nextlevelhosting.org Open in urlscan Pro
2606:4700:30::681b:8d51 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://gmeyt.com/
Effective URL:
https://nextlevelhosting.org/.lx-tqbp/login.html
Submission: On September 15 via manual (September 15th 2019, 2:56:46 am UTC) from US

Summary HTTP 12 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2606:4700:30::681b:8d51, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is nextlevelhosting.org.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on August 22nd 2019. Valid for: a year.

This is the only time nextlevelhosting.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Huntington Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	107.161.23.204 107.161.23.204	3842 (RAMNODE) (RAMNODE - RamNode LLC)
1 1	107.191.99.119 107.191.99.119	3842 (RAMNODE) (RAMNODE - RamNode LLC)
1 2	2606:4700:30:... 2606:4700:30::681b:8d51	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
11	2.16.187.51 2.16.187.51	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
12	2

1 107.161.23.204 (Atlanta, United States) 1 redirects

ASN3842 (RAMNODE - RamNode LLC, US)
PTR: parking.namesilo.com

gmeyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.191.99.119 (New York, United States) 1 redirects

ASN3842 (RAMNODE - RamNode LLC, US)
PTR: aether.layerbnc.org

www.gmeyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:30::681b:8d51 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

nextlevelhosting.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.16.187.51 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-187-51.deploy.static.akamaitechnologies.com

www.huntington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	huntington.com www.huntington.com	180 KB
2	nextlevelhosting.org 1 redirects nextlevelhosting.org	8 KB
2	gmeyt.com 2 redirects gmeyt.com www.gmeyt.com	395 B
12	3

	Domain	Requested by
11	www.huntington.com	nextlevelhosting.org
2	nextlevelhosting.org	1 redirects
1	www.gmeyt.com	1 redirects
1	gmeyt.com	1 redirects
12	4

This site contains links to these domains. Also see Links.

Domain
www.huntington.com
selfservice.huntington.com
cms.huntington.com
huntingtoncc.fdecs.com
myapps.paychex.com
ht.businessonlinepayroll.com
investor.wealthscape.com
huntington.customercarenet.com
login2.fisglobal.com
secure.newportgroup.com
www.govone.com
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
www.linkedin.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-08-22` - `2020-08-21`	a year	crt.sh
huntington.com GeoTrust TLS RSA CA G1	`2019-04-29` - `2021-04-28`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://nextlevelhosting.org/.lx-tqbp/login.html
Frame ID: 27136C507B742EBB581A2B61251D677A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://gmeyt.com/ HTTP 301
http://www.gmeyt.com/ HTTP 301
https://nextlevelhosting.org/.lx-tqbp/ HTTP 302
https://nextlevelhosting.org/.lx-tqbp/login.html Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

12
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

187 kB
Transfer

548 kB
Size

1
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://www.huntington.com/

Search URL Search Domain Scan URL

URL: https://www.huntington.com/mobile-login
Title: Login

Search URL Search Domain Scan URL

URL: https://www.huntington.com/customer-service
Title: Customer Service

Search URL Search Domain Scan URL

URL: https://www.huntington.com/Community
Title: Community

Search URL Search Domain Scan URL

URL: https://www.huntington.com/Privacy-Security
Title: Security

Search URL Search Domain Scan URL

URL: https://www.huntington.com/branchlocator
Title: Find a branch

Search URL Search Domain Scan URL

URL: https://www.huntington.com/Personal
Title: Personal

Search URL Search Domain Scan URL

URL: https://www.huntington.com/private-bank
Title: Private Bank

Search URL Search Domain Scan URL

URL: https://www.huntington.com/SmallBusiness
Title: Business

Search URL Search Domain Scan URL

URL: https://www.huntington.com/Commercial
Title: Commercial

Search URL Search Domain Scan URL

URL: https://selfservice.huntington.com/account/forgotusername
Title: Forgot Username?

