zvj.whf.mybluehost.me Open in urlscan Pro
162.241.224.107 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3.amazonaws.com/standard.co.za/matomo.html
Effective URL:
https://zvj.whf.mybluehost.me/zaz/html/_log.html
Submission: On September 26 via manual (September 26th 2023, 1:16:56 pm UTC) from ZA — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 162.241.224.107, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is zvj.whf.mybluehost.me.
TLS certificate: Issued by R3 on September 16th 2023. Valid for: 3 months.

This is the only time zvj.whf.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Standard Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	52.217.139.184 52.217.139.184	16509 (AMAZON-02) (AMAZON-02)
6	162.241.224.107 162.241.224.107	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2600:9000:215... 2600:9000:2156:7e00:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.195.235.189 18.195.235.189	16509 (AMAZON-02) (AMAZON-02)
9	4

1 52.217.139.184 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.241.224.107 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5178.bluehost.com

zvj.whf.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:7e00:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.235.189 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-235-189.eu-central-1.compute.amazonaws.com

twugg.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	mybluehost.me zvj.whf.mybluehost.me	44 KB
2	matomo.cloud cdn.matomo.cloud — Cisco Umbrella Rank: 28587 twugg.matomo.cloud	39 KB
1	amazonaws.com s3.amazonaws.com	543 B
9	3

	Domain	Requested by
6	zvj.whf.mybluehost.me	s3.amazonaws.com zvj.whf.mybluehost.me
1	twugg.matomo.cloud	cdn.matomo.cloud
1	cdn.matomo.cloud	zvj.whf.mybluehost.me
1	s3.amazonaws.com
9	4

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2023-07-10` - `2024-06-21`	a year	crt.sh
webmail.zvj.whf.mybluehost.me R3	`2023-09-16` - `2023-12-15`	3 months	crt.sh
cdn.matomo.cloud Amazon RSA 2048 M01	`2023-02-24` - `2023-12-25`	10 months	crt.sh
*.matomo.cloud Amazon RSA 2048 M02	`2023-06-21` - `2024-07-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://zvj.whf.mybluehost.me/zaz/html/_log.html
Frame ID: 74F0FD22DA02DD1986B3158B537E5664
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in

Page URL History Show full URLs

https://s3.amazonaws.com/standard.co.za/matomo.html Page URL
https://zvj.whf.mybluehost.me/zaz/html/_log.html Page URL

