hotusermail.serv00.net Open in urlscan Pro
128.204.223.113 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hotusermail.serv00.net/
Submission: On August 30 via api (August 30th 2024, 10:04:53 pm UTC) from GB — Scanned from JP

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 128.204.223.113, located in Poland and belongs to ECO-ATMAN-PL ECO-ATMAN-, PL. The main domain is hotusermail.serv00.net.
TLS certificate: Issued by R11 on July 1st 2024. Valid for: 3 months.

This is the only time hotusermail.serv00.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ficohsa (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	128.204.223.113 128.204.223.113	57367 (ECO-ATMAN...) (ECO-ATMAN-PL ECO-ATMAN-)
5	2600:9000:21b... 2600:9000:21b7:8e00:15:c281:3500:93a1	16509 (AMAZON-02) (AMAZON-02)
9	13.225.183.18 13.225.183.18	16509 (AMAZON-02) (AMAZON-02)
16	4

2 128.204.223.113 (Poland)

ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL)
PTR: web8.serv00.com

hotusermail.serv00.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:21b7:8e00:15:c281:3500:93a1 (United States)

ASN16509 (AMAZON-02, US)

ik.imagekit.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.225.183.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-183-18.nrt57.r.cloudfront.net

ik.imagekit.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	imagekit.io ik.imagekit.io — Cisco Umbrella Rank: 22881	64 KB
2	serv00.net hotusermail.serv00.net	517 KB
16	2

	Domain	Requested by
14	ik.imagekit.io	hotusermail.serv00.net ik.imagekit.io
2	hotusermail.serv00.net
16	2

This site contains no links.

Subject Issuer	Validity	Valid
*.serv00.net R11	`2024-07-01` - `2024-09-29`	3 months	crt.sh
*.imagekit.io Amazon RSA 2048 M02	`2024-01-23` - `2025-02-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hotusermail.serv00.net/
Frame ID: 309B8E45CDDD813B2EC9CC0083FEB4CD
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inicio