Search URL Search Domain Scan URL

URL: https://selfservice.huntington.com/default/ForgotPassword/3
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://www.huntington.com/Personal/online-banking
Title: Learn More

Search URL Search Domain Scan URL

URL: https://selfservice.huntington.com/default/Enrollment/3
Title: Enroll Now

Search URL Search Domain Scan URL

URL: https://cms.huntington.com/
Title: Asset Based Lending

Search URL Search Domain Scan URL

URL: https://huntingtoncc.fdecs.com/
Title: Commercial eCustomerService

Search URL Search Domain Scan URL

URL: https://myapps.paychex.com/landing_remote/login.do?TYPE=33554433&REALMOID=06-fd3ba6b8-7a2f-1013-ba03-83af2ce30cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=09PZJoiHr8jiAF1z4DL6SopY5OyRzoKSeZ4yIhpJe7nkRdeIwtlMrg0rd7X3FRDM&TARGET=-SM-https%3a%2f%2fmyapps.paychex.com%2f
Title: Payroll - Paychex

Search URL Search Domain Scan URL

URL: https://ht.businessonlinepayroll.com/SPF/login/ee_auth.aspx
Title: Payroll - SurePayroll

Search URL Search Domain Scan URL

URL: https://investor.wealthscape.com/huntington/
Title: Online Investments

Search URL Search Domain Scan URL

URL: https://huntington.customercarenet.com/ccn/huntington/mymortgage.html
Title: Online Mortgages

Search URL Search Domain Scan URL

URL: https://login2.fisglobal.com/idp/HUNTRPWL/?ClientID=WebLinkUI
Title: Online Trust

Search URL Search Domain Scan URL

URL: https://secure.newportgroup.com/login/huntington/participant
Title: Retirement Connection

Search URL Search Domain Scan URL

URL: https://www.govone.com/TPP/huntington/Account/Logon
Title: Smart Tax

Search URL Search Domain Scan URL

URL: https://www.facebook.com/HuntingtonBank
Title: Visit Huntington's Facebook page

Search URL Search Domain Scan URL

URL: https://twitter.com/Huntington_Bank
Title: Visit Huntington's Twitter feed

Search URL Search Domain Scan URL

URL: https://www.instagram.com/huntingtonbank/?hl=en
Title: Visit Huntington's Instagram page

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/HuntingtonBank
Title: Visit Huntington's YouTube page

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntington-national-bank
Title: Visit Huntington's LinkedIn page

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://gmeyt.com/ HTTP 301
http://www.gmeyt.com/ HTTP 301
https://nextlevelhosting.org/.lx-tqbp/ HTTP 302
https://nextlevelhosting.org/.lx-tqbp/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.html Show response
nextlevelhosting.org/.lx-tqbp/
Redirect Chain

http://gmeyt.com/
http://www.gmeyt.com/
https://nextlevelhosting.org/.lx-tqbp/
https://nextlevelhosting.org/.lx-tqbp/login.html

33 KB
7 KB

117ms
115ms

Document
text/html

2606:4700:30::681b:8d51
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://nextlevelhosting.org/.lx-tqbp/login.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:8d51 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 4ab65ad186220efc6ddbfe199d1f111d2ef2fcc1a74878af351862c41334eedd

Request headers

:method: GET
:authority: nextlevelhosting.org
:scheme: https
:path: /.lx-tqbp/login.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
cookie: __cfduid=d98a39baf3b75c879bd6fca164916afea1568516190
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sun, 15 Sep 2019 02:56:30 GMT
content-type: text/html
last-modified: Tue, 13 Aug 2019 01:47:40 GMT
x-powered-by: PleskLin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 516753ec9b8359ac-VIE
content-encoding: br

Redirect headers

status: 302
date: Sun, 15 Sep 2019 02:56:30 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d98a39baf3b75c879bd6fca164916afea1568516190; expires=Mon, 14-Sep-20 02:56:30 GMT; path=/; domain=.nextlevelhosting.org; HttpOnly
x-powered-by: PHP/7.1.32 PleskLin
location: login.html
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 516753eb9b3959ac-VIE

