groomnzoom.hr Open in urlscan Pro
185.62.73.63 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bwwhr.com/wp-content/account
Effective URL:
https://groomnzoom.hr/wp-css/login.html
Submission: On October 22 via manual (October 22nd 2024, 1:57:13 pm UTC) from US — Scanned from CA

Summary HTTP 19 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 19 HTTP transactions. The main IP is 185.62.73.63, located in Croatia and belongs to SETCOR, HR. The main domain is groomnzoom.hr.
TLS certificate: Issued by R10 on September 1st 2024. Valid for: 3 months.

This is the only time groomnzoom.hr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
3 17	185.62.73.63 185.62.73.63	61211 (SETCOR) (SETCOR)
4	192.229.210.155 192.229.210.155	15133 (EDGECAST) (EDGECAST)
1	50.87.253.230 50.87.253.230	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
19	3

17 185.62.73.63 (Croatia) 3 redirects

ASN61211 (SETCOR, HR)
PTR: cp020.mydataknox.com

bwwhr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
groomnzoom.hr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.229.210.155 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.87.253.230 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2221.bluehost.com

hpc.gwq.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	groomnzoom.hr 2 redirects groomnzoom.hr	259 KB
4	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2817	92 KB
1	mybluehost.me hpc.gwq.mybluehost.me	6 KB
1	bwwhr.com 1 redirects bwwhr.com	442 B
19	4

	Domain	Requested by
16	groomnzoom.hr	2 redirects groomnzoom.hr
4	www.paypalobjects.com	groomnzoom.hr
1	hpc.gwq.mybluehost.me
1	bwwhr.com	1 redirects
19	4

This site contains links to these domains. Also see Links.

Domain
hpc.gwq.mybluehost.me

Subject Issuer	Validity	Valid
groomnzoom.hr.bwwhr.com R10	`2024-09-01` - `2024-11-30`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-13` - `2025-06-12`	a year	crt.sh
webdisk.msccc-sa.com R10	`2024-10-14` - `2025-01-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://groomnzoom.hr/wp-css/login.html
Frame ID: 30F7F5E73DA5E88B178660119F572887
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to your account

Page URL History Show full URLs

https://bwwhr.com/wp-content/account HTTP 301
https://groomnzoom.hr/wp-css HTTP 301
https://groomnzoom.hr/wp-css/ HTTP 302
https://groomnzoom.hr/wp-css/login.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

356 kB
Transfer

1277 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://hpc.gwq.mybluehost.me/wp-content/den/bu/login.php
Title: Forgotten password?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bwwhr.com/wp-content/account HTTP 301
https://groomnzoom.hr/wp-css HTTP 301
https://groomnzoom.hr/wp-css/ HTTP 302
https://groomnzoom.hr/wp-css/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.html Show response
groomnzoom.hr/wp-css/
Redirect Chain

https://bwwhr.com/wp-content/account
https://groomnzoom.hr/wp-css
https://groomnzoom.hr/wp-css/
https://groomnzoom.hr/wp-css/login.html

62 KB
8 KB

144ms
143ms

Document
text/html

185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

ce831b1b186e6f3f2fde05676e9f19010cc50c26b21f544b269003f58e6ab2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Tue, 22 Oct 2024 13:57:08 GMT
last-modified: Sun, 15 Sep 2024 00:28:04 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

Redirect headers

content-type: text/html; charset=UTF-8
date: Tue, 22 Oct 2024 13:57:08 GMT
location: login.html
server: nginx
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-powered-by: PHP/7.4.12
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

GET
H2 200 contextualLoginElementalUI.css
groomnzoom.hr/wp-css/login_files/ 124 KB
21 KB 140ms
139ms Stylesheet
text/css 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login_files/contextualLoginElementalUI.css

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

7a8fac06e75d54f8998426d11a74b664ee572479d8ce2517dbd61f6810e9b99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

cache-control: max-age=2592000
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 13:57:08 GMT
date: Tue, 22 Oct 2024 13:57:08 GMT
x-xss-protection: 1; mode=block
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 09 Sep 2024 01:26:11 GMT
x-nginx-upstream-cache-status: STALE

GET
H2 200 icon-PN-check.png
groomnzoom.hr/wp-css/login_files/ 1 KB
1 KB 276ms
275ms Image
image/png 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://groomnzoom.hr/wp-css/login_files/icon-PN-check.png

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

cache-control: max-age=5184000
x-server-powered-by: Engintron
x-content-type-options: nosniff
expires: Sat, 21 Dec 2024 13:57:08 GMT
accept-ranges: bytes
content-length: 1238
date: Tue, 22 Oct 2024 13:57:08 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Mon, 09 Sep 2024 01:26:11 GMT
server: nginx
x-nginx-upstream-cache-status: STALE

