![](/screenshots/51cd6695-965a-4da2-abf2-99d68efb5e2e.png)
sh007.whb.tempwebhost.net
Open in
urlscan Pro
162.241.123.36
Malicious Activity!
Public Scan
Submission: On October 31 via api from QA
Summary
This is the only time sh007.whb.tempwebhost.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 162.241.123.36 162.241.123.36 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
13 | 2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
2 3 | 2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
16 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: sh007.webhostbox.net
sh007.whb.tempwebhost.net |
ASN32934 (FACEBOOK, US)
facebook.com | |
fbcdn.net | |
fbsbx.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
fbcdn.net
1 redirects
static.xx.fbcdn.net fbcdn.net |
281 KB |
2 |
tempwebhost.net
sh007.whb.tempwebhost.net |
44 KB |
1 |
fbsbx.com
fbsbx.com |
658 B |
1 |
facebook.com
1 redirects
facebook.com |
298 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
13 | static.xx.fbcdn.net |
sh007.whb.tempwebhost.net
static.xx.fbcdn.net |
2 | sh007.whb.tempwebhost.net |
static.xx.fbcdn.net
|
1 | fbsbx.com |
sh007.whb.tempwebhost.net
|
1 | fbcdn.net | 1 redirects |
1 | facebook.com | 1 redirects |
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-09-11 - 2020-12-10 |
3 months | crt.sh |
fbcdn.net DigiCert SHA2 High Assurance Server CA |
2020-10-16 - 2021-01-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Frame ID: A0996B453F23F61F3E78F3C454E42C06
Requests: 16 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://facebook.com/security/hsts-pixel.gif?c=3.2 HTTP 302
- https://fbcdn.net/security/hsts-pixel.gif?c=2 HTTP 302
- https://fbsbx.com/security/hsts-pixel.gif
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
![]() sh007.whb.tempwebhost.net/~homel8at/view/ |
134 KB 39 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TmNKD1caKjm.css
static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/ |
46 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
svHzs4-SEnh.css
static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/ |
55 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfKw_RyvWm2.js
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ |
221 KB 58 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
fbsbx.com/security/ Redirect Chain
|
43 B 658 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YHuLKkjYxgm.js
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ |
48 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TTwu1Kx_qzr.js
static.xx.fbcdn.net/rsrc.php/v3iK-b4/yM/l/en_US/ |
281 KB 75 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Qzwq-VNJszw.js
static.xx.fbcdn.net/rsrc.php/v3/yd/r/ |
38 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JXX0lZWEWdA.png
static.xx.fbcdn.net/rsrc.php/v3/yW/r/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UWmjUraXSzF.js
static.xx.fbcdn.net/rsrc.php/v3iLQG4/yA/l/en_US/ |
52 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s8VuHjExNEd.js
static.xx.fbcdn.net/rsrc.php/v3ih-D4/yU/l/en_US/ |
226 KB 48 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gqq9aARH09X.js
static.xx.fbcdn.net/rsrc.php/v3/yY/r/ |
36 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BwjU4B_qfpp.js
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ |
10 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7oVtGLsr9D2.js
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
bz
sh007.whb.tempwebhost.net/a/ |
12 KB 5 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| trustedTypes function| envFlush object| Env number| __DEV__ function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer function| getErrorSafe object| ErrorGuard object| ErrorUtils function| CavalryLogger function| __updateOrientation object| TimeSlice function| now_inl object| bigPipe object| MAjaxify function| validateLData object| form string| _script_path function| __fbNativeSetTimeout function| __fbNativeClearTimeout function| __fbNativeSetInterval function| __fbNativeClearInterval function| __fbNativeRequestAnimationFrame function| __fbNativeCancelAnimationFrame1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sh007.whb.tempwebhost.net/ | Name: PHPSESSID Value: 88281ff131912a63b673bb8044d42837 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
facebook.com
fbcdn.net
fbsbx.com
sh007.whb.tempwebhost.net
static.xx.fbcdn.net
162.241.123.36
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
08f5ae16488be6e631fe1dfeb537630a1ac7430bde58e8c76b681909c17dd581
17a5f0166d4daacea1e94680580a78e51a0fe14919ca734b6ebdeb78e3782d86
46e7d7455f292ed282cfd1c545b3cac97182e5e7ce0c563ffd9ecd1635acf48a
4bb91e445422127f2e4554531d57fcbcee7e0ba00aaf0685b967e1a4c04ab6c4
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
88c4b9ca959bf7f2cdeccbd73ac865487e39a4408fbaa1bf2b1221ffc468da94
8a594bdff1fd1aec2acb3e954bd807db0335ddd294abf5067bbe9caf02a87e3a
94e4fc7b74eeea44f445a0465836562f9b995bc9954c3fb181d4b51893385ef5
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
b1a518e197578214e3860de02601226de7ad975ed723aa8e6684e1526c69b795
b68cb7d2b278dc712e57c1759b049b62c323ad00799025bfcfbe3eb8dd98fcd1
b80cdbe239bdd4771e70a6cf8bfd9bfa81a7669d0ab434be6dacbecc96f4f13a
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
c77d73e417ebd052b33d57369ed8d6c27ff4e33eb4bcce617863ba49abc2f9f6
ef482886147363017f20bd28e48adf7eb580f87e6962fd115160b5ba53949294
f87d39a87070cd81467436415157144eeadc4d3b9bfd8490dfa43e33de712395