cityhosting.me Open in urlscan Pro
192.185.168.156 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://cityhosting.me/assets/mobirise/wp.done/sfe/
Submission: On April 03 via automatic, source openphish (April 3rd 2023, 2:16:19 pm UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 192.185.168.156, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is cityhosting.me.

This is the only time cityhosting.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SF Express (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
1 11	192.185.168.156 192.185.168.156		19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
11	2

11 192.185.168.156 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-168-156.unifiedlayer.com

cityhosting.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	cityhosting.me 1 redirects cityhosting.me	695 KB
11	1

	Domain	Requested by
11	cityhosting.me	1 redirects cityhosting.me
11	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://cityhosting.me/assets/mobirise/wp.done/sfe/
Frame ID: 15C01E80CC8BFCF19736CD4F2395A9B8
Requests: 7 HTTP requests in this frame

Frame: http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/02.html
Frame ID: 6B4AD0C0EAFFD00F282150BEDF792914
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SF Express

Page URL History Show full URLs

http://cityhosting.me/assets/mobirise/wp.done/sfe HTTP 301
http://cityhosting.me/assets/mobirise/wp.done/sfe/ Page URL

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

695 kB
Transfer

697 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cityhosting.me/assets/mobirise/wp.done/sfe HTTP 301
http://cityhosting.me/assets/mobirise/wp.done/sfe/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response cityhosting.me/assets/mobirise/wp.done/sfe/ Redirect Chain http://cityhosting.me/assets/mobirise/wp.done/sfe http://cityhosting.me/assets/mobirise/wp.done/sfe/	5 KB 2 KB	283ms 283ms	Document text/html	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software nginx/1.23.2 / Resource Hash `b57b29367490d1819833f9be16355f3de854323c0a724664d7e3bfa38eae8d6b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges none Content-Encoding gzip Content-Length 2008 Content-Type text/html; charset=UTF-8 Date Mon, 03 Apr 2023 14:16:14 GMT Server nginx/1.23.2 Vary Accept-Encoding,User-Agent X-Server-Cache false Redirect headers Content-Length 258 Content-Type text/html; charset=iso-8859-1 Date Mon, 03 Apr 2023 14:16:14 GMT Location http://cityhosting.me/assets/mobirise/wp.done/sfe/ Server nginx/1.23.2 X-Server-Cache false
GET H/1.1	200 OK	form.css cityhosting.me/assets/mobirise/wp.done/sfe/css/	1 KB 566 B	145ms 132ms	Stylesheet text/css	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/css/form.css Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash `52cc1e83214006996ec566906e7c506d600539e9ff50b1beb21cf6c71728ac8c` Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:14 GMT Content-Encoding gzip Last-Modified Fri, 10 Jun 2022 17:03:06 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type text/css Accept-Ranges bytes Content-Length 323
GET H/1.1	404 Not Found	google_analytics_auto.js cityhosting.me/	0 0	145ms 131ms	Script text/html	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://cityhosting.me/google_analytics_auto.js Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:14 GMT Content-Encoding gzip Last-Modified Fri, 30 Sep 2022 11:49:34 GMT Server Apache Vary Accept-Encoding Upgrade h2,h2c Content-Type text/html Connection Upgrade Accept-Ranges bytes Content-Length 4677
GET H/1.1	200 OK	header.jpg cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/	16 KB 16 KB	131ms 130ms	Image image/jpeg	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/header.jpg Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash `1c5ecc302bba15d4697650c26be7574e1fd6706b10b681fdd712f4f2a89672c5` Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:15 GMT Last-Modified Mon, 16 May 2022 18:00:20 GMT Server Apache Accept-Ranges bytes Content-Length 15963 Content-Type image/jpeg
GET H/1.1	200 OK	qr.jpg cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/	6 KB 6 KB	132ms 132ms	Image image/jpeg	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/qr.jpg Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash `76c123904c78f728b0bba001d61adadca6b55ae20d1ea4f9985eb4a2eca55502` Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:15 GMT Last-Modified Wed, 23 Feb 2022 00:39:42 GMT Server Apache Accept-Ranges bytes Content-Length 6448 Content-Type image/jpeg
