urlscan.io logo urlscan.io
SecurityTrails logo

ziko.square7.ch Open in urlscan Pro
148.251.48.69  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://byegus.wpdevcloud.com/
Effective URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Submission: On May 16 via manual from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 23 HTTP transactions. The main IP is 148.251.48.69, located in Germany and belongs to HETZNER-AS, DE. The main domain is ziko.square7.ch.
This is the only time ziko.square7.ch was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 104.37.86.1 54456 (CLOUDACCE...)
2 8 148.251.48.69 24940 (HETZNER-AS)
2 88.99.13.69 24940 (HETZNER-AS)
3 94.130.236.100 24940 (HETZNER-AS)
1 35.186.216.54 15169 (GOOGLE)
23 6
1    104.37.86.1 (United States)

ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US)
PTR: lamp123.cloudaccess.net
byegus.wpdevcloud.com
8    148.251.48.69 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: client1.square7.ch
ziko.square7.ch
2    88.99.13.69 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.69.13.99.88.clients.your-server.de
handerin11.1apps.com
3    94.130.236.100 (Ukraine)

ASN24940 (HETZNER-AS, DE)
PTR: mx.bplaced.net
www.bplaced.net
1    35.186.216.54 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 54.216.186.35.bc.googleusercontent.com
www.bitadexchange.com
Domain Requested by
8 ziko.square7.ch 2 redirects ziko.square7.ch
3 www.bplaced.net ziko.square7.ch
2 handerin11.1apps.com ziko.square7.ch
1 www.bitadexchange.com www.bplaced.net
1 byegus.wpdevcloud.com
0 www.jsbeautifiers.com Failed ziko.square7.ch
0 lifbcibllhkdhoafpjfnlhfpfgnpldfl Failed ziko.square7.ch
23 7

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Frame ID: D00134B95086E9797D9D83D43E051BE0
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://byegus.wpdevcloud.com/ Page URL
  2. http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

23
Requests

0 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

125 kB
Transfer

118 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://byegus.wpdevcloud.com/ Page URL
  2. http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/img/bg.jpg HTTP 302
  • http://www.bplaced.net/404
Request Chain 20
  • http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/img/header-bg.png HTTP 302
  • http://www.bplaced.net/404

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
byegus.wpdevcloud.com/ 		281 B
539 B 		Document
General
Check archive.org
Download Go to
Full URL
http://byegus.wpdevcloud.com/
Protocol
HTTP/1.1
Server
104.37.86.1 , United States, ASN54456 (CLOUDACCESS-NETWORK - CloudAccess.net, LLC, US),
Reverse DNS
lamp123.cloudaccess.net
Software
Apache /
Resource Hash
7ddeb41efa4f209abec80ca0c304391dc91af21d6731d077dc35b74132554842

Request headers

Host
byegus.wpdevcloud.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D00134B95086E9797D9D83D43E051BE0

Response headers

Date
Wed, 16 May 2018 08:16:20 GMT
Server
Apache
Last-Modified
Tue, 15 May 2018 15:36:54 GMT
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
243
Keep-Alive
timeout=60
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Primary Request /
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/ 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
148.251.48.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
client1.square7.ch
Software
Apache/2.4 /
Resource Hash
34add6364f41b6d9b4f69628bb7aba5b3d64be040ef70ac7ead71e9d19d9ae9d

Request headers

Host
ziko.square7.ch
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://byegus.wpdevcloud.com/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D00134B95086E9797D9D83D43E051BE0
Referer
http://byegus.wpdevcloud.com/

Response headers

Date
Wed, 16 May 2018 08:17:12 GMT
Server
Apache/2.4
Last-Modified
Tue, 15 May 2018 16:19:44 GMT
ETag
"2876-56c40f860ec94"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
10438
Keep-Alive
timeout=4, max=500
Connection
Keep-Alive
Content-Type
text/html
style.css
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ 		959 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/style.css
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
148.251.48.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
client1.square7.ch
Software
Apache/2.4 /
Resource Hash
3027be183d76090288de1293f37fc372429179a05de71a425179a34926ceb8bf

