www.safety-s4397hvg.ml
Open in
urlscan Pro
2a02:4780:dead:4029::1
Malicious Activity!
Public Scan
Effective URL: http://www.safety-s4397hvg.ml/verification.help.htm
Submission: On May 16 via api from GB
Summary
This is the only time www.safety-s4397hvg.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 2a02:4780:dea... 2a02:4780:dead:4029::1 | 204915 (AWEX) (AWEX) | |
2 | 2606:4700:10:... 2606:4700:10::6814:442e | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2a03:2880:f11... 2a03:2880:f11a:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
14 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.000webhost.com |
ASN32934 (FACEBOOK - Facebook, Inc., US)
facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
safety-s4397hvg.ml
www.safety-s4397hvg.ml |
195 KB |
2 |
000webhost.com
cdn.000webhost.com |
4 KB |
1 |
facebook.com
facebook.com |
972 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
11 | www.safety-s4397hvg.ml |
www.safety-s4397hvg.ml
|
2 | cdn.000webhost.com |
www.safety-s4397hvg.ml
|
1 | facebook.com |
www.safety-s4397hvg.ml
|
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhost.com COMODO RSA Domain Validation Secure Server CA |
2018-10-19 - 2020-12-17 |
2 years | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2019-04-22 - 2019-07-21 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://www.safety-s4397hvg.ml/verification.help.htm
Frame ID: 69BFAF0035585B2178E0820B6F96347B
Requests: 3 HTTP requests in this frame
Frame:
http://www.safety-s4397hvg.ml/log-in_help.htm
Frame ID: 8084AD3588F49234109CCC9E2FC4E09A
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.safety-s4397hvg.ml/ Page URL
- http://www.safety-s4397hvg.ml/verification.help.htm Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.safety-s4397hvg.ml/ Page URL
- http://www.safety-s4397hvg.ml/verification.help.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.safety-s4397hvg.ml/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
verification.help.htm
www.safety-s4397hvg.ml/ |
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
log-in_help.htm
www.safety-s4397hvg.ml/ Frame 8084 |
17 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ktVBypAOeyk.css
www.safety-s4397hvg.ml/pcss/ Frame 8084 |
166 KB 49 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
XKh9OQ4aRYN.css
www.safety-s4397hvg.ml/pcss/ Frame 8084 |
239 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
x6ZfBy1iJET.css
www.safety-s4397hvg.ml/pcss/ Frame 8084 |
185 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kNAuvWSj3Va.css
www.safety-s4397hvg.ml/pcss/ Frame 8084 |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Q4oQF5TQ_Q-.css
www.safety-s4397hvg.ml/pcss/ Frame 8084 |
21 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
F8n3WrEc0r.png
www.safety-s4397hvg.ml/vimg/ Frame 8084 |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
facebook.com/security/ Frame 8084 |
43 B 972 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ Frame 8084 |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Zm6qaJY_kan.png
www.safety-s4397hvg.ml/rsrc.php/v3/yP/r/ Frame 8084 |
14 KB 14 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
O7nelmd9XSI.png
www.safety-s4397hvg.ml/rsrc.php/v3/yU/r/ Frame 8084 |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.000webhost.com
facebook.com
www.safety-s4397hvg.ml
2606:4700:10::6814:442e
2a02:4780:dead:4029::1
2a03:2880:f11a:83:face:b00c:0:25de
40e8c649f5853f390a1ddc38b0b69d26f3e6104b2cfa3c937d6eb404c17518fa
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55b94d9b379a744c8a854f3ac9f96587ef65b268cb7ca24db4c6110838ea90c8
56f28a347d051ac9de7e917991801b0402b4781b5368b84c68698cff8360170d
5ee856bc0a718c35adf394feae8bd9beb59241207469951d81ca19f05e0b8c1a
627c2fd168c193d82811b4247102557da92730def9b89cf66f8b2b050bd2b6e5
6655341a8af16d930cbf3c1708cb08e9b73fa3b96e58d312a8e7a045ab8d0f37
7d679be4f1b20f51bc3e4c5b20774c7b1609e679fb7ab45c91fa2a2cad2110f5
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
91252e877e09c401110e603eaf0ff8eb78f7e38c1316db14f131fcb3f896bbb4
a46d2b6a6783c30605c5319e92b51e51d2efdde5b673e0a20442983e90b7b262
a5543c5eefe8cf85992472b079aa18002a85a77c6b9c7520f9eed14c5a53b8de
afc81f21ecf3dc8abca28023a831cfbc8b5677b2b1bfede34800d8fd587f88df