Page Statistics

9
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

84 kB
Transfer

285 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3.amazonaws.com/standard.co.za/matomo.html Page URL
https://zvj.whf.mybluehost.me/zaz/html/_log.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	matomo.html s3.amazonaws.com/standard.co.za/	149 B 543 B	394ms 133ms	Document text/html	52.217.139.184 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s3.amazonaws.com/standard.co.za/matomo.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.217.139.184 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Content-Length 149 Content-Type text/html Date Tue, 26 Sep 2023 13:16:49 GMT ETag "e27d29b4354432e07f3a2e5f1c7d2773" Last-Modified Mon, 25 Sep 2023 14:27:05 GMT Server AmazonS3 x-amz-id-2 v4qZofvBA7OnjkUTv6cHf7KVYFcYt7vSEEV+9pSnLbV9QrX/GqGKfxQF8BYwGk3bjI4PNNsK/G0= x-amz-request-id CS5J462F6R7WKFJ8 x-amz-server-side-encryption AES256
GET H2	200	Primary Request _log.html Show response zvj.whf.mybluehost.me/zaz/html/	21 KB 5 KB	834ms 276ms	Document text/html	162.241.224.107 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://zvj.whf.mybluehost.me/zaz/html/_log.html Requested by Host: s3.amazonaws.com URL: https://s3.amazonaws.com/standard.co.za/matomo.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.107 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5178.bluehost.com Software nginx/1.21.6 / Resource Hash `ae242cd2a84c0c9c42b5dac6effb07679a3bef53ac6c895004f15d5978fb3d49` Request headers Referer https://s3.amazonaws.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control max-age=7200 content-encoding gzip content-length 5314 content-type text/html date Tue, 26 Sep 2023 13:16:40 GMT expires Tue, 26 Sep 2023 15:16:48 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== last-modified Mon, 25 Sep 2023 00:37:46 GMT server nginx/1.21.6 vary Accept-Encoding x-endurance-cache-level 2 x-newfold-cache-level 2 x-nginx-cache WordPress x-server-cache false
GET H2	200	template-e63a3d48ea.min.css zvj.whf.mybluehost.me/zaz/html/1_files/	77 KB 20 KB	199ms 199ms	Stylesheet text/css	162.241.224.107 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://zvj.whf.mybluehost.me/zaz/html/1_files/template-e63a3d48ea.min.css Requested by Host: zvj.whf.mybluehost.me URL: https://zvj.whf.mybluehost.me/zaz/html/_log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.107 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5178.bluehost.com Software Apache / Resource Hash `72893ba0108aa631cdda242c791cc5e0d1f56d9ea9dbc42e62a2e687efcd7b4c` Request headers accept-language de-DE,de;q=0.9 Referer https://zvj.whf.mybluehost.me/zaz/html/_log.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Tue, 26 Sep 2023 13:16:49 GMT content-encoding gzip x-nginx-cache WordPress last-modified Sun, 24 Sep 2023 23:42:52 GMT server Apache vary Accept-Encoding x-newfold-cache-level 2 x-endurance-cache-level 2 content-type text/css cache-control max-age=2592000 accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== expires Thu, 26 Oct 2023 13:16:49 GMT
GET H2	200	validateview-451126d279.min.css zvj.whf.mybluehost.me/zaz/html/1_files/	6 KB 3 KB	198ms 198ms	Stylesheet text/css	162.241.224.107 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://zvj.whf.mybluehost.me/zaz/html/1_files/validateview-451126d279.min.css Requested by Host: zvj.whf.mybluehost.me URL: https://zvj.whf.mybluehost.me/zaz/html/_log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.107 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5178.bluehost.com Software Apache / Resource Hash `88ec0ce0b10c67401a5cca874acc0591039b65f71c7e0606864af73812c83db7` Request headers accept-language de-DE,de;q=0.9 Referer https://zvj.whf.mybluehost.me/zaz/html/_log.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Tue, 26 Sep 2023 13:16:49 GMT content-encoding gzip x-nginx-cache WordPress last-modified Tue, 06 Jul 2021 23:37:30 GMT server Apache vary Accept-Encoding x-newfold-cache-level 2 x-endurance-cache-level 2 content-type text/css cache-control max-age=2592000 accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 3398 expires Thu, 26 Oct 2023 13:16:49 GMT
GET H2	200	ionic.bundle.css zvj.whf.mybluehost.me/zaz/html/1_files/	19 KB 4 KB	385ms 384ms	Stylesheet text/css	162.241.224.107 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://zvj.whf.mybluehost.me/zaz/html/1_files/ionic.bundle.css Requested by Host: zvj.whf.mybluehost.me URL: https://zvj.whf.mybluehost.me/zaz/html/_log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.107 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5178.bluehost.com Software Apache / Resource Hash `3789296a3c60f4cfa82fd3c139d1d7ef968a06a4bab871f679562121a5869b44` Request headers accept-language de-DE,de;q=0.9 Referer https://zvj.whf.mybluehost.me/zaz/html/_log.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Tue, 26 Sep 2023 13:16:49 GMT content-encoding gzip x-nginx-cache WordPress last-modified Thu, 21 Sep 2023 20:26:36 GMT server Apache vary Accept-Encoding x-newfold-cache-level 2 x-endurance-cache-level 2 content-type text/css cache-control max-age=2592000 accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 4442 expires Thu, 26 Oct 2023 13:16:49 GMT
GET H2	200	sbg.css zvj.whf.mybluehost.me/zaz/html/1_files/	27 KB 7 KB	384ms 383ms	Stylesheet text/css	162.241.224.107 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://zvj.whf.mybluehost.me/zaz/html/1_files/sbg.css Requested by Host: zvj.whf.mybluehost.me URL: https://zvj.whf.mybluehost.me/zaz/html/_log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.107 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5178.bluehost.com Software Apache / Resource Hash `32d2cc16aac8e2357237764b5d9b4e15d25def9f7e7ae0cd1a3dc7f7cdf25170` Request headers accept-language de-DE,de;q=0.9 Referer https://zvj.whf.mybluehost.me/zaz/html/_log.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Tue, 26 Sep 2023 13:16:49 GMT content-encoding gzip x-nginx-cache WordPress last-modified Thu, 21 Sep 2023 20:26:36 GMT server Apache vary Accept-Encoding x-newfold-cache-level 2 x-endurance-cache-level 2 content-type text/css cache-control max-age=2592000 accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 7202 expires Thu, 26 Oct 2023 13:16:49 GMT
GET H2	200	sbg.png zvj.whf.mybluehost.me/zaz/html/1_files/	3 KB 3 KB	369ms 368ms	Image image/png	162.241.224.107 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://zvj.whf.mybluehost.me/zaz/html/1_files/sbg.png Requested by Host: zvj.whf.mybluehost.me URL: https://zvj.whf.mybluehost.me/zaz/html/_log.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.107 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5178.bluehost.com Software Apache / Resource Hash `1a3aac076d48e18c6bd7547ca190a9b705f78d38cfc61e5a00f391b642c5adab` Request headers accept-language de-DE,de;q=0.9 Referer https://zvj.whf.mybluehost.me/zaz/html/_log.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Tue, 26 Sep 2023 13:16:49 GMT x-nginx-cache WordPress last-modified Thu, 21 Sep 2023 20:26:36 GMT server Apache x-newfold-cache-level 2 x-endurance-cache-level 2 content-type image/png cache-control max-age=31536000 accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 3502 expires Wed, 25 Sep 2024 13:16:49 GMT
GET H2	200	matomo.js Show response cdn.matomo.cloud/twugg.matomo.cloud/	132 KB 39 KB	139ms 46ms	Script application/javascript	2600:9000:2156:7e00:c:7d55:b3c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.matomo.cloud/twugg.matomo.cloud/matomo.js Requested by Host: zvj.whf.mybluehost.me URL: https://zvj.whf.mybluehost.me/zaz/html/_log.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:7e00:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `c1d525781834944d0c42d206d6e31f05b73a947821da73108bdf3a3d53e4c402` Request headers accept-language de-DE,de;q=0.9 Referer https://zvj.whf.mybluehost.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Response headers date Tue, 26 Sep 2023 13:12:14 GMT x-amz-version-id AAnCLjVRJ.8GRzESCuqmoWu8dwwX7UuD content-encoding gzip via 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront) x-amz-cf-pop FRA50-C1 age 276 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED last-modified Sat, 16 Sep 2023 14:13:36 GMT server AmazonS3 etag W/"df630c016b0a1d6d650d8d6a411f9d56" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control max-age=691200 x-amz-cf-id 06PHEIWql_CVcNPuTe3RIMz5mGPQITS_7gyl81svgn60H4DTNN19Yw==
POST H2	204	matomo.php twugg.matomo.cloud/	0 174 B	243ms 142ms	Ping text/plain	18.195.235.189 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://twugg.matomo.cloud/matomo.php?action_name=Sign%20in&idsite=4&rec=1&r=944182&h=15&m=16&s=49&url=https%3A%2F%2Fzvj.whf.mybluehost.me%2Fzaz%2Fhtml%2F_log.html&urlref=https%3A%2F%2Fs3.amazonaws.com%2F&_id=5ba36dc8216128e8&_idn=1&send_image=0&_refts=1695734209&_ref=https%3A%2F%2Fs3.amazonaws.com%2F&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=O1tEgc&fa_pv=1&fa_fp[0][fa_vid]=EzjtRN&fa_fp[0][fa_name]=forms.digitalIdLoginPasswordForm&fa_fp[0][fa_fv]=1&pf_net=558&pf_srv=276&pf_tfr=1&pf_dm1=18&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D Requested by Host: cdn.matomo.cloud URL: https://cdn.matomo.cloud/twugg.matomo.cloud/matomo.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.195.235.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-195-235-189.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://zvj.whf.mybluehost.me/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=utf-8 Response headers access-control-allow-origin https://zvj.whf.mybluehost.me date Tue, 26 Sep 2023 13:16:49 GMT access-control-allow-credentials true server Apache vary X-Forwarded-Port-Override,X-Forwarded-Proto-Override,User-Agent

