zek.spl.mybluehost.me Open in urlscan Pro
66.235.200.146 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bw57487sf.blogspot.com/
Effective URL:
https://zek.spl.mybluehost.me/BW/72323/
Submission: On October 28 via manual (October 28th 2021, 4:39:31 pm UTC) from DE — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 66.235.200.146, located in United States and belongs to CLOUDFLARENET, US. The main domain is zek.spl.mybluehost.me.
TLS certificate: Issued by R3 on October 18th 2021. Valid for: 3 months.

This is the only time zek.spl.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BW-Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
2 16	66.235.200.146 66.235.200.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2

2 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bw57487sf.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 66.235.200.146 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)
PTR: host77.ipowerweb.com

zek.spl.mybluehost.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	mybluehost.me 2 redirects zek.spl.mybluehost.me	412 KB
2	blogspot.com bw57487sf.blogspot.com	4 KB
16	2

	Domain	Requested by
16	zek.spl.mybluehost.me	2 redirects bw57487sf.blogspot.com zek.spl.mybluehost.me
2	bw57487sf.blogspot.com	bw57487sf.blogspot.com
16	2

This site contains no links.

Subject Issuer	Validity	Valid
misc-sni.blogspot.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.zek.spl.mybluehost.me R3	`2021-10-18` - `2022-01-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://zek.spl.mybluehost.me/BW/72323/
Frame ID: E958F60C87E93DFBBC0F1AA012EC47B5
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Kartenservice online

Page URL History Show full URLs

https://bw57487sf.blogspot.com/ Page URL
https://zek.spl.mybluehost.me/BW/ HTTP 302
https://zek.spl.mybluehost.me/BW/72323 HTTP 301
https://zek.spl.mybluehost.me/BW/72323/ Page URL

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

415 kB
Transfer

909 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bw57487sf.blogspot.com/ Page URL
https://zek.spl.mybluehost.me/BW/ HTTP 302
https://zek.spl.mybluehost.me/BW/72323 HTTP 301
https://zek.spl.mybluehost.me/BW/72323/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
bw57487sf.blogspot.com/ 2 KB
2 KB 739ms
700ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bw57487sf.blogspot.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ec71d095ccb22f8209e6b60e30de1c2fbf0febc19f34f2df8a549229ec08a3f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
expires: Thu, 28 Oct 2021 16:39:21 GMT
date: Thu, 28 Oct 2021 16:39:21 GMT
cache-control: private, max-age=0
last-modified: Thu, 28 Oct 2021 13:44:38 GMT
etag: W/"38a61f869762efc998c9d64d4133fbd4b40dc2f02190a932b7eacabf69d54385"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1186
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookienotice.js
bw57487sf.blogspot.com/js/ 6 KB
2 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bw57487sf.blogspot.com/js/cookienotice.js

Requested by

Host: bw57487sf.blogspot.com
URL: https://bw57487sf.blogspot.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bw57487sf.blogspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 14:23:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2026
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 13:50:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type: text/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
expires: Thu, 04 Nov 2021 14:23:54 GMT

GET
H2

200

Primary Request / Show response
zek.spl.mybluehost.me/BW/72323/
Redirect Chain

https://zek.spl.mybluehost.me/BW/
https://zek.spl.mybluehost.me/BW/72323
https://zek.spl.mybluehost.me/BW/72323/

14 KB
4 KB

19ms
18ms

Document
text/html

66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/
Requested by: Host: bw57487sf.blogspot.com
URL: https://bw57487sf.blogspot.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 753cff82cd309536d9dcf445a21b26594834081676931cea3bbb53bd730978d7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bw57487sf.blogspot.com/

Response headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-type: text/html
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: HIT
age: 1042
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a55998a2ffe2c32-FRA
content-encoding: gzip

Redirect headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-type: text/html; charset=iso-8859-1
location: https://zek.spl.mybluehost.me/BW/72323/
cf-cache-status: HIT
age: 1042
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6a55998a0fbe2c32-FRA

GET
H2 200 styles.64dab9890b01d2315c0f.css
zek.spl.mybluehost.me/BW/72323/style/ 471 B
373 B 32ms
31ms Stylesheet
text/css 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/styles.64dab9890b01d2315c0f.css
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 71f1c96b1046b0cd42e21811a283f0520020a62650093c12ae975ae3f5a54e0d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:22 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1042
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
cf-ray: 6a55998a58832c32-FRA
content-length: 288

GET
H2 200 ksobwb.css
zek.spl.mybluehost.me/BW/72323/style/ 214 KB
54 KB 16ms
15ms Stylesheet
text/css 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/ksobwb.css
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 379b96b1f067d332944dc8a9b11d646ae39b0dab959e942088d93d51459dc2c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-ray: 6a55998a58882c32-FRA

GET
H2 200 angular.min.js Show response
zek.spl.mybluehost.me/BW/72323/style/js/ 163 KB
69 KB 21ms
21ms Script
application/javascript 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/js/angular.min.js
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-ray: 6a55998a588b2c32-FRA

GET
H2 200 jquery.min.js Show response
zek.spl.mybluehost.me/BW/72323/style/js/ 286 KB
110 KB 25ms
24ms Script
application/javascript 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/js/jquery.min.js
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-ray: 6a55998a588d2c32-FRA

GET
H2 200 jquery.CardValidator.js Show response
zek.spl.mybluehost.me/BW/72323/style/js/ 6 KB
2 KB 21ms
21ms Script
application/javascript 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/js/jquery.CardValidator.js
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: bfa489820b4cff47140a8f1741f50f8bf752df013ac13388357ccef04600c8ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
cf-ray: 6a55998a588e2c32-FRA
content-length: 2203