Page Statistics

16
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

4
IPs

2
Countries

590 kB
Transfer

798 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response hotusermail.serv00.net/	514 KB 514 KB	1192ms 326ms	Document text/html	128.204.223.113 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://hotusermail.serv00.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.113 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web8.serv00.com Software nginx / PHP/8.1.29 Resource Hash `185e0b4bf2388eccaaf5cfd397a89c0e2e71f5e56e3829b992cba13ce709d44d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers content-type text/html; charset=UTF-8 date Fri, 30 Aug 2024 22:04:45 GMT server nginx x-powered-by PHP/8.1.29
GET H2	404	0.c67bb0d13128c5f91471.chunk.js.descarga ik.imagekit.io/eruobiiei/fico/	0 0	317ms 291ms	Script text/plain	2600:9000:21b7:8e00:15:c281:3500:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/eruobiiei/fico/0.c67bb0d13128c5f91471.chunk.js.descarga Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21b7:8e00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:45 GMT via 1.1 a691085135305af276cea0859fd6b128.cloudfront.net (CloudFront), 1.1 bb32c519ef639e0d83cbe59c5c12bd30.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Error from cloudfront alt-svc h3=":443"; ma=86400 content-length 9 x-request-id 78707d2b-6e50-448b-b018-764341dc2a67 pragma no-cache ik-error ENOENT - Resource not found at any upstream origin etag W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg" access-control-allow-methods GET content-type text/plain; charset=utf-8 access-control-allow-origin * cache-control no-cache,no-store x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id eRZOZ7f1GnWQQk5HdryfpZcB4C6rLqf67PYiL0vc8CA5v6FpWquCvg==
GET H2	404	1.990395a18aee052a02cb.chunk.js.descarga ik.imagekit.io/eruobiiei/fico/	0 0	311ms 285ms	Script text/plain	2600:9000:21b7:8e00:15:c281:3500:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/eruobiiei/fico/1.990395a18aee052a02cb.chunk.js.descarga Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21b7:8e00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:45 GMT via 1.1 a691085135305af276cea0859fd6b128.cloudfront.net (CloudFront), 1.1 bb32c519ef639e0d83cbe59c5c12bd30.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Error from cloudfront alt-svc h3=":443"; ma=86400 content-length 9 x-request-id a704ebf5-7de1-4f47-90e4-fb14bc397858 pragma no-cache ik-error ENOENT - Resource not found at any upstream origin etag W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg" access-control-allow-methods GET content-type text/plain; charset=utf-8 access-control-allow-origin * cache-control no-cache,no-store x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id s6TjRGn3RZHCHYxSB48LN_vGAhyyti-dH8YrXIft-mXnsR8PAJ7bNw==
GET H2	200	prismaWeb.css ik.imagekit.io/eruobiiei/fico/	117 KB 14 KB	693ms 691ms	Stylesheet text/css	2600:9000:21b7:8e00:15:c281:3500:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/eruobiiei/fico/prismaWeb.css Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21b7:8e00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `fc2291859c08d39231ec31383d8857cc5523ea2364b9b151a78079c983b39c40` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT content-encoding br via 1.1 bb32c519ef639e0d83cbe59c5c12bd30.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing download;dur=548 alt-svc h3=":443"; ma=86400 x-request-id 1c8b6ba6-775e-4e98-80b2-b30f358654e6 last-modified Wed, 20 Dec 2023 03:05:18 GMT etag W/"4f357c47163cc0fd46de715ad98a67ce" vary Accept-Encoding access-control-allow-methods GET content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id 8OFAoqgrfkUK5Olplso6iEKcVnYO5ZXarUzq_kPJBFMkgK19JdryOQ==
GET H2	200	styles51.css ik.imagekit.io/eruobiiei/fico/	143 KB 39 KB	645ms 645ms	Stylesheet text/css	2600:9000:21b7:8e00:15:c281:3500:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/eruobiiei/fico/styles51.css Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21b7:8e00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `a9d1ec0d5a67772b2286a2db511a84ae75e754f93ac11a37046b64d904b6a231` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT content-encoding br via 1.1 bb32c519ef639e0d83cbe59c5c12bd30.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing download;dur=559 alt-svc h3=":443"; ma=86400 x-request-id 27bf2b8d-9f3a-4b4f-abb1-b3ad31df6acf last-modified Wed, 20 Dec 2023 03:05:18 GMT etag W/"9278b3c50ea85b9eec2d7f8eb4fd1980" vary Accept-Encoding access-control-allow-methods GET content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id U4IP4bo0JjPCas_ngE9SW9gt4AOUqG5XedjNIoD2HqLKljycVHtMfw==
