kundecenter-dandomain.is-by.us Open in urlscan Pro
166.88.19.142 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://yethayah.mybigcommerce.com/w/
Effective URL:
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Submission: On December 17 via manual (December 17th 2020, 10:24:47 am UTC) from DK

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 166.88.19.142, located in San Jose, United States and belongs to EGIHOSTING, US. The main domain is kundecenter-dandomain.is-by.us.
TLS certificate: Issued by R3 on December 14th 2020. Valid for: 3 months.

This is the only time kundecenter-dandomain.is-by.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DanDomain (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	35.241.47.235 35.241.47.235	15169 (GOOGLE) (GOOGLE)
3 12	166.88.19.142 166.88.19.142	18779 (EGIHOSTING) (EGIHOSTING)
3	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
14	3

2 35.241.47.235 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 235.47.241.35.bc.googleusercontent.com

yethayah.mybigcommerce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 166.88.19.142 (San Jose, United States) 3 redirects

ASN18779 (EGIHOSTING, US)

kundecenter-dandomain.is-by.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	is-by.us 3 redirects kundecenter-dandomain.is-by.us	606 KB
3	gstatic.com fonts.gstatic.com	39 KB
2	mybigcommerce.com yethayah.mybigcommerce.com	2 KB
14	3

	Domain	Requested by
12	kundecenter-dandomain.is-by.us	3 redirects kundecenter-dandomain.is-by.us
3	fonts.gstatic.com	kundecenter-dandomain.is-by.us
2	yethayah.mybigcommerce.com	yethayah.mybigcommerce.com
14	3

This site contains no links.

Subject Issuer	Validity	Valid
*.mybigcommerce.com DigiCert SHA2 High Assurance Server CA	`2020-09-21` - `2021-10-23`	a year	crt.sh
kundecenter-dandomain.is-by.us R3	`2020-12-14` - `2021-03-14`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Frame ID: 05A6454B69F10DBD1ACB6C852BD54971
Requests: 11 HTTP requests in this frame

Frame: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/saved_resource.html
Frame ID: 1CF63618CAD4DED80E7868FD6F16C0B6
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://yethayah.mybigcommerce.com/w/ Page URL
https://kundecenter-dandomain.is-by.us/a HTTP 301
https://kundecenter-dandomain.is-by.us/a/ HTTP 302
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf HTTP 301
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/ Page URL

Detected technologies

Bigcommerce (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

url /mybigcommerce\.com/i

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

646 kB
Transfer

643 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://yethayah.mybigcommerce.com/w/ Page URL
https://kundecenter-dandomain.is-by.us/a HTTP 301
https://kundecenter-dandomain.is-by.us/a/ HTTP 302
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf HTTP 301
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
yethayah.mybigcommerce.com/w/ 687 B
1 KB 491ms
280ms Document
text/html 35.241.47.235
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://yethayah.mybigcommerce.com/w/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.241.47.235 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 235.47.241.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 685fa7d387647d2278f9b8b3663a7f2dbe93185c479ee60e5641fbea25e19a82

Request headers

:method: GET
:authority: yethayah.mybigcommerce.com
:scheme: https
:path: /w/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: openresty
date: Thu, 17 Dec 2020 10:24:28 GMT
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
expires: Thu, 19 Nov 1981 08:52:00 GMT
content-encoding: gzip
x-request-id: 7748bd20f27a25ca1f8aa3ddbec732b4
set-cookie: Shopper-Pref=2DDF86B18C03872C447AD398F0558F1C7D5B3309-1608805468877-x%7B%22cur%22%3A%22KRW%22%7D; Expires=Thu, 24 Dec 2020 10:24:28 GMT; Path=/; HttpOnly SHOP_SESSION_TOKEN=kv1me0h8cpr0gg7osupam1lg7s; expires=Thu, 24-Dec-2020 10:24:28 GMT; path=/; Secure; HttpOnly; SameSite=none fornax_anonymousId=f5448399-3277-4256-89de-73331d43f11f; expires=Sat, 17-Dec-2022 10:24:28 GMT; path=/; Secure; SameSite=none XSRF-TOKEN=d592345c918d8e03d1fb3ee17b7f764da1c336adebb4fad6cbd7909179560a14; path=/; Secure; SameSite=none

POST
H2 200 trigger-visit-event
yethayah.mybigcommerce.com/events/ 0
455 B 256ms
255ms XHR
text/html 35.241.47.235
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://yethayah.mybigcommerce.com/events/trigger-visit-event
Requested by: Host: yethayah.mybigcommerce.com
URL: https://yethayah.mybigcommerce.com/w/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.241.47.235 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 235.47.241.35.bc.googleusercontent.com
Software: openresty /
Resource Hash