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ziko.square7.ch
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:12 GMT
Last-Modified
Tue, 15 May 2018 16:19:45 GMT
Server
Apache/2.4
ETag
"3bf-56c40f86dcd75"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=4, max=500
Content-Length
959
document_iterator.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
find_proxy.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
get_html_text.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
global_constants.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
name_injection_builder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
number_injection_builder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
menu_injection_builder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
string_finder.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
change_sink.js
lifbcibllhkdhoafpjfnlhfpfgnpldfl/ 		0
0
scr4.js
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ 		88 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/scr4.js
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
148.251.48.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
client1.square7.ch
Software
Apache/2.4 /
Resource Hash
23e3ca8349931478ce6cc6ffb2b4b759871e6e54fb098884a3862487abb0a461

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ziko.square7.ch
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:12 GMT
Last-Modified
Tue, 15 May 2018 16:19:45 GMT
Server
Apache/2.4
ETag
"16183-56c40f86cc3d5"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=4, max=500
Content-Length
90499
Key.jpg
handerin11.1apps.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://handerin11.1apps.com/Key.jpg
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
88.99.13.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.69.13.99.88.clients.your-server.de
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7c25f85e6f20857db2c95251baf8fb664b6d8011ab349f72a427e58970c83853

Request headers

Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:20 GMT
Last-Modified
Tue, 15 May 2018 15:02:51 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"1fa6adcb5decd31:0"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
6789
sekure.png
handerin11.1apps.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://handerin11.1apps.com/sekure.png
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
88.99.13.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.69.13.99.88.clients.your-server.de
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
87f420855778823c4c969d61e90c7a4c61faaa47ab25e9d6dddf2081e447e983

Request headers

Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:20 GMT
Last-Modified
Tue, 15 May 2018 15:02:51 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"1fa6adcb5decd31:0"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
7307
msc.jpg
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ 		943 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/msc.jpg
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
148.251.48.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
client1.square7.ch
Software
Apache/2.4 /
Resource Hash
588fb35a5e9c0b68560696b1b53b8f7f821c8f96f56e8af85c9ae3901c36573e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ziko.square7.ch
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:13 GMT
Last-Modified
Tue, 15 May 2018 16:19:44 GMT
Server
Apache/2.4
ETag
"3af-56c40f86a3395"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=4, max=499
Content-Length
943
vbv.gif
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/vbv.gif
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
148.251.48.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
client1.square7.ch
Software
Apache/2.4 /
Resource Hash
17aace29a159013e8057221b1838f10046b9d87f285e3480108b59198d973bf0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ziko.square7.ch
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:13 GMT
Last-Modified
Tue, 15 May 2018 16:19:45 GMT
Server
Apache/2.4
ETag
"642-56c40f86ffff5"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=4, max=499
Content-Length
1602
cvv2.jpg
ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/cvv2.jpg
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
148.251.48.69 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
client1.square7.ch
Software
Apache/2.4 /
Resource Hash
b89f1d205a75911c66cd92f108b0e1e1769b7f2bd09dd1e59faa4d8a2adf6975

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ziko.square7.ch
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:13 GMT
Last-Modified
Tue, 15 May 2018 16:19:44 GMT
Server
Apache/2.4
ETag
"945-56c40f866b8f4"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=4, max=499
Content-Length
2373
bpa.js
www.bplaced.net/pub/ 		142 B
638 B 		Script
General
Check archive.org
Download Go to
Full URL
http://www.bplaced.net/pub/bpa.js
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
94.130.236.100 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
mx.bplaced.net
Software
Apache /
Resource Hash
4d1b9a00cb37404f2642d46b66af2b15f69585db1799d1a3707211b47b4bc5d1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:13 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Upgrade, Keep-Alive
Content-Length
141
X-BP-NSA-REQID
(null) a.14UID=325
Last-Modified
Mon, 08 Jan 2018 01:31:23 GMT
Server
Apache
ETag
"8e-56239c18610c0-gzip"
Vary
Accept-Encoding
Upgrade
h2,h2c
Cache-Control
max-age=7200
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=4, max=500
Expires
Wed, 16 May 2018 10:17:13 GMT
style.js
www.jsbeautifiers.com/js/script/ 		0
0
404
www.bplaced.net/
Redirect Chain
  • http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/img/bg.jpg
  • http://www.bplaced.net/404
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.bplaced.net/404
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
94.130.236.100 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
mx.bplaced.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.bplaced.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:13 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-BP-NSA-REQID
(null) a.14UID=804
Last-Modified
Mon, 09 Apr 2018 21:44:48 GMT
Server
Apache
ETag
"1b96-5697150995400-gzip"
Vary
Accept-Encoding
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=4, max=499
Content-Length
1657

