ddeww.000webhostapp.com Open in urlscan Pro
2a02:4780:dead:6063::1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ddeww.000webhostapp.com/verify.php?email=
Submission: On July 07 via automatic, source phishtank (July 7th 2018, 1:49:18 pm UTC)

Summary HTTP 16 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 7 domains to perform 16 HTTP transactions. The main IP is 2a02:4780:dead:6063::1, located in Lithuania and belongs to AWEX, US. The main domain is ddeww.000webhostapp.com.

This is the only time ddeww.000webhostapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	2a02:4780:dea... 2a02:4780:dead:6063::1	204915 (AWEX) (AWEX)
8	202.65.210.237 202.65.210.237	9584 (GENESIS-A...) (GENESIS-AP Diyixian.com Limited)
2	2.16.186.83 2.16.186.83	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	212.72.4.128 212.72.4.128	28885 (OMANTEL-N...) (OMANTEL-NAP-AS OmanTel NAP)
1 1	151.139.237.11 151.139.237.11	54104 (AS-STACKPATH) (AS-STACKPATH - netDNA)
1	151.101.112.133 151.101.112.133	54113 (FASTLY) (FASTLY - Fastly)
1	8.37.113.246 8.37.113.246	54761 (ARIN-SAMB...) (ARIN-SAMBREEL-SVCS - Sambreel Services)
16	6

3 2a02:4780:dead:6063::1 (Lithuania)

ASN204915 (AWEX, US)

ddeww.000webhostapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 202.65.210.237 (Hong Kong)

ASN9584 (GENESIS-AP Diyixian.com Limited, HK)
PTR: static-ip-237-210-65-202.rev.dyxnet.com

mail.gangshitape.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.83 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-83.deploy.static.akamaitechnologies.com

apimyeyeperformc-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.72.4.128 (Oman)

ASN28885 (OMANTEL-NAP-AS OmanTel NAP, OM)
PTR: mail.omantel.net.om

mail.omantel.net.om	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.237.11 (Dallas, United States) 1 redirects

ASN54104 (AS-STACKPATH - netDNA, US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.133 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

raw.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.37.113.246 (United States)

ASN54761 (ARIN-SAMBREEL-SVCS - Sambreel Services, LLC, US)

jsl.infostatsvc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	gangshitape.com mail.gangshitape.com	18 KB
3	000webhostapp.com ddeww.000webhostapp.com	21 KB
2	akamaihd.net apimyeyeperformc-a.akamaihd.net	5 KB
1	infostatsvc.com jsl.infostatsvc.com	163 B
1	githubusercontent.com raw.githubusercontent.com	3 KB
1	rawgit.com 1 redirects cdn.rawgit.com	321 B
1	omantel.net.om mail.omantel.net.om	175 B
16	7

	Domain	Requested by
8	mail.gangshitape.com	ddeww.000webhostapp.com
3	ddeww.000webhostapp.com	ddeww.000webhostapp.com
2	apimyeyeperformc-a.akamaihd.net	ddeww.000webhostapp.com apimyeyeperformc-a.akamaihd.net
1	jsl.infostatsvc.com	ddeww.000webhostapp.com
1	raw.githubusercontent.com	ddeww.000webhostapp.com
1	cdn.rawgit.com	1 redirects
1	mail.omantel.net.om	ddeww.000webhostapp.com
16	7

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
www.000webhost.com

Subject Issuer	Validity	Valid
a248.e.akamai.net DigiCert ECC Secure Server CA	`2018-01-23` - `2019-01-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://ddeww.000webhostapp.com/verify.php?email=
Frame ID: 897193676EA495EAAAB5039FC7D591A3
Requests: 15 HTTP requests in this frame

Frame: https://apimyeyeperformc-a.akamaihd.net/gscf?n=&t=WebMail&r=&g=86623850-6a66-41be-a002-959a859daef3&is=dgbp2se&bp=PB3&l=1&wx=0&wy=0&ww=1600&wh=1200
Frame ID: A3A1BC0A00D2A8D6901794DEE0D96172
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Outlook Web App (Web Mail) Expand

Overall confidence: 100%
Detected patterns

html /<link\s[^>]*href="[^"]*?([\d.]+)\/themes\/resources\/owafont\.css/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

html /<link\s[^>]*href="[^"]*?([\d.]+)\/themes\/resources\/owafont\.css/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link\s[^>]*href="[^"]*?([\d.]+)\/themes\/resources\/owafont\.css/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

html /<link\s[^>]*href="[^"]*?([\d.]+)\/themes\/resources\/owafont\.css/i

Page Statistics

16
Requests

6 %
HTTPS

14 %
IPv6

7
Domains

7
Subdomains

6
IPs

5
Countries

47 kB
Transfer

60 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://go.microsoft.com/fwlink/?LinkId=65796
Title: security risks

Search URL Search Domain Scan URL

URL: https://www.000webhost.com/?utm_source=000webhostapp&utm_campaign=000_logo&utm_medium=website_ddeww&utm_content=footer_img

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://cdn.rawgit.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png HTTP 301
https://raw.githubusercontent.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request verify.php Show response
ddeww.000webhostapp.com/ 11 KB
4 KB 232ms
117ms Document
text/html 2a02:4780:dead:6063::1
AWEX

General

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

ddeww.000webhostapp.com Open in urlscan Pro 2a02:4780:dead:6063::1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

6 %HTTPS

14 %IPv6

7 Domains

7 Subdomains

6 IPs

5 Countries

47 kBTransfer

60 kBSize

0 Cookies

2 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ddeww.000webhostapp.com Open in urlscan Pro
2a02:4780:dead:6063::1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

6 %
HTTPS

14 %
IPv6

7
Domains

7
Subdomains

6
IPs

5
Countries

47 kB
Transfer

60 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!