zro.znt.mybluehost.me

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 50.87.180.88, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is zro.znt.mybluehost.me.
TLS certificate: Issued by R3 on May 17th 2023. Valid for: 3 months.

This is the only time zro.znt.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Outlook (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	50.87.180.88 50.87.180.88	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 1	2600:9000:225... 2600:9000:2250:9800:10:7abf:f800:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:50c0:800... 2606:50c0:8000::153	54113 (FASTLY) (FASTLY)
3	2

2 50.87.180.88 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2542.bluehost.com

zro.znt.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:9800:10:7abf:f800:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8000::153 (United States)

ASN54113 (FASTLY, US)

i2.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	sitepoint.com 1 redirects www.sitepoint.com — Cisco Umbrella Rank: 197761 i2.sitepoint.com	6 KB
2	mybluehost.me zro.znt.mybluehost.me	12 KB
3	2

	Domain	Requested by
2	zro.znt.mybluehost.me	zro.znt.mybluehost.me
1	i2.sitepoint.com	zro.znt.mybluehost.me
1	www.sitepoint.com	1 redirects
3	3

This site contains no links.

Subject Issuer	Validity	Valid
www.zro.znt.mybluehost.me R3	`2023-05-17` - `2023-08-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/LL1.htm
Frame ID: B4464FA0A0F2DB10AE3E3E5C464EF44F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

VVINDOWS SIGN IN

Page Statistics

3
Requests

67 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

18 kB
Transfer

30 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js HTTP 301
https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request LL1.htm Show response zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/	2 KB 1 KB	1069ms 181ms	Document text/html	50.87.180.88 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/LL1.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 50.87.180.88 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box2542.bluehost.com Software Apache / Resource Hash `22a6eafe0603d6ab22e365a07aeaf2ae0eb4fe9db5a952cc304f4279b533ed9b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-encoding gzip content-length 1168 content-type text/html date Wed, 24 May 2023 17:10:59 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== last-modified Fri, 23 Sep 2022 13:42:58 GMT server Apache vary Accept-Encoding
GET H2	200	MaskedPassword.js Show response i2.sitepoint.com/examples/password/MaskedPassword/ Redirect Chain https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js	17 KB 6 KB	100ms 22ms	Script application/javascript	2606:50c0:8000::153 FASTLY
General Check archive.org Show headers Download Go to Full URL https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js Requested by Host: zro.znt.mybluehost.me URL: https://zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/LL1.htm Protocol H2 Server 2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US), Reverse DNS Software GitHub.com / Resource Hash `2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825` Request headers accept-language de-DE,de;q=0.9 Referer https://zro.znt.mybluehost.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-fastly-request-id f73c84963bb0b68e1220910f8d2d86899753d69f date Wed, 24 May 2023 17:10:59 GMT content-encoding gzip via 1.1 varnish x-cache-hits 1 age 595 x-cache HIT x-proxy-cache MISS content-length 5816 x-served-by cache-fra-eddf8230061-FRA last-modified Sun, 18 Oct 2020 23:08:24 GMT server GitHub.com x-github-request-id 9946:0F5D:28ED1E9:2A4C4CC:646DA7CB x-timer S1684948260.704526,VS0,VE2 etag W/"5f8ccae8-4208" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=600 accept-ranges bytes expires Wed, 24 May 2023 06:09:39 GMT Redirect headers date Wed, 24 May 2023 15:01:08 GMT via 1.1 9905602b8526d2635024f3edbf1df702.cloudfront.net (CloudFront) server CloudFront x-amz-cf-pop FRA60-P2 age 7791 x-cache Hit from cloudfront location https://i2.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js content-length 0 x-amz-cf-id SmWYWJcKzjRseTq4vQbb-iXOSbAusvZbrkZoM8LSC3u10o57H9o6Kw==
GET H2	200	LL1.png zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/live_files/	11 KB 11 KB	179ms 179ms	Image image/png	50.87.180.88 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/live_files/LL1.png Requested by Host: zro.znt.mybluehost.me URL: https://zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/LL1.htm Protocol H2 Security TLS 1.3, , AES_256_GCM Server 50.87.180.88 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box2542.bluehost.com Software Apache / Resource Hash `80005e519c9f37c4e4ea12b2e19d53376f268f318e99bcf8731f76899885a809` Request headers accept-language de-DE,de;q=0.9 Referer https://zro.znt.mybluehost.me/en/7e4c6ec8bcc694c0d249deded1c5fe3c7e4c6ec8bcc69&session=4c0d249deded1c5fe3c7e4c6ec8bcc694c/onedrive/LL1.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Wed, 24 May 2023 17:10:59 GMT last-modified Fri, 23 Sep 2022 13:42:58 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 10776 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Outlook (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| MaskedPassword

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i2.sitepoint.com
www.sitepoint.com
zro.znt.mybluehost.me
2600:9000:2250:9800:10:7abf:f800:93a1
2606:50c0:8000::153
50.87.180.88
22a6eafe0603d6ab22e365a07aeaf2ae0eb4fe9db5a952cc304f4279b533ed9b
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
80005e519c9f37c4e4ea12b2e19d53376f268f318e99bcf8731f76899885a809

zro.znt.mybluehost.me Open in urlscan Pro 50.87.180.88 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

67 %HTTPS

67 %IPv6

2 Domains

3 Subdomains

2 IPs

1 Countries

18 kBTransfer

30 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

zro.znt.mybluehost.me Open in urlscan Pro
50.87.180.88 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

67 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

18 kB
Transfer

30 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!