urlscan.io logo urlscan.io
SecurityTrails logo

sh007.whb.tempwebhost.net Open in urlscan Pro
162.241.123.36  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Submission: On October 31 via api from QA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 162.241.123.36, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is sh007.whb.tempwebhost.net.
This is the only time sh007.whb.tempwebhost.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 162.241.123.36 46606 (UNIFIEDLA...)
13 2a03:2880:f02... 32934 (FACEBOOK)
2 3 2a03:2880:f12... 32934 (FACEBOOK)
16 3
Apex Domain
Subdomains		 Transfer
14 fbcdn.net
static.xx.fbcdn.net
fbcdn.net
281 KB
2 tempwebhost.net
sh007.whb.tempwebhost.net
44 KB
1 fbsbx.com
fbsbx.com
658 B
1 facebook.com
facebook.com
298 B
16 4
Domain Requested by
13 static.xx.fbcdn.net sh007.whb.tempwebhost.net
static.xx.fbcdn.net
2 sh007.whb.tempwebhost.net static.xx.fbcdn.net
1 fbsbx.com sh007.whb.tempwebhost.net
1 fbcdn.net 1 redirects
1 facebook.com 1 redirects
16 5

This site contains no links.

Subject Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-09-11 -
2020-12-10		 3 months crt.sh
fbcdn.net
DigiCert SHA2 High Assurance Server CA		 2020-10-16 -
2021-01-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Frame ID: A0996B453F23F61F3E78F3C454E42C06
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

88 %
HTTPS

67 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

326 kB
Transfer

1188 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://facebook.com/security/hsts-pixel.gif?c=3.2 HTTP 302
  • https://fbcdn.net/security/hsts-pixel.gif?c=2 HTTP 302
  • https://fbsbx.com/security/hsts-pixel.gif

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
sh007.whb.tempwebhost.net/~homel8at/view/ 		134 KB
39 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
HTTP/1.1
Server
162.241.123.36 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
sh007.webhostbox.net
Software
Apache /
Resource Hash
4bb91e445422127f2e4554531d57fcbcee7e0ba00aaf0685b967e1a4c04ab6c4

