB_6246FF04_9E675B:2294, 253BA461:A114_332611DF:01BB_6246FF04_9CA95E:26AE2
ETag: W/"2932-5a82240bc7166"
X-IPLB-Instance: 39363
x-frame-options: DENY
Content-Type: text/css
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK logo-ovhcloud.png
eu.api.ovh.com/images/ 10 KB
10 KB 19ms
19ms Image
image/png 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu.api.ovh.com/images/logo-ovhcloud.png

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

1150eaae722be87d3b4f968c4994a3257b001986ec3c5509527da25b5a236441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Jun 2020 16:52:32 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B8:9118_0A5DF004:01BB_6246FF04_A28A72:3439, 253BA461:A114_332611DF:01BB_6246FF04_9CA960:26AE2
ETag: "26d8-5a82240bc8106"
X-IPLB-Instance: 39363
x-frame-options: DENY
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 9944
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK app.min.471cab8e35e82e.js Show response
eu.api.ovh.com/assets/ 0
511 B 228ms
227ms Script
application/javascript 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/assets/app.min.471cab8e35e82e.js?BpjfyxykmebQhAFTDzLfUovWEWTmUcKv

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
X-IPLB-Request-ID: 0A0108B6:D094_0A5DF004:01BB_6246FF04_9F501F:343B, 253BA461:A118_332611DF:01BB_6246FF04_A31C99:28BDE
X-IPLB-Instance: 21901
x-frame-options: DENY
Content-Type: application/javascript
Cache-Control: no-cache, no-store
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK app.min.54e8f4e444ab0c.js Show response
eu.api.ovh.com/js/soc/ 124 KB
31 KB 19ms
18ms Script
application/javascript 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/js/soc/app.min.54e8f4e444ab0c.js

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

9d21ecb10eea231ff03f4ee0cb0e5d3b7c0a2bfcb50dc3d9e79bfff77cbbef6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Jun 2019 11:09:01 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B8:9100_0A5DF004:01BB_6246FF04_A18887:FC2E, 253BA461:A116_332611DF:01BB_6246FF04_9BF20A:22A6
ETag: W/"1f18c-58b83060b082f"
X-IPLB-Instance: 21903
x-frame-options: DENY
Content-Type: application/javascript
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK search.svg
eu.api.ovh.com/images/ 263 B
730 B 28ms
18ms Image
image/svg+xml 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu.api.ovh.com/images/search.svg

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

e8857a16de64c694e2df0f866a6abbe3e3da054f26cb56b3ef4b617db03bb6e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Jun 2020 08:06:23 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B7:DA8E_0A5DF004:01BB_6246FF04_9F6E5E:26AD8, 253BA461:A116_332611DF:01BB_6246FF04_9BF20F:22A6
ETag: W/"107-5a93488e4065b"
X-IPLB-Instance: 21903
x-frame-options: DENY
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK zxcvbn.js Show response
eu.api.ovh.com/js/soc/ 28 KB
11 KB 19ms
18ms Script
application/javascript 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/js/soc/zxcvbn.js

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

641841d43a263f56d25aa179d313e32d7810616ee6df4017c24bd3a88d3e9ab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://b3punv.myraidbox.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 25 Jun 2019 14:06:12 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B5:EA98_0A5DF004:01BB_6246FF04_A21293:3438, 253BA461:A11A_332611DF:01BB_6246FF04_9BF208:22A6
ETag: W/"7133-58c266e6339ea"
X-IPLB-Instance: 21903
x-frame-options: DENY
Content-Type: application/javascript
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK SourceSansPro-Semibold.woff
eu.api.ovh.com/fonts/source-sans-pro/semibold/ 121 KB
121 KB 85ms
19ms Font
application/x-font-woff 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/fonts/source-sans-pro/semibold/SourceSansPro-Semibold.woff

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

0d67491007d9aa13f3f4e1b04866ec2d3177c5011d8aaea50145f803b1410a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b3punv.myraidbox.de/
Origin: https://b3punv.myraidbox.de
Accept-Language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Jan 2020 15:40:10 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B7:DB2E_0A5DF004:01BB_6246FF04_997696:26ADD, 253BA461:A26C_332611DF:01BB_6246FF04_A7439F:28BE6
ETag: "1e208-59b7a797f6707"
X-IPLB-Instance: 21901
x-frame-options: DENY
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 123400
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK SourceSansPro-Bold.woff
eu.api.ovh.com/fonts/source-sans-pro/bold/ 122 KB
122 KB 19ms
19ms Font
application/x-font-woff 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/fonts/source-sans-pro/bold/SourceSansPro-Bold.woff

