zoldz.net
Open in
urlscan Pro
103.28.39.29
Malicious Activity!
Public Scan
Submission: On April 14 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 9th 2023. Valid for: 3 months.
This is the only time zoldz.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Postbank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 103.28.39.29 103.28.39.29 | 131353 (NHANHOA-A...) (NHANHOA-AS-VN NhanHoa Software company) | |
2 | 2606:4700::68... 2606:4700::6810:5814 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
18 | 5 |
ASN131353 (NHANHOA-AS-VN NhanHoa Software company, VN)
PTR: share-linux11u.nhanhoa.com
zoldz.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
zoldz.net
zoldz.net |
541 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 206 |
413 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 358 |
48 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 39 |
1 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 707 |
30 KB |
18 | 5 |
Domain | Requested by | |
---|---|---|
12 | zoldz.net |
zoldz.net
|
2 | cdnjs.cloudflare.com |
zoldz.net
|
2 | cdn.jsdelivr.net |
zoldz.net
|
1 | fonts.googleapis.com |
zoldz.net
|
1 | code.jquery.com |
zoldz.net
|
18 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
zoldz.net cPanel, Inc. Certification Authority |
2023-03-09 - 2023-06-07 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-03-28 - 2023-06-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/
Frame ID: 3B096EF38DDECC7B750E55EE9AF0CDBB
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
LoginDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
helpers.css
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//css/ |
41 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//css/ |
12 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo2.svg
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logimg1.png
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
88 KB 88 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logimg12.png
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
89 KB 89 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logimg2.png
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logimg22.png
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logimg3.png
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logimg32.png
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/ |
77 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.js
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/js/ |
1 MB 410 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.js
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//js/ |
453 B 707 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
zoldz.net/.tmp/post-Online-checking/post-Online-checking/501ba/media//imgs/ |
243 KB 243 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Postbank (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery number| uidEvent object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| $jscomp boolean| loaded0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
zoldz.net
103.28.39.29
2001:4de0:ac18::1:a:1b
2606:4700::6810:5814
2606:4700::6811:190e
2a00:1450:4001:812::200a
0ffe4d48f6868e1f0b61527b5b689048a27c52acc5c12c02eb0781a9c94f84fc
1c7070cf33da6adcb7a6b9ff7eb6e06fd8f64958622d61569b990e8b92c58615
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
44ae834599a225b4443bec7f289d3bab97a8eab981697086d476c7dd6a858e6d
5754444150a7f513b30b378986ba69c92783de495c91bc6e6f42e8f6a3524bb1
6a769e18b06859751eaa2259044a6ff76e3ddcd6572a516d8ce3a2d7b8c7538e
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a5f985846156353d78b0e5559eaebed7ef5a8e1bd763703d8f2a4908e59083c5
b1f13a360a96dcdb7806680c5e729211107a693c1f2f0263248370b39be2f25f
c430f66f08a3053fe6e78e13c43f1c368d9b0a979abcd1a2fe6f2a2bd3a6808b
cf786324eff6916dcbc74e04b69b236597b9d4a9f5ed5d67f780aba86c412b09
d4664dd3d67bd3bbe6653fe5273756db06a66ed9f6b2e3d317a28c5bd04ecb90
e687d7d44eca6a008f5a225be2372e72526d143de8f0173fb40629e598285637
f4933276582f42e29e00e79314014818b1088e095d4808a7c8b9a8192affbaab
f9c68be40131697e91d850db025a2ae0463efe9fc767e03e37c499b113d06523