Request headers

Host
sh007.whb.tempwebhost.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 03:07:04 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=88281ff131912a63b673bb8044d42837; path=/
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Vary
Accept-Encoding
Content-Encoding
gzip
Keep-Alive
timeout=5, max=75
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
TmNKD1caKjm.css
static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/ 		46 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/TmNKD1caKjm.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f87d39a87070cd81467436415157144eeadc4d3b9bfd8490dfa43e33de712395
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
w/x/vJVUoCbbCbY7sfZzKw==
status
200
cross-origin-resource-policy
cross-origin
content-length
11317
x-fb-debug
6JkkdLDnYx2BfRiBKYSnw8bg3UnLaRe5ioh2tDYnd9T7cZf4L71QEWP6ftmRU8g4eYk8tt/f5Vzq9LcH37KH8g==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 28 Oct 2021 20:04:35 GMT
svHzs4-SEnh.css
static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/ 		55 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/svHzs4-SEnh.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b1a518e197578214e3860de02601226de7ad975ed723aa8e6684e1526c69b795
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
Iw4cCfjO/y8ieu1aV3iWgQ==
status
200
cross-origin-resource-policy
cross-origin
content-length
11984
x-fb-debug
ufPV7gi8gUHhMES5/ukGUKb7PjWsLA3eo5+sg9C4lWaSq/NRizLMJXVivPT7Wod7jkye16B8GmAIXildzCWGYg==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sat, 30 Oct 2021 16:55:20 GMT
wfKw_RyvWm2.js
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ 		221 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
08f5ae16488be6e631fe1dfeb537630a1ac7430bde58e8c76b681909c17dd581
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
Jb3bTt9/zL2rFYfq7+1Gmw==
status
200
cross-origin-resource-policy
cross-origin
content-length
58883
x-fb-debug
S0QpGEcZox7GRhW64tyAWN+HuqBlPe4Qp1gHjr/Mq+qv7KOZ3kQs/2d3aUVOx+m/fJ17s+7bUTnHLtekMntcAA==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 29 Oct 2021 20:46:39 GMT
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Security Headers
Name Value
Content-Security-Policy default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c;
content-encoding
br
x-content-type-options
nosniff
content-md5
NiMA5zHIsmaYxSYEaw9fHg==
status
200
cross-origin-resource-policy
cross-origin
content-length
1027
x-xss-protection
0
x-fb-debug
lzzHTZrtz5Ja1B5ZwMdIvtV2AmdXEvIRkj5zT8IeIScma+TRzjsACjZEdypZFYIvlDa5fqDpHDut94dGaICWJw==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Sat, 31 Oct 2020 03:07:05 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 28 Oct 2021 18:22:33 GMT
hsts-pixel.gif
fbsbx.com/security/
Redirect Chain
  • https://facebook.com/security/hsts-pixel.gif?c=3.2
  • https://fbcdn.net/security/hsts-pixel.gif?c=2
  • https://fbsbx.com/security/hsts-pixel.gif
43 B
658 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fbsbx.com/security/hsts-pixel.gif
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src fbsbx.com *.fbsbx.com fbcdn.net *.fbcdn.net data: blob:;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbsbx.com *.fbsbx.com fbcdn.net *.fbcdn.net;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
6vQiJqDHO4OAX5DRcHK1qlKYwMDpAOUaJNSUmAlJF2V7cdtgnZ0dAOWGNIb4xVRgZNYXuDHEor6oJWoBFm7EDw==
date
Sat, 31 Oct 2020 03:07:05 GMT
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
default-src fbsbx.com *.fbsbx.com fbcdn.net *.fbcdn.net data: blob:;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbsbx.com *.fbsbx.com fbcdn.net *.fbcdn.net;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;report-uri https://www.facebook.com/csp/reporting/?m=c;
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