GET
H/1.1 200
OK toolkit.min.css
www.huntington.com/Presentation/Styles/ 325 KB
66 KB 316ms
57ms Stylesheet
text/css 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/Styles/toolkit.min.css?v=4gXb_OWKVRG8t2Pf5EX7K9M2R9sAj0ARz9jGauwKi3A1

Requested by

Host: nextlevelhosting.org
URL: https://nextlevelhosting.org/.lx-tqbp/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

4ce4fa80e64d6d39031426b703e881180a42883a18cdb3ed69989691958ec6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://nextlevelhosting.org/.lx-tqbp/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
Content-Encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 66576
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Tue, 13 Aug 2019 14:27:36 GMT
x-frame-options: sameorigin
Date: Sun, 15 Sep 2019 02:56:30 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=1376020
ETag: "07c9140e351d51:0"
Accept-Ranges: bytes
Expires: Tue, 01 Oct 2019 01:10:10 GMT

GET
H/1.1 200
OK chat-fab.css
www.huntington.com/Presentation/Styles/ 88 KB
12 KB 312ms
53ms Stylesheet
text/css 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/Styles/chat-fab.css?v=hoPFdlk5dFyj59B3zxCE52awo8PkUYMX4mvZ7VKQ0rA1

Requested by

Host: nextlevelhosting.org
URL: https://nextlevelhosting.org/.lx-tqbp/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

3e7aaf3b1cd31847478a45040d1915edc3a3660f75f262211c3741fb35a67878

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://nextlevelhosting.org/.lx-tqbp/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
Content-Encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 11260
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Wed, 03 Jul 2019 18:40:48 GMT
x-frame-options: sameorigin
Date: Sun, 15 Sep 2019 02:56:30 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=1223174
ETag: "0f8c4d4ce31d51:0"
Accept-Ranges: bytes
Expires: Sun, 29 Sep 2019 06:42:44 GMT

GET
H/1.1 200
OK site-survey.css
www.huntington.com/Presentation/Styles/ 4 KB
2 KB 313ms
55ms Stylesheet
text/css 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/Styles/site-survey.css?v=JPUKArpfHcwQShPOSO1lZ4Rc9EIIp1VMUD_WyIPop5o1

Requested by

Host: nextlevelhosting.org
URL: https://nextlevelhosting.org/.lx-tqbp/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

31658d5c53adebe945591610f97bfe734f51a1dcaa5c65163a3e78dc8ad36bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://nextlevelhosting.org/.lx-tqbp/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
Content-Encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 1280
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 21 Jun 2019 12:42:34 GMT
x-frame-options: sameorigin
Date: Sun, 15 Sep 2019 02:56:30 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=1182827
ETag: "0d963cc2e28d51:0"
Accept-Ranges: bytes
Expires: Sat, 28 Sep 2019 19:30:17 GMT

GET
H/1.1 200
OK lockup.svg
www.huntington.com/-/media/hcom/global/logo/ 4 KB
2 KB 302ms
44ms Image
image/svg+xml 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntington.com/-/media/hcom/global/logo/lockup.svg?rev=766dc37b392f4c84b0403129acfec075&h=81&w=273&la=en&hash=CBB13816C82E9D808DD73BE863AAE7CC

Requested by

Host: nextlevelhosting.org
URL: https://nextlevelhosting.org/.lx-tqbp/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://nextlevelhosting.org/.lx-tqbp/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
Content-Encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-disposition: inline; filename="lockup.svg"
Connection: keep-alive
Content-Length: 1559
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Sun, 16 Jun 2019 06:27:52 GMT
x-frame-options: sameorigin
Date: Sun, 15 Sep 2019 02:56:30 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: public, max-age=1548817
ETag: 25ac81b1cb8b4557ac63e0186de9a92b
Accept-Ranges: bytes
Expires: Thu, 03 Oct 2019 01:10:07 GMT

