![](/screenshots/85aa2bd8-bdc1-4fa0-a50f-a9887e75959d.png)
zz2.dns-cloud.net
Open in
urlscan Pro
104.42.57.240
Malicious Activity!
Public Scan
Effective URL: https://zz2.dns-cloud.net/us/1/index.htm?7a7a322e646e732d636c6f75642e6e6574-7a7a322e646e732d636c6f75642e6e6574-7a7a322e646...
Submission: On February 26 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 22nd 2020. Valid for: 3 months.
This is the only time zz2.dns-cloud.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 10 | 104.42.57.240 104.42.57.240 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
9 | 1 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
zz2.dns-cloud.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
dns-cloud.net
1 redirects
zz2.dns-cloud.net |
74 KB |
1 |
bit.ly
1 redirects
bit.ly |
343 B |
9 | 2 |
Domain | Requested by | |
---|---|---|
10 | zz2.dns-cloud.net |
1 redirects
zz2.dns-cloud.net
|
1 | bit.ly | 1 redirects |
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
zz2.dns-cloud.net cPanel, Inc. Certification Authority |
2020-02-22 - 2020-05-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://zz2.dns-cloud.net/us/1/index.htm?7a7a322e646e732d636c6f75642e6e6574-7a7a322e646e732d636c6f75642e6e6574-7a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e6574
Frame ID: 9EA4F34D73EF771B4614D87E390842F7
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/85aa2bd8-bdc1-4fa0-a50f-a9887e75959d.png)
Page URL History Show full URLs
-
http://bit.ly/3a3S0Gv
HTTP 301
https://zz2.dns-cloud.net/us/ HTTP 302
https://zz2.dns-cloud.net/us/1/index.htm?7a7a322e646e732d636c6f75642e6e6574-7a7a322e646e732d636c6f7564... Page URL
Detected technologies
Detected patterns
- html /<(?:div|html)[^>]+ng-app=/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bit.ly/3a3S0Gv
HTTP 301
https://zz2.dns-cloud.net/us/ HTTP 302
https://zz2.dns-cloud.net/us/1/index.htm?7a7a322e646e732d636c6f75642e6e6574-7a7a322e646e732d636c6f75642e6e6574-7a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e65747a7a322e646e732d636c6f75642e6e6574 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.htm
zz2.dns-cloud.net/us/1/ Redirect Chain
|
9 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
log.css
zz2.dns-cloud.net/us/1/index%5D_files/ |
16 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gen_validatorv4.js
zz2.dns-cloud.net/us/1/index%5D_files/ |
31 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
16.png
zz2.dns-cloud.net/us/1/index%5D_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.png
zz2.dns-cloud.net/us/1/index%5D_files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
20.png
zz2.dns-cloud.net/us/1/index%5D_files/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
23.png
zz2.dns-cloud.net/us/1/index%5D_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
15.png
zz2.dns-cloud.net/us/1/index%5D_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
17.png
zz2.dns-cloud.net/us/1/index%5D_files/ |
772 B 1013 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Bank (Banking)66 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| Validator function| sfm_validator_enable_focus function| add_addnl_vfunction function| set_addnl_vfunction function| run_addnl_validations function| sfm_set_focus function| sfm_disable_validations function| sfm_enable_show_msgs_together function| sfm_validator_message_disp_pos function| clear_all_validations function| form_submit_handler function| add_validation function| handle_item_on_killfocus function| validator_enable_OPED function| validator_enable_OPED_SB function| sfm_ErrorDisplayHandler function| edh_clear_msgs function| edh_FinalShowMsg function| edh_EnableOnPageDisplay function| edh_ShowMsg function| AlertMsgDisplayer function| alert_clearmsg function| alert_showmsg function| sfm_show_error_msg function| SingleBoxErrorDisplay function| sb_div_clearmsg function| sb_div_showmsg function| form_error_div_name function| sfm_show_div_msg function| DivMsgDisplayer function| div_clearmsg function| element_div_name function| div_showmsg function| show_div_msg function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmail function| TestComparison function| TestSelMin function| TestSelMax function| IsCheckSelected function| TestDontSelectChk function| TestShouldSelectChk function| TestRequiredInput function| TestFileExtension function| TestMaxLen function| TestMinLen function| TestInputType function| TestEmail function| TestLessThan function| TestGreaterThan function| TestRegExp function| TestDontSelect function| TestSelectOneRadio function| TestSelectRadio function| validateInput function| VWZ_IsListItemSelected function| VWZ_IsChecked function| sfm_str_trim function| VWZ_IsEmpty object| frmvalidator0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
zz2.dns-cloud.net
104.42.57.240
67.199.248.10
16ff0803d87cff8cf0ceecbbdbbf864d7f1feecf039dea87f69752cc734785ec
2fb10240ee76a6df4311725cf04f41a967617686ec0c13f76370ef95351ea1fd
423c2b31552be9b70cf6cc29e4638caff4f18ec30b716ac2b9476c04022e4e87
8296bd0ba61632f8f427f475c05e33481996d60914a36f7235ebdf0e76e9a256
bce0eb8ff92c52b5c06cbb9e7d18c138feeafbcea80c1e2fdb2578414a634107
c9753959d2a236ad5667a527f8cc3b306f418d33c8d3fd6cb4435e83e526f60d
d563aab3809dd3b40aeb445c647a582345d7eef2e7666f8c731bb7f72e51ebf7
f0525e6a7d02b13cc368df16ebc0a62aaed205b669772b2202aedf07fbb7c5b1
f6084fe63608f8b86e8607fea14735e38f91289126f8858c2dfc96c599dad30d