![](/screenshots/93742ded-e656-4a8f-a141-cc7f07cf2d2a.png)
kam.ysj.mybluehost.me
Open in
urlscan Pro
50.87.193.142
Malicious Activity!
Public Scan
Effective URL: https://kam.ysj.mybluehost.me/c/Logon.php?cmd=login_submit&id=cc66bc306f7e29c063ccdb7e1deef4a7cc66bc306f7e29c063ccdb7e1deef4a7...
Submission: On June 03 via manual from IN — Scanned from AU
Summary
TLS certificate: Issued by R3 on April 10th 2024. Valid for: 3 months.
This is the only time kam.ysj.mybluehost.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Commonwealth Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 104.199.112.194 104.199.112.194 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
2 13 | 50.87.193.142 50.87.193.142 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
13 | 2 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.112.199.104.bc.googleusercontent.com
ayzarinc.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2339.bluehost.com
kam.ysj.mybluehost.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
mybluehost.me
2 redirects
kam.ysj.mybluehost.me |
299 KB |
2 |
ayzarinc.com
ayzarinc.com |
518 B |
13 | 2 |
Domain | Requested by | |
---|---|---|
13 | kam.ysj.mybluehost.me |
2 redirects
kam.ysj.mybluehost.me
|
2 | ayzarinc.com | |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ayzarinc.com R3 |
2024-04-19 - 2024-07-18 |
3 months | crt.sh |
kam.ysj.mybluehost.me R3 |
2024-04-10 - 2024-07-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kam.ysj.mybluehost.me/c/Logon.php?cmd=login_submit&id=cc66bc306f7e29c063ccdb7e1deef4a7cc66bc306f7e29c063ccdb7e1deef4a7&session=cc66bc306f7e29c063ccdb7e1deef4a7cc66bc306f7e29c063ccdb7e1deef4a7
Frame ID: C2A8CE4CC229AF5D2A1E66A05E347BCB
Requests: 13 HTTP requests in this frame
Screenshot
![](/screenshots/93742ded-e656-4a8f-a141-cc7f07cf2d2a.png)
Page Title
NetBankPage URL History Show full URLs
- https://ayzarinc.com/teaz.html Page URL
-
https://kam.ysj.mybluehost.me/c
HTTP 301
https://kam.ysj.mybluehost.me/c/ HTTP 302
https://kam.ysj.mybluehost.me/c/Logon.php?cmd=login_submit&id=cc66bc306f7e29c063ccdb7e1deef4a7cc66bc306f7e... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ayzarinc.com/teaz.html Page URL
-
https://kam.ysj.mybluehost.me/c
HTTP 301
https://kam.ysj.mybluehost.me/c/ HTTP 302
https://kam.ysj.mybluehost.me/c/Logon.php?cmd=login_submit&id=cc66bc306f7e29c063ccdb7e1deef4a7cc66bc306f7e29c063ccdb7e1deef4a7&session=cc66bc306f7e29c063ccdb7e1deef4a7cc66bc306f7e29c063ccdb7e1deef4a7 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
teaz.html
ayzarinc.com/ |
79 B 326 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Logon.php
kam.ysj.mybluehost.me/c/ Redirect Chain
|
17 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
ayzarinc.com/ |
0 192 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
kam.ysj.mybluehost.me/ |
19 KB 2 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard0.png
kam.ysj.mybluehost.me/c/images/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard1.png
kam.ysj.mybluehost.me/c/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard2.png
kam.ysj.mybluehost.me/c/images/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard3.png
kam.ysj.mybluehost.me/c/images/ |
76 KB 76 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard03.png
kam.ysj.mybluehost.me/c/images/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard003.png
kam.ysj.mybluehost.me/c/images/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard4.png
kam.ysj.mybluehost.me/c/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard04.png
kam.ysj.mybluehost.me/c/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hard_btn.png
kam.ysj.mybluehost.me/c/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Commonwealth Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| Gvf object| Base64 object| Utf8 string| ctrTxt0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ayzarinc.com
kam.ysj.mybluehost.me
104.199.112.194
50.87.193.142
3264d296c2f87aa755040b999b748a58e99b7d16a08d255aaa29dce476ee8f84
412fc1f20f8e70a4707adcf658a93a309bea1828f8d643edba405003694c88f6
676f8f8186541525e556a51d26824f5e92b3b720069f8c6f527af459e6f1af4c
6cee9bb4766da33b8cf27518a50520711671f39de1cb9f640904fd667bdd262b
86b1fd05440defdbb5bf717dc232a3af67086a2dcaa74c8a3fc9ebb2d079eb8c
9075b3dc372be368cd3dbf632bd4ddc740413b49011edb8a312890f1355efa33
93416d5dc0f1c9d04449985a6a78fe8d51f752552855f0be1291fdb72d3d16ae
94863c14f3dcb93ec64b692f36b3f38f2246a56ef0786c37c6fb6ac54fa05a78
cad9a0c5684e082632135bbea1214ab7e115662df56625be24b5ca37667f8650
cd64e830fefc10c485424410152382e8f6222750f78553a2a12ec79bb31ea7d9
e766b0fce09939eec5a683cb2a47af5d7ec365b0c266a11dd431bd990c22bd1f
f11e83b6b9777d140bd87a2ee8ab36c43805196e9f711b8e74113d2baaa1e30c