![](/screenshots/093e96cf-2f9a-49f0-a24a-febc695709b0.png)
fb-cs-support.biz.id
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submission: On August 25 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on August 22nd 2023. Valid for: 3 months.
This is the only time fb-cs-support.biz.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:303... 2606:4700:3031::ac43:8946 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:803::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
6 | 2606:4700::68... 2606:4700::6810:5714 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 334 |
8 KB |
3 |
rgrgfsdsdsfdfgvb.my.id
rgrgfsdsdsfdfgvb.my.id |
28 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2782 |
40 KB |
2 |
fb-cs-support.biz.id
fb-cs-support.biz.id |
6 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 736 |
24 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 366 |
92 KB |
15 | 6 |
Domain | Requested by | |
---|---|---|
6 | cdn.jsdelivr.net |
rgrgfsdsdsfdfgvb.my.id
fb-cs-support.biz.id |
3 | rgrgfsdsdsfdfgvb.my.id |
fb-cs-support.biz.id
rgrgfsdsdsfdfgvb.my.id |
2 | stackpath.bootstrapcdn.com |
rgrgfsdsdsfdfgvb.my.id
|
2 | fb-cs-support.biz.id |
fb-cs-support.biz.id
|
1 | code.jquery.com |
rgrgfsdsdsfdfgvb.my.id
|
1 | ajax.googleapis.com |
fb-cs-support.biz.id
|
15 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fb-cs-support.biz.id GTS CA 1P5 |
2023-08-22 - 2023-11-20 |
3 months | crt.sh |
rgrgfsdsdsfdfgvb.my.id E1 |
2023-08-13 - 2023-11-11 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-08-07 - 2023-10-30 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://fb-cs-support.biz.id/
Frame ID: 0CE6F2875AA70B777FA45A4728527B4D
Requests: 8 HTTP requests in this frame
Frame:
https://rgrgfsdsdsfdfgvb.my.id/
Frame ID: 42D25EDF8B4CA8E6A11C1FDD708E132A
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/093e96cf-2f9a-49f0-a24a-febc695709b0.png)
Page Title
Meta Support CenterDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
fb-cs-support.biz.id/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
fb-cs-support.biz.id/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
rgrgfsdsdsfdfgvb.my.id/ Frame 42D2 |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ |
91 KB 92 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ Frame 42D2 |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styel.css
rgrgfsdsdsfdfgvb.my.id/css/ Frame 42D2 |
855 B 671 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Meta-Logo-Facebook-The-Apple-Post.jpeg
rgrgfsdsdsfdfgvb.my.id/img/ Frame 42D2 |
25 KB 25 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.slim.min.js
code.jquery.com/ Frame 42D2 |
71 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/ Frame 42D2 |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ Frame 42D2 |
59 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jScript-first1.js
cdn.jsdelivr.net/gh/swat-cloud-github/web-headers@main/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jScript-second.js
cdn.jsdelivr.net/gh/swat-cloud-github/web-headers@main/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jScript-third.js
cdn.jsdelivr.net/gh/swat-cloud-github/web-headers@main/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jScript-fifth.js
cdn.jsdelivr.net/gh/swat-cloud-github/web-headers@main/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jScript-sixth.js
cdn.jsdelivr.net/gh/swat-cloud-github/web-headers@main/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture object| __cfQR function| $ function| jQuery function| calcHeight object| jQuery110207107009878763737 boolean| __cfRLUnblockHandlers0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.jsdelivr.net
code.jquery.com
fb-cs-support.biz.id
rgrgfsdsdsfdfgvb.my.id
stackpath.bootstrapcdn.com
2001:4de0:ac18::1:a:3b
2606:4700:3031::ac43:8946
2606:4700::6810:5714
2606:4700::6812:acf
2a00:1450:4001:803::200a
2a06:98c1:3121::3
0c4007f08084fd9075d30dac082a481e260e864535d51a94731a23d9531ea06f
19385cf17bbefbf0d6b5fcde99e2782b9043a673a959ef761a9c3cc4c9a2d5cd
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
732ffda6228446083382e0961e33fa334aee54a4e7dfa312e3986c5f50d897c0
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
f24a6862c74655b0815de9c2b70cef02f18637a2875edf6836fd16bc372b9c8b
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f