www.ksbahnet.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 217.182.196.224, located in Germany and belongs to OVH, FR. The main domain is www.ksbahnet.com.

This is the only time www.ksbahnet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	217.182.196.224 217.182.196.224	16276 (OVH) (OVH)
1	2404:6800:400... 2404:6800:4004:820::200a	15169 (GOOGLE) (GOOGLE)
2	3

1 217.182.196.224 (Germany)

ASN16276 (OVH, FR)
PTR: xeon.dzairhosting.com

www.ksbahnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:820::200a (Australia)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422	31 KB
1	ksbahnet.com www.ksbahnet.com	491 KB
2	2

	Domain	Requested by
1	ajax.googleapis.com	www.ksbahnet.com
1	www.ksbahnet.com
2	2

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://www.ksbahnet.com/img/13/lSUbJOGAatLcSXjoA8dClSUbJOGAatLcSXjoA8dC/
Frame ID: 9BB61DDDCF4E1727F2B6F30478F26C1F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in - Google Accounts

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

2
Requests

50 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

522 kB
Transfer

824 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://support.google.com/accounts?hl=en
Title: Help

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=GB&hl=en&privacy=true
Title: Privacy

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=GB&hl=en
Title: Terms

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.ksbahnet.com/img/13/lSUbJOGAatLcSXjoA8dClSUbJOGAatLcSXjoA8dC/ 491 KB
491 KB 975ms
252ms Document
text/html 217.182.196.224
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://www.ksbahnet.com/img/13/lSUbJOGAatLcSXjoA8dClSUbJOGAatLcSXjoA8dC/
Protocol: HTTP/1.1
Server: 217.182.196.224 , Germany, ASN16276 (OVH, FR),
Reverse DNS: xeon.dzairhosting.com
Software: Apache /
Resource Hash: 726225d780e0803f85f09442b12ae733e518960129c91aa469b6d6c066f88df2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 502659
Content-Type: text/html
Date: Wed, 14 Jun 2023 07:03:45 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Fri, 12 May 2023 21:56:28 GMT
Server: Apache

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 47ms
3ms Script
text/javascript 2404:6800:4004:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.ksbahnet.com
URL: http://www.ksbahnet.com/img/13/lSUbJOGAatLcSXjoA8dClSUbJOGAatLcSXjoA8dC/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://www.ksbahnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 00:51:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22334
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Jun 2024 00:51:31 GMT

GET
DATA 200
OK truncated
/ 246 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aadfcaf72b321bcc9e5d2c61c9df681ad625e0383093108174a11fe4014c5dac

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://www.ksbahnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://www.ksbahnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://www.ksbahnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
www.ksbahnet.com
217.182.196.224
2404:6800:4004:820::200a
726225d780e0803f85f09442b12ae733e518960129c91aa469b6d6c066f88df2
aadfcaf72b321bcc9e5d2c61c9df681ad625e0383093108174a11fe4014c5dac
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

www.ksbahnet.com Open in urlscan Pro 217.182.196.224 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

2 Requests

50 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

522 kBTransfer

824 kBSize

0 Cookies

3 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

www.ksbahnet.com Open in urlscan Pro
217.182.196.224 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

522 kB
Transfer

824 kB
Size

0
Cookies

2 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!