urlscan.io logo urlscan.io
SecurityTrails logo

cdnmp.com Open in urlscan Pro
2606:4700:10::ac43:1975  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://zaya.io/ak4k7
Effective URL: https://cdnmp.com/691166965/content/Facebooks.html
Submission: On November 06 via manual from CZ — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 8 domains to perform 17 HTTP transactions. The main IP is 2606:4700:10::ac43:1975, located in United States and belongs to CLOUDFLARENET, US. The main domain is cdnmp.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 6th 2021. Valid for: a year.
This is the only time cdnmp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 1 136.243.224.221 24940 (HETZNER-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:9000:21f... 16509 (AMAZON-02)
2 4 162.0.217.44 22612 (NAMECHEAP...)
1 13.225.87.109 16509 (AMAZON-02)
1 54.84.165.132 14618 (AMAZON-AES)
6 2a03:2880:f02... 32934 (FACEBOOK)
1 67.202.114.212 32748 (STEADFAST)
17 9
1    136.243.224.221 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: kvm.mars.7ho.st
zaya.io
1    2606:4700:10::ac43:1975 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnmp.com
2    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2600:9000:21f3:da00:4:c961:9640:93a1 (United States)

ASN16509 (AMAZON-02, US)
a.mailmunch.co
4    162.0.217.44 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: business146-5.web-hosting.com
wolfteam.xyz
1    13.225.87.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-109.fra2.r.cloudfront.net
cf.mailmunch.co
1    54.84.165.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-165-132.compute-1.amazonaws.com
analytics.mailmunch.co
6    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net
1    67.202.114.212 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
Domain Requested by
6 static.xx.fbcdn.net wolfteam.xyz
cdnmp.com
4 wolfteam.xyz 2 redirects cdnmp.com
2 a.mailmunch.co cdnmp.com
2 ajax.googleapis.com cdnmp.com
1 whos.amung.us cdnmp.com
1 analytics.mailmunch.co cdnmp.com
1 cf.mailmunch.co cdnmp.com
1 cdnjs.cloudflare.com cdnmp.com
1 cdnmp.com
1 zaya.io 1 redirects
17 10

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-05-06 -
2022-05-05		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.mailmunch.co
Amazon		 2021-02-25 -
2022-03-26		 a year crt.sh
analytics.mailmunch.co
R3		 2021-10-14 -
2022-01-12		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-08-16 -
2021-11-14		 3 months crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://cdnmp.com/691166965/content/Facebooks.html
Frame ID: DDAE5B7E4F17E235DA5C622C26C02A93
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook - Sign in or sign up

Page URL History Show full URLs

  1. https://zaya.io/ak4k7 HTTP 301
    https://cdnmp.com/691166965/content/Facebooks.html Page URL

Page Statistics

17
Requests

88 %
HTTPS

50 %
IPv6

8
Domains

10
Subdomains

9
IPs

2
Countries

194 kB
Transfer

312 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://zaya.io/ak4k7 HTTP 301
    https://cdnmp.com/691166965/content/Facebooks.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2 HTTP 301
  • https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
Request Chain 11
  • https://wolfteam.xyz/fbs/location HTTP 301
  • https://wolfteam.xyz/fbs/location/

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Facebooks.html
cdnmp.com/691166965/content/
Redirect Chain
  • https://zaya.io/ak4k7
  • https://cdnmp.com/691166965/content/Facebooks.html
19 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1975 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eed6a5a6c6c99a356cc149a577f79b74403d48a1ff8f9fc5343901c11cfa50

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Sat, 06 Nov 2021 15:51:10 GMT
content-type
text/html
last-modified
Wed, 03 Nov 2021 17:35:17 GMT
vary
Accept-Encoding
expires
Mon, 06 Dec 2021 15:51:10 GMT
cache-control
max-age=2592000 public must-revalidate
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6a9f7b4f2b025b68-FRA
content-encoding
gzip

