glad-nonavailabilit.000webhostapp.com
Open in
urlscan Pro
145.14.144.198
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On March 07 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on July 11th 2023. Valid for: a year.
This is the only time glad-nonavailabilit.000webhostapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 145.14.144.198 145.14.144.198 | 204915 (AWEX) (AWEX) | |
9 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
000webhostapp.com
glad-nonavailabilit.000webhostapp.com |
100 KB |
0 |
000webhost.com
Failed
www.000webhost.com Failed |
|
9 | 2 |
Domain | Requested by | |
---|---|---|
8 | glad-nonavailabilit.000webhostapp.com |
glad-nonavailabilit.000webhostapp.com
|
0 | www.000webhost.com Failed |
glad-nonavailabilit.000webhostapp.com
|
9 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.000webhost.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhostapp.com RapidSSL TLS RSA CA G1 |
2023-07-11 - 2024-08-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://glad-nonavailabilit.000webhostapp.com/main.php.html
Frame ID: F5341F7D021AC20A48DD5C8D4F738AD6
Requests: 10 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
main.php.html
glad-nonavailabilit.000webhostapp.com/ |
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.3c9dcec00d5a12b9aa18.css
glad-nonavailabilit.000webhostapp.com/lib/ |
81 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1f1f2-1f1fe.png
glad-nonavailabilit.000webhostapp.com/lib/img-apple-160/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
powered-by-000webhost.png
www.000webhost.com/static/default.000webhost.com/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
glad-nonavailabilit.000webhostapp.com/ |
87 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
glad-nonavailabilit.000webhostapp.com/req/ |
926 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat-bg-br.f34cc96fbfb048812820.html
glad-nonavailabilit.000webhostapp.com/lib/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat-bg-pattern-light.ee148af944f6580293ae.html
glad-nonavailabilit.000webhostapp.com/lib/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegram-logo.1b2bb5b107f046ea9325.svg
glad-nonavailabilit.000webhostapp.com/lib/ |
932 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
244 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.000webhost.com
- URL
- https://www.000webhost.com/static/default.000webhost.com/images/powered-by-000webhost.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| phoneNumberInput string| phoneNumber string| botToken function| sendMessageToBot object| nextButton object| flag object| backdrop object| backd object| inpHp object| btnnext function| set_item function| aktip function| loadd0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
glad-nonavailabilit.000webhostapp.com
www.000webhost.com
www.000webhost.com
145.14.144.198
6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef
6c5b1e0817a7504af4900ccb7ea89256070d1fa4c9e773292a3774d04f647f82
99e331dae39369d9f6797d85fd3f89c8861b7149b401702a5faf90e764396621
ade1ddec66f6e98e30d8a56b01e7dd9d2c84a8f4dac51bc88d2ab5bc6e5d1a62
c5a5b75c149ec406ae9836953183221a13b7407568ac7cd2c3bd1ddb58c2baf6
d93e464d04810911e62fe58d34f9357b5c4d99c27a93ea1ec8e4c0797c785a8f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d