Redirect headers

Location
http://www.bplaced.net/404
Date
Wed, 16 May 2018 08:17:13 GMT
Server
Apache/2.4
Connection
Keep-Alive
Keep-Alive
timeout=4, max=500
Content-Length
279
Content-Type
text/html; charset=iso-8859-1
404
www.bplaced.net/
Redirect Chain
  • http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/img/header-bg.png
  • http://www.bplaced.net/404
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.bplaced.net/404
Requested by
Host: ziko.square7.ch
URL: http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
Protocol
HTTP/1.1
Server
94.130.236.100 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS
mx.bplaced.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.bplaced.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/style.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/dk/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 16 May 2018 08:17:13 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-BP-NSA-REQID
(null) a.14UID=724
Last-Modified
Mon, 09 Apr 2018 21:44:48 GMT
Server
Apache
ETag
"1b96-5697150995400-gzip"
Vary
Accept-Encoding
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=4, max=498
Content-Length
1657

Redirect headers

Location
http://www.bplaced.net/404
Date
Wed, 16 May 2018 08:17:13 GMT
Server
Apache/2.4
Connection
Keep-Alive
Keep-Alive
timeout=4, max=500
Content-Length
279
Content-Type
text/html; charset=iso-8859-1
display.php
www.bitadexchange.com/a/ 		0
153 B 		Script
General
Check archive.org
Download Go to
Full URL
http://www.bitadexchange.com/a/display.php?r=1867255
Requested by
Host: www.bplaced.net
URL: http://www.bplaced.net/pub/bpa.js
Protocol
HTTP/1.1
Server
35.186.216.54 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
54.216.186.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ziko.square7.ch/MySQLadmin/Securiza-KeyClienti-dati/2018/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Wed, 16 May 2018 08:17:13 GMT
Via
1.1 google
Referrer-Policy
no-referrer
Server
openresty
Vary
Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/document_iterator.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/find_proxy.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/get_html_text.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/global_constants.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/name_injection_builder.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/number_injection_builder.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/menu_injection_builder.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/string_finder.js
Domain
lifbcibllhkdhoafpjfnlhfpfgnpldfl
URL
chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/change_sink.js
Domain
www.jsbeautifiers.com
URL
http://www.jsbeautifiers.com/js/script/style.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| _uacct number| _userv number| _ufsc string| _udn string| _uhash string| _utimeout string| _ugifpath string| _utsp number| _uflash number| _utitle number| _ulink number| _uanchor string| _utcp number| _usample number| _uctm string| _ucto string| _uccn string| _ucmd string| _ucsr string| _uctr string| _ucct string| _ucid string| _ucno object| _uOsr object| _uOkw object| _uOno object| _uRno undefined| _uff undefined| _udh undefined| _udt number| _ubl string| _udo undefined| _uu number| _ufns number| _uns string| _ur number| _ufno number| _ust object| _ubd object| _udl string| _udlh string| _uwv string| _ugifpath2 function| urchinTracker function| _uGH function| _uInfo function| _uVoid function| _uCInfo function| _uRef function| _uOrg function| _uGCse function| _uBInfo function| __utmSetTrans function| _uFlash function| __utmLinkerUrl function| __utmLinker function| __utmLinkPost function| __utmSetVar function| _uGCS function| _uGC function| _uDomain function| _uHash function| _uFixA function| _uTrim function| _uEC function| __utmVisitorCode function| _uIN function| _uES function| _uUES function| _uVG function| _uSP function| urchinPathCopy function| _uCO function| _uGT string| _utk function| _uNx function| $ function| jQuery string| ML string| MI string| OT number| j function| numbersonly function| checkCC function| verifLength

0 Cookies