GET H2	200	flecha.png ik.imagekit.io/eruobiiei/fico/	174 B 756 B	412ms 412ms	Image image/webp	2600:9000:21b7:8e00:15:c281:3500:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ik.imagekit.io/eruobiiei/fico/flecha.png Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21b7:8e00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `ad29260c8f3f981b3fb5bc1201f1998289af3538b8dfc1dcb63f6d6bb407a809` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT via 1.1 c57dcf725f15a754ea7be2a7d262cec2.cloudfront.net (CloudFront), 1.1 bb32c519ef639e0d83cbe59c5c12bd30.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing transformation;dur=3,download;dur=97 alt-svc h3=":443"; ma=86400 content-length 174 x-request-id f7caee32-3f36-46da-b916-6a01cdb06b3c etag W/"ae-pQNlJqZuaCd/wVp7XCmzRxHWm9k" vary Accept access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id OafFZOpZ9DKFq4B_KfAqRh4fycyYSynErHj7Ppotglj8kRMs9J8dhw==
GET H3	200	eluser.png ik.imagekit.io/eruobiiei/fico/	328 B 785 B	304ms 303ms	Image image/webp	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ik.imagekit.io/eruobiiei/fico/eluser.png Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash `486ffc246a0861ffd04d17b5a0fbc0d3c79e203824a081f5560105fa5d6f7064` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT via 1.1 f06aaad108598501fc8aab5df5423ad8.cloudfront.net (CloudFront), 1.1 6b5ed72af06c392d3a24305474d937d8.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing transformation;dur=1,download;dur=28 alt-svc h3=":443"; ma=86400 content-length 328 x-request-id 440a33a5-9295-443e-9971-483691f47cac etag W/"148-F+sKL5uXZYJfMQgEV7dixWHChAE" vary Accept access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id j7p5O2KcAvQB48qIYKIUj5Og-UiakwhzRF045BIC35Ewa_IMrwkZ_g==
GET H3	200	clv.png ik.imagekit.io/eruobiiei/fico/	254 B 709 B	237ms 235ms	Image image/webp	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ik.imagekit.io/eruobiiei/fico/clv.png Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash `3bdc044e799f6dd6d6e86a8e9d1bcc2fedfa2ee267a7e2bcb75e42d512341ad8` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT via 1.1 c57dcf725f15a754ea7be2a7d262cec2.cloudfront.net (CloudFront), 1.1 6b5ed72af06c392d3a24305474d937d8.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing transformation;dur=3,download;dur=32 alt-svc h3=":443"; ma=86400 content-length 254 x-request-id 8c350def-f27d-4ad3-9533-7b2cae35276f etag W/"fe-pV6ubPs0D2Do+FfKXPTlQmw0pyE" vary Accept access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id wVZ48iQO1xzl_FJ-Z6z4p8WM-7-47GzFnog74ug-_sBA2TIThyZ02w==
GET H3	200	keyboardLowerCaseLowContrast.png ik.imagekit.io/eruobiiei/fico/	3 KB 3 KB	321ms 320ms	Image image/webp	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ik.imagekit.io/eruobiiei/fico/keyboardLowerCaseLowContrast.png Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash `c349d8e4cca391434d0b5a22b89dde6e408c77bf71c4976e1b042e3f8b3be4a1` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT via 1.1 003b6042285e886f3f4d6afd190f633c.cloudfront.net (CloudFront), 1.1 6b5ed72af06c392d3a24305474d937d8.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing transformation;dur=6,download;dur=23 alt-svc h3=":443"; ma=86400 content-length 3062 x-request-id 32947808-004e-494c-a556-74a1db598178 etag W/"bf6-5e+LlE8dbp6qVyH8pFc9C0+56rs" vary Accept access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id AhKHXazP7LmfD23LCWmNVSyu5mF1nTE_lV45NQPfvtjvC-D27hM4eQ==
GET H3	200	13f6ebd6-3a21-4455-8ac2-f131aaf35295.png ik.imagekit.io/eruobiiei/fico/	3 KB 4 KB	241ms 240ms	Image image/webp	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ik.imagekit.io/eruobiiei/fico/13f6ebd6-3a21-4455-8ac2-f131aaf35295.png Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash `e7dc7bc328c5d5e566c094a77c621c757febb85f8eeac4821051b6f9792a852a` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT via 1.1 a8c2772b03befab22b97b650361ac508.cloudfront.net (CloudFront), 1.1 6b5ed72af06c392d3a24305474d937d8.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing transformation;dur=12,download;dur=35 alt-svc h3=":443"; ma=86400 content-length 3418 x-request-id bcbe6eea-9aa4-48dd-855e-b41f4ca85413 etag W/"d5a-BS+mBZ/OMJkZPyPOLG1xTaSQjVw" vary Accept access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id zN6Blfrs01GJsJMhLzPLooMn-M_AhBJrls-MoTuEov4qt8YjeHUTWw==
