urlscan.io logo urlscan.io
SecurityTrails logo

facebooknotify.herokuapp.com Open in urlscan Pro
52.73.83.132  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://facebooknotify.herokuapp.com/
Submission: On June 03 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 52.73.83.132, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is facebooknotify.herokuapp.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 19th 2017. Valid for: 3 years.
This is the only time facebooknotify.herokuapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
3 52.73.83.132 14618 (AMAZON-AES)
15 2a03:2880:f04... 32934 (FACEBOOK)
1 2a03:2880:f14... 32934 (FACEBOOK)
19 4
Apex Domain
Subdomains		 Transfer
15 fbcdn.net
static.xx.fbcdn.net
656 KB
3 herokuapp.com
facebooknotify.herokuapp.com
56 KB
1 facebook.com
facebook.com
940 B
19 3
Domain Requested by
15 static.xx.fbcdn.net facebooknotify.herokuapp.com
3 facebooknotify.herokuapp.com facebooknotify.herokuapp.com
1 facebook.com facebooknotify.herokuapp.com
19 3
Subject Issuer Validity Valid
*.herokuapp.com
DigiCert SHA2 High Assurance Server CA		 2017-04-19 -
2020-06-22		 3 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-05-14 -
2020-08-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://facebooknotify.herokuapp.com/
Frame ID: E42CE4B8AFA7E0BEE78EF483DF61C8AB
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i

Page Statistics

19
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

742 kB
Transfer

3114 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
facebooknotify.herokuapp.com/ 		37 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://facebooknotify.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.83.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-83-132.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
bd24e0c2756048f1ac46de62bdf929f2804a3cd7d737dd06005d4d8181278233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
facebooknotify.herokuapp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
Cowboy
Date
Wed, 03 Jun 2020 12:38:13 GMT
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
strict-origin-when-cross-origin
Content-Type
text/html; charset=utf-8
Etag
W/"bd24e0c2756048f1ac46de62bdf929f2"
Cache-Control
max-age=0, private, must-revalidate
Set-Cookie
_napster_session=Zye0bpgGDUv4RA75YNPN5uuIMmZxBNhXprGzGdv6LRr%2FCc3fyz%2FyjCFSjKgpWC0d9XI7aI%2FSWwkKoWMbhVaDpaoZn%2Buhrx%2FSp9NAnOO71Gp5R%2FVrKQUPnmpCObZy%2BbFvw3YjGZxX8ZEYfpxytv4EMoEIt0KC%2FgLITGUQUTQP8BvBRubENmnwPN5wjt7Q%2BoxQJYIK874hKo1k0%2BepmFPhWa1CsFJyXDHXw%2Fe6ppjxLSiJXZXINMI4guTPsFLrDBji5UYashdLVlyRoYkpV86ATApNjV%2Fvx8bG--O0nZcIXw4kNEfTsz--0PCADZ2tZud2G%2BGmvtEh2w%3D%3D; path=/; HttpOnly
X-Request-Id
277c2784-db4c-4ae4-86a1-6978cfcdc21a
X-Runtime
0.003797
Transfer-Encoding
chunked
Via
1.1 vegur
application-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.css
facebooknotify.herokuapp.com/assets/ 		0
269 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://facebooknotify.herokuapp.com/assets/application-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.css
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.83.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-83-132.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://facebooknotify.herokuapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Jun 2020 12:38:14 GMT
Content-Encoding
gzip
Last-Modified
Sun, 31 May 2020 19:36:07 GMT
Server
Cowboy
Vary
Accept-Encoding
Content-Type
text/css
Via
1.1 vegur
Connection
keep-alive
Content-Length
20
application-91fc280778cf9d1f7b8e.js
facebooknotify.herokuapp.com/packs/js/ 		69 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://facebooknotify.herokuapp.com/packs/js/application-91fc280778cf9d1f7b8e.js
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.83.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-83-132.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
d06acdd7b6475edb8a50a543aae6dd439bb62e731215a5a7d04b16cf2067ecc2

