To start off researching the website ziprecrulter.cx, I submitted the domain to VirusTotal to see if anyone else had reported suspicious activity from it.
So far this seems to be a good place to start, this domain has been previously reported so it’s not a new threat to users, however, an intriguing factor was the final URL is the legitimate ZipRecruiter login page. The final URL is when a user ends up after clicking an advertisement.
The serving IP address 126.96.36.199 doesn’t yield much useful information, the range appears to originate from Russia but that cannot be proven within 100% certainty.
Taking the URL over to Whois leads to finding out who actually owns and has registered this specific domain.
Doing a quick search of the name Harold Wright doesn’t provide many useful details, however, when searching for ZipRecruiter and this name there is a case docket from WIPO Arbitration and Mediation Center. This document details how ZipRecruiter has requested that this site be taken down due to its misleading nature.
Another interesting fact is that the physical address does not actually exist which could further prove that this site has malicious intentions.