000uu-se.000webhostapp.com
Open in
urlscan Pro
145.14.144.154
Malicious Activity!
Public Scan
Submission: On October 06 via manual from SE — Scanned from SE
Summary
TLS certificate: Issued by RapidSSL Global TLS RSA4096 SHA256 20... on August 4th 2022. Valid for: a year.
This is the only time 000uu-se.000webhostapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 145.14.144.154 145.14.144.154 | 204915 (AWEX) (AWEX) | |
1 | 104.19.185.120 104.19.185.120 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
000webhostapp.com
000uu-se.000webhostapp.com |
48 KB |
1 |
000webhost.com
cdn.000webhost.com — Cisco Umbrella Rank: 394734 |
2 KB |
3 | 2 |
Domain | Requested by | |
---|---|---|
2 | 000uu-se.000webhostapp.com |
000uu-se.000webhostapp.com
|
1 | cdn.000webhost.com |
000uu-se.000webhostapp.com
|
3 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.uu.se |
outlook.com |
www.000webhost.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhostapp.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1 |
2022-08-04 - 2023-07-10 |
a year | crt.sh |
*.000webhost.com Sectigo RSA Domain Validation Secure Server CA |
2022-01-17 - 2023-01-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://000uu-se.000webhostapp.com/mail.uu.se/Outlook.html
Frame ID: CDDB8D89AA87D1854D7713898CBFBEBE
Requests: 7 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Webmail student
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Outlook.html
000uu-se.000webhostapp.com/mail.uu.se/ |
61 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cta-button.png
000uu-se.000webhostapp.com/mail.uu.se/UU-images/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)58 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| initLogon function| redir function| shw function| hd function| clkSecExp function| kdSecExp function| clkSec function| clkBsc function| checkSubmit function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr object| mainLogonDiv boolean| showPlaceholderText string| mainLogonDivClassName function| setPlaceholderText function| showPasswordClick function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
000uu-se.000webhostapp.com/mail.uu.se | Name: cookieTest Value: 1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
000uu-se.000webhostapp.com
cdn.000webhost.com
104.19.185.120
145.14.144.154
11321a7b443ed9907ad08eeddf1e9c1e9665c4a19715cfaeacad0919d9d4f0e7
1662381b1969f92188f0789e9549fd2c256c4add98a78951fe4f39a850db49cc
41ab14f0dfb5e654703a5521e8543f73952d2e6183e9e3bfea3d092f7e611f0e
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
68f99278dfb6d0ec9cd0087d2e8f22bff0ccd2b02e3fca72d56f81438d70dc55
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5