leavingshouldville.com Open in urlscan Pro
139.180.146.112  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response leavingshouldville.com/	73 KB 73 KB	383ms 355ms	Document text/html	139.180.146.112 AS-CHOOPA
General Check archive.org Show headers Download Go to Full URL http://leavingshouldville.com/ Protocol HTTP/1.1 Server 139.180.146.112 Singapore, Singapore, ASN20473 (AS-CHOOPA, US), Reverse DNS 139.180.146.112.vultr.com Software Apache / Resource Hash 3a785be7bd586f15e7bda865baf3832768f472c254632e507a2020af0a52f1e9 Request headers Host leavingshouldville.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 09 Dec 2020 13:33:29 GMT Server Apache Last-Modified Wed, 09 Dec 2020 09:59:24 GMT Accept-Ranges bytes Content-Length 74658 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H2	200	HLciEXv3Q5l.css static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/	15 KB 3 KB	32ms 13ms	Stylesheet text/css	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/HLciEXv3Q5l.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: leavingshouldville.com URL: http://leavingshouldville.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash a4470fc6620a1bc7021b62e17c599d4d6f70e8bc7772f8d82586b7e8813a5f11 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin http://leavingshouldville.com Referer http://leavingshouldville.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 13:33:29 GMT content-encoding br x-content-type-options nosniff content-md5 C8Ofn76z9ha6FfzY1nUWNA== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 3310 x-fb-debug Kn69hamIsIoOabxeaGCVUDOmAOZ0tPp3rnbfmypAj3vC91o4U33RK1SobUE2uMqbq7mD3yUP2Kct83kpgcQNHg== x-fb-trip-id 664085054 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * expires Tue, 07 Dec 2021 14:36:37 GMT
GET H2	200	JjHTBb3wzyf.css static.xx.fbcdn.net/rsrc.php/v3/yD/l/0,cross/	21 KB 5 KB	25ms 6ms	Stylesheet text/css	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yD/l/0,cross/JjHTBb3wzyf.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: leavingshouldville.com URL: http://leavingshouldville.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash cae45c3f3a46268901523634b9eb870c530010cb49d6d7a3a007140119ef4136 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin http://leavingshouldville.com Referer http://leavingshouldville.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 13:33:29 GMT content-encoding br x-content-type-options nosniff content-md5 QP911ydL9785LqAH3z/s8Q== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 4601 x-fb-debug TFiRVKHMRF0OF5bTa/LMjwgWofvlNVffpyjrjS4TymV3lokgMdGhJ6ISJWkoa4CwfWq2Bvvy7x+A9XbF8+xHrA== x-fb-trip-id 664085054 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * expires Mon, 29 Nov 2021 19:42:24 GMT
GET H2	200	G6mR0NBgXXR.css static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/	74 KB 17 KB	30ms 12ms	Stylesheet text/css	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/G6mR0NBgXXR.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: leavingshouldville.com URL: http://leavingshouldville.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 7c974a248b64b0305dbe8a4135b3a881a87bc58122cc287c8663a4f0585721eb Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin http://leavingshouldville.com Referer http://leavingshouldville.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 13:33:29 GMT content-encoding br x-content-type-options nosniff content-md5 Ffi/9j4GsilWdQk1nZs1fg== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 16992 x-fb-debug B7txHfAlhiO8CqLl7q0sWPjo1WMX9GAXdHLUwHdGQNyjDBjSVuYl6FyhMV354wCA5Z+eLeqJ29PhzZuLLaK92Q== x-fb-trip-id 664085054 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * expires Tue, 07 Dec 2021 21:54:18 GMT
GET H2	200	a8fQhtE9PfM.js Show response static.xx.fbcdn.net/rsrc.php/v3/yK/r/	220 KB 58 KB	22ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/a8fQhtE9PfM.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: leavingshouldville.com URL: http://leavingshouldville.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 2524e547d253fb26a9a08095faf9c144d907fcfd9648fcb5affb6a9fb88c0558 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://leavingshouldville.com/ Origin http://leavingshouldville.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Wed, 09 Dec 2020 13:33:29 GMT content-encoding br x-content-type-options nosniff content-md5 7QXizFqWRN4jnf0It7EPFA== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 58671 x-fb-debug 5K2+Lp6FOqkwf1FX4uFOA08k/1pohRUfdscINI85QGAizG1/ZGhTRfTUbkZfbeE4JmyIKHLYjjK/fZhR4MtXtg== x-fb-trip-id 664085054 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * expires Wed, 08 Dec 2021 05:13:18 GMT