GET
H2 200 glyph_alert_critical_big-2x.png
groomnzoom.hr/wp-css/login_files/ 2 KB
2 KB 277ms
276ms Image
image/png 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://groomnzoom.hr/wp-css/login_files/glyph_alert_critical_big-2x.png

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

cache-control: max-age=5184000
x-server-powered-by: Engintron
x-content-type-options: nosniff
expires: Sat, 21 Dec 2024 13:57:08 GMT
accept-ranges: bytes
content-length: 1709
date: Tue, 22 Oct 2024 13:57:08 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Mon, 09 Sep 2024 01:26:11 GMT
server: nginx
x-nginx-upstream-cache-status: STALE

GET
H2 200 signin-split.js.download Show response
groomnzoom.hr/wp-css/login_files/ 367 KB
82 KB 253ms
252ms Script
application/javascript 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login_files/signin-split.js.download

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

aa29aef7d5a9eb83a1a065e7dd432965ddb87a27149ad833426b759d7db3fcad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

last-modified: Mon, 09 Sep 2024 01:26:11 GMT
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
date: Tue, 22 Oct 2024 13:57:08 GMT
content-type: application/javascript
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: nginx

GET
H2 200 jquery.js.download Show response
groomnzoom.hr/wp-css/login_files/ 256 KB
78 KB 390ms
389ms Script
application/javascript 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login_files/jquery.js.download

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

last-modified: Mon, 09 Sep 2024 01:26:11 GMT
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
date: Tue, 22 Oct 2024 13:57:08 GMT
content-type: application/javascript
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: nginx

GET
H2 200 jquery.validate.js.download Show response
groomnzoom.hr/wp-css/login_files/ 45 KB
12 KB 388ms
387ms Script
application/javascript 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login_files/jquery.validate.js.download

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

last-modified: Mon, 09 Sep 2024 01:26:12 GMT
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
date: Tue, 22 Oct 2024 13:57:08 GMT
content-type: application/javascript
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: nginx

GET
H2 200 additional-methods.js.download Show response
groomnzoom.hr/wp-css/login_files/ 38 KB
11 KB 389ms
388ms Script
application/javascript 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login_files/additional-methods.js.download

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

last-modified: Mon, 09 Sep 2024 01:26:12 GMT
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
date: Tue, 22 Oct 2024 13:57:08 GMT
content-type: application/javascript
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: nginx

GET
H2 200 jquery.maskedinput.js.download Show response
groomnzoom.hr/wp-css/login_files/ 10 KB
3 KB 389ms
389ms Script
application/javascript 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login_files/jquery.maskedinput.js.download

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

last-modified: Mon, 09 Sep 2024 01:26:12 GMT
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
date: Tue, 22 Oct 2024 13:57:08 GMT
content-type: application/javascript
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: nginx

GET
H2 200 jquery.payment.js.download Show response
groomnzoom.hr/wp-css/login_files/ 17 KB
4 KB 389ms
388ms Script
application/javascript 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login_files/jquery.payment.js.download

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

last-modified: Mon, 09 Sep 2024 01:26:12 GMT
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
date: Tue, 22 Oct 2024 13:57:08 GMT
content-type: application/javascript
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: nginx

GET
H2 200 momgram@2x.png
www.paypalobjects.com/images/shared/ 2 KB
2 KB 192ms
40ms Image
image/png 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/images/shared/momgram@2x.png

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login_files/contextualLoginElementalUI.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/168E) /

Resource Hash

1c9dd1b0663ba2324632f0ffebb21112a92f039305241661c289c88af523cb1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/

Response headers

paypal-debug-id: a8484c09a10eb
etag: "60271b47-7cc"
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 14:57:09 GMT
traceparent: 00-0000000000000000000a8484c09a10eb-ea973659d7dde0de-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Tue, 22 Oct 2024 13:57:09 GMT
content-type: image/png
last-modified: Sat, 13 Feb 2021 00:20:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
accept-ranges: bytes
content-length: 1996
server: ECAcc (chf/168E)

GET
H2 200 PayPalSansSmall-Regular.woff
www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/ 46 KB
46 KB 179ms
39ms Font
font/woff 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login_files/contextualLoginElementalUI.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16E1) /

Resource Hash

ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://groomnzoom.hr
Referer: https://groomnzoom.hr/

Response headers

paypal-debug-id: 479eff554e0ed
etag: "560b6e70-b8eb"
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 14:57:09 GMT
traceparent: 00-0000000000000000000479eff554e0ed-4102b07eb51875b1-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Tue, 22 Oct 2024 13:57:09 GMT
content-type: font/woff
last-modified: Wed, 30 Sep 2015 05:09:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=3600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 47339
server: ECAcc (chf/16E1)

GET
H2 404 sprite_countries_flag4.png
groomnzoom.hr/wp-css/file/ 3 KB
3 KB 1287ms
1287ms Image
text/html 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://groomnzoom.hr/wp-css/file/sprite_countries_flag4.png

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx / PHP/7.4.12

Resource Hash

21ee6b56608b7a83a61af6eda584b7b7840d340448bd22249b7a9372a5b33007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/wp-css/login.html

Response headers

link: <https://groomnzoom.hr/wp-json/>; rel="https://api.w.org/"
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 22 Oct 2024 13:57:10 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
x-powered-by: PHP/7.4.12

GET
H2 200 PayPalSansBig-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ 25 KB
25 KB 179ms
38ms Font
application/font-woff2 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login_files/contextualLoginElementalUI.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/1687) /

Resource Hash

1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://groomnzoom.hr
Referer: https://groomnzoom.hr/

Response headers

paypal-debug-id: a0c3a7b8e5bf5
etag: "60271cda-6318"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 14:57:09 GMT
traceparent: 00-0000000000000000000a0c3a7b8e5bf5-72357b5575068d15-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Tue, 22 Oct 2024 13:57:09 GMT
content-type: application/font-woff2
last-modified: Sat, 13 Feb 2021 00:27:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25368
server: ECAcc (chf/1687)

GET
H2 200 PayPalSansBig-Medium.woff2
www.paypalobjects.com/paypal-ui/fonts/ 18 KB
19 KB 177ms
37ms Font
application/font-woff2 192.229.210.155
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login_files/contextualLoginElementalUI.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.210.155 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (chf/16BB) /

Resource Hash

2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://groomnzoom.hr
Referer: https://groomnzoom.hr/

Response headers

paypal-debug-id: 6c0e267658c62
etag: "60271cda-484c"
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 14:57:09 GMT
traceparent: 00-00000000000000000006c0e267658c62-3225f11368fa0e76-01
dc: ccg11-origin-www-1.paypal.com
x-cache: HIT
date: Tue, 22 Oct 2024 13:57:09 GMT
content-type: application/font-woff2
last-modified: Sat, 13 Feb 2021 00:27:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, public,max-age=31536000
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18508
server: ECAcc (chf/16BB)

GET
H2 404 client-log Show response
groomnzoom.hr/signin/ 96 KB
17 KB 1042ms
1041ms XHR
text/html 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/signin/client-log?_csrf=&currentUrl=https%3A%2F%2Fgroomnzoom.hr%2Fwp-css%2Flogin.html&logRecords=%5B%7B%22evt%22%3A%22transition_name%22%2C%22data%22%3A%22cpl_prepare_login_ul%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22state_name%22%2C%22data%22%3A%22CPL_LATENCY_METRICS%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22login_experience%22%2C%22data%22%3A%22Hybrid%20Login%20Uncookied%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22login_auth_time%22%2C%22data%22%3A%22%7B%5C%22tt%5C%22%3Anull%7D%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22status%22%2C%22data%22%3A%22success%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22context_correlation_id%22%2C%22instrument%22%3Atrue%7D%5D&intent=

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login_files/jquery.js.download

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx / PHP/7.4.12

Resource Hash

700a77679026489f41073da5f16d705a0dd247602e3baa4ee0627e159aaf29c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://groomnzoom.hr/wp-css/login.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*

Response headers

link: <https://groomnzoom.hr/wp-json/>; rel="https://api.w.org/"
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
date: Tue, 22 Oct 2024 13:57:11 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
x-powered-by: PHP/7.4.12

GET
H2 404 client-log Show response
groomnzoom.hr/signin/ 96 KB
17 KB 1039ms
1039ms XHR
text/html 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/signin/client-log?_csrf=&currentUrl=https%3A%2F%2Fgroomnzoom.hr%2Fwp-css%2Flogin.html&logRecords=%5B%7B%22evt%22%3A%22HANDLE_AUTO_SEND%22%2C%22data%22%3A%22HANDLE_AUTO_SEND%22%2C%22calEvent%22%3Atrue%2C%22timestamp%22%3A1729605430295%7D%2C%7B%22evt%22%3A%22HANDLE_AUTO_SEND%22%2C%22data%22%3A%22NOT_AUTO_OTP%22%2C%22calEvent%22%3Atrue%2C%22timestamp%22%3A1729605430295%7D%2C%7B%22evt%22%3A%22context_correlation_id%22%2C%22instrument%22%3Atrue%7D%5D&intent=

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login_files/jquery.js.download

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx / PHP/7.4.12

Resource Hash

700a77679026489f41073da5f16d705a0dd247602e3baa4ee0627e159aaf29c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://groomnzoom.hr/wp-css/login.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*

Response headers

link: <https://groomnzoom.hr/wp-json/>; rel="https://api.w.org/"
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
date: Tue, 22 Oct 2024 13:57:11 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: nginx
x-powered-by: PHP/7.4.12