x-fb-debug
Og/I1LjGZV10ohVfSEFeTjT7o8ESi8mzVNFrC08NFhSNQDBCxUAjgpHQt/S2w69YMDkUBkqZWVtYqzM3wEdmGw==
status
302
date
Sat, 31 Oct 2020 03:07:05 GMT
location
https://fbsbx.com/security/hsts-pixel.gif
content-type
text/html; charset="utf-8"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; preload; includeSubDomains
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
YHuLKkjYxgm.js
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/YHuLKkjYxgm.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b68cb7d2b278dc712e57c1759b049b62c323ad00799025bfcfbe3eb8dd98fcd1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
kNwL2r6dYeEwSRSvrM85nQ==
status
200
cross-origin-resource-policy
cross-origin
content-length
14872
x-fb-debug
XdnlT4V7oou310knpMgxgMM4ACYfBcj8FziBqkUlAx5K77PYq78IPgpvZxSsjnClo4SEl3gGDaI0lliY1/nkJQ==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sat, 30 Oct 2021 13:54:54 GMT
TTwu1Kx_qzr.js
static.xx.fbcdn.net/rsrc.php/v3iK-b4/yM/l/en_US/ 		281 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iK-b4/yM/l/en_US/TTwu1Kx_qzr.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8a594bdff1fd1aec2acb3e954bd807db0335ddd294abf5067bbe9caf02a87e3a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
k7ra54oBS9m+Drj4judBHw==
status
200
cross-origin-resource-policy
cross-origin
content-length
76613
x-fb-debug
bmLDPugYUBTmwl90B4Lz9ZhDiu+nm+RC2hqUspgQ0WeJaxoeJ1TZQP0EojhMJobxBX+mD6SHres6+hLFWFz9jQ==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 29 Oct 2021 16:46:08 GMT
Qzwq-VNJszw.js
static.xx.fbcdn.net/rsrc.php/v3/yd/r/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/Qzwq-VNJszw.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: sh007.whb.tempwebhost.net
URL: http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c77d73e417ebd052b33d57369ed8d6c27ff4e33eb4bcce617863ba49abc2f9f6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
WNvNMd4lecLdOGyEX/xzPQ==
status
200
cross-origin-resource-policy
cross-origin
content-length
11675
x-fb-debug
LwuohsDLH4tBG3iFVENtiUHy4j5W2OKCqSkogLf+KItKMYzbwuE2mYnVh02XoBM7Pbi5u8Mt0CUFBSFMQTIPJw==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 28 Oct 2021 19:11:56 GMT
JXX0lZWEWdA.png
static.xx.fbcdn.net/rsrc.php/v3/yW/r/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/JXX0lZWEWdA.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/TmNKD1caKjm.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
94e4fc7b74eeea44f445a0465836562f9b995bc9954c3fb181d4b51893385ef5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/TmNKD1caKjm.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug
Pc8sWMQqYT67bzTo70Z1PgVHEUr57+H1SGuIcK8/eBFiRjBn2CgH3kTdEK7sNGCPS3bFgV5wNFLyNvXYXyJwNA==
x-fb-trip-id
780166575
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
8eyReU0npt2gLrSCGuq7+w==
date
Sat, 31 Oct 2020 03:07:05 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
18439
expires
Sun, 24 Oct 2021 19:07:42 GMT
UWmjUraXSzF.js
static.xx.fbcdn.net/rsrc.php/v3iLQG4/yA/l/en_US/ 		52 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iLQG4/yA/l/en_US/UWmjUraXSzF.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
88c4b9ca959bf7f2cdeccbd73ac865487e39a4408fbaa1bf2b1221ffc468da94
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
w+E+ZlAPQB8qXRhPQHhJhA==
status
200
cross-origin-resource-policy
cross-origin
content-length
14815
x-fb-debug
pr+gcQsb+B6PL9xLuZAjkTbMcgYbLhcp2+RDcCt8v+900iNgtUoAQpUVOcn8DM5QuML3DQSusEFIbFQc7P5oKQ==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 29 Oct 2021 16:46:08 GMT
s8VuHjExNEd.js
static.xx.fbcdn.net/rsrc.php/v3ih-D4/yU/l/en_US/ 		226 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3ih-D4/yU/l/en_US/s8VuHjExNEd.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ef482886147363017f20bd28e48adf7eb580f87e6962fd115160b5ba53949294
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
qrIeFoIBimlq6Q2gnLIAkw==
status
200
cross-origin-resource-policy
cross-origin
content-length
49135
x-fb-debug
SQg3lTjN92tmm2BKRcWro1FjaXc3ZCY4Z9KCsDPuS9ReOEcKZ0SAaXJStvErn9ip4GWj0ZAseeEQwsCNU2/pGQ==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 29 Oct 2021 21:00:07 GMT
gqq9aARH09X.js
static.xx.fbcdn.net/rsrc.php/v3/yY/r/ 		36 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/gqq9aARH09X.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b80cdbe239bdd4771e70a6cf8bfd9bfa81a7669d0ab434be6dacbecc96f4f13a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
/SvfSazhevkTYCJlLh5JOg==
status
200
cross-origin-resource-policy
cross-origin
content-length
10617
x-fb-debug
XtImYy4D8kXrjLdP6M9XMiXVeTpPsK0NCq3jQT1BZ3e8XfQGFj1ALzbhFDAjjLyxD0Mu48B7tPv4+V2so60MXw==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 28 Oct 2021 17:20:37 GMT
BwjU4B_qfpp.js
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/BwjU4B_qfpp.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
17a5f0166d4daacea1e94680580a78e51a0fe14919ca734b6ebdeb78e3782d86
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
dUd638DekzAj7gxzmFJgHg==
status
200
cross-origin-resource-policy
cross-origin
content-length
2569
x-fb-debug
k8GC9c2NafDGsrhjmMqc4411EGZiUfV/9MbYjwGY4G+laK3OLPlzizVazzv98o5j8qqY0gHWbxbkxsiGR7K8Gg==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 29 Oct 2021 17:37:48 GMT
7oVtGLsr9D2.js
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/7oVtGLsr9D2.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
46e7d7455f292ed282cfd1c545b3cac97182e5e7ce0c563ffd9ecd1635acf48a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://sh007.whb.tempwebhost.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:07:05 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
7h0gldsC0tltsdvifbkxPA==
status
200
cross-origin-resource-policy
cross-origin
content-length
2298
x-fb-debug
Fs8VdgEPyHBjylLlTYYnlfBoyCET3dg7rC9HMwM+kNBAMN1j8CltNOvpEkjTcCdT7pKsen7teRvMWxSOPd3vTw==
x-fb-trip-id
780166575
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sat, 30 Oct 2021 19:27:39 GMT
bz
sh007.whb.tempwebhost.net/a/ 		12 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://sh007.whb.tempwebhost.net/a/bz?m_sess=&fb_dtsg=AQHFRYur7Xs5%3AAQGUTYQ25-LO&jazoest=21918&lsd=AVqyBIw-ov4&__dyn=1Z3paBwk8aU4ifGh0BBBg9odE4a2i5U4e0C86u7E39x64o7S0PEhwem0iy1gCwjE2Nwde0MUcE0zSUS0se229w4NwqU3rw9O1Aw4vw8W0hC&__csr=&__req=1&__a=AYlIkNRF_6dVpazSFIdUx1n_SKtu-nXSUTXX9pBz3aQbV_8P5WogGXCHiQbeO3aKpyo0cKKWAHas0L16hsRKby8e0Jn_scpo6bgAEiJJcM2bxQ&__user=0
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iK-b4/yM/l/en_US/TTwu1Kx_qzr.js?_nc_x=Ij3Wp8lg5Kz
Protocol
HTTP/1.1
Server
162.241.123.36 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
sh007.webhostbox.net
Software
Apache /
Resource Hash
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482

