verify.ftechblog.xyz Open in urlscan Pro
2606:4700:3032::6815:2895 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://verify.ftechblog.xyz/
Submission: On March 08 via api (March 8th 2024, 6:47:14 pm UTC) from US — Scanned from US

Summary HTTP 5 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2606:4700:3032::6815:2895, located in United States and belongs to CLOUDFLARENET, US. The main domain is verify.ftechblog.xyz.
TLS certificate: Issued by GTS CA 1P5 on January 27th 2024. Valid for: 3 months.

This is the only time verify.ftechblog.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address		AS Autonomous System
2 7	2606:4700:303... 2606:4700:3032::6815:2895		13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	1

7 2606:4700:3032::6815:2895 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

verify.ftechblog.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	ftechblog.xyz 2 redirects verify.ftechblog.xyz	108 KB
5	1

	Domain	Requested by
7	verify.ftechblog.xyz	2 redirects verify.ftechblog.xyz
5	1

This site contains links to these domains. Also see Links.

Domain
m.facebook.com
facebook.com
about.facebook.com
messenger.com
pay.facebook.com
www.oculus.com
portal.facebook.com
lm.facebook.com
www.bulletin.com
developers.facebook.com

Subject Issuer	Validity	Valid
ftechblog.xyz GTS CA 1P5	`2024-01-27` - `2024-04-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://verify.ftechblog.xyz/
Frame ID: D3439C62EB5AD4579D2FCF132133F86C
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Facebook – log in or sign up

Page Statistics

5
Requests

60 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

107 kB
Transfer

291 kB
Size

0
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://m.facebook.com/click.php?redir_url=market%3A%2F%2Fdetails%3Fid%3Dcom.facebook.katana%26referrer%3Dutm_reg%253DDSgOYhSt_vp2vn8KSuVyR4Jc%26referrer_params%255Blink_source%255D%3Dfb_app_banner&app_id=350685531728&cref=mb&no_fw=1&refid=8
Title: Get Facebook for Android and browse faster.

