img.fbook-519111692.wptech.net Open in urlscan Pro
51.91.25.149 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
Submission: On November 23 via automatic, source openphish (November 23rd 2020, 1:36:58 am UTC)

Summary HTTP 9 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 51.91.25.149, located in France and belongs to OVH, FR. The main domain is img.fbook-519111692.wptech.net.

This is the only time img.fbook-519111692.wptech.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
2	51.91.25.149 51.91.25.149	16276 (OVH) (OVH)
6	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
9	3

2 51.91.25.149 (France)

ASN16276 (OVH, FR)
PTR: host.hololweb.com

img.fbook-519111692.wptech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland) 2 redirects

ASN32934 (FACEBOOK, US)

facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fbsbx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	fbcdn.net 1 redirects static.xx.fbcdn.net fbcdn.net	48 KB
2	wptech.net img.fbook-519111692.wptech.net	27 KB
1	fbsbx.com fbsbx.com	690 B
1	facebook.com 1 redirects facebook.com	319 B
9	4

	Domain	Requested by
6	static.xx.fbcdn.net	img.fbook-519111692.wptech.net static.xx.fbcdn.net
2	img.fbook-519111692.wptech.net	img.fbook-519111692.wptech.net
1	fbsbx.com	img.fbook-519111692.wptech.net
1	fbcdn.net	1 redirects
1	facebook.com	1 redirects
9	5

This site contains links to these domains. Also see Links.

Domain
m.facebook.com
facebook.com
www.oculus.com
portal.facebook.com
pay.facebook.com

Subject Issuer	Validity	Valid
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-01-30`	3 months	crt.sh
fbcdn.net DigiCert SHA2 High Assurance Server CA	`2020-10-16` - `2021-01-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
Frame ID: A89CCE818D7D752BBC1F30F866C5DBCF
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

78 %
HTTPS

67 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

75 kB
Transfer

232 kB
Size

0
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://m.facebook.com/click.php?redir_url=http%3A%2F%2Fitunes.apple.com%2Fapp%2Ffacebook%2Fid284882215%3Freferrer_params%255Blink_source%255D%3Dfb_app_banner&app_id=6628568379&cref=mb&no_fw=1&refid=8
Title: Important notice! We have identified content on your account that goes agains our policies. Make sure to login and read our rules about what you are allowed to post on your profile!

Search URL Search Domain Scan URL

URL: https://facebook.com/login/?refid=8

Search URL Search Domain Scan URL

URL: https://facebook.com/
Title: HIDESHOW

Search URL Search Domain Scan URL

URL: https://facebook.com/reg-no-deeplink/?cid=103&refid=8
Title: Create New Account

Search URL Search Domain Scan URL

URL: https://facebook.com/recover/initiate/?c=https%3A%2F%2Fm.facebook.com%2F&r&cuid&ars=facebook_login&lwv=100&refid=8
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://facebook.com/a/language.php?l=fr_FR&lref=https%3A%2F%2Fm.facebook.com%2F&sref=legacy_mobile_settings_selector&gfid=AQBm_Veg2fQrOYNF&refid=8
Title: FranÃ§ais (France)

Search URL Search Domain Scan URL

URL: https://facebook.com/a/language.php?l=pt_BR&lref=https%3A%2F%2Fm.facebook.com%2F&sref=legacy_mobile_settings_selector&gfid=AQBLHM0_hJbPJX4G&refid=8
Title: PortuguÃªs (Brasil)

Search URL Search Domain Scan URL

URL: https://facebook.com/a/language.php?l=it_IT&lref=https%3A%2F%2Fm.facebook.com%2F&sref=legacy_mobile_settings_selector&gfid=AQAAucvOvcj7hzEI&refid=8
Title: Italiano

Search URL Search Domain Scan URL

URL: https://facebook.com/a/language.php?l=es_LA&lref=https%3A%2F%2Fm.facebook.com%2F&sref=legacy_mobile_settings_selector&gfid=AQATW5IsjFLycnW5&refid=8
Title: EspaÃ±ol

Search URL Search Domain Scan URL

URL: https://facebook.com/a/language.php?l=zh_CN&lref=https%3A%2F%2Fm.facebook.com%2F&sref=legacy_mobile_settings_selector&gfid=AQBSR4VRkKg5yabj&refid=8
Title: ä¸æ(ç®ä½)

Search URL Search Domain Scan URL

URL: https://facebook.com/a/language.php?l=de_DE&lref=https%3A%2F%2Fm.facebook.com%2F&sref=legacy_mobile_settings_selector&gfid=AQBX8X5Yh0dyaeck&refid=8
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://facebook.com/language.php?n=https%3A%2F%2Fm.facebook.com%2F&refid=8
Title:

Search URL Search Domain Scan URL

URL: https://facebook.com/facebook?refid=8
Title: About

Search URL Search Domain Scan URL

URL: https://facebook.com/help/?ref=pf&refid=8
Title: Help

Search URL Search Domain Scan URL

URL: https://facebook.com/directory/pages/?refid=8
Title: Pages

Search URL Search Domain Scan URL

URL: https://facebook.com/directory/places/?refid=8
Title: Locations

Search URL Search Domain Scan URL

URL: https://facebook.com/directory/people/?refid=8
Title: People

Search URL Search Domain Scan URL

URL: https://facebook.com/directory/groups/?refid=8
Title: Groups

Search URL Search Domain Scan URL

URL: https://facebook.com/pages/category/?refid=8
Title: Page Categories

Search URL Search Domain Scan URL

URL: https://facebook.com/places/?refid=8
Title: Places

Search URL Search Domain Scan URL

URL: https://www.oculus.com/
Title: Oculus

Search URL Search Domain Scan URL

URL: https://portal.facebook.com/?refid=8
Title: Portal

Search URL Search Domain Scan URL

URL: https://facebook.com/marketplace/?refid=8
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://pay.facebook.com/?refid=8
Title: Facebook Pay

Search URL Search Domain Scan URL

URL: https://facebook.com/fundraisers/?refid=8
Title: Fundraisers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://facebook.com/security/hsts-pixel.gif?c=3.2 HTTP 302
https://fbcdn.net/security/hsts-pixel.gif?c=2 HTTP 302
https://fbsbx.com/security/hsts-pixel.gif

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request gate.html Show response
img.fbook-519111692.wptech.net/ 60 B
406 B 79ms
65ms Document
text/html 51.91.25.149
OVH

General

Check archive.org

Show headers Download Go to

Full URL

http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799

Protocol

HTTP/1.1

Server

51.91.25.149 , France, ASN16276 (OVH, FR),

Reverse DNS

host.hololweb.com

Software

nginx /

Resource Hash

4c8875aaa67ca65c188527d4e6d6313eb32654931b8c6d01a1712bb66462cfde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: img.fbook-519111692.wptech.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Mon, 23 Nov 2020 01:36:42 GMT
Content-Type: text/html
Content-Length: 60
Connection: keep-alive
Last-Modified: Fri, 16 Oct 2020 06:17:08 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

GET
H/1.1 200
OK myscr908173.js Show response
img.fbook-519111692.wptech.net/ 101 KB
27 KB 32ms
31ms Script
application/javascript 51.91.25.149
OVH

General

Check archive.org

Show headers Download Go to

Full URL

http://img.fbook-519111692.wptech.net/myscr908173.js

Requested by

Host: img.fbook-519111692.wptech.net
URL: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799

Protocol

HTTP/1.1

Server

51.91.25.149 , France, ASN16276 (OVH, FR),

Reverse DNS

host.hololweb.com

Software

nginx /

Resource Hash

75d3c6d209ba05b5769f044544665173d57a7be5426d5ce9982173231aa74e37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 23 Nov 2020 01:36:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Oct 2020 06:17:04 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Expires: Wed, 23 Dec 2020 01:36:42 GMT
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H2 200 s0XShOAXyWC.css
static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/ 89 KB
20 KB 9ms
7ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/s0XShOAXyWC.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: img.fbook-519111692.wptech.net
URL: http://img.fbook-519111692.wptech.net/myscr908173.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

91d2477807498e356914242db913f113823a28da7c1bb53ef5f7092626f05cb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 23 Nov 2020 01:36:42 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: xjC7FKHqi6ulK/A0N4X57A==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 19819
x-fb-debug: dj4HPlRWReL0mQcJlZhkAUX2xf9P/zonFWB6hTForzpG4+wP3TfF8S6eyLpo6Rr9bitrAwC7m5v5MAsaVBxHzw==
x-fb-trip-id: 664085054
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 17 Nov 2021 02:40:53 GMT

GET
H2 200 h43SCKgbNeg.css
static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/ 17 KB
4 KB 10ms
8ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/h43SCKgbNeg.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: img.fbook-519111692.wptech.net
URL: http://img.fbook-519111692.wptech.net/myscr908173.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5cf6803b140baf8787a91e50c401cf599c08d1d01f20f1a22342e8f961a7765e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 23 Nov 2020 01:36:42 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: ffAjQW+DHJ9b70EF1SrS1g==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 4002
x-ua-compatible: IE=edge
x-fb-debug: q6+HBRlbpJleMfnjAbhhaDHn8KyreyTRGGbVQW/27LtDYWPADFNBtJ1+fH+G/SLUscHsiE2Jy/IRLWrCp2/zpA==
x-fb-trip-id: 664085054
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 18 Nov 2021 02:13:56 GMT

GET
H2 200 dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 2 KB
2 KB 8ms
7ms Image
image/svg+xml 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg

Requested by

Host: img.fbook-519111692.wptech.net
URL: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Security Headers

Name	Value
Content-Security-Policy	default-src fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
content-md5: NiMA5zHIsmaYxSYEaw9fHg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1027
x-xss-protection: 0
x-fb-debug: 5dEsk6WxsamrULi/eohvkHKFeH4V9BAcDHJWt1ZXQSPEi2DWYmesauS4r7RXFiT01v0RruBR1UrjJtIkKHc3JA==
x-fb-trip-id: 664085054
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Mon, 23 Nov 2020 01:36:42 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 17 Nov 2021 05:30:28 GMT