Redirect headers

location
https://cdnmp.com/691166965/content/Facebooks.html
cache-control
must-revalidate, no-cache, no-store, private
content-type
text/html; charset=UTF-8
content-length
176
content-encoding
br
vary
Accept-Encoding
date
Sat, 06 Nov 2021 15:51:09 GMT
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 08:12:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
373120
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29671
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Wed, 02 Nov 2022 08:12:30 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 03 Nov 2021 11:44:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
273987
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Thu, 03 Nov 2022 11:44:43 GMT
jquery.maskedinput.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.min.js
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb82877818fa23c8c028053cc5744c5d7947faca82bd50a82b918016499bfb62
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 15:51:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
764014
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
1714
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-10e4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTP1pDjkLvTFZq9D6rIYGwQA88Coy5h2m0SlTD9WbXsrODqLJoMT9GCwicxr2PRDzFZ%2BHGM1vZLymi6bI4mI2DQjvZWRC7P8AW2bg0qOauxkCmhZnsWqJxLXNpf0fv8YvKoSRdWPue12oU0cHqmlGibP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6a9f7b50ee3c4a5b-FRA
expires
Thu, 27 Oct 2022 15:51:10 GMT
form.js
a.mailmunch.co/app/v1/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.mailmunch.co/app/v1/form.js
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:da00:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4586094215d4273115514adeeed2f2e84b5c66829ba0198af21e71e17bd127d1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 06:42:05 GMT
content-encoding
gzip
age
32945
x-cache
Hit from cloudfront
content-length
4347
access-control-allow-origin
*
last-modified
Fri, 05 Nov 2021 07:17:05 GMT
server
AmazonS3
etag
"ba5d90d8161f83d86f3fa0e035bd3b6c"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
text/javascript
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=172800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
12ks9W8PVdKzdYI98c6lB6UU6lzDmqVhc46VGr78nhWOZK3_gCY6lw==
safe_image_20%281%29.png
a.mailmunch.co/attachments/assets/000/506/296/large/ 		127 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.mailmunch.co/attachments/assets/000/506/296/large/safe_image_20%281%29.png?1625122013
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:da00:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eaceb8aa11b0e7657eee87cc22d4ba5013411e3b5a3943a23741540a8f3a26f8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 11:55:06 GMT
via
1.1 52f0756596448c36265861853c0a44a4.cloudfront.net (CloudFront)
age
1655765
x-cache
Hit from cloudfront
content-length
130285
last-modified
Thu, 01 Jul 2021 06:46:57 GMT
server
AmazonS3
etag
"cb21468aa12dbeec433451717358ee84"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
max-age=31556952
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
JbsmgCFEWZNq5fyOdkvVmeoXAAdFl2pbhTjGRoTvbAu7kSaCfeAufA==
expires
Fri, 01 Jul 2022 06:46:53 GMT
/
wolfteam.xyz/fbs/
Redirect Chain
  • https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
  • https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
43 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Server
162.0.217.44 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business146-5.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
aa32e4f2768d0f0d912dd791138e09c5102da8b626d4b3162b7cb4e30e015327

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 06 Nov 2021 15:51:10 GMT
content-encoding
br
server
LiteSpeed
x-powered-by
PHP/7.2.34
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate
x-turbo-charged-by
LiteSpeed
content-length
9177
expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

location
https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
date
Sat, 06 Nov 2021 15:51:10 GMT
x-turbo-charged-by
LiteSpeed
server
LiteSpeed
content-length
707
content-type
text/html
logo_full_black.png
cf.mailmunch.co/partner/mailmunch/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.mailmunch.co/partner/mailmunch/logo_full_black.png
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-109.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
60615cf3ddf0b34046ce24ba4a0f5a5c352c10a9ae6e03043b93f8e0f5c6b509

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 04:29:09 GMT
Via
1.1 ccfe5851ecd4194e2d976fb32dec7539.cloudfront.net (CloudFront)
Age
40922
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
3019
Last-Modified
Mon, 31 Aug 2020 13:06:57 GMT
Server
AmazonS3
ETag
"9b53f488aacdce3693ba93861ca034cf"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
HEAD, GET, POST, PUT, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
ETag
X-Amz-Cf-Pop
FRA2-C2
Accept-Ranges
bytes
X-Amz-Cf-Id
ibWkBmI-pMHv6OsF0SdaMNqV9bkEIvbT8-zAPVq5bGQDH7aCvk60tw==
/
analytics.mailmunch.co/event/ 		35 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.mailmunch.co/event/?site_id=936841&document_id=387725&event_name=views&cache=1636213870273&referrer=https%3A%2F%2Fcdnmp.com%2F691166965%2Fcontent%2FFacebooks.html
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.165.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-165-132.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sat, 06 Nov 2021 15:51:10 GMT
Via
1.1 vegur
Server
Cowboy
X-Powered-By
Express
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
tbmm-v7ExV2.css
static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/tbmm-v7ExV2.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: wolfteam.xyz
URL: https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
kl88ihvTqaW.css
static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/kl88ihvTqaW.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: wolfteam.xyz
URL: https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
Zk78-DQhWlO.css
static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/Zk78-DQhWlO.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: wolfteam.xyz
URL: https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers
/
wolfteam.xyz/fbs/location/
Redirect Chain
  • https://wolfteam.xyz/fbs/location
  • https://wolfteam.xyz/fbs/location/
1 KB
656 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wolfteam.xyz/fbs/location/
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Server
162.0.217.44 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business146-5.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
492e177452644336a270296bc6e93670a6f09b49a705c7b9395ded43672b7d46

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 15:51:10 GMT
content-encoding
br
server
LiteSpeed
x-powered-by
PHP/7.2.34
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
content-length
435
expires
Sat, 13 Nov 2021 15:51:10 GMT

