Submitted URL: http://zonomail.win/index.php?s=1
Effective URL: https://zonomail.win/index.php?s=1
Submission: On January 11 via automatic , source phishtank

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions.
The main IP is 217.147.169.145, located in Ukraine and belongs to HOSTFORY, UA. The main domain is zonomail.win.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 18th 2018. Valid for: 3 months.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 100/100) Show Details

  • urlscan - Score: 0
  • phishtank - Score: 10 (URL submitted from phishtank) -
    phishing
  • googlesafebrowsing - Score: 100 (1 resources matched) -
    social_engineering

Domain & IP information

IP Address AS Autonomous System
1 3 217.147.169.145 206638 (HOSTFORY)
1 176.9.102.206 24940 (HETZNER-AS)
1 151.101.120.193 54113 (FASTLY)
4 3
Domain
Subdomains
Transfer
3 zonomail.win
6 KB
1 imgur.com
19 KB
1 abload.de
1 KB
4 3
Domain Requested by
3 zonomail.win 1 redirects zonomail.win
1 i.imgur.com zonomail.win
1 abload.de zonomail.win
4 3

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
zonomail.win
Let's Encrypt Authority X3
2018-12-18 -
2019-03-18
3 months
*.abload.de
Thawte TLS RSA CA G1
2018-05-22 -
2019-05-22
a year
*.imgur.com
DigiCert SHA2 Secure Server CA
2018-12-14 -
2020-02-12
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
index.php?s=1

Redirect Chain
  • http://zonomail.win/index.php?s=1
  • https://zonomail.win/index.php?s=1
9 KB
3 KB
Document
General
Full URL
https://zonomail.win/index.php?s=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.147.169.145 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
c5f9c53417463cf9b5f39763525db9d2b9ffc36a8f46248f003695e207e6429d

Request headers

:method
GET
:authority
zonomail.win
:scheme
https
:path
/index.php?s=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
server
nginx
date
Fri, 11 Jan 2019 19:23:15 GMT
content-type
text/html; charset=UTF-8
content-length
2446
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=kneu8pr9ea0l1ti64ibp9g7e17; path=/
vary
Accept-Encoding
content-encoding
gzip
ms-author-via
DAV
x-powered-by
PleskLin

Redirect headers

Server
nginx
Date
Fri, 11 Jan 2019 19:23:15 GMT
Content-Type
text/html
Content-Length
178
Connection
keep-alive
Location
https://zonomail.win/index.php?s=1
wrongcredentials.png
/img
3 KB
3 KB
Image
General
Full URL
https://zonomail.win/img/wrongcredentials.png
Requested by
Host: zonomail.win
URL: https://zonomail.win/index.php?s=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.147.169.145 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
dc8e24b85bbe78c6be2a991c11c845a909758174b6f8ea61e27af4440966f271

Request headers

:path
/img/wrongcredentials.png
pragma
no-cache
cookie
PHPSESSID=kneu8pr9ea0l1ti64ibp9g7e17
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
zonomail.win
referer
https://zonomail.win/index.php?s=1
:scheme
https
:method
GET
Referer
https://zonomail.win/index.php?s=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:23:16 GMT
last-modified
Sat, 17 Nov 2018 23:32:48 GMT
server
nginx
x-powered-by
PleskLin
etag
"5bf0a520-a45"
content-type
image/png
status
200
accept-ranges
bytes
content-length
2629
282533c2543501a361b66w4sm1.png
abload.de/img
969 B
1 KB
Image
General
Full URL
https://abload.de/img/282533c2543501a361b66w4sm1.png
Requested by
Host: zonomail.win
URL: https://zonomail.win/index.php?s=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
176.9.102.206 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
h15.abload.de
Software
Abload h15 /
Resource Hash
4ddcb22254633a19a1524f0f5cc5b60da98bce9400dea572197338296c41c7f4

Request headers

Referer
https://zonomail.win/index.php?s=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 19:23:16 GMT
Last-Modified
Thu, 06 Dec 2018 23:43:49 GMT
Server
Abload h15
Content-Type
image/png
Cache-Control
must-revalidate, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
969
w3FNx2D.png
i.imgur.com
19 KB
19 KB
Image
General
Full URL
https://i.imgur.com/w3FNx2D.png
Requested by
Host: zonomail.win
URL: https://zonomail.win/index.php?s=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
02b341af1b5c99b22e3867c251172fed336b7599a2ee0599cdf6ade6cfb82e7c

Request headers

Referer
https://zonomail.win/index.php?s=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:23:16 GMT
age
1384867
x-cache
MISS, HIT
status
200
content-length
19428
x-served-by
cache-iad2120-IAD, cache-cdg20724-CDG
last-modified
Sun, 01 Oct 2017 01:44:33 GMT
server
cat factory 1.0
x-timer
S1547234596.065298,VS0,VE2
etag
"9500f67b0cd8e9622f0081b33d6a4ed9"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • http://zonomail.win/index.php?s=1
  • https://zonomail.win/index.php?s=1

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| validateForm boolean| waited function| checkAmount function| showin

1 Cookies

Domain/Path Name / Value
zonomail.win/ Name: PHPSESSID
Value: kneu8pr9ea0l1ti64ibp9g7e17