GET H3	200	interr.png ik.imagekit.io/eruobiiei/fico/	202 B 658 B	437ms 436ms	Image image/webp	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ik.imagekit.io/eruobiiei/fico/interr.png Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash `9e91bd7c3538bc0f97a916190324979ed7e728792a48e332b2f62a0d549a75c1` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT via 1.1 4e0b5cb07c18d66b4d938e898c1c7bf2.cloudfront.net (CloudFront), 1.1 6b5ed72af06c392d3a24305474d937d8.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing transformation;dur=4,download;dur=32 alt-svc h3=":443"; ma=86400 content-length 202 x-request-id 5b5dbb5c-2895-441b-b174-4c404cb71039 etag W/"ca-QxVb/SkZZQ2Dcqek+xhHBDvNAjk" vary Accept access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id 8MFqNiNPTGej2fYRVdHNsnFPFFDGHAAPPV_DDkYqFz797hvk8dHd6Q==
GET H3	200	cand.png ik.imagekit.io/eruobiiei/fico/	168 B 623 B	323ms 322ms	Image image/webp	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ik.imagekit.io/eruobiiei/fico/cand.png Requested by Host: hotusermail.serv00.net URL: https://hotusermail.serv00.net/ Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash `88436ee02abcde53fd08809c6e7aaec8b429ca6f74a47f0203f802c2ca7cc2de` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:47 GMT via 1.1 95d5bc8b4873ccfdcd27d17cb5965ff8.cloudfront.net (CloudFront), 1.1 6b5ed72af06c392d3a24305474d937d8.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Miss from cloudfront server-timing transformation;dur=2,download;dur=43 alt-svc h3=":443"; ma=86400 content-length 168 x-request-id b6329dce-c4da-4fba-8220-c6659015ac44 etag W/"a8-ryk76qhCMsoMb3NtwmF0fET7U9M" vary Accept access-control-allow-methods GET content-type image/webp access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=31536000, must-revalidate x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id KJcR1p1eFwRfIkvqSUAFu-iXQMXgfZDTWr--q9M18g_nUw52I0RhTQ==
GET H3	404	prisma_fonts.css ik.imagekit.io/css/	0 0	223ms 223ms	Stylesheet text/plain	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/css/prisma_fonts.css Requested by Host: ik.imagekit.io URL: https://ik.imagekit.io/eruobiiei/fico/prismaWeb.css Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash Request headers Referer https://ik.imagekit.io/eruobiiei/fico/prismaWeb.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:48 GMT via 1.1 6b5ed72af06c392d3a24305474d937d8.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Error from cloudfront server-timing download;dur=65 alt-svc h3=":443"; ma=86400 content-length 0 x-request-id c4aa3f1a-21e0-4ab2-b8a8-b91a1d123165 pragma no-cache ik-error ENOENT - No file found at specified URL access-control-allow-methods GET access-control-allow-origin * cache-control no-cache,no-store x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id oZa2KAkvYWJ_DQhxNUHOHrav6OLGoi7APy3b0tZ3X7m0-tL1HM48iA==
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b4b73366217f915ce371320f923955fe4cfc69f362312903d1f3bb51e0895abd` Request headers Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	10 KB 10 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fa10e688206d34d4b293b1524cc091415c551daae4b73e3cc68d7398408edf62` Request headers Referer Origin https://hotusermail.serv00.net User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type font/woff2
GET H3	404	streamline.8d9b0fde522024284eb5.woff ik.imagekit.io/eruobiiei/fico/	0 0	189ms 183ms	Font text/plain	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/eruobiiei/fico/streamline.8d9b0fde522024284eb5.woff?19c5cw Requested by Host: ik.imagekit.io URL: https://ik.imagekit.io/eruobiiei/fico/styles51.css Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash Request headers Referer https://ik.imagekit.io/eruobiiei/fico/styles51.css Origin https://hotusermail.serv00.net User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:48 GMT via 1.1 d51ceda436f155dcdc6b24ba6dcf73cc.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Error from cloudfront server-timing download;dur=102 alt-svc h3=":443"; ma=86400 content-length 0 x-request-id cf890368-2b97-4161-a05c-a2ee5535df98 pragma no-cache ik-error ENOENT - No file found at specified URL access-control-allow-methods GET access-control-allow-origin * cache-control no-cache,no-store x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id dgJAnhLFbWJntacDNg-HqsVTC7QvZAL9VhD6efqHoOxDHY-lk8Yj0w==