Request headers

Referer: https://yethayah.mybigcommerce.com/w/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 17 Dec 2020 10:24:29 GMT
content-encoding: gzip
server: openresty
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
x-request-id: e7a8599e6061cdc751c25089ad4e0f6d
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2

200

Primary Request / Show response
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Redirect Chain

https://kundecenter-dandomain.is-by.us/a
https://kundecenter-dandomain.is-by.us/a/
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf
https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/

7 KB
7 KB

196ms
196ms

Document
text/html

166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx / PHP/7.4.13 PleskLin
Resource Hash: 3cafd441b548e40bc2de7d3ad79e6e0450a1700c65f98b92399266f0c59188af

Request headers

:method: GET
:authority: kundecenter-dandomain.is-by.us
:scheme: https
:path: /a/0920dedb5ffa37fee400f34b29341bbf/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://yethayah.mybigcommerce.com/w/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://yethayah.mybigcommerce.com/w/

Response headers

server: nginx
date: Thu, 17 Dec 2020 10:24:30 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.13 PleskLin

Redirect headers

server: nginx
date: Thu, 17 Dec 2020 10:24:30 GMT
content-type: text/html; charset=iso-8859-1
content-length: 282
location: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
x-powered-by: PleskLin

GET
H2 200 loginCssBundleDandomain.css
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ 207 KB
208 KB 389ms
388ms Stylesheet
text/css 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/loginCssBundleDandomain.css
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 8b31ea58f03894d697a0dfaf7c909bec5aa214066add79f0ac131255f3cce9ec

Request headers

Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 10:24:30 GMT
last-modified: Thu, 17 Dec 2020 10:24:30 GMT
server: nginx
x-powered-by: PleskLin
etag: "5fdb31de-33cb5"
content-type: text/css
accept-ranges: bytes
content-length: 212149

GET
H2 200 css.css
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ 9 KB
9 KB 244ms
243ms Stylesheet
text/css 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/css.css
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 2fc0ec9f081d890f2810adbc1eef34392448fd833294fc314b58771761b5c156

Request headers

Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 10:24:30 GMT
last-modified: Thu, 17 Dec 2020 10:24:30 GMT
server: nginx
x-powered-by: PleskLin
etag: "5fdb31de-22fc"
content-type: text/css
accept-ranges: bytes
content-length: 8956

GET
H2 404 saved_resource.html Show response
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ Frame 1CF6 808 B
942 B 679ms
678ms Document
text/html 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/saved_resource.html
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx /
Resource Hash: b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

:method: GET
:authority: kundecenter-dandomain.is-by.us
:scheme: https
:path: /a/0920dedb5ffa37fee400f34b29341bbf/src/saved_resource.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/

Response headers

server: nginx
date: Thu, 17 Dec 2020 10:24:30 GMT
content-type: text/html
content-length: 808
last-modified: Mon, 14 Dec 2020 13:06:10 GMT
etag: "328-5b66c4e58033c"
accept-ranges: bytes

GET
H2 200 styles.css
kundecenter-dandomain.is-by.us/error_docs/ Frame 1CF6 3 KB
3 KB 168ms
167ms Stylesheet
text/css 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://kundecenter-dandomain.is-by.us/error_docs/styles.css
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/saved_resource.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 21caff9a36c2bc2c373c02d54cd9eb81c038aa16ec5f8a9f508fed87dfa1d59b

Request headers

Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/saved_resource.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 10:24:31 GMT
last-modified: Mon, 14 Dec 2020 13:06:10 GMT
server: nginx
x-powered-by: PleskLin
etag: "a9e-5b66c4e581aac"
content-type: text/css
accept-ranges: bytes
content-length: 2718

GET
H2 200 dandomain-background.jpg
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ 365 KB
366 KB 241ms
239ms Image
image/jpeg 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/dandomain-background.jpg
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/loginCssBundleDandomain.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 3c0502da78c1a0829b714598dbdeca7c9320a80c45e91ec8d269cbf0895e2b62

Request headers

Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/loginCssBundleDandomain.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 10:24:31 GMT
last-modified: Thu, 17 Dec 2020 10:24:30 GMT
server: nginx
x-powered-by: PleskLin
etag: "5fdb31de-5b564"
content-type: image/jpeg
accept-ranges: bytes
content-length: 374116

GET
H2 200 dandomain-logo.svg
kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/ 4 KB
4 KB 399ms
397ms Image
image/svg+xml 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/dandomain-logo.svg
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/loginCssBundleDandomain.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: cc500b9e655b466ff86fee996ca368802b65b4035aa554d2e70eed6fc4013add