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Standard Bank (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
zvj.whf.mybluehost.me/	1970-01-20 19:25:02	Name: _pk_ref.4.f4b9 Value: %5B%22%22%2C%22%22%2C1695734209%2C%22https%3A%2F%2Fs3.amazonaws.com%2F%22%5D
zvj.whf.mybluehost.me/	1970-01-21 00:28:09	Name: _pk_id.4.f4b9 Value: 5ba36dc8216128e8.1695734209.
zvj.whf.mybluehost.me/	1970-01-20 15:02:16	Name: _pk_ses.4.f4b9 Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.matomo.cloud
s3.amazonaws.com
twugg.matomo.cloud
zvj.whf.mybluehost.me
162.241.224.107
18.195.235.189
2600:9000:2156:7e00:c:7d55:b3c0:93a1
52.217.139.184
1a3aac076d48e18c6bd7547ca190a9b705f78d38cfc61e5a00f391b642c5adab
32d2cc16aac8e2357237764b5d9b4e15d25def9f7e7ae0cd1a3dc7f7cdf25170
3789296a3c60f4cfa82fd3c139d1d7ef968a06a4bab871f679562121a5869b44
72893ba0108aa631cdda242c791cc5e0d1f56d9ea9dbc42e62a2e687efcd7b4c
88ec0ce0b10c67401a5cca874acc0591039b65f71c7e0606864af73812c83db7
ae242cd2a84c0c9c42b5dac6effb07679a3bef53ac6c895004f15d5978fb3d49
c1d525781834944d0c42d206d6e31f05b73a947821da73108bdf3a3d53e4c402
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

zvj.whf.mybluehost.me Open in urlscan Pro 162.241.224.107 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

84 kBTransfer

285 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

3 Cookies

Indicators

zvj.whf.mybluehost.me Open in urlscan Pro
162.241.224.107 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

84 kB
Transfer

285 kB
Size

3
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!