rappfb.com
Open in
urlscan Pro
185.244.148.229
Malicious Activity!
Public Scan
Effective URL: http://rappfb.com/?lang=en&wkr=&id=&name=
Submission: On June 25 via manual from FI
Summary
This is the only time rappfb.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 13 | 185.244.148.229 185.244.148.229 | 60117 (HS) (HS) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 69.4.231.30 69.4.231.30 | 36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.) | |
1 | 147.75.204.215 147.75.204.215 | 54825 (PACKET) (PACKET - Packet Host) | |
1 2 | 2a0e:ac00:c7:... 2a0e:ac00:c7:d43b::5bc7:d43b | 48447 (SECTIGO) (SECTIGO) | |
1 | 147.75.32.173 147.75.32.173 | 54825 (PACKET) (PACKET - Packet Host) | |
1 | 147.75.81.98 147.75.81.98 | 54825 (PACKET) (PACKET - Packet Host) | |
21 | 8 |
ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: no-rdns.ord02.hostingservicesinc.net
t.dtscout.com |
ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-22
static.hotjar.com |
ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-27
script.hotjar.com |
ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-30
vars.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
rappfb.com
1 redirects
rappfb.com |
91 KB |
3 |
hotjar.com
static.hotjar.com script.hotjar.com vars.hotjar.com |
91 KB |
2 |
trustlogo.com
1 redirects
www.trustlogo.com |
14 KB |
1 |
dtscout.com
t.dtscout.com |
348 B |
1 |
amung.us
widgets.amung.us whos.amung.us Failed |
4 KB |
0 |
imgur.com
Failed
i.imgur.com Failed |
|
21 | 6 |
Domain | Requested by | |
---|---|---|
13 | rappfb.com |
1 redirects
rappfb.com
|
2 | www.trustlogo.com |
1 redirects
rappfb.com
|
1 | vars.hotjar.com |
static.hotjar.com
|
1 | script.hotjar.com |
static.hotjar.com
|
1 | static.hotjar.com |
rappfb.com
|
1 | t.dtscout.com |
widgets.amung.us
|
1 | widgets.amung.us |
rappfb.com
|
0 | whos.amung.us Failed |
widgets.amung.us
|
0 | i.imgur.com Failed |
rappfb.com
|
21 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
m.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
static.hotjar.com Let's Encrypt Authority X3 |
2019-06-08 - 2019-09-06 |
3 months | crt.sh |
www.trustlogo.com COMODO RSA Extended Validation Secure Server CA |
2017-09-01 - 2019-09-28 |
2 years | crt.sh |
script.hotjar.com Let's Encrypt Authority X3 |
2019-06-08 - 2019-09-06 |
3 months | crt.sh |
vars.hotjar.com Let's Encrypt Authority X3 |
2019-06-08 - 2019-09-06 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://rappfb.com/?lang=en&wkr=&id=&name=
Frame ID: 6BE7EB16BEC202178CEE85FCDC6E1130
Requests: 20 HTTP requests in this frame
Frame:
https://vars.hotjar.com/box-90f3a29ef7448451db5af955688970d7.html
Frame ID: E84182652B89991BCB0854B25C46A409
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://rappfb.com/
HTTP 302
http://rappfb.com/?lang=en&wkr=&id=&name= Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: facebook
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://rappfb.com/
HTTP 302
http://rappfb.com/?lang=en&wkr=&id=&name= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- http://www.trustlogo.com/trustlogo/javascript/trustlogo.js HTTP 301
- https://www.trustlogo.com/trustlogo/javascript/trustlogo.js
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
rappfb.com/ Redirect Chain
|
26 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Jh5AS8r-Pu3.css
rappfb.com/index_files/ |
33 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gGEGrJycWHa.css
rappfb.com/index_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
URi2RjS56um.css
rappfb.com/index_files/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bQlcLstaPe7.css
rappfb.com/index_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_2qUblp2NgR.css
rappfb.com/index_files/ |
28 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ztb5BbfIkM7.css
rappfb.com/index_files/ |
59 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DyTup7nvZb0.css
rappfb.com/index_files/ |
7 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
L3H3CWomUsd.css
rappfb.com/index_files/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
small.js
widgets.amung.us/ |
7 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/i/ |
17 B 348 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-1008042.js
static.hotjar.com/c/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trustlogo.js
www.trustlogo.com/trustlogo/javascript/ Redirect Chain
|
14 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.07bc2e6aac237cdc84eb.js
script.hotjar.com/ |
425 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