GET
H2 200 login.html Show response
groomnzoom.hr/wp-css/ 62 KB
0 0ms
0ms XHR
text/html 185.62.73.63
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

https://groomnzoom.hr/wp-css/login.html

Requested by

Host: groomnzoom.hr
URL: https://groomnzoom.hr/wp-css/login_files/jquery.js.download

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.62.73.63 , Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp020.mydataknox.com

Software

nginx /

Resource Hash

ce831b1b186e6f3f2fde05676e9f19010cc50c26b21f544b269003f58e6ab2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://groomnzoom.hr/wp-css/login.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*

Response headers

last-modified: Sun, 15 Sep 2024 00:28:04 GMT
x-server-powered-by: Engintron
content-encoding: gzip
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
date: Tue, 22 Oct 2024 13:57:08 GMT
content-type: text/html
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: nginx

GET
H2 200 pp_favicon_x.ico
hpc.gwq.mybluehost.me/wp-content/den/bu/file/ 5 KB
6 KB 299ms
108ms Other
image/x-icon 50.87.253.230
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hpc.gwq.mybluehost.me/wp-content/den/bu/file/pp_favicon_x.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.253.230 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2221.bluehost.com
Software: nginx/1.25.5 /
Resource Hash: 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://groomnzoom.hr/

Response headers

x-nginx-cache: WordPress
cache-control: max-age=31536000
expires: Wed, 22 Oct 2025 13:54:22 GMT
x-proxy-cache: HIT
x-server-cache: true
content-length: 5430
date: Tue, 22 Oct 2024 13:57:10 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/x-icon
last-modified: Sun, 06 Mar 2022 07:08:02 GMT
server: nginx/1.25.5
accept-ranges: bytes
x-endurance-cache-level: 2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| PAYPAL function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://groomnzoom.hr/wp-css/login.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://groomnzoom.hr/wp-css/file/sprite_countries_flag4.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://groomnzoom.hr/signin/client-log?_csrf=&currentUrl=https%3A%2F%2Fgroomnzoom.hr%2Fwp-css%2Flogin.html&logRecords=%5B%7B%22evt%22%3A%22HANDLE_AUTO_SEND%22%2C%22data%22%3A%22HANDLE_AUTO_SEND%22%2C%22calEvent%22%3Atrue%2C%22timestamp%22%3A1729605430295%7D%2C%7B%22evt%22%3A%22HANDLE_AUTO_SEND%22%2C%22data%22%3A%22NOT_AUTO_OTP%22%2C%22calEvent%22%3Atrue%2C%22timestamp%22%3A1729605430295%7D%2C%7B%22evt%22%3A%22context_correlation_id%22%2C%22instrument%22%3Atrue%7D%5D&intent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://groomnzoom.hr/signin/client-log?_csrf=&currentUrl=https%3A%2F%2Fgroomnzoom.hr%2Fwp-css%2Flogin.html&logRecords=%5B%7B%22evt%22%3A%22transition_name%22%2C%22data%22%3A%22cpl_prepare_login_ul%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22state_name%22%2C%22data%22%3A%22CPL_LATENCY_METRICS%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22login_experience%22%2C%22data%22%3A%22Hybrid%20Login%20Uncookied%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22login_auth_time%22%2C%22data%22%3A%22%7B%5C%22tt%5C%22%3Anull%7D%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22status%22%2C%22data%22%3A%22success%22%2C%22instrument%22%3Atrue%2C%22timestamp%22%3A1729605430289%7D%2C%7B%22evt%22%3A%22context_correlation_id%22%2C%22instrument%22%3Atrue%7D%5D&intent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bwwhr.com
groomnzoom.hr
hpc.gwq.mybluehost.me
www.paypalobjects.com
185.62.73.63
192.229.210.155
50.87.253.230
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
1c9dd1b0663ba2324632f0ffebb21112a92f039305241661c289c88af523cb1a
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
1f70ff447ed799a34f4c3ae37ef1f49ed4af71123ba2c2aefe354565354284be
21ee6b56608b7a83a61af6eda584b7b7840d340448bd22249b7a9372a5b33007
2ae6779c6c3579643ab6deb5cfb822e843bf637d006a4ec25d9857ec7fb6d8c1
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
700a77679026489f41073da5f16d705a0dd247602e3baa4ee0627e159aaf29c2
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7a8fac06e75d54f8998426d11a74b664ee572479d8ce2517dbd61f6810e9b99b
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
aa29aef7d5a9eb83a1a065e7dd432965ddb87a27149ad833426b759d7db3fcad
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
ce831b1b186e6f3f2fde05676e9f19010cc50c26b21f544b269003f58e6ab2b6
d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24

groomnzoom.hr Open in urlscan Pro 185.62.73.63 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

356 kBTransfer

1277 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

groomnzoom.hr Open in urlscan Pro
185.62.73.63 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

356 kB
Transfer

1277 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!