GET H2	200	dF5SId3UHWd.svg static.xx.fbcdn.net/rsrc.php/y8/r/	2 KB 1 KB	6ms 6ms	Image image/svg+xml	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg Requested by Host: leavingshouldville.com URL: http://leavingshouldville.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce Security Headers Name Value Content-Security-Policy default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c; X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://leavingshouldville.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-security-policy default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c; content-encoding br x-content-type-options nosniff content-md5 NiMA5zHIsmaYxSYEaw9fHg== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 1027 x-xss-protection 0 x-fb-debug fyLd+OJTYPfBo4HVFFW7nhFGw7KiQ/k3cmqu5q5w9EMgspo3OrBmBGdTtmnPHBP6tju4kt2xk+u7zco+ZlPyXg== x-fb-trip-id 664085054 last-modified Mon, 01 Jan 2001 08:00:00 GMT date Wed, 09 Dec 2020 13:33:29 GMT vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * expires Tue, 30 Nov 2021 17:02:43 GMT
GET H2	200	hsts-pixel.gif facebook.com/security/	43 B 1 KB	33ms 33ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://facebook.com/security/hsts-pixel.gif Requested by Host: leavingshouldville.com URL: http://leavingshouldville.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Content-Security-Policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer http://leavingshouldville.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=15552000; includeSubDomains content-encoding br x-content-type-options nosniff content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/; report-to {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]} cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 x-xss-protection 0 pragma no-cache x-fb-debug jnrZpASzqxfj3mOSGFDKXJHSJ6PXnCMWiIg7kIatGB8+Rxa4vyOb5uz6hTy+pUbNj2TpcvHP9MHm5CHtLI+q+A== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT date Wed, 09 Dec 2020 13:33:29 GMT x-frame-options DENY access-control-allow-methods OPTIONS content-type image/gif access-control-allow-origin * vary Origin, Accept-Encoding cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true content-security-policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; access-control-expose-headers X-FB-Debug, X-Loader-Length
GET H2	200	ZhcUsCD3bjj.js Show response static.xx.fbcdn.net/rsrc.php/v3iK-b4/yT/l/en_US/	106 KB 30 KB	6ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3iK-b4/yT/l/en_US/ZhcUsCD3bjj.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: leavingshouldville.com URL: http://leavingshouldville.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 1a1fe998dd643e271c382f1d3cd0db0573bad87837036f2cdce0dc60a89725d2 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://leavingshouldville.com/ Origin http://leavingshouldville.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Wed, 09 Dec 2020 13:33:29 GMT content-encoding br x-content-type-options nosniff content-md5 3CrHWcFQaIuQ1Gfv1R+EwA== cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 30368 x-fb-debug rH5ko/hUyFA92M0nABKHTZ6C8ogUOnPeSWzHGHceNcNS8o1o1nmBKVtLfcAY+e2UV0l4tvwzZJuWge9f9kglcw== x-fb-trip-id 664085054 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * expires Tue, 07 Dec 2021 21:46:42 GMT
GET H2	200	1lDsteNqRLb.png static.xx.fbcdn.net/rsrc.php/v3/yP/r/	8 KB 9 KB	6ms 5ms	Image image/png	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/1lDsteNqRLb.png Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/HLciEXv3Q5l.css?_nc_x=Ij3Wp8lg5Kz Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 46453ee0cdee88dffa05e5a6c9d504c4e3b28332dd4ab68571f26e38f916e156 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/HLciEXv3Q5l.css?_nc_x=Ij3Wp8lg5Kz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-fb-debug 6OzzUjMUuzilZn49VrE11d/KjO8nq2t8UM7KzrU3FVlzP8hjyFgSWma2N4N8hJICy2GkwUrFRBibySTDTk5KJw== x-fb-trip-id 664085054 x-content-type-options nosniff last-modified Mon, 01 Jan 2001 08:00:00 GMT content-md5 ZKkN78VU6VM7DOLNLMTMmg== date Wed, 09 Dec 2020 13:33:29 GMT content-type image/png access-control-allow-origin * cache-control public,max-age=31536000,immutable cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 8700 expires Tue, 30 Nov 2021 23:48:46 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| envFlush object| Env number| __DEV__ function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer function| getErrorSafe object| ErrorGuard object| ErrorUtils function| CavalryLogger function| __updateOrientation object| TimeSlice number| __bigPipeFactory function| now_inl number| __bigPipeFR

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
leavingshouldville.com
static.xx.fbcdn.net
139.180.146.112
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
1a1fe998dd643e271c382f1d3cd0db0573bad87837036f2cdce0dc60a89725d2
2524e547d253fb26a9a08095faf9c144d907fcfd9648fcb5affb6a9fb88c0558
3a785be7bd586f15e7bda865baf3832768f472c254632e507a2020af0a52f1e9
46453ee0cdee88dffa05e5a6c9d504c4e3b28332dd4ab68571f26e38f916e156
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7c974a248b64b0305dbe8a4135b3a881a87bc58122cc287c8663a4f0585721eb
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
a4470fc6620a1bc7021b62e17c599d4d6f70e8bc7772f8d82586b7e8813a5f11
cae45c3f3a46268901523634b9eb870c530010cb49d6d7a3a007140119ef4136