GaeWQSZ.png
i.imgur.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hsts-pixel.gif
rappfb.com/index_files/ |
43 B 334 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
whos.amung.us/pingjs/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
whos.amung.us/pingjs/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mFt2Gbxw9rO.png
rappfb.com/index_files/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Y8VrvG-1crh.png
rappfb.com/rsrc.php/v3/yN/r/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-90f3a29ef7448451db5af955688970d7.html
vars.hotjar.com/ Frame E841 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- i.imgur.com
- URL
- https://i.imgur.com/GaeWQSZ.png
- Domain
- whos.amung.us
- URL
- http://whos.amung.us/pingjs/?k=conads&t=FBAPP%20Tests&c=s&y=&a=-1&d=16.416&v=22&r=7783
- Domain
- whos.amung.us
- URL
- http://whos.amung.us/pingjs/?k=conedxads2&t=FBAPP%20Tests&c=s&y=&a=-1&d=16.416&v=22&r=1893
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)148 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask undefined| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady function| hj object| _hjSettings string| tlJsHost object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled function| HotjarBasicDataStorage function| HotjarCollectionDataStorage function| TrustLogo function| TrustLogo_MouseOver function| TrustLogo_MouseMove function| TrustLogo_MouseOut function| TrustLogo_Credentials function| tLL function| tLM function| tLN function| tLWC function| tLXC function| tLZC function| tLaC function| tLX function| tLY function| tLiB function| tLQC function| tLRC function| tL1C function| tL0C function| tL9C function| tL2C function| tL3C function| tLUC function| tLrC function| tLsC function| tLtC function| tLuC function| tLvC function| tLjC function| tLz function| tLHB function| tLIB function| tLd function| tLe function| tLf function| tLh function| tLi function| tLj function| tLl function| tLm function| tLn function| tLo function| tLp function| tLq function| tLr function| tLs function| tLt function| tLu function| tLx function| tLv function| tLw function| tLy function| tLJB function| tLHC function| tLIC function| tLKB function| tLLB function| tLMB function| tL_C function| tLXB function| tLeB function| tLnB function| tLqC function| tLTC function| tLpC function| tLoB function| tLpB function| tLlB function| tLmB function| createStyleRule string| current_code string| tLB string| tLC string| tLD string| tLE string| tLF string| tLG string| tLH string| tLI string| tLnC string| tLbC string| tLlC string| tLyC string| tLMC string| tLLC string| tLNC number| tLgC number| tLeC number| tLhC number| tLP number| tLQ number| tLfC number| tLiC number| tLU number| tLV string| tLzC number| tLR number| tLS number| tLT number| tLW object| tLO string| tLYC string| tLGB string| tLNB number| tLOB number| tLPB number| tLQB number| tLRB object| tLSB string| tLTB boolean| tLUB number| tLVB string| tLWB number| version function| randHash string| cpa string| index object| _0x31c3 function| _0x16cc object| _0x2de6 function| _0x113a object| _0x441f function| _0x1d9b object| _0x3c82 function| _0xa087 object| _dts0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
i.imgur.com
rappfb.com
script.hotjar.com
static.hotjar.com
t.dtscout.com
vars.hotjar.com
whos.amung.us
widgets.amung.us
www.trustlogo.com
i.imgur.com
whos.amung.us
147.75.204.215
147.75.32.173
147.75.81.98
185.225.208.133
185.244.148.229
2a0e:ac00:c7:d43b::5bc7:d43b
69.4.231.30
1d73d17e0ef48211516c0456ef76a245008e7ec5819edd1b8601c0ba9fde4a8b
1f0b4598b7e8f61d46bd01c1abc79a6a0a56ee7a922de1505c45953652e3d6f3
2037dbd25bd633e1faa96e8b17e3b7879cd0bae55134eb417a7267c42732f605
21c244c77e7bffa9c97cf69e310fc60936103ea4e69b634ad3e783495c508a28
37c5cbe8ad795a530c7ad3e2a3574a4f9038c3fc10fc48ca4c1c74ed9ffdc6a4
42246708a9df57c5eaa198988d9cb1735013ce8828ffdd22b96aad1fb0dd747e
4d3d479cda1d6eddfc2bceb124bef83fe3ff830b63bc0cd88739aebb6da41bda
5127334bd90f61166bb106108aa05967169dfff358db67534b7cff6a69084ca2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83
7335ec3f8eb4ee1e30110564a69f2c2b75f67e45d32e4e7662a67e1553c060ad
816e0589456da59e4fe78c477ca041f2125001faeae2079748f233affa1e4d68
9e56c65f5d564971049173844e87cf1218d305bb68c19788af054601a5fc0dcd
b7ae6e4e7c9c99aa1657e5d0d69d3a471d25533875bbd2de6a5ece2d39aaf463
c324a24ee991ad8cee91410e26b78de7c568181a1be416b31a48b96b44457df1
e40d5eb4531d62d2c058a802e860c7255a9f2c6629d21ca1f3e846b39a3d4e11
e490ca0f0bd9ea4b7c03115037b74983014f0a906a02b07d9ea19d08343ff6bd