GET
H/1.1 200
OK EHL_Black_HouseOnly.svg
www.huntington.com/-/media/hcom/Icons/ 707 B
1 KB 304ms
46ms Image
image/svg+xml 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntington.com/-/media/hcom/Icons/EHL_Black_HouseOnly.svg?rev=adb05b2fdc29408687ad78c90fe98c53

Requested by

Host: nextlevelhosting.org
URL: https://nextlevelhosting.org/.lx-tqbp/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://nextlevelhosting.org/.lx-tqbp/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-disposition: inline; filename="EHL_Black_HouseOnly.svg"
Connection: keep-alive
Content-Length: 707
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Tue, 05 Jun 2018 19:58:44 GMT
Date: Sun, 15 Sep 2019 02:56:30 GMT
x-frame-options: sameorigin
Content-Type: image/svg+xml
Cache-Control: public, max-age=1548801
ETag: 57637a2d5858427aba58213dfd85741c
Accept-Ranges: bytes
Expires: Thu, 03 Oct 2019 01:09:51 GMT

GET
H/1.1 200
OK logo-honeycomb.svg
www.huntington.com/-/media/hcom/global/logo/ 844 B
2 KB 299ms
41ms Image
image/svg+xml 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntington.com/-/media/hcom/global/logo/logo-honeycomb.svg?rev=068545a5ac0a4bf68b6f194bec8dec58

Requested by

Host: nextlevelhosting.org
URL: https://nextlevelhosting.org/.lx-tqbp/login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://nextlevelhosting.org/.lx-tqbp/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-disposition: inline; filename="logo-honeycomb.svg"
Connection: keep-alive
Content-Length: 844
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Mon, 11 Dec 2017 15:39:44 GMT
Date: Sun, 15 Sep 2019 02:56:30 GMT
x-frame-options: sameorigin
Content-Type: image/svg+xml
Cache-Control: public, max-age=1548908
ETag: 2d91d2b82c4a40438297b714b6e7ceb5
Accept-Ranges: bytes
Expires: Thu, 03 Oct 2019 01:11:38 GMT

GET
H/1.1 200
OK HuntingtonApexWeb-Medium.woff2
www.huntington.com/Presentation/fonts/ 20 KB
20 KB 125ms
51ms Font
application/font-woff2 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Medium.woff2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.huntington.com/Presentation/Styles/toolkit.min.css?v=4gXb_OWKVRG8t2Pf5EX7K9M2R9sAj0ARz9jGauwKi3A1
Origin: https://nextlevelhosting.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 19976
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 21 Jun 2019 12:42:34 GMT
Date: Sun, 15 Sep 2019 02:56:30 GMT
x-frame-options: sameorigin
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1184450
ETag: "0d963cc2e28d51:0"
Accept-Ranges: bytes
Expires: Sat, 28 Sep 2019 19:57:20 GMT

GET
H/1.1 200
OK muli-v11-latin-300.woff2
www.huntington.com/Presentation/fonts/ 16 KB
17 KB 118ms
45ms Font
application/font-woff2 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/fonts/muli-v11-latin-300.woff2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

f43ea36b900ae7aa4ec07956e9b1223ab00dac1f766d97580b1e2bfe721cdc24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.huntington.com/Presentation/Styles/toolkit.min.css?v=4gXb_OWKVRG8t2Pf5EX7K9M2R9sAj0ARz9jGauwKi3A1
Origin: https://nextlevelhosting.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 16872
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 21 Jun 2019 12:42:33 GMT
Date: Sun, 15 Sep 2019 02:56:30 GMT
x-frame-options: sameorigin
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1184552
ETag: "0d963cc2e28d51:0:dtagent10169190624124732Eq+d"
Accept-Ranges: bytes
Expires: Sat, 28 Sep 2019 19:59:02 GMT