GET
H2

200

hsts-pixel.gif
fbsbx.com/security/
Redirect Chain

https://facebook.com/security/hsts-pixel.gif?c=3.2
https://fbcdn.net/security/hsts-pixel.gif?c=2
https://fbsbx.com/security/hsts-pixel.gif

43 B
690 B

30ms
28ms

Image
image/gif

2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fbsbx.com/security/hsts-pixel.gif

Requested by

Host: img.fbook-519111692.wptech.net
URL: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	default-src fbsbx.com .fbsbx.com fbcdn.net .fbcdn.net data: blob:;script-src .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbsbx.com .fbsbx.com fbcdn.net .fbcdn.net;connect-src .fbcdn.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src fbsbx.com *.fbsbx.com fbcdn.net *.fbcdn.net data: blob:;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' fbsbx.com *.fbsbx.com fbcdn.net *.fbcdn.net;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 5SXMrVGv+/NLpj988yns2n1V1AE2GCBm7Ecey3+0aGHxXEyLG9gJDbNUjcqw4wYs9SA5bt2KO59YR6cmZThChw==
x-frame-options: DENY
date: Mon, 23 Nov 2020 01:36:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

x-fb-debug: Ffg+s3IH58fPV4kTaxiIdBv0CCZ/5NopJwIbP9RcCX5MbDGLTbAnTYWfUKYHyhsO01bj1bGTbhdCfkRmKO08JQ==
access-control-allow-origin: *
date: Mon, 23 Nov 2020 01:36:42 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
location: https://fbsbx.com/security/hsts-pixel.gif
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 JJsC9S33ata.png
static.xx.fbcdn.net/rsrc.php/v3/yP/r/ 2 KB
3 KB 6ms
6ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/JJsC9S33ata.png

Requested by

Host: img.fbook-519111692.wptech.net
URL: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

39851cf509d8e6142c7e77cc2ee475c50ad358ca3be899954bf17c2155ae49ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://img.fbook-519111692.wptech.net/gate.html?location=1dcbb52d4248d814514e2e3cf94c7799
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug: QEJjGyXD0jrs5pPe9LRPYr+WxYEwrEKRCYKUqMr66SwucxN7aRvosyDIozyErffbbPMihJI6+kDR2EsEynZ2Xw==
x-fb-trip-id: 664085054
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 5bLIZb0mh/ooqLt48dFV7Q==
date: Mon, 23 Nov 2020 01:36:42 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 2325
expires: Thu, 18 Nov 2021 01:50:43 GMT

GET
H2 200 5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ 1 KB
1 KB 5ms
5ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/5NR43BsYs8o.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/s0XShOAXyWC.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/s0XShOAXyWC.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug: NadPr6BOOfvcRp/DRODltbJDc681Tlh4tV+I8hZ3YtY3GbRTkrPNTO+Kd26UjTEK243JPfPIDL++G36eIpNZJw==
x-fb-trip-id: 664085054
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: zS7nNbuF+qoavNDFbgWDdA==
date: Mon, 23 Nov 2020 01:36:42 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1307
expires: Thu, 18 Nov 2021 00:06:15 GMT

GET
H2 200 EjzW2F-_k3z.png
static.xx.fbcdn.net/rsrc.php/v3/yg/r/ 18 KB
18 KB 6ms
6ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/EjzW2F-_k3z.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/s0XShOAXyWC.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

32338b3a796b0ee8df97dbe07f7223448831ea3f115ccf52348961a0d0d2a318

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/s0XShOAXyWC.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug: gLtB9e02rwA0IVl5qM6bqVV4CQYrs61CJfhVcpXra4iiTdCWAdThJlDh0MvPDjrWAFiJMzpCZNVhS1ipHdiZGQ==
x-fb-trip-id: 664085054
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: wnQC5Ik3YZI01rCDSxKoXA==
date: Mon, 23 Nov 2020 01:36:42 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 18421
expires: Wed, 17 Nov 2021 00:17:41 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
fbcdn.net
fbsbx.com
img.fbook-519111692.wptech.net
static.xx.fbcdn.net
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
51.91.25.149
32338b3a796b0ee8df97dbe07f7223448831ea3f115ccf52348961a0d0d2a318
39851cf509d8e6142c7e77cc2ee475c50ad358ca3be899954bf17c2155ae49ca
4c8875aaa67ca65c188527d4e6d6313eb32654931b8c6d01a1712bb66462cfde
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5cf6803b140baf8787a91e50c401cf599c08d1d01f20f1a22342e8f961a7765e
75d3c6d209ba05b5769f044544665173d57a7be5426d5ce9982173231aa74e37
91d2477807498e356914242db913f113823a28da7c1bb53ef5f7092626f05cb1
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404

img.fbook-519111692.wptech.net Open in urlscan Pro 51.91.25.149 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

78 %HTTPS

67 %IPv6

4 Domains

5 Subdomains

3 IPs

2 Countries

75 kBTransfer

232 kBSize

0 Cookies

25 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

img.fbook-519111692.wptech.net Open in urlscan Pro
51.91.25.149 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

78 %
HTTPS

67 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

75 kB
Transfer

232 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!