Request headers

Referer
https://facebooknotify.herokuapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 03 Jun 2020 12:38:14 GMT
Content-Encoding
gzip
Last-Modified
Sun, 31 May 2020 21:36:24 GMT
Server
Cowboy
Vary
Accept-Encoding
Content-Type
application/javascript
Via
1.1 vegur
Connection
keep-alive
Content-Length
18154
5RCCBPr-XuU.css
static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/ 		68 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/5RCCBPr-XuU.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ee33568a649fe7dcbdd4b7f7df09153f7698f1383cb3cb96dcca75010f7c149c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
aJ6DkrB7U/SLaw7h2KhTqg==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
13264
x-fb-debug
armfzgf6mZW5IfAxq4RQY3sTF5p4LKQ7dg4aOxE1ZbI69Pj702hrqfiLOellOA9lp7zuwOAs2f8kUK3O2IrhGQ==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 31 May 2021 16:53:04 GMT
XFfGk7QuCqv.css
static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/XFfGk7QuCqv.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9a29f91c2d92227dbea5f55134543fbdcc4d4a998484f48be909927e2d0157a1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
8Za/nezgr7Vi6INUukiMQw==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
3664
x-fb-debug
rYFzvTF7ckbaK8OGU+CcoVEnCIlLVEtfMOs64qsCODp4pFw7kehPmnfHMoFZ3Jxpr2BYMf8L4HSRcoGtC1PgRg==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 03 Jun 2021 11:47:13 GMT
bFBGLBww3et.css
static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/ 		312 KB
77 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/bFBGLBww3et.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0c33419a91cade5912dbfff73632def9618cf8c7f4f3fcf6173619a03f705fe7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
oYScoRiIsWWedN2FwgOufw==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
78173
x-fb-debug
UAuAsKZAUO6uD035hGeVFwIAecISA4suvZwGLGMCOOHSIQSDuwm42aa0MCj7Q4wwU9oSWSMQs3a8OVFwhwY8eQ==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Tue, 01 Jun 2021 15:59:24 GMT
lO3ZOdjjTF3.css
static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/ 		224 KB
58 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/lO3ZOdjjTF3.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
10997f7772bd42c70ff83439d0554b208f0b60615d3450db863083f22463d67b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
+EiLqaELtHGS4eAFZkWsvg==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
59655
x-fb-debug
wV1nTf27x/2JN06M943ieNg18xaXzOL4hnW1/aDTzbEONjId08BD3mJ+pll3acRdK15YU4VS5nitbWVS1+Rtpw==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Tue, 01 Jun 2021 12:33:38 GMT
WUk7VB5DvIG.css
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/WUk7VB5DvIG.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b3f5f12f8744c101889c9f5ce27f0c4edab9f5596bb0d9db387f0199aba4fb0a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
wGQmhaVMJnq1VA2VnbWy1g==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
3387
x-fb-debug
JqeAEi94zMqkAzOLRI4CBocAgupqLzsGsSP5//GRegLq5PEVTFikOzaBwfY+uKhEXZvmPGtU4U8oA98FwLUsOQ==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 03 Jun 2021 11:47:13 GMT
lZ86cv9aR90.css
static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/ 		40 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/lZ86cv9aR90.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c63295b9a226783c80c36bf2a99a04ec4bf0a7c996df04fad43bb198c6aa193b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
EkeRkgPfosTrA5z72ud0Sw==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
26000
x-fb-debug
6XMB7g550YvZwfxz0V4F9dOllz9P8dAHAMolG2+5bS6NiZGVb1c9tfmKHpmQWIYF81pV5cIVAOspO7PXycH8oA==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 02 Jun 2021 19:29:39 GMT
GsNJNwuI-UM.gif
static.xx.fbcdn.net/rsrc.php/v3/yb/r/ 		522 B
765 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/GsNJNwuI-UM.gif
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://facebooknotify.herokuapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
30reFTV1afONVE72ZfzKZ/1VKFYHnDWr5vu8C1xMwC2gdNA6S3joQ/9k0WwlDgV0ZzupyALujQWkhl6zxo25Pg==
x-fb-trip-id
664085054
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
cH2zTAVPHVXw/aQfDhS/Bg==
date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=3600
content-length
522
expires
Sat, 29 May 2021 07:53:30 GMT
hsts-pixel.gif
facebook.com/security/ 		43 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://facebook.com/security/hsts-pixel.gif
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f146:82:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://facebooknotify.herokuapp.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
uXpdrXj9simfgRK8O++0dzikvww9JUa4OZ7IMOG+w8qJ5Y5Uo2HBU7dEtN9neZvzNTaudtcPvTLLTJ4oGL39Vg==
x-frame-options
DENY
date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
vary
Origin, Accept-Encoding
access-control-allow-methods
OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
expires
Sat, 01 Jan 2000 00:00:00 GMT
65GdIG6Jgwp.js
static.xx.fbcdn.net/rsrc.php/v3i7M54/yt/l/en_US/ 		64 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yt/l/en_US/65GdIG6Jgwp.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f4f172b324b9c42919b52d56295013538e3d5ff1fa6a15d371168e91c1276ba3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
S/ZExE5qUHf9E+NMnxUjaQ==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
17276
x-fb-debug
nNYCfcHyJg/7wevWLY5mkmvFk7f29LiAiFEDkWfTCZ47h/1fihp0/ZlgGoZNv1dbPhpZZ2ZF6J+QOUrizaoymw==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 03 Jun 2021 10:30:50 GMT
jIZjM6AtU_c.js
static.xx.fbcdn.net/rsrc.php/v3iiTD4/yg/l/en_US/ 		2 MB
422 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iiTD4/yg/l/en_US/jIZjM6AtU_c.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3d3aa758acc2220838eac617c0aaf3d4b5c044a2c97a69ff894c66ed4ffcc483
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:14 GMT, Wed, 03 Jun 2020 12:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
oc0zJfkzPZIuqGjTb/jIPA==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
431383
x-fb-debug
G2z4wQa73kGKKTUI24HX3a3QgUS71cIevRbZPhQl5IwBgG9+MQOTwbMdJIlxENHc3fd3cdiR4h161VoZ0A1+xw==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 31 May 2021 22:29:18 GMT
01c6tvSm0ot.js
static.xx.fbcdn.net/rsrc.php/v3/yA/r/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yA/r/01c6tvSm0ot.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b9763e9be148b0824d550ea1310b41769398abc407a3532ebec8cf0c11312c5c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://facebooknotify.herokuapp.com/
Origin
https://facebooknotify.herokuapp.com