GET
H/1.1 200
OK HuntingtonApexWeb-Bold.woff2
www.huntington.com/Presentation/fonts/ 19 KB
20 KB 119ms
47ms Font
application/font-woff2 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Bold.woff2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.huntington.com/Presentation/Styles/toolkit.min.css?v=4gXb_OWKVRG8t2Pf5EX7K9M2R9sAj0ARz9jGauwKi3A1
Origin: https://nextlevelhosting.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 19712
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 21 Jun 2019 12:42:33 GMT
Date: Sun, 15 Sep 2019 02:56:30 GMT
x-frame-options: sameorigin
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1182794
ETag: "0d963cc2e28d51:0:dtagent10169190624124732Eq+d"
Accept-Ranges: bytes
Expires: Sat, 28 Sep 2019 19:29:44 GMT

GET
H/1.1 200
OK HuntingtonApexWeb-Book.woff2
www.huntington.com/Presentation/fonts/ 20 KB
21 KB 117ms
44ms Font
application/font-woff2 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/fonts/HuntingtonApexWeb-Book.woff2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.huntington.com/Presentation/Styles/toolkit.min.css?v=4gXb_OWKVRG8t2Pf5EX7K9M2R9sAj0ARz9jGauwKi3A1
Origin: https://nextlevelhosting.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 20592
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 21 Jun 2019 12:42:34 GMT
Date: Sun, 15 Sep 2019 02:56:30 GMT
x-frame-options: sameorigin
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1182806
ETag: "0d963cc2e28d51:0"
Accept-Ranges: bytes
Expires: Sat, 28 Sep 2019 19:29:56 GMT

GET
H/1.1 200
OK muli-v11-latin-700.woff2
www.huntington.com/Presentation/fonts/ 17 KB
17 KB 116ms
43ms Font
application/font-woff2 2.16.187.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntington.com/Presentation/fonts/muli-v11-latin-700.woff2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.16.187.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-16-187-51.deploy.static.akamaitechnologies.com

Software

Resource Hash

34f3c7445d22c1509aeecc5d020b6d24c9e2f63b3c0514cebbc3813798965273

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.huntington.com/Presentation/Styles/toolkit.min.css?v=4gXb_OWKVRG8t2Pf5EX7K9M2R9sAj0ARz9jGauwKi3A1
Origin: https://nextlevelhosting.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: CP="NON CUR OTPi OUR NOR UNI"
Connection: keep-alive
Content-Length: 17128
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: no-referrer-when-downgrade
Last-Modified: Fri, 21 Jun 2019 12:42:33 GMT
Date: Sun, 15 Sep 2019 02:56:30 GMT
x-frame-options: sameorigin
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1185380
ETag: "0d963cc2e28d51:0:dtagent10169190624124732Eq+d"
Accept-Ranges: bytes
Expires: Sat, 28 Sep 2019 20:12:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Huntington Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nextlevelhosting.org/	1970-01-19 12:27:32	Name: __cfduid Value: d98a39baf3b75c879bd6fca164916afea1568516190

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gmeyt.com
nextlevelhosting.org
www.gmeyt.com
www.huntington.com
107.161.23.204
107.191.99.119
2.16.187.51
2606:4700:30::681b:8d51
04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d
31658d5c53adebe945591610f97bfe734f51a1dcaa5c65163a3e78dc8ad36bee
34f3c7445d22c1509aeecc5d020b6d24c9e2f63b3c0514cebbc3813798965273
3e7aaf3b1cd31847478a45040d1915edc3a3660f75f262211c3741fb35a67878
4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e
4ab65ad186220efc6ddbfe199d1f111d2ef2fcc1a74878af351862c41334eedd
4ce4fa80e64d6d39031426b703e881180a42883a18cdb3ed69989691958ec6a8
83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93
9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed
deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215
e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555
f43ea36b900ae7aa4ec07956e9b1223ab00dac1f766d97580b1e2bfe721cdc24

nextlevelhosting.org Open in urlscan Pro 2606:4700:30::681b:8d51 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

2 IPs

2 Countries

187 kBTransfer

548 kBSize

1 Cookies

28 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

nextlevelhosting.org Open in urlscan Pro
2606:4700:30::681b:8d51 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

187 kB
Transfer

548 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!