facebook-help.support
Open in
urlscan Pro
185.155.96.35
Malicious Activity!
Public Scan
URL:
https://facebook-help.support/
Submission: On March 31 via automatic, source rescanner — Scanned from DE
Submission: On March 31 via automatic, source rescanner — Scanned from DE
Summary
This website contacted 4 IPs
in 3 countries
across 4 domains to perform 16 HTTP transactions.
The main IP is 185.155.96.35, located in
Estonia and
belongs to FAIRYHOSTING, EE.
The main domain is facebook-help.support.
TLS certificate: Issued by R3 on March 31st 2022. Valid for: 3 months.
This is the only time facebook-help.support was scanned on urlscan.io!
TLS certificate: Issued by R3 on March 31st 2022. Valid for: 3 months.
This is the only time facebook-help.support was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 185.155.96.35 185.155.96.35 | 202759 (FAIRYHOSTING) (FAIRYHOSTING) | |
| 4 | 2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
| 1 | 34.117.59.81 34.117.59.81 | 15169 (GOOGLE) (GOOGLE) | |
| 16 | 4 |
10
185.155.96.35
(Estonia)
ASN202759 (FAIRYHOSTING, EE)
PTR: raik.designute.com
ASN202759 (FAIRYHOSTING, EE)
PTR: raik.designute.com
| facebook-help.support |
4
2a03:2880:f11c:8083:face:b00c:0:25de
(Frankfurt am Main, Germany)
ASN32934 (FACEBOOK, US)
ASN32934 (FACEBOOK, US)
| www.facebook.com |
1
34.117.59.81
(Kansas City, United States)
ASN15169 (GOOGLE, US)
PTR: 81.59.117.34.bc.googleusercontent.com
ASN15169 (GOOGLE, US)
PTR: 81.59.117.34.bc.googleusercontent.com
| ipinfo.io |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
facebook-help.support
facebook-help.support |
1 MB |
| 4 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 99 |
140 KB |
| 1 |
ipinfo.io
ipinfo.io — Cisco Umbrella Rank: 6710 |
372 B |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 16 | 4 |
| Domain | Requested by | |
|---|---|---|
| 10 | facebook-help.support |
facebook-help.support
|
| 4 | www.facebook.com |
facebook-help.support
|
| 1 | ipinfo.io |
facebook-help.support
|
| 0 | 207.154.204.71 Failed |
facebook-help.support
|
| 16 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| facebook-help.support R3 |
2022-03-31 - 2022-06-29 |
3 months | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2022-01-08 - 2022-04-08 |
3 months | crt.sh |
| ipinfo.io GTS CA 1D4 |
2022-02-24 - 2022-05-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://facebook-help.support/
Frame ID: 21EDB5AC087DB574FA4311A2922EF55B
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Help CenterDetected technologies
Ant Design
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
facebook-help.support/ |
746 B 679 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.958b4388.js
facebook-help.support/static/js/ |
787 KB 788 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.f82ce72a.css
facebook-help.support/static/css/ |
585 KB 586 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
11cdjuP55Lo.png
www.facebook.com/rsrc.php/v3/yF/r/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gjTEpitnxIv.png
www.facebook.com/rsrc.php/v3/yl/r/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Y4qEfNKxt-z.png
www.facebook.com/rsrc.php/v3/yu/r/ |
84 KB 84 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
oSkF_jfLLiO.png
www.facebook.com/rsrc.php/v3/ym/r/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
json
ipinfo.io/ |
249 B 372 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
facebookLogo1.png
facebook-help.support/ |
58 KB 59 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
secure.png
facebook-help.support/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
arrowdown.png
facebook-help.support/ |
172 B 418 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
yourprivacy.png
facebook-help.support/ |
35 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
drawimage.png
facebook-help.support/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
reportingabuse.png
facebook-help.support/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logometa.png
facebook-help.support/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
oneToken
207.154.204.71/api/users/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 207.154.204.71
- URL
- http://207.154.204.71/api/users/oneToken
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| webpackChunkfbae_clone object| regeneratorRuntime0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
207.154.204.71
facebook-help.support
ipinfo.io
www.facebook.com
207.154.204.71
185.155.96.35
2a03:2880:f11c:8083:face:b00c:0:25de
34.117.59.81
09ca171e68260913bfd1a1e535662b0095c00eb3f54c167aa0cb367110254496
2313c3fceb42deca30dc26839f7133146d43cdd5963a702743688ff4af829a48
3c60702e5c6f634d24f67ab5cd7e2971716284e20453b168dc642ec503428add
5aaf62fae22726833ee9736565e82156d138373ee93a8e56d1554abad557f495
5d5e444b8ea1d79da3d6de98145c64c6387c2514c08cd18e3159a2907d3a9c13
84e30295e10b684475b110001987652754c5738c32f691a1196f95107b0784f6
8ee6e378d2d70a5f5c9772c38571e5334ef8620c34bcdd479d06cd6b16dfb964
916e0b22e5455f61e2a75459d2087456caa97896dc25853f76e5b853d08ef611
a14fd4d49f053df2ff5c8c4bee5fa141cbc1878cf8a006207b9d5265bf6548e6
a65be10cfa1a8cb0fafea62bdd333d9accfc14630b1cbbeaad114c3dfee173b0
bd55d27d5fff1179136bd78b650a159ea4ce3dc15c7ea5668a4ed0efa9cae863
c963a65f272c24dfbf9d159212dbc03b87983c4e470dc05563731bb09c129353
e2d85b7515cbe41fed7e43bde39ecab913e2702708d9901ef0918ded28e69bec
ee17fdd9c919e7aab8295e1ab3f24929126298033354db9e0b712597b7aaea29
f0467f9693642f683f97262490f36b1dfc43095b2ad7fa758bf572a49563d132