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response verify.ftechblog.xyz/	28 KB 5 KB	371ms 253ms	Document text/html	2606:4700:3032::6815:2895 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://verify.ftechblog.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:2895 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.0.30 Resource Hash `bb577e68983bf7ebe45e544485cce5579bbac210aea2fbb346c4cdd2fbda68df` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8614fdf15a68dab5-MIA content-encoding br content-type text/html; charset=UTF-8 date Fri, 08 Mar 2024 18:47:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2tATAKK98K1PdGSB4qjN2GoEr1E4hiusaWvY5X9cC9X5bxwHvTiMRJQi%2FM5%2FGEoojgUKswIf1cCioYaXgYVH0VRPj%2BZfN5G5HrWLVaRkcUOdmOmkRgLkIJ8P5bav5Xa%2FNGQ82HJZBljFG1oNF0RgaekXw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/8.0.30 x-turbo-charged-by LiteSpeed
GET H2	200	style.css verify.ftechblog.xyz/public/css/	205 KB 44 KB	389ms 387ms	Stylesheet text/css	2606:4700:3032::6815:2895 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://verify.ftechblog.xyz/public/css/style.css Requested by Host: verify.ftechblog.xyz URL: https://verify.ftechblog.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:2895 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a26e6289a481e9f93c2ff338f015db0254c88215b0ef557aef9afb60ead68d06` Request headers accept-language en-US,en;q=0.9 Referer https://verify.ftechblog.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Fri, 08 Mar 2024 18:47:08 GMT content-encoding br cf-cache-status MISS last-modified Thu, 07 Mar 2024 07:39:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijYaqX8fDxjDqZkPO1EMyiScCb54lV%2BQMsSAMIpY2VdRfvq3SuP1IN33OJh%2FUMwOGonnNP1Mrlm4GguaQStw4pzG9uOktzJiA7AflIH6aXktQvLRtaKuVVE3N%2Fp%2BxQsKw9gX%2BOX0Cpq6DJQdFYnqTxvm3g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8614fdf30cebdab5-MIA alt-svc h3=":443"; ma=86400 expires Fri, 15 Mar 2024 18:47:08 GMT
GET H2	200	logo.svg verify.ftechblog.xyz/public/imgs/	2 KB 1 KB	247ms 247ms	Image image/svg+xml	2606:4700:3032::6815:2895 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://verify.ftechblog.xyz/public/imgs/logo.svg Requested by Host: verify.ftechblog.xyz URL: https://verify.ftechblog.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:2895 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e87258461198a1815673cb07ec48bf540ef9b98749ab1dbfae64e0f95a32823e` Request headers accept-language en-US,en;q=0.9 Referer https://verify.ftechblog.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Fri, 08 Mar 2024 18:47:08 GMT content-encoding br cf-cache-status MISS last-modified Thu, 07 Mar 2024 07:51:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcX3h0GdEqArFXLgjq0rbYGYEdAOssdhKW0XMuN%2F8Nhho8O%2FvhVqdDaPf1o%2BXa260qJZeV1DAaDOA%2BeWN85ma4EvQ3lPlb0dZb6iP4dmD8drCoEw8pHOgAtJY3YgFMX6n9nulq9dCen1TYdN0O7Gf2IQjg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 8614fdf30ceddab5-MIA alt-svc h3=":443"; ma=86400 expires Fri, 15 Mar 2024 18:47:08 GMT
GET H3	200	/ verify.ftechblog.xyz/ Redirect Chain https://verify.ftechblog.xyz/rsrc.php/v3/yL/r/SO2mBiDoFWw.png https://verify.ftechblog.xyz/	28 KB 28 KB	275ms 274ms	Image text/html	2606:4700:3032::6815:2895 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://verify.ftechblog.xyz/ Requested by Host: verify.ftechblog.xyz URL: https://verify.ftechblog.xyz/public/css/style.css Protocol H3 Server 2606:4700:3032::6815:2895 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.0.30 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer https://verify.ftechblog.xyz/public/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Fri, 08 Mar 2024 18:47:08 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.0.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FGnrCVbmMDjmH8DLcqX%2BaHKeruMCIGNlymHBKQt3l4LObtlO5B7P20T1TJIL6pgQVBKdCxGnYOC%2FZVWGcAnDOH2cfecfbo1NWVly%2FTisDg1lL8ym5Y7D2WI5XeEqE18NkcWkbRLKt06p1KeELxPlgmchyw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 x-turbo-charged-by LiteSpeed cf-ray 8614fdf71a3d5f20-MIA alt-svc h3=":443"; ma=86400 Redirect headers date Fri, 08 Mar 2024 18:47:08 GMT cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.0.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ga1nCRJNlLqLyDxlnSl2z6Ma9YyqQu6Ink989vmqxKKl%2Fp0DyIh3kV3leIjJnC6bg1wZNNuD2S9Hga5EHzk9ZlPsni2qbbdrxUdFN%2BK4uAuU5cMsIfCjxDe04Q6yjTp8eOxrvOZhHus7iWE10q69eleOQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 location / cache-control no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 8614fdf59fd05f20-MIA alt-svc h3=":443"; ma=86400
GET H3	200	/ verify.ftechblog.xyz/ Redirect Chain https://verify.ftechblog.xyz/rsrc.php/v3/yD/r/NjeWm6eM-wH.png https://verify.ftechblog.xyz/	28 KB 28 KB	267ms 266ms	Image text/html	2606:4700:3032::6815:2895 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://verify.ftechblog.xyz/ Requested by Host: verify.ftechblog.xyz URL: https://verify.ftechblog.xyz/public/css/style.css Protocol H3 Server 2606:4700:3032::6815:2895 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.0.30 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer https://verify.ftechblog.xyz/public/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Fri, 08 Mar 2024 18:47:08 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.0.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KLP8zIcNfYJoZ%2Ftt6vIqGmzj6LeKuWK7vk9VKRoDPEgVyYgrGL9mYw6FKBSr5MmzaOFnpKAnLwqFu%2FOmZQBfYaG1oPjtKIkwsQZZtPUF3rRoeDeW97qivhcFsVLibmQedKexUfyI48IF8vlr9LhqMBWBxg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 x-turbo-charged-by LiteSpeed cf-ray 8614fdf73a5b5f20-MIA alt-svc h3=":443"; ma=86400 Redirect headers date Fri, 08 Mar 2024 18:47:08 GMT cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.0.30 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0ZL6ECDpCg%2BIvjKJWhftlZxa2tt8gFbaKjzQk1pOALl7jL7i9FUYJCkDsYWjt9jjLYSyd3O95oWBtFukjeFI1H8SfmKYVGZq0b6ktUyHmh9BAHstA%2BtWWJc14PIJl6G%2FAfuMHylslsu702YpavWaaSoeg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 location / cache-control no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 8614fdf59fd95f20-MIA alt-svc h3=":443"; ma=86400

verify.ftechblog.xyz Open in urlscan Pro 2606:4700:3032::6815:2895 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

60 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

107 kBTransfer

291 kBSize

0 Cookies

31 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

verify.ftechblog.xyz Open in urlscan Pro
2606:4700:3032::6815:2895 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

60 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

107 kB
Transfer

291 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!