Submitted URL: http://zonomail.win/index.php?s=1
Effective URL: https://zonomail.win/index.php?s=1
Submission: On January 11 via automatic , source phishtank

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions.
The main IP is 217.147.169.145, located in Ukraine and belongs to HOSTFORY, UA. The main domain is zonomail.win.
The TLS certificate was issued by Let's Encrypt Authority X3 on December 18th 2018 with a validity of 3 months.
This is the first time this domain was scanned on urlscan.io!
Potentially malicious content or behaviour on this page! Show Details

Domain & IP information

IP Address AS Autonomous System
1 3 217.147.169.145 206638 (HOSTFORY)
1 176.9.102.206 24940 (HETZNER-AS)
1 151.101.120.193 54113 (FASTLY)
4 3
Domain
Subdomains
Transfer
3 zonomail.win
6 KB
1 imgur.com
19 KB
1 abload.de
1 KB
4 3
Domain Requested by
3 zonomail.win 1 redirects zonomail.win
1 i.imgur.com zonomail.win
1 abload.de zonomail.win
4 3

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
zonomail.win
Let's Encrypt Authority X3
2018-12-18 -
2019-03-18
3 months
*.abload.de
Thawte TLS RSA CA G1
2018-05-22 -
2019-05-22
a year
*.imgur.com
DigiCert SHA2 Secure Server CA
2018-12-14 -
2020-02-12
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
index.php?s=1

Redirect Chain
  • http://zonomail.win/index.php?s=1
  • https://zonomail.win/index.php?s=1
9 KB
3 KB
Document
General
Full URL
https://zonomail.win/index.php?s=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.147.169.145 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
c5f9c53417463cf9b5f39763525db9d2b9ffc36a8f46248f003695e207e6429d

Request headers

:method
GET
:authority
zonomail.win
:scheme
https
:path
/index.php?s=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
server
nginx
date
Fri, 11 Jan 2019 19:23:15 GMT
content-type
text/html; charset=UTF-8
content-length
2446
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=kneu8pr9ea0l1ti64ibp9g7e17; path=/
vary
Accept-Encoding
content-encoding
gzip
ms-author-via
DAV
x-powered-by
PleskLin

Redirect headers

Server
nginx
Date
Fri, 11 Jan 2019 19:23:15 GMT
Content-Type
text/html
Content-Length
178
Connection
keep-alive
Location
https://zonomail.win/index.php?s=1
wrongcredentials.png
/img
3 KB
3 KB
Image
General
Full URL
https://zonomail.win/img/wrongcredentials.png
Requested by
Host: zonomail.win
URL: https://zonomail.win/index.php?s=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.147.169.145 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
dc8e24b85bbe78c6be2a991c11c845a909758174b6f8ea61e27af4440966f271

Request headers

:path
/img/wrongcredentials.png
pragma
no-cache
cookie
PHPSESSID=kneu8pr9ea0l1ti64ibp9g7e17
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
zonomail.win
referer
https://zonomail.win/index.php?s=1
:scheme
https
:method
GET
Referer
https://zonomail.win/index.php?s=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:23:16 GMT
last-modified
Sat, 17 Nov 2018 23:32:48 GMT
server
nginx
x-powered-by
PleskLin
etag
"5bf0a520-a45"
content-type
image/png
status
200
accept-ranges
bytes
content-length
2629
282533c2543501a361b66w4sm1.png
abload.de/img
969 B
1 KB
Image
General
Full URL
https://abload.de/img/282533c2543501a361b66w4sm1.png
Requested by
Host: zonomail.win
URL: https://zonomail.win/index.php?s=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
176.9.102.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
h15.abload.de
Software
Abload h15 /
Resource Hash
4ddcb22254633a19a1524f0f5cc5b60da98bce9400dea572197338296c41c7f4

Request headers

Referer
https://zonomail.win/index.php?s=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 19:23:16 GMT
Last-Modified
Thu, 06 Dec 2018 23:43:49 GMT
Server
Abload h15
Content-Type
image/png
Cache-Control
must-revalidate, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
969
w3FNx2D.png
i.imgur.com
19 KB
19 KB
Image
General
Full URL
https://i.imgur.com/w3FNx2D.png
Requested by
Host: zonomail.win
URL: https://zonomail.win/index.php?s=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
02b341af1b5c99b22e3867c251172fed336b7599a2ee0599cdf6ade6cfb82e7c

Request headers

Referer
https://zonomail.win/index.php?s=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:23:16 GMT
age
1384867
x-cache
MISS, HIT
status
200
content-length
19428
x-served-by
cache-iad2120-IAD, cache-cdg20724-CDG
last-modified
Sun, 01 Oct 2017 01:44:33 GMT
server
cat factory 1.0
x-timer
S1547234596.065298,VS0,VE2
etag
"9500f67b0cd8e9622f0081b33d6a4ed9"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • http://zonomail.win/index.php?s=1
  • https://zonomail.win/index.php?s=1

Malicious behaviour and content

Google Safe Browsing

There was 1 malicious URLs contacted according to Google Safe Browsing! See report

SOCIAL_ENGINEERING https://zonomail.win/img/wrongcredentials.png

Phishtank submission Was submitted from known phishing list

Type: url
Value: https://zonomail.win/index.php?s=1 (Main page)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| validateForm boolean| waited function| checkAmount function| showin

1 Cookies

Domain/Path Name / Value
zonomail.win/ Name: PHPSESSID
Value: kneu8pr9ea0l1ti64ibp9g7e17