GET
H2 200 jquery.validate.min.js Show response
zek.spl.mybluehost.me/BW/72323/style/js/ 49 KB
16 KB 24ms
24ms Script
application/javascript 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/js/jquery.validate.min.js
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 4722cc6e6ae20ebfa5b2101b4424df64b9db793fc22061f4b3ddcdc5bf6a4c63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
cf-ray: 6a55998a58922c32-FRA
content-length: 16733

GET
H2 200 jquery.mask.js Show response
zek.spl.mybluehost.me/BW/72323/style/js/ 18 KB
6 KB 20ms
20ms Script
application/javascript 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/js/jquery.mask.js
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
cf-ray: 6a55998a58932c32-FRA
content-length: 5606

GET
H2 200 bwbank-logo-mobile.png
zek.spl.mybluehost.me/BW/72323/style/ 5 KB
5 KB 16ms
16ms Image
image/png 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/bwbank-logo-mobile.png
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 5ecccf37d99d0cbd61e5548e217634997101d018c10ee50e53a392e67b0aea7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:22 GMT
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
cf-ray: 6a55998a99112c32-FRA
content-length: 4946

GET
H2 200 bwbank-logo-desktop.png
zek.spl.mybluehost.me/BW/72323/style/ 5 KB
5 KB 15ms
14ms Image
image/png 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/bwbank-logo-desktop.png
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 03e63f29a1ac9664f6ed1c78b1e0264115327a2aa2db9dd5ec7872ba49bbc007

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:22 GMT
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
cf-ray: 6a55998a99152c32-FRA
content-length: 5147

GET
H2 200 bwbank-logo-druck.png
zek.spl.mybluehost.me/BW/72323/style/ 15 KB
15 KB 19ms
19ms Image
image/png 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/bwbank-logo-druck.png
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: bd964f3665059fcb06470f662f2e18b623d37d0d475a0150aa64297479abf408

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://zek.spl.mybluehost.me/BW/72323/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:22 GMT
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
cf-ray: 6a55998ab9552c32-FRA
content-length: 15666

GET
H2 200 pictos-if.woff
zek.spl.mybluehost.me/BW/72323/style/ 48 KB
48 KB 17ms
16ms Font
font/woff 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/pictos-if.woff
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/style/ksobwb.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 56666c32c5c048a791e99fafef70d3791d6d5c6d350771ffbb4e2119df335f03

Request headers

Referer: https://zek.spl.mybluehost.me/BW/72323/style/ksobwb.css
Origin: https://zek.spl.mybluehost.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:22 GMT
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
cf-ray: 6a55998ab9622c32-FRA
content-length: 48676

GET
H2 200 Sparkasse_web_Rg.woff
zek.spl.mybluehost.me/BW/72323/style/ 41 KB
41 KB 20ms
19ms Font
font/woff 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/Sparkasse_web_Rg.woff
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/style/ksobwb.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: 0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451

Request headers

Referer: https://zek.spl.mybluehost.me/BW/72323/style/ksobwb.css
Origin: https://zek.spl.mybluehost.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:22 GMT
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
cf-ray: 6a55998ab9662c32-FRA
content-length: 41472

GET
H2 200 Sparkasse_web_Bd.woff
zek.spl.mybluehost.me/BW/72323/style/ 36 KB
36 KB 19ms
18ms Font
font/woff 66.235.200.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zek.spl.mybluehost.me/BW/72323/style/Sparkasse_web_Bd.woff
Requested by: Host: zek.spl.mybluehost.me
URL: https://zek.spl.mybluehost.me/BW/72323/style/ksobwb.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.235.200.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS: host77.ipowerweb.com
Software: cloudflare /
Resource Hash: e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002

Request headers

Referer: https://zek.spl.mybluehost.me/BW/72323/style/ksobwb.css
Origin: https://zek.spl.mybluehost.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:39:22 GMT
cf-cache-status: HIT
last-modified: Thu, 28 Oct 2021 16:21:58 GMT
server: cloudflare
age: 1041
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
cf-ray: 6a55998ab9672c32-FRA
content-length: 36892

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BW-Bank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bw57487sf.blogspot.com
zek.spl.mybluehost.me
2a00:1450:4001:827::2001
66.235.200.146
03e63f29a1ac9664f6ed1c78b1e0264115327a2aa2db9dd5ec7872ba49bbc007
0e9eb66a1b33ae648ada3c56eb55fa149c4f1b88316b5a7255ca9b076740f451
379b96b1f067d332944dc8a9b11d646ae39b0dab959e942088d93d51459dc2c9
4722cc6e6ae20ebfa5b2101b4424df64b9db793fc22061f4b3ddcdc5bf6a4c63
56666c32c5c048a791e99fafef70d3791d6d5c6d350771ffbb4e2119df335f03
5ecccf37d99d0cbd61e5548e217634997101d018c10ee50e53a392e67b0aea7a
692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d
71f1c96b1046b0cd42e21811a283f0520020a62650093c12ae975ae3f5a54e0d
753cff82cd309536d9dcf445a21b26594834081676931cea3bbb53bd730978d7
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
bd964f3665059fcb06470f662f2e18b623d37d0d475a0150aa64297479abf408
bfa489820b4cff47140a8f1741f50f8bf752df013ac13388357ccef04600c8ab
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
e9b9f03e1a75cf22118a30e0503f346e8efb6859276d418e7d1a9a07f73f7002
ec71d095ccb22f8209e6b60e30de1c2fbf0febc19f34f2df8a549229ec08a3f2

zek.spl.mybluehost.me Open in urlscan Pro 66.235.200.146 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

415 kBTransfer

909 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

zek.spl.mybluehost.me Open in urlscan Pro
66.235.200.146 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

415 kB
Transfer

909 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!