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

7de8582bfa70bfc9474928687649c6efb6dc990fab02a7820d0b9b522c7edea1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b3punv.myraidbox.de/
Origin: https://b3punv.myraidbox.de
Accept-Language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Jan 2020 15:40:28 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B6:D28A_0A5DF004:01BB_6246FF04_A6B6B6:343C, 253BA461:A26C_332611DF:01BB_6246FF04_A743A0:28BE6
ETag: "1e65c-59b7a7a994b39"
X-IPLB-Instance: 21901
x-frame-options: DENY
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 124508
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK SourceSansPro-Regular.woff
eu.api.ovh.com/fonts/source-sans-pro/regular/ 119 KB
120 KB 55ms
20ms Font
application/x-font-woff 51.38.17.223
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.api.ovh.com/fonts/source-sans-pro/regular/SourceSansPro-Regular.woff

Requested by

Host: b3punv.myraidbox.de
URL: https://b3punv.myraidbox.de/OVH/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.38.17.223 , France, ASN16276 (OVH, FR),

Reverse DNS

api.ovh.com

Software

nginx /

Resource Hash

34beb8307459d04719789002534a6749e1b7a40021de510bebcbc550d6507006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b3punv.myraidbox.de/
Origin: https://b3punv.myraidbox.de
Accept-Language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 13:32:52 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Jun 2020 08:06:23 GMT
Server: nginx
X-IPLB-Request-ID: 0A0108B8:928E_0A5DF004:01BB_6246FF04_9B5BB7:FC2A, 253BA461:A26C_332611DF:01BB_6246FF04_A743A6:28BE6
ETag: "1dc14-5a93488e3f6bb"
X-IPLB-Instance: 21901
x-frame-options: DENY
Content-Type: application/x-font-woff
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Length: 121876
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OVH (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
318640.seu2.cleverreach.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: kTl2%2COLOGdw8PKH6cvtY-h3BNf89Yepn1TrAZ%2CFASmvmJcec
318640.seu2.cleverreach.com/	1970-01-20 02:20:29	Name: cr_user Value: 19942
318640.seu2.cleverreach.com/	1970-01-20 02:20:29	Name: cr_client Value: 318640
318640.seu2.cleverreach.com/	1970-01-20 02:20:29	Name: cr_mailing Value: 13495072

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

318640.seu2.cleverreach.com
b3punv.myraidbox.de
eu.api.ovh.com
159.69.115.231
51.38.17.223
54.194.198.48
0d67491007d9aa13f3f4e1b04866ec2d3177c5011d8aaea50145f803b1410a35
1150eaae722be87d3b4f968c4994a3257b001986ec3c5509527da25b5a236441
209f176a41ecf09e48412acb60b6d9ad5e177acb0dd1e9f09a7c06498661a223
34beb8307459d04719789002534a6749e1b7a40021de510bebcbc550d6507006
5d553a18e45a5709aec82c93424d64ed4ba9b9f95cc68793c5ce8618a3b4fe3e
641841d43a263f56d25aa179d313e32d7810616ee6df4017c24bd3a88d3e9ab0
767c321a970efab2ec747611d60563bf98774f5d9ce8fa101c04af78cdc00184
7de8582bfa70bfc9474928687649c6efb6dc990fab02a7820d0b9b522c7edea1
85c75b66893b6883d4b424b4ceae6d8eeb7bcf48cb4bce70f3d49a3b5d97a8a4
9d21ecb10eea231ff03f4ee0cb0e5d3b7c0a2bfcb50dc3d9e79bfff77cbbef6d
a9329269840290927606ede18ef3bf0a9f5378973e3c395f117677f7dedda593
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8857a16de64c694e2df0f866a6abbe3e3da054f26cb56b3ef4b617db03bb6e3

b3punv.myraidbox.de Open in urlscan Pro 159.69.115.231 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

498 kBTransfer

837 kBSize

4 Cookies

4 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

b3punv.myraidbox.de Open in urlscan Pro
159.69.115.231 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

498 kB
Transfer

837 kB
Size

4
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!