vfrcnfgsd.000webhostapp.com Open in urlscan Pro
2a02:4780:dead:67cc::1  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response vfrcnfgsd.000webhostapp.com/	9 KB 4 KB	332ms 111ms	Document text/html	2a02:4780:dead:67cc::1 AWEX
General Check archive.org Show headers Download Go to Full URL https://vfrcnfgsd.000webhostapp.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:4780:dead:67cc::1 , United States, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash cc715640da37279ac1790646dc4a273eed2333551434c518040dcd737782e1f2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority vfrcnfgsd.000webhostapp.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:37 GMT content-type text/html; charset=UTF-8 server awex x-xss-protection 1; mode=block x-content-type-options nosniff x-request-id 719ee8833cffe606bd35e3b944dd5bf0 content-encoding gzip
GET H2	200	bootstrap.min7b94.css vfrcnfgsd.000webhostapp.com/Content/	121 KB 25 KB	111ms 110ms	Stylesheet text/css	2a02:4780:dead:67cc::1 AWEX
General Check archive.org Show headers Download Go to Full URL https://vfrcnfgsd.000webhostapp.com/Content/bootstrap.min7b94.css Requested by Host: vfrcnfgsd.000webhostapp.com URL: https://vfrcnfgsd.000webhostapp.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:4780:dead:67cc::1 , United States, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash 842ecd7fb6b4d5c497f50da917974a93eeb82406868507fb185d3de51add9288 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :path /Content/bootstrap.min7b94.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority vfrcnfgsd.000webhostapp.com referer https://vfrcnfgsd.000webhostapp.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://vfrcnfgsd.000webhostapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:37 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 27 May 2021 10:15:45 GMT server awex content-type text/css x-xss-protection 1; mode=block x-request-id 8f8ede85c06c69b3247c95caa2500b03
GET H2	200	default.minff96.css vfrcnfgsd.000webhostapp.com/Content/	989 KB 155 KB	219ms 218ms	Stylesheet text/css	2a02:4780:dead:67cc::1 AWEX
General Check archive.org Show headers Download Go to Full URL https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css Requested by Host: vfrcnfgsd.000webhostapp.com URL: https://vfrcnfgsd.000webhostapp.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:4780:dead:67cc::1 , United States, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash 66c33aa7e0f057383b7c4593e17756c5592b681cda15db8ab4b8bc254f631410 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :path /Content/default.minff96.css pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority vfrcnfgsd.000webhostapp.com referer https://vfrcnfgsd.000webhostapp.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://vfrcnfgsd.000webhostapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:37 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 27 May 2021 10:15:46 GMT server awex content-type text/css x-xss-protection 1; mode=block x-request-id 815b77a575c6a997b209a73930389933
GET H2	200	footer-powered-by-000webhost-white2.png cdn.000webhost.com/000webhost/logo/	2 KB 2 KB	65ms 29ms	Image image/webp	2606:4700::6812:6b08 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png Requested by Host: vfrcnfgsd.000webhostapp.com URL: https://vfrcnfgsd.000webhostapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:6b08 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5 Security Headers Name Value Strict-Transport-Security max-age=2592000 X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1; mode=block Request headers Referer https://vfrcnfgsd.000webhostapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:37 GMT x-content-type-options nosniff cf-cache-status HIT age 104 cf-polished origFmt=png, origSize=2046 content-disposition inline; filename="footer-powered-by-000webhost-white2.webp" cf-bgj imgq:100,h2pri x-hostinger-datacenter srv alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1696 x-xss-protection 1; mode=block last-modified Wed, 19 May 2021 20:28:16 GMT server cloudflare x-frame-options sameorigin etag "60a574e0-7fe" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=2592000 content-type image/webp vary Accept cache-control public, max-age=14400 x-hostinger-node nl-srv-cdn1 cf-request-id 0a4ffc738f0000dffb9eb29000000001 accept-ranges bytes cf-ray 656030327a97dffb-FRA expires Thu, 27 May 2021 19:13:37 GMT
GET H2	200	logo.svg vfrcnfgsd.000webhostapp.com/Images/default/	5 KB 2 KB	110ms 110ms	Image image/svg+xml	2a02:4780:dead:67cc::1 AWEX
General Check archive.org Show headers Download Go to Show image Full URL https://vfrcnfgsd.000webhostapp.com/Images/default/logo.svg Requested by Host: vfrcnfgsd.000webhostapp.com URL: https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:4780:dead:67cc::1 , United States, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash b4ff0e55e735bcecbe65b3d851306ed458d3ef865d108b74dbc107ead609a17a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :path /Images/default/logo.svg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority vfrcnfgsd.000webhostapp.com referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css :scheme https sec-fetch-site same-origin :method GET Referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:38 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 27 May 2021 10:15:39 GMT server awex content-type image/svg+xml x-xss-protection 1; mode=block x-request-id 6947f6e65da57330a894d1959ab15e11
GET H2	200	68-Gisela-Zoratto_desierto&oasis.jpg vfrcnfgsd.000webhostapp.com/Images/art/	126 KB 126 KB	110ms 110ms	Image image/jpeg	2a02:4780:dead:67cc::1 AWEX
General Check archive.org Show headers Download Go to Show image Full URL https://vfrcnfgsd.000webhostapp.com/Images/art/68-Gisela-Zoratto_desierto&oasis.jpg Requested by Host: vfrcnfgsd.000webhostapp.com URL: https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:4780:dead:67cc::1 , United States, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash 9fc44b6928a5ede91bd14be21b94d50a9b6d19643df3763a9fac4065db68c290 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :path /Images/art/68-Gisela-Zoratto_desierto&oasis.jpg pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority vfrcnfgsd.000webhostapp.com referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css :scheme https sec-fetch-site same-origin :method GET Referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:38 GMT x-content-type-options nosniff last-modified Thu, 27 May 2021 10:15:39 GMT server awex content-type image/jpeg accept-ranges bytes content-length 128716 x-xss-protection 1; mode=block x-request-id 0c1987ece8a4a8f1ef93b01e26536bdd
GET H2	200	Inter-Regular.woff2 vfrcnfgsd.000webhostapp.com/Content/fonts/	87 KB 88 KB	111ms 111ms	Font text/plain	2a02:4780:dead:67cc::1 AWEX
General Check archive.org Show headers Download Go to Full URL https://vfrcnfgsd.000webhostapp.com/Content/fonts/Inter-Regular.woff2 Requested by Host: vfrcnfgsd.000webhostapp.com URL: https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:4780:dead:67cc::1 , United States, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash 22a3819d8ceb114522985c86b80ec00506f72978aa240b444ad5029c1cd57ece Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :path /Content/fonts/Inter-Regular.woff2 pragma no-cache origin https://vfrcnfgsd.000webhostapp.com accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest font :authority vfrcnfgsd.000webhostapp.com referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css :scheme https sec-fetch-site same-origin :method GET Origin https://vfrcnfgsd.000webhostapp.com Referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:38 GMT x-content-type-options nosniff last-modified Thu, 27 May 2021 10:17:06 GMT server awex accept-ranges bytes content-length 89212 x-xss-protection 1; mode=block x-request-id 5ef2ce10e534b945189faa14f71dba0c
GET H2	200	fontawesome-webfont.woff2 vfrcnfgsd.000webhostapp.com/Content/fonts/	75 KB 76 KB	111ms 111ms	Font text/plain	2a02:4780:dead:67cc::1 AWEX
General Check archive.org Show headers Download Go to Full URL https://vfrcnfgsd.000webhostapp.com/Content/fonts/fontawesome-webfont.woff2 Requested by Host: vfrcnfgsd.000webhostapp.com URL: https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:4780:dead:67cc::1 , United States, ASN204915 (AWEX, CY), Reverse DNS Software awex / Resource Hash 42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :path /Content/fonts/fontawesome-webfont.woff2 pragma no-cache origin https://vfrcnfgsd.000webhostapp.com accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest font :authority vfrcnfgsd.000webhostapp.com referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css :scheme https sec-fetch-site same-origin :method GET Origin https://vfrcnfgsd.000webhostapp.com Referer https://vfrcnfgsd.000webhostapp.com/Content/default.minff96.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 27 May 2021 15:13:38 GMT x-content-type-options nosniff last-modified Thu, 27 May 2021 10:16:31 GMT server awex accept-ranges bytes content-length 77160 x-xss-protection 1; mode=block x-request-id 378ba52da2c7159adb71012e6b8dbc32

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Galicia (Banking)

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| getCookie undefined| wordpressAdminBody object| notification object| hostingerLogo undefined| mainContent undefined| googleFont undefined| css undefined| style undefined| sheet undefined| button undefined| link undefined| mainContentHolder undefined| h1Tag undefined| h2Tag undefined| paragraph undefined| list undefined| org_html undefined| new_html undefined| saleImage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.000webhost.com
vfrcnfgsd.000webhostapp.com
2606:4700::6812:6b08
2a02:4780:dead:67cc::1
22a3819d8ceb114522985c86b80ec00506f72978aa240b444ad5029c1cd57ece
42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b
66c33aa7e0f057383b7c4593e17756c5592b681cda15db8ab4b8bc254f631410
842ecd7fb6b4d5c497f50da917974a93eeb82406868507fb185d3de51add9288
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
9fc44b6928a5ede91bd14be21b94d50a9b6d19643df3763a9fac4065db68c290
b4ff0e55e735bcecbe65b3d851306ed458d3ef865d108b74dbc107ead609a17a
cc715640da37279ac1790646dc4a273eed2333551434c518040dcd737782e1f2