Request headers

Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/loginCssBundleDandomain.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 10:24:31 GMT
last-modified: Thu, 17 Dec 2020 10:24:30 GMT
server: nginx
x-powered-by: PleskLin
etag: "5fdb31de-10a8"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4264

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 13 KB
13 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu3cOWxw.woff2

Requested by

Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ec7f22119da3493aedefd66ffd30f0aaf4cf4aee42d8254638bcca5971c3568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://kundecenter-dandomain.is-by.us
Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/css.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Dec 2020 18:42:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:08 GMT
server: sffe
age: 56527
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13224
x-xss-protection: 0
expires: Thu, 16 Dec 2021 18:42:24 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 13 KB
13 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu3cOWxw.woff2

Requested by

Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc772b0188bc262494be9dc529c50893ae189110dfcad5a286512b737aef93b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://kundecenter-dandomain.is-by.us
Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/css.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 13 Dec 2020 01:14:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:16 GMT
server: sffe
age: 378618
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13108
x-xss-protection: 0
expires: Mon, 13 Dec 2021 01:14:13 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 13 KB
13 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2

Requested by

Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://kundecenter-dandomain.is-by.us
Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/css.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Dec 2020 01:29:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:14 GMT
server: sffe
age: 204885
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13324
x-xss-protection: 0
expires: Wed, 15 Dec 2021 01:29:46 GMT

GET
H2 404 dandomain-logo-white.svg
kundecenter-dandomain.is-by.us/ 808 B
808 B 396ms
395ms Image
text/html 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kundecenter-dandomain.is-by.us/dandomain-logo-white.svg
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/loginCssBundleDandomain.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx /
Resource Hash: b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

Referer: https://kundecenter-dandomain.is-by.us/a/0920dedb5ffa37fee400f34b29341bbf/src/loginCssBundleDandomain.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 10:24:31 GMT
last-modified: Mon, 14 Dec 2020 13:06:10 GMT
server: nginx
accept-ranges: bytes
etag: "328-5b66c4e58033c"
content-length: 808
content-type: text/html

GET
H2 200 server.svg
kundecenter-dandomain.is-by.us/error_docs/ Frame 1CF6 7 KB
7 KB 253ms
251ms Image
image/svg+xml 166.88.19.142
EGIHOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kundecenter-dandomain.is-by.us/error_docs/server.svg
Requested by: Host: kundecenter-dandomain.is-by.us
URL: https://kundecenter-dandomain.is-by.us/error_docs/styles.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 166.88.19.142 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: f74b80306280ccf2ddc635eb09f5f36070ee5769365b0a7a53ca3747602eebcb

Request headers

Referer: https://kundecenter-dandomain.is-by.us/error_docs/styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 10:24:31 GMT
last-modified: Mon, 14 Dec 2020 13:06:10 GMT
server: nginx
x-powered-by: PleskLin
etag: "1cf8-5b66c4e57d45c"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 7416

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DanDomain (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
kundecenter-dandomain.is-by.us
yethayah.mybigcommerce.com
166.88.19.142
2a00:1450:4001:81e::2003
35.241.47.235
21caff9a36c2bc2c373c02d54cd9eb81c038aa16ec5f8a9f508fed87dfa1d59b
2fc0ec9f081d890f2810adbc1eef34392448fd833294fc314b58771761b5c156
3c0502da78c1a0829b714598dbdeca7c9320a80c45e91ec8d269cbf0895e2b62
3cafd441b548e40bc2de7d3ad79e6e0450a1700c65f98b92399266f0c59188af
685fa7d387647d2278f9b8b3663a7f2dbe93185c479ee60e5641fbea25e19a82
7ec7f22119da3493aedefd66ffd30f0aaf4cf4aee42d8254638bcca5971c3568
8b31ea58f03894d697a0dfaf7c909bec5aa214066add79f0ac131255f3cce9ec
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
cc500b9e655b466ff86fee996ca368802b65b4035aa554d2e70eed6fc4013add
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
f74b80306280ccf2ddc635eb09f5f36070ee5769365b0a7a53ca3747602eebcb
fc772b0188bc262494be9dc529c50893ae189110dfcad5a286512b737aef93b8

kundecenter-dandomain.is-by.us Open in urlscan Pro 166.88.19.142 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

646 kBTransfer

643 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Indicators

kundecenter-dandomain.is-by.us Open in urlscan Pro
166.88.19.142 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

646 kB
Transfer

643 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!