000uu-se.000webhostapp.com Open in urlscan Pro
145.14.144.154  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Outlook.html Show response 000uu-se.000webhostapp.com/mail.uu.se/	61 KB 30 KB	513ms 148ms	Document text/html	145.14.144.154 AWEX
General Check archive.org Show headers Download Go to Full URL https://000uu-se.000webhostapp.com/mail.uu.se/Outlook.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 145.14.144.154 , Netherlands, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash 41ab14f0dfb5e654703a5521e8543f73952d2e6183e9e3bfea3d092f7e611f0e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 accept-language se-SE,se;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 06 Oct 2022 14:24:44 GMT server awex x-content-type-options nosniff x-request-id 2854c50840ce3ce0afbbdf6d2773c359 x-xss-protection 1; mode=block
GET DATA	200 OK	truncated /	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1662381b1969f92188f0789e9549fd2c256c4add98a78951fe4f39a850db49cc Request headers accept-language se-SE,se;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a Request headers accept-language se-SE,se;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 11321a7b443ed9907ad08eeddf1e9c1e9665c4a19715cfaeacad0919d9d4f0e7 Request headers accept-language se-SE,se;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Content-Type image/png
GET H2	200	footer-powered-by-000webhost-white2.png cdn.000webhost.com/000webhost/logo/	2 KB 2 KB	130ms 48ms	Image image/webp	104.19.185.120 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png Requested by Host: 000uu-se.000webhostapp.com URL: https://000uu-se.000webhostapp.com/mail.uu.se/Outlook.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.19.185.120 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5 Security Headers Name Value Strict-Transport-Security max-age=2592000 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://000uu-se.000webhostapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Thu, 06 Oct 2022 14:24:45 GMT strict-transport-security max-age=2592000 x-content-type-options nosniff cf-cache-status HIT age 3523 cf-polished origFmt=png, origSize=2046 content-disposition inline; filename="footer-powered-by-000webhost-white2.webp" x-hostinger-datacenter srv alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1696 x-xss-protection 1; mode=block cf-bgj imgq:100,h2pri last-modified Tue, 23 Aug 2022 11:07:16 GMT server cloudflare etag "6304b4e4-7fe" vary Accept x-frame-options sameorigin content-type image/webp cache-control public, max-age=14400 x-hostinger-node nl-srv-cdn2 accept-ranges bytes cf-ray 755f0ff9581e95e4-ARN expires Thu, 06 Oct 2022 18:24:45 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a Request headers accept-language se-SE,se;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Content-Type image/png
GET H2	404	cta-button.png 000uu-se.000webhostapp.com/mail.uu.se/UU-images/	18 KB 18 KB	149ms 148ms	Image text/html	145.14.144.154 AWEX
General Check archive.org Show headers Download Go to Show image Full URL https://000uu-se.000webhostapp.com/mail.uu.se/UU-images/cta-button.png Requested by Host: 000uu-se.000webhostapp.com URL: https://000uu-se.000webhostapp.com/mail.uu.se/Outlook.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 145.14.144.154 , Netherlands, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash 68f99278dfb6d0ec9cd0087d2e8f22bff0ccd2b02e3fca72d56f81438d70dc55 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://000uu-se.000webhostapp.com/mail.uu.se/Outlook.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Thu, 06 Oct 2022 14:24:45 GMT content-encoding gzip x-content-type-options nosniff server awex x-xss-protection 1; mode=block x-request-id 33b6b2a37974ed94dc1e97c58b75bc04 content-type text/html; charset=UTF-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| initLogon function| redir function| shw function| hd function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr object| mainLogonDiv boolean| showPlaceholderText string| mainLogonDivClassName function| setPlaceholderText function| showPasswordClick function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			000uu-se.000webhostapp.com/mail.uu.se	1969-12-31 23:59:59	Name: cookieTest Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://000uu-se.000webhostapp.com/mail.uu.se/UU-images/cta-button.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

000uu-se.000webhostapp.com
cdn.000webhost.com
104.19.185.120
145.14.144.154
11321a7b443ed9907ad08eeddf1e9c1e9665c4a19715cfaeacad0919d9d4f0e7
1662381b1969f92188f0789e9549fd2c256c4add98a78951fe4f39a850db49cc
41ab14f0dfb5e654703a5521e8543f73952d2e6183e9e3bfea3d092f7e611f0e
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
68f99278dfb6d0ec9cd0087d2e8f22bff0ccd2b02e3fca72d56f81438d70dc55
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5