recovery-fb-id.my1.ru
Open in
urlscan Pro
195.216.243.36
Malicious Activity!
Public Scan
Submission: On February 09 via automatic, source phishtank
Summary
This is the only time recovery-fb-id.my1.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 195.216.243.36 195.216.243.36 | 29226 (MASTERTEL...) (MASTERTEL-AS Moscow) | |
15 | 2a03:2880:f11... 2a03:2880:f11c:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
17 | 3 |
ASN29226 (MASTERTEL-AS Moscow, Russia, RU)
PTR: s36.ucoz.net
recovery-fb-id.my1.ru |
ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
facebook.com
www.facebook.com |
161 KB |
2 |
my1.ru
recovery-fb-id.my1.ru |
27 KB |
17 | 2 |
Domain | Requested by | |
---|---|---|
15 | www.facebook.com |
recovery-fb-id.my1.ru
www.facebook.com |
2 | recovery-fb-id.my1.ru |
www.facebook.com
|
17 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
de-de.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2016-12-09 - 2018-01-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://recovery-fb-id.my1.ru/facebook-account.htm
Frame ID: 10119.1
Requests: 18 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Deutsch
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
facebook-account.htm
recovery-fb-id.my1.ru/ |
101 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CrBwA6awfpq.css
www.facebook.com/rsrc.php/v3/y1/r/ |
42 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pcn5kcy2Wu3.css
www.facebook.com/rsrc.php/v3/y6/r/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nLJkGexeJ5t.css
www.facebook.com/rsrc.php/v3/yx/r/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gUcZZLwutIG.css
www.facebook.com/rsrc.php/v3/ya/r/ |
43 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Uz1_cNSYvZK.js
www.facebook.com/rsrc.php/v3/yy/r/ |
165 KB 42 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
81mGaCLzC3W.png
www.facebook.com/rsrc.php/v3/yT/r/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s3OmliaAHHx.png
www.facebook.com/rsrc.php/v3/yA/r/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
74 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
O7nelmd9XSI.png
www.facebook.com/rsrc.php/v3/yU/r/ |
95 B 104 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a8ktdsn0932.js
www.facebook.com/rsrc.php/v3iAK24/yl/l/id_ID/ |
195 KB 45 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BwhLfJGBavX.js
www.facebook.com/rsrc.php/v3/yx/r/ |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VRRdhgO5aYh.js
www.facebook.com/rsrc.php/v3iLxv4/y6/l/id_ID/ |
28 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nDLFpTYYMj4.js
www.facebook.com/rsrc.php/v3/yt/r/ |
35 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
J_PiaUdj5PI.js
www.facebook.com/rsrc.php/v3/yi/r/ |
8 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DN4t_pZoRuF.js
www.facebook.com/rsrc.php/v3/yI/r/ |
50 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-PAXP-deijE.gif
www.facebook.com/rsrc.php/v3/y4/r/ |
43 B 52 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
bz
recovery-fb-id.my1.ru/ajax/ |
7 KB 3 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.recovery-fb-id.my1.ru/ | Name: _js_reg_fb_ref Value: https%3A%2F%2Fwww.facebook.com%2Flogin%2F%3Fdeact%3DAQAl4HeGbws2nmmw |
|
.recovery-fb-id.my1.ru/ | Name: _js_reg_fb_gate Value: https%3A%2F%2Fwww.facebook.com%2Flogin%2F%3Fdeact%3DAQAl4HeGbws2nmmw |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
recovery-fb-id.my1.ru
www.facebook.com
195.216.243.36
2a03:2880:f11c:83:face:b00c:0:25de
006d75c9402a14dd1bbb3fdf684e0c8f1307401eb96c626339e13d6d00a41721
046fc4e034718e8e1815ce7ceb59b7c9513504c6f8d9b5a709e41b678fdf414e
0ba443e842ccedbd78e6cfedcff2fbe25f31ad292166408224427530023469ab
1a00a041721532efdb643bbc97c569643eee340dead9d7d32c65257e22b4e545
1cb53ce9d24e171e21078c84aff52b611892e0b5dfc626c1e41e6b02dcb41477
3de1614e860e8eff80980ef1e763bd955a4c147d7463539a4c042542e3a2b9db
5a52dbaf980be015c37ea658dc83e753f345ecb7c48a7dafd71bf1ed67e8b4bd
67d73be441c1a7dee565281eb1ca5ae47b612d6ffc109d2b706a73e0f19f3999
6afa115f3941786d2302e4e4528c2551c06e4831c535c5e2480ba8b10e2d189a
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75
9175f30eb8f5994ae58762df221a2549bbbc787b5949d26931fba9595dff44b8
a3f9e59f14d96d7f7eb49909f73905fa1eaabe000950dd72d6684f0a7c8c8f34
a72665362ba2aeafdedd698ba2bda74b9f6b1018c00270f9de54c0222180d595
c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c
d431877b75d6c32f78db17ae7f7e033e686a1efeefaf5623d423a250e0a2907d
d4b0848ce136b36333aac601274be9668cf1b985affe4c7242459a92b315e1cb
e36420cb70f72ffd216d479284db07a3085db00e611fc17ee4578d619236ab16
f4f5f33242ffbf8ec46cd6dec2b67a8eb40957b76c096643cd2ff1650b007c88