Request headers

Referer
http://sh007.whb.tempwebhost.net/~homel8at/view/?listing=LmQ5ZTJ1LmZvY3VzZWQ3NTZpbnMuZDllMnUu
X-Requested-With
XMLHttpRequest
X_FB_BACKGROUND_STATE
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
X-Response-Format
JSONStream
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarybFBi1zBSbPLfggMD

Response headers

Date
Sat, 31 Oct 2020 03:07:05 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Sep 2020 08:05:05 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=74
Content-Length
4677

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| trustedTypes function| envFlush object| Env number| __DEV__ function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer function| getErrorSafe object| ErrorGuard object| ErrorUtils function| CavalryLogger function| __updateOrientation object| TimeSlice function| now_inl object| bigPipe object| MAjaxify function| validateLData object| form string| _script_path function| __fbNativeSetTimeout function| __fbNativeClearTimeout function| __fbNativeSetInterval function| __fbNativeClearInterval function| __fbNativeRequestAnimationFrame function| __fbNativeCancelAnimationFrame

1 Cookies

Domain/Path Name / Value
sh007.whb.tempwebhost.net/ Name: PHPSESSID
Value: 88281ff131912a63b673bb8044d42837

2 Console Messages

Source Level URL
Text
console-api error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz(Line 59)
Message:
ErrorUtils caught an error: find(<node>, "form", "m_login_form"): matched no nodes. TAAL[1] Subsequent non-fatal errors won't be logged; see https://fburl.com/debugjs.
console-api error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/wfKw_RyvWm2.js?_nc_x=Ij3Wp8lg5Kz(Line 59)
Message:
ErrorUtils caught an error: Cannot set property 'isHandled' of null Subsequent non-fatal errors won't be logged; see https://fburl.com/debugjs.