Response headers

date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
SbhiF/AXzG3kilLTFJSd9A==
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
13458
x-fb-debug
YyvhI9aCsHA6pOdBpBLliwrpMSvwxXywrfcglda8wUcAhmcC33I0W+zwECrLcysY10dqiQEdlaOMbZ6xXr7NcA==
x-fb-trip-id
664085054
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 31 May 2021 16:53:05 GMT
oMHMinUn6wx.png
static.xx.fbcdn.net/rsrc.php/v3/y3/r/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/oMHMinUn6wx.png
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
122b2999e1b518669d4b94dbfdcc3302dd8d72fc38048066131be887be8e763c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/bFBGLBww3et.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
F0pah+pPyrlOIMAwvlrb8RZzWooinUKpngXuj5HTYH0SNkG4AcfsX3X7IQIkGTh9k1OQp4F3JYtbk/tYW7fAZQ==
x-fb-trip-id
664085054
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
E1yCHj8Su6qXZWyq9nT1Uw==
date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=3600
content-length
5820
expires
Wed, 02 Jun 2021 00:11:29 GMT
Vb79ZNQ5DxJ.png
static.xx.fbcdn.net/rsrc.php/v3/yx/r/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/Vb79ZNQ5DxJ.png
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e108d8dc0d1081906cb116ac872156a3031395dc56b2ef4eb0829186e10104de
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/bFBGLBww3et.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
f6/rjUswg0niB2VKwER2nbuhbbnYs8QRMwh1sreJOngBKO70PPo0mVFjDYzkRGbZqe5t++jahwzNtySynWe7xw==
x-fb-trip-id
664085054
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
kISLN/FhwxWX8mGug5ZMyQ==
date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=3600
content-length
5969
expires
Sat, 29 May 2021 15:46:24 GMT
DQDvQ2X3Nby.png
static.xx.fbcdn.net/rsrc.php/v3/yN/r/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/DQDvQ2X3Nby.png
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cf9cac0fa688e2c311617d6d62a9a54adffb006f5d90f9dc22b89b2f373cd9bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/XFfGk7QuCqv.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
IbabvF7KggC59n/xAiJ+Ezc4M8e5K5H+mjpx5wS/p5eJtMDKET4aCinSjBJmXPCHF5afrkzrOPgO+oIMrzw/kw==
x-fb-trip-id
664085054
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
3YgPSugUKMV0qQkxk6BxaA==
date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=3600
content-length
2997
expires
Thu, 03 Jun 2021 11:47:13 GMT
truncated
/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a67fc4a7b9baa639b319f162a9a17f982d7e1b653aa12b08ec7a2ab74275773

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://facebooknotify.herokuapp.com

Response headers

Content-Type
font/opentype
truncated
/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2d6c37860b6e4a1610879d5b3d4a80310eaa63e533641d77e2903e48e2e5dc87

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://facebooknotify.herokuapp.com

