URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Tags: c2 malware blacknet
Submission: On December 28 via api from CA

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 2a02:4780:dead:2925::1, located in United States and belongs to AWEX, US. The main domain is xblackeyex.000webhostapp.com.
This is the only time xblackeyex.000webhostapp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 2a02:4780:dea... 204915 (AWEX)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
12 4
Domain
Subdomains
Transfer
9 000webhostapp.com
221 KB
1 gstatic.com
91 KB
1 000webhost.com
2 KB
1 google.com
553 B
12 4
Domain Requested by
9 xblackeyex.000webhostapp.com xblackeyex.000webhostapp.com
1 www.gstatic.com www.google.com
1 cdn.000webhost.com xblackeyex.000webhostapp.com
1 www.google.com xblackeyex.000webhostapp.com
12 4

This site contains links to these domains. Also see Links.

Domain
www.000webhost.com
Subject / Issuer Validity Valid
www.google.com
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months
*.000webhost.com
COMODO RSA Domain Validation Secure Server CA
2018-10-19 -
2020-12-17
2 years
*.google.com
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Web
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Web
Overall confidence: 100%
Detected patterns
  • script /\/recaptcha\/api\.js/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set login.php
/blacknet
8 KB
3 KB
Document
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
e9b49b55df99fd01ae05130599d6203f878c3a55f83c063ae4560167d0679200
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
xblackeyex.000webhostapp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
PHPSESSID=kj75evlf8pjvhuabha6snb66fi; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Server
awex
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Request-ID
3b86a75f551c9eff795b05f21d1cfbac
Content-Encoding
gzip
bootstrap.min.css
/blacknet/asset/vendor/bootstrap/css
156 KB
29 KB
Stylesheet
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/vendor/bootstrap/css/bootstrap.min.css
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:31 GMT
Server
awex
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-ID
911cf658d243fcc4ac511c325216c960
all.min.css
/blacknet/asset/vendor/fontawesome-free/css
56 KB
14 KB
Stylesheet
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/vendor/fontawesome-free/css/all.min.css
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
f8de3f57f49b005896d4c3c10979df9cff5048ddfe29ebbe36507ed1ebff60a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:32 GMT
Server
awex
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-ID
942c8650d98e6d8250d83f111b509814
sb-admin.css
/blacknet/asset/css
215 KB
36 KB
Stylesheet
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/css/sb-admin.css
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
19958ea17fa4e2911a651494b9741fcc59dc9f43833c15a88573f356b30d6f36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:31 GMT
Server
awex
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-ID
a70adca63de922a33ea97b1dac1a6a63
jquery.min.js
/blacknet/asset/vendor/jquery
86 KB
35 KB
Script
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/vendor/jquery/jquery.min.js
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:42 GMT
Server
awex
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-ID
3482a4a77137a266746bc60c542ef9b8
bootstrap.bundle.min.js
/blacknet/asset/vendor/bootstrap/js
79 KB
27 KB
Script
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/vendor/bootstrap/js/bootstrap.bundle.min.js
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:31 GMT
Server
awex
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-ID
4183ae5e4268f52e24858a862f5277ee
jquery.easing.min.js
/blacknet/asset/vendor/jquery-easing
2 KB
1 KB
Script
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/vendor/jquery-easing/jquery.easing.min.js
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:42 GMT
Server
awex
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
keep-alive
X-Xss-Protection
1; mode=block
X-Request-ID
3ea6447f82e9a99bd18ac36ee1916891
sb-admin.min.js
/blacknet/asset/js
930 B
1 KB
Script
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/js/sb-admin.min.js
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
6cfcd622c16bf43a40626edd168b4f5d23dfe5584a9a5a166074e5d6a1fa71e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:31 GMT
Server
awex
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
930
X-Xss-Protection
1; mode=block
X-Request-ID
b3d220dc12c12ba3da959add567d79d1
api.js
www.google.com/recaptcha
729 B
553 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
f56590ff7b66d0ef4efd7f17a3884b0a4a90da850ec6e561492b7f3fc1e72967
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Dec 2019 22:20:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
462
x-xss-protection
1; mode=block
expires
Sat, 28 Dec 2019 22:20:08 GMT
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo
2 KB
2 KB
Image
General
Full URL
https://cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:432e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 28 Dec 2019 22:20:08 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3149
cf-polished
origFmt=png, origSize=2046
status
200
content-disposition
inline; filename="footer-powered-by-000webhost-white2.webp"
strict-transport-security
max-age=2592000
x-hostinger-datacenter
srv
content-length
1696
x-xss-protection
1; mode=block
last-modified
Mon, 23 Dec 2019 15:46:19 GMT
server
cloudflare
x-frame-options
sameorigin
etag
"5e00e14b-7fe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cf-bgj
imgq:100
cache-control
public, max-age=14400
x-hostinger-node
nl-srv-cdn1
accept-ranges
bytes
cf-ray
54c6eb789cf6bec9-FRA
expires
Sun, 29 Dec 2019 02:20:08 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn
254 KB
91 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/mhgGrlTs_PbFQOW4ejlxlxZn/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c2cca14e4dbf2994f90b91ef01ec4d6eb6b560b429d028317d624d9b5f4bdcb0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://xblackeyex.000webhostapp.com/blacknet/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 09 Dec 2019 17:50:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 09 Dec 2019 05:03:14 GMT
server
sffe
age
1657793
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
92878
x-xss-protection
0
expires
Tue, 08 Dec 2020 17:50:15 GMT
fa-solid-900.woff2
/blacknet/asset/vendor/fontawesome-free/webfonts
74 KB
74 KB
Font
General
Full URL
http://xblackeyex.000webhostapp.com/blacknet/asset/vendor/fontawesome-free/webfonts/fa-solid-900.woff2
Requested by
Host: xblackeyex.000webhostapp.com
URL: http://xblackeyex.000webhostapp.com/blacknet/login.php
Protocol
HTTP/1.1
Server
2a02:4780:dead:2925::1 , United States, ASN204915 (AWEX, US),
Reverse DNS
Software
awex /
Resource Hash
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://xblackeyex.000webhostapp.com/blacknet/asset/vendor/fontawesome-free/css/all.min.css
Origin
http://xblackeyex.000webhostapp.com

Response headers

Date
Sat, 28 Dec 2019 22:20:08 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Dec 2019 12:55:42 GMT
Server
awex
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
75728
X-Xss-Protection
1; mode=block
X-Request-ID
dcf815ff1e84498e91b6be984b6f453c

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| bootstrap object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage object| recaptcha

1 Cookies

Domain/Path Name / Value
xblackeyex.000webhostapp.com/ Name: PHPSESSID
Value: kj75evlf8pjvhuabha6snb66fi

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block