GET H/1.1	200 OK	banner.jpg cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/	324 KB 324 KB	260ms 135ms	Image image/jpeg	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/banner.jpg Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash `3ad9cea6365265de1b6b4976b906cd54a940e35008c3a71631985711bd9cbbc5` Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:15 GMT Last-Modified Wed, 23 Feb 2022 01:20:22 GMT Server Apache Content-Type image/jpeg Upgrade h2,h2c Connection Upgrade Accept-Ranges bytes Content-Length 331972
GET H/1.1	200 OK	partners.png cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/	6 KB 6 KB	256ms 131ms	Image image/png	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/supportfiles/partners.png Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash `bd2d58215161e0fc8ae398a2b24b37194cff3d793b9a3657e2e1a4cc5c661804` Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:15 GMT Last-Modified Mon, 16 May 2022 17:42:14 GMT Server Apache Content-Type image/png Upgrade h2,h2c Connection Upgrade Accept-Ranges bytes Content-Length 6120
GET H/1.1	200 OK	01.html Show response cityhosting.me/assets/mobirise/wp.done/sfe/iframe/ Frame 6B4A	266 B 472 B	266ms 145ms	Document text/html	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/01.html Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/ Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software nginx/1.23.2 / Resource Hash `566c4bed54e0d459ab209e1b24528273d5a28f2b2f22c3b78fa0783d75330a88` Request headers Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges none Content-Encoding gzip Content-Length 200 Content-Type text/html Date Mon, 03 Apr 2023 14:16:15 GMT Last-Modified Fri, 10 Jun 2022 16:07:48 GMT Server nginx/1.23.2 Vary Accept-Encoding,User-Agent X-Server-Cache false
GET H/1.1	404 Not Found	google_analytics_auto.js cityhosting.me/ Frame 6B4A	0 0	135ms 135ms	Script text/html	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://cityhosting.me/google_analytics_auto.js Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/01.html Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/01.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:15 GMT Content-Encoding gzip Last-Modified Fri, 30 Sep 2022 11:49:34 GMT Server Apache Vary Accept-Encoding Content-Type text/html Accept-Ranges bytes Content-Length 4677
GET H/1.1	200 OK	01.jpg cityhosting.me/assets/mobirise/wp.done/sfe/iframe/banners/ Frame 6B4A	338 KB 339 KB	130ms 129ms	Image image/jpeg	192.185.168.156 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/banners/01.jpg Requested by Host: cityhosting.me URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/01.html Protocol HTTP/1.1 Server 192.185.168.156 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-168-156.unifiedlayer.com Software Apache / Resource Hash `2bfb3f9c47bf12065fa2d55c6c17b5de8e55faec0ab03aed5765665915c6fbb8` Request headers accept-language de-DE,de;q=0.9 Referer http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/01.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Mon, 03 Apr 2023 14:16:15 GMT Last-Modified Thu, 23 Sep 2021 20:36:36 GMT Server Apache Accept-Ranges bytes Content-Length 346500 Content-Type image/jpeg
GET		02.html cityhosting.me/assets/mobirise/wp.done/sfe/iframe/ Frame 6B4A	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cityhosting.me
URL: http://cityhosting.me/assets/mobirise/wp.done/sfe/iframe/02.html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SF Express (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://cityhosting.me/google_analytics_auto.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://cityhosting.me/google_analytics_auto.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cityhosting.me
cityhosting.me
192.185.168.156
1c5ecc302bba15d4697650c26be7574e1fd6706b10b681fdd712f4f2a89672c5
2bfb3f9c47bf12065fa2d55c6c17b5de8e55faec0ab03aed5765665915c6fbb8
3ad9cea6365265de1b6b4976b906cd54a940e35008c3a71631985711bd9cbbc5
52cc1e83214006996ec566906e7c506d600539e9ff50b1beb21cf6c71728ac8c
566c4bed54e0d459ab209e1b24528273d5a28f2b2f22c3b78fa0783d75330a88
76c123904c78f728b0bba001d61adadca6b55ae20d1ea4f9985eb4a2eca55502
b57b29367490d1819833f9be16355f3de854323c0a724664d7e3bfa38eae8d6b
bd2d58215161e0fc8ae398a2b24b37194cff3d793b9a3657e2e1a4cc5c661804

cityhosting.me Open in urlscan Pro 192.185.168.156 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

695 kBTransfer

697 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

cityhosting.me Open in urlscan Pro
192.185.168.156 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

695 kB
Transfer

697 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!