![](/screenshots/330df2dd-6884-4560-9a51-6e4d5f66d3fe.png)
zvj.whf.mybluehost.me
Open in
urlscan Pro
162.241.224.107
Malicious Activity!
Public Scan
Effective URL: https://zvj.whf.mybluehost.me/zaz/html/_log.html
Submission: On September 26 via manual from ZA — Scanned from DE
Summary
TLS certificate: Issued by R3 on September 16th 2023. Valid for: 3 months.
This is the only time zvj.whf.mybluehost.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Standard Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.217.139.184 52.217.139.184 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 162.241.224.107 162.241.224.107 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2600:9000:215... 2600:9000:2156:7e00:c:7d55:b3c0:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.195.235.189 18.195.235.189 | 16509 (AMAZON-02) (AMAZON-02) | |
9 | 4 |
ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5178.bluehost.com
zvj.whf.mybluehost.me |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com
twugg.matomo.cloud |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
mybluehost.me
zvj.whf.mybluehost.me |
44 KB |
2 |
matomo.cloud
cdn.matomo.cloud — Cisco Umbrella Rank: 28587 twugg.matomo.cloud |
39 KB |
1 |
amazonaws.com
s3.amazonaws.com |
543 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
6 | zvj.whf.mybluehost.me |
s3.amazonaws.com
zvj.whf.mybluehost.me |
1 | twugg.matomo.cloud |
cdn.matomo.cloud
|
1 | cdn.matomo.cloud |
zvj.whf.mybluehost.me
|
1 | s3.amazonaws.com | |
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s3.amazonaws.com Amazon RSA 2048 M01 |
2023-07-10 - 2024-06-21 |
a year | crt.sh |
webmail.zvj.whf.mybluehost.me R3 |
2023-09-16 - 2023-12-15 |
3 months | crt.sh |
cdn.matomo.cloud Amazon RSA 2048 M01 |
2023-02-24 - 2023-12-25 |
10 months | crt.sh |
*.matomo.cloud Amazon RSA 2048 M02 |
2023-06-21 - 2024-07-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://zvj.whf.mybluehost.me/zaz/html/_log.html
Frame ID: 74F0FD22DA02DD1986B3158B537E5664
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/330df2dd-6884-4560-9a51-6e4d5f66d3fe.png)
Page Title
Sign inPage URL History Show full URLs
- https://s3.amazonaws.com/standard.co.za/matomo.html Page URL
- https://zvj.whf.mybluehost.me/zaz/html/_log.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://s3.amazonaws.com/standard.co.za/matomo.html Page URL
- https://zvj.whf.mybluehost.me/zaz/html/_log.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
matomo.html
s3.amazonaws.com/standard.co.za/ |
149 B 543 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
_log.html
zvj.whf.mybluehost.me/zaz/html/ |
21 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
template-e63a3d48ea.min.css
zvj.whf.mybluehost.me/zaz/html/1_files/ |
77 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validateview-451126d279.min.css
zvj.whf.mybluehost.me/zaz/html/1_files/ |
6 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionic.bundle.css
zvj.whf.mybluehost.me/zaz/html/1_files/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sbg.css
zvj.whf.mybluehost.me/zaz/html/1_files/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sbg.png
zvj.whf.mybluehost.me/zaz/html/1_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
matomo.js
cdn.matomo.cloud/twugg.matomo.cloud/ |
132 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
matomo.php
twugg.matomo.cloud/ |
0 174 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Standard Bank (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| _paq object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
zvj.whf.mybluehost.me/ | Name: _pk_ref.4.f4b9 Value: %5B%22%22%2C%22%22%2C1695734209%2C%22https%3A%2F%2Fs3.amazonaws.com%2F%22%5D |
|
zvj.whf.mybluehost.me/ | Name: _pk_id.4.f4b9 Value: 5ba36dc8216128e8.1695734209. |
|
zvj.whf.mybluehost.me/ | Name: _pk_ses.4.f4b9 Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.matomo.cloud
s3.amazonaws.com
twugg.matomo.cloud
zvj.whf.mybluehost.me
162.241.224.107
18.195.235.189
2600:9000:2156:7e00:c:7d55:b3c0:93a1
52.217.139.184
1a3aac076d48e18c6bd7547ca190a9b705f78d38cfc61e5a00f391b642c5adab
32d2cc16aac8e2357237764b5d9b4e15d25def9f7e7ae0cd1a3dc7f7cdf25170
3789296a3c60f4cfa82fd3c139d1d7ef968a06a4bab871f679562121a5869b44
72893ba0108aa631cdda242c791cc5e0d1f56d9ea9dbc42e62a2e687efcd7b4c
88ec0ce0b10c67401a5cca874acc0591039b65f71c7e0606864af73812c83db7
ae242cd2a84c0c9c42b5dac6effb07679a3bef53ac6c895004f15d5978fb3d49
c1d525781834944d0c42d206d6e31f05b73a947821da73108bdf3a3d53e4c402
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855