Response headers

Content-Type
font/opentype
Zk8_83wcUCC.png
static.xx.fbcdn.net/rsrc.php/v3/yu/r/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/Zk8_83wcUCC.png
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
db453073b56dd7769ff759b6ef853017dcae864d5cd7b8fa3dc185585d0290b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/bFBGLBww3et.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
wl887HXaR3my+HmRQUbmRIdK3K03rPLTCXRR0SwxkdLuKBhfGX17ob06iAYSK+0Dc/4ESHxZne9Hxviw5LZXOQ==
x-fb-trip-id
664085054
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
wbiA6phTblEH309Y+FmLUg==
date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=3600
content-length
4872
expires
Sat, 29 May 2021 21:01:48 GMT
2USVNQFG-rZ.png
static.xx.fbcdn.net/rsrc.php/v3/yZ/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yZ/r/2USVNQFG-rZ.png
Requested by
Host: facebooknotify.herokuapp.com
URL: https://facebooknotify.herokuapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f046:f:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
01b8df8a0a516d55fd374bf04f73a34f7f2a5220ef5b1cb62a2b3f4cffa80677
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yv/l/0,cross/lO3ZOdjjTF3.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
Y9Tyz6EaQXwtgrBE3mUpzngXParPNrLOIMF3UWerGCe8bWRaVlgeF20mXkasNsKGi0eolIJGK1RKXW2rdnCJMA==
x-fb-trip-id
664085054
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
NZPiqVxeaL9QIsdPS6Wtgg==
date
Wed, 03 Jun 2020 12:38:15 GMT, Wed, 03 Jun 2020 12:38:15 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=3600
content-length
1919
expires
Sun, 30 May 2021 18:19:16 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate boolean| _rails_loaded object| Turbolinks number| __DEV__ function| CavalryLogger

1 Cookies

Domain/Path Name / Value
facebooknotify.herokuapp.com/ Name: _napster_session
Value: Zye0bpgGDUv4RA75YNPN5uuIMmZxBNhXprGzGdv6LRr%2FCc3fyz%2FyjCFSjKgpWC0d9XI7aI%2FSWwkKoWMbhVaDpaoZn%2Buhrx%2FSp9NAnOO71Gp5R%2FVrKQUPnmpCObZy%2BbFvw3YjGZxX8ZEYfpxytv4EMoEIt0KC%2FgLITGUQUTQP8BvBRubENmnwPN5wjt7Q%2BoxQJYIK874hKo1k0%2BepmFPhWa1CsFJyXDHXw%2Fe6ppjxLSiJXZXINMI4guTPsFLrDBji5UYashdLVlyRoYkpV86ATApNjV%2Fvx8bG--O0nZcIXw4kNEfTsz--0PCADZ2tZud2G%2BGmvtEh2w%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
facebooknotify.herokuapp.com
static.xx.fbcdn.net
2a03:2880:f046:f:face:b00c:0:3
2a03:2880:f146:82:face:b00c:0:25de
52.73.83.132
01b8df8a0a516d55fd374bf04f73a34f7f2a5220ef5b1cb62a2b3f4cffa80677
0c33419a91cade5912dbfff73632def9618cf8c7f4f3fcf6173619a03f705fe7
10997f7772bd42c70ff83439d0554b208f0b60615d3450db863083f22463d67b
122b2999e1b518669d4b94dbfdcc3302dd8d72fc38048066131be887be8e763c
2d6c37860b6e4a1610879d5b3d4a80310eaa63e533641d77e2903e48e2e5dc87
3d3aa758acc2220838eac617c0aaf3d4b5c044a2c97a69ff894c66ed4ffcc483
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
9a29f91c2d92227dbea5f55134543fbdcc4d4a998484f48be909927e2d0157a1
9a67fc4a7b9baa639b319f162a9a17f982d7e1b653aa12b08ec7a2ab74275773
b3f5f12f8744c101889c9f5ce27f0c4edab9f5596bb0d9db387f0199aba4fb0a
b9763e9be148b0824d550ea1310b41769398abc407a3532ebec8cf0c11312c5c
bd24e0c2756048f1ac46de62bdf929f2804a3cd7d737dd06005d4d8181278233
c63295b9a226783c80c36bf2a99a04ec4bf0a7c996df04fad43bb198c6aa193b
cf9cac0fa688e2c311617d6d62a9a54adffb006f5d90f9dc22b89b2f373cd9bd
d06acdd7b6475edb8a50a543aae6dd439bb62e731215a5a7d04b16cf2067ecc2
db453073b56dd7769ff759b6ef853017dcae864d5cd7b8fa3dc185585d0290b6
e108d8dc0d1081906cb116ac872156a3031395dc56b2ef4eb0829186e10104de
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee33568a649fe7dcbdd4b7f7df09153f7698f1383cb3cb96dcca75010f7c149c
f4f172b324b9c42919b52d56295013538e3d5ff1fa6a15d371168e91c1276ba3