GET H3	404	streamline.e985056bc25713f2f8cd.ttf ik.imagekit.io/eruobiiei/fico/	0 0	183ms 183ms	Font text/plain	13.225.183.18 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/eruobiiei/fico/streamline.e985056bc25713f2f8cd.ttf?19c5cw Requested by Host: ik.imagekit.io URL: https://ik.imagekit.io/eruobiiei/fico/styles51.css Protocol H3 Security QUIC, , AES_128_GCM Server 13.225.183.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-183-18.nrt57.r.cloudfront.net Software / Resource Hash Request headers Referer https://ik.imagekit.io/eruobiiei/fico/styles51.css Origin https://hotusermail.serv00.net User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:48 GMT via 1.1 d51ceda436f155dcdc6b24ba6dcf73cc.cloudfront.net (CloudFront) x-amz-cf-pop NRT57-C4 x-cache Error from cloudfront server-timing download;dur=101 alt-svc h3=":443"; ma=86400 content-length 0 x-request-id adc7afd3-f06e-4480-a5fd-0bf5d9cde64e pragma no-cache ik-error ENOENT - No file found at specified URL access-control-allow-methods GET access-control-allow-origin * cache-control no-cache,no-store x-server ImageKit.io timing-allow-origin * access-control-allow-headers * x-amz-cf-id L8uGtTwyXJMhwgIhl3d-r2CREL5rKkyv5W5hjcxnRjN4KzBkdpjujQ==
GET H2	404	favicon.ico hotusermail.serv00.net/	3 KB 3 KB	278ms 278ms	Other text/html	128.204.223.113 ECO-ATMAN-PL ECO-...
General Check archive.org Show headers Download Go to Full URL https://hotusermail.serv00.net/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 128.204.223.113 , Poland, ASN57367 (ECO-ATMAN-PL ECO-ATMAN-, PL), Reverse DNS web8.serv00.com Software nginx / Resource Hash `d4b62932da96f2e723714952390ba9e6ed5c3f44950280081f49bbad4bb9dba0` Request headers Referer https://hotusermail.serv00.net/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Fri, 30 Aug 2024 22:04:48 GMT server nginx etag "66a90474-a55" content-length 2645 content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ficohsa (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ik.imagekit.io/eruobiiei/fico/1.990395a18aee052a02cb.chunk.js.descarga Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ik.imagekit.io/eruobiiei/fico/0.c67bb0d13128c5f91471.chunk.js.descarga Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ik.imagekit.io/css/prisma_fonts.css Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	verbose	URL: https://hotusermail.serv00.net/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://ik.imagekit.io/eruobiiei/fico/streamline.8d9b0fde522024284eb5.woff?19c5cw Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ik.imagekit.io/eruobiiei/fico/streamline.e985056bc25713f2f8cd.ttf?19c5cw Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://hotusermail.serv00.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hotusermail.serv00.net
ik.imagekit.io
128.204.223.113
13.225.183.18
2600:9000:21b7:8e00:15:c281:3500:93a1
185e0b4bf2388eccaaf5cfd397a89c0e2e71f5e56e3829b992cba13ce709d44d
3bdc044e799f6dd6d6e86a8e9d1bcc2fedfa2ee267a7e2bcb75e42d512341ad8
486ffc246a0861ffd04d17b5a0fbc0d3c79e203824a081f5560105fa5d6f7064
88436ee02abcde53fd08809c6e7aaec8b429ca6f74a47f0203f802c2ca7cc2de
9e91bd7c3538bc0f97a916190324979ed7e728792a48e332b2f62a0d549a75c1
a9d1ec0d5a67772b2286a2db511a84ae75e754f93ac11a37046b64d904b6a231
ad29260c8f3f981b3fb5bc1201f1998289af3538b8dfc1dcb63f6d6bb407a809
b4b73366217f915ce371320f923955fe4cfc69f362312903d1f3bb51e0895abd
c349d8e4cca391434d0b5a22b89dde6e408c77bf71c4976e1b042e3f8b3be4a1
d4b62932da96f2e723714952390ba9e6ed5c3f44950280081f49bbad4bb9dba0
e7dc7bc328c5d5e566c094a77c621c757febb85f8eeac4821051b6f9792a852a
fa10e688206d34d4b293b1524cc091415c551daae4b73e3cc68d7398408edf62
fc2291859c08d39231ec31383d8857cc5523ea2364b9b151a78079c983b39c40

hotusermail.serv00.net Open in urlscan Pro 128.204.223.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

16 Requests

100 %HTTPS

33 %IPv6

2 Domains

2 Subdomains

4 IPs

2 Countries

590 kBTransfer

798 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

7 Console Messages

Indicators

hotusermail.serv00.net Open in urlscan Pro
128.204.223.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

4
IPs

2
Countries

590 kB
Transfer

798 kB
Size

0
Cookies

16 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!