facebooksecure.net
Open in
urlscan Pro
143.198.210.251
Malicious Activity!
Public Scan
Effective URL: https://facebooksecure.net/
Submission: On April 08 via api from US
Summary
TLS certificate: Issued by R3 on April 7th 2021. Valid for: 3 months.
This is the only time facebooksecure.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 143.198.210.251 143.198.210.251 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
13 | 2a03:2880:f03... 2a03:2880:f036:1d:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f03... 2a03:2880:f036:13:face:b00c:0:2 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f13... 2a03:2880:f136:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
16 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
fbcdn.net
static.xx.fbcdn.net |
78 KB |
2 |
facebooksecure.net
1 redirects
facebooksecure.net |
5 KB |
1 |
facebook.com
facebook.com |
831 B |
1 |
atdmt.com
cs.atdmt.com |
1 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
13 | static.xx.fbcdn.net |
facebooksecure.net
static.xx.fbcdn.net |
2 | facebooksecure.net | 1 redirects |
1 | facebook.com |
facebooksecure.net
|
1 | cs.atdmt.com |
facebooksecure.net
|
16 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
facebooksecure.net R3 |
2021-04-07 - 2021-07-06 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-02-10 - 2021-05-10 |
3 months | crt.sh |
*.atlassolutions.com DigiCert SHA2 High Assurance Server CA |
2021-03-26 - 2021-06-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://facebooksecure.net/
Frame ID: 49291F7BAEF9711916E51C791584C1C4
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://facebooksecure.net/
HTTP 301
https://facebooksecure.net/ Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
20 Outgoing links
These are links going to different origins than the main page.
Title: Forgot account?
Search URL Search Domain Scan URL
Title: Create New Account
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Français (France)
Search URL Search Domain Scan URL
Title: 中文(简体)
Search URL Search Domain Scan URL
Title: العرية
Search URL Search Domain Scan URL
Title: Português (Brasil)
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: न्दी
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: Messenger
Search URL Search Domain Scan URL
Title: Watch
Search URL Search Domain Scan URL
Title: Facebook Pay
Search URL Search Domain Scan URL
Title: Oculus
Search URL Search Domain Scan URL
Title: Portal
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Developers
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://facebooksecure.net/
HTTP 301
https://facebooksecure.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
facebooksecure.net/ Redirect Chain
|
22 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lPjqTrZdgsu.css
static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s8FMQRvrcP_.css
static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/ |
33 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t-7-XdFUc5v.css
static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XzMVk90uhh2.css
static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b4THRVjtfKP.css
static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/ |
27 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ycO1-AYtB-B.js
static.xx.fbcdn.net/rsrc.php/v3i7M54/yg/l/en_US/ |
69 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3hsmIhDOIUG.js
static.xx.fbcdn.net/rsrc.php/v3/yj/r/ |
60 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IEOQM8FL8ot.js
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
L42kvzX0PIv.js
static.xx.fbcdn.net/rsrc.php/v3/yh/r/ |
17 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iWbQtMrJW8n.css
static.xx.fbcdn.net/rsrc.php/v3/y6/l/0,cross/ |
2 KB 632 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
cs.atdmt.com/ |
67 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
facebook.com/security/ |
43 B 831 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hm02Lq6f6Mh.png
static.xx.fbcdn.net/rsrc.php/v3/yX/r/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YQNfPR9MJfx.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ |
925 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| do_1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
facebooksecure.net/ | Name: PHPSESSID Value: elt9hdhu7c0d4hn4shjb6pa2vj |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cs.atdmt.com
facebook.com
facebooksecure.net
static.xx.fbcdn.net
143.198.210.251
2a03:2880:f036:13:face:b00c:0:2
2a03:2880:f036:1d:face:b00c:0:3
2a03:2880:f136:83:face:b00c:0:25de
2225bf20b735d53a21accefcd5a904bc4c7ed01a117a8c67647d1cb459f4dbdb
2678c10cf96f5c29d42168765dcf892677ef1214d7020a99e6aa3cb0b67a9f32
27b8c5b51ad2ea06ac291c92a9d32db3aeccb812eee1825cef40c306ea1f4a18
2fc1677e27ac157fc1de6300d7bf8a45a5d83c020f9ab382249065392407761f
4ca4273017e6589ae5e8a9866db11b4c8a81a98c6327cfed5c799518734264ed
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
70d4c8fc95b2302210122e8abb16b9aec6b8ce00312b93ec90dfcbde8a343cda
908edfa9f7ec9fd5cb6b2159b5cb305d9c2c88601c8bf00a23bb0e96fcea1e21
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
a5936c2fba62f37df5373aba3800425e4d5f540556f8bd7f909228df4030841d
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af279c8040a8980b491b294fb5b3de1276317ebac6915106f78cc276784dbead
b8bb41fef146014af6fb47d49139028392b1e21d447253dfeb91e7b9bab75e5f
c836af63b37eac4eaf56b5a973793fe39d307c1febb1edddc209edb1dbc5a7bb
e60e1c170d239ef8628c55986ae1b8e68239665363c6355cfc03336718bc2d7f
f778e711c259bcdb0a712722fb003a7e589fca0504e6d4775176513e4578c14a