Redirect headers

location
https://wolfteam.xyz/fbs/location/
date
Sat, 06 Nov 2021 15:51:10 GMT
x-turbo-charged-by
LiteSpeed
server
LiteSpeed
content-length
707
content-type
text/html
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
br
x-content-type-options
nosniff
content-md5
NiMA5zHIsmaYxSYEaw9fHg==
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1027
x-xss-protection
0
x-fb-debug
uViS/Q3Gqv/3V2WabBDe8lmSdHhWS8xg3fMC9ZDm/EoKtcz5eV/P87NrdCTVDDa4OZOgx08xKNp1Y4Mrnx6d9A==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Sat, 06 Nov 2021 15:51:10 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-fb-rlafr
0
timing-allow-origin
*
expires
Sat, 29 Oct 2022 15:51:49 GMT
/
whos.amung.us/pingjs/ 		30 B
30 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whos.amung.us/pingjs/?k=lonelywolf&t=%F0%9F%90%BA%20TEAM%20%F0%9F%90%BA%20WOLF%20%F0%9F%90%BA&x=https://www.lobo.com//watch?v=lonelywolf
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.114.212 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 15:51:10 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/5NR43BsYs8o.png
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 15:51:10 GMT
x-content-type-options
nosniff
content-md5
zS7nNbuF+qoavNDFbgWDdA==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1307
x-fb-rlafr
0
x-fb-debug
jOE7WDCeY0SLcyqzOQUXY9u4lHcpOzSEOExN5qvA3rJ/pRgWtfS1x3/R9T9gemaut05JhRytqNR8WM0BbWuJzw==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=5,i
expires
Wed, 26 Oct 2022 05:25:47 GMT
lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/lqbz1hqlAFx.png
Requested by
Host: cdnmp.com
URL: https://cdnmp.com/691166965/content/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cdnmp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 15:51:10 GMT
x-content-type-options
nosniff
content-md5
8kNJ+LeRDyhmr8oF+ZZjoQ==
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1364
x-fb-rlafr
0
x-fb-debug
WmOx1DOuu8aw7xLA8HPAmfkHJnOeaLXsmrJdMi1Q4g/hThPrsX7fAxSeQSrseqq4m8in0rV0YtbQV2KoGtXKdA==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sat, 29 Oct 2022 11:49:03 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| WebFont function| _classCallCheck function| _inherits function| loadFlatPicker function| loadPlugins function| initDatePicker function| isColorDarkOrLight function| validateRecipient function| addDidYouMeanContent function| checkLeadQualityPermissions function| checkGlobalLeadQualityPermission function| validateEmailTypes function| initializeLoading function| terminateLoading function| removeDidYouMeanContent function| checkDidYouMeanContentUniqueness function| updateSubmitButton function| _createClass function| _get function| Field string| formsDomain string| environment function| EmailField function| TextField function| Checkbox function| Dropdown function| HiddenField function| DateField function| NumberField function| Form function| MMForms string| successUrl string| redirectUrl string| submitUrl string| subscribePixel string| couponsList function| isValidEmail function| fireSubscribePixel function| extractMergeTags object| fonts object| customFonts object| googleFonts object| loadableFonts function| fireEvent boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| __updateOrientation function| checking function| creatingInput function| searchingForms

3 Cookies

Domain/Path Name / Value
zaya.io/ Name: XSRF-TOKEN
Value: eyJpdiI6InhVVS8rZ0NyMjNCQWlHTnRoN05PTVE9PSIsInZhbHVlIjoiTnB2eU1NZVVIOEIxVDNEWkVjMUQxTFBTTzJsZ1MrWStOWlRxVUxOU2tjVEc2eW5malJTdWc1YTYydHZMUXlNMXh5RVhSUkwvWWMzeVVPcFRyN2ZraHNpNlJJUldzR21USUc2Zy8wcmM3N1d5UU9sMXdESmw1Z0t5bUlhb3FQZWciLCJtYWMiOiIyYzNlYzNkZmM0ZDY3ZGZmMWU1MjhhMjdhMzlhNTk2OWJmM2M5YjM5ZWJhZDlhNDJhNjEzMmI1YjAxYWFmZDIyIiwidGFnIjoiIn0%3D
zaya.io/ Name: phpshort_session
Value: eyJpdiI6Inpqd3hnNGJLYXY4Yld0UVlVbTZ1ZkE9PSIsInZhbHVlIjoidGQ2SjFFSnhKWE82b3lBVDBQYzA4WnluSGRFTFM2N0VoTFBjUXBtUmZ5VmZTRjU4RVMzZllzWjQ3a2t1TE5OaDlXbTZsSDEySEx3cTJyZmplTi9wM3NpS1BDRXhPbWpmNy9uc2tqcVA2c0xXU1ZIWk9RTSt3a2Y0dytES1JxVGEiLCJtYWMiOiI0NDZkNjAzNDