urlscan.io logo urlscan.io
SecurityTrails logo

a5000-10501900.000webhostapp.com Open in urlscan Pro
2a02:4780:dead:db4e::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://a5000-10501900.000webhostapp.com/comfrim.html
Submission: On October 14 via automatic, source openphish — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 2a02:4780:dead:db4e::1, located in United States and belongs to AWEX, CY. The main domain is a5000-10501900.000webhostapp.com.
TLS certificate: Issued by RapidSSL Global TLS RSA4096 SHA256 20... on August 4th 2022. Valid for: a year.
This is the only time a5000-10501900.000webhostapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
3 2a02:4780:dea... 204915 (AWEX)
1 54.166.228.212 14618 (AMAZON-AES)
4 2
Domain Requested by
3 a5000-10501900.000webhostapp.com a5000-10501900.000webhostapp.com
1 parthenonpub.com a5000-10501900.000webhostapp.com
4 2

This site contains no links.

Subject Issuer Validity Valid
*.000webhostapp.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2022-08-04 -
2023-07-10		 a year crt.sh
parthenonpub.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://a5000-10501900.000webhostapp.com/comfrim.html
Frame ID: A384FCFB6C3E8459C6637FE8F6B7BA9F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Center

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

13 kB
Transfer

14 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request comfrim.html
a5000-10501900.000webhostapp.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a5000-10501900.000webhostapp.com/comfrim.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:db4e::1 , United States, ASN204915 (AWEX, CY),
Reverse DNS
Software
awex /
Resource Hash
f18a3bffcc1c4e1190f671af26f366baaaf1ec19929f217db9ecdc7583d2aad4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 02:38:13 GMT
server
awex
x-content-type-options
nosniff
x-request-id
0e59a3283c7410986db48c55ebb040ba
x-xss-protection
1; mode=block
F8n3WrEc0r.png
a5000-10501900.000webhostapp.com/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a5000-10501900.000webhostapp.com/F8n3WrEc0r.png
Requested by
Host: a5000-10501900.000webhostapp.com
URL: https://a5000-10501900.000webhostapp.com/comfrim.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:db4e::1 , United States, ASN204915 (AWEX, CY),
Reverse DNS
Software
awex /
Resource Hash
91252e877e09c401110e603eaf0ff8eb78f7e38c1316db14f131fcb3f896bbb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://a5000-10501900.000webhostapp.com/comfrim.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 02:38:13 GMT
x-content-type-options
nosniff
last-modified
Thu, 13 Oct 2022 12:07:59 GMT
server
awex
content-type
image/png
accept-ranges
bytes
content-length
6331
x-xss-protection
1; mode=block
x-request-id
f3a3f026de1204a0f6a00076f57f81e7
529595_10151321125866886_823390621_n.png
parthenonpub.com/assets/2014/05/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://parthenonpub.com/assets/2014/05/529595_10151321125866886_823390621_n.png
Requested by
Host: a5000-10501900.000webhostapp.com
URL: https://a5000-10501900.000webhostapp.com/comfrim.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
54.166.228.212 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-166-228-212.compute-1.amazonaws.com
Software
Apache /
Resource Hash
1c9545d7577caf86c0db9072cea4ba23af0e18ae7e6dcf1c51d15fda8a24cb3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://a5000-10501900.000webhostapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 14 Oct 2022 02:38:14 GMT
X-Content-Type-Options
nosniff
X-Original-Content-Length
10801
Server
Apache
Etag
W/"PSA-aj-h42pxpkjKq"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=22
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=100
Content-Length
4836
Expires
Fri, 14 Oct 2022 02:38:37 GMT
script.js
a5000-10501900.000webhostapp.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://a5000-10501900.000webhostapp.com/script.js
Requested by
Host: a5000-10501900.000webhostapp.com
URL: https://a5000-10501900.000webhostapp.com/comfrim.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:db4e::1 , United States, ASN204915 (AWEX, CY),
Reverse DNS
Software
awex /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://a5000-10501900.000webhostapp.com/comfrim.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 02:38:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
awex
x-xss-protection
1; mode=block
x-request-id
6d9538434b4d9409ce51d4727032147d
content-type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://a5000-10501900.000webhostapp.com/script.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://a5000-10501900.000webhostapp.com/comfrim.html
Message:
Refused to execute script from 'https://a5000-10501900.000webhostapp.com/script.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a5000-10501900.000webhostapp.com
parthenonpub.com
2a02:4780:dead:db4e::1
54.166.228.212
1c9545d7577caf86c0db9072cea4ba23af0e18ae7e6dcf1c51d15fda8a24cb3f
91252e877e09c401110e603eaf0ff8eb78f7e38c1316db14f131fcb3f896bbb4
f18a3bffcc1c4e1190f671af26f366baaaf1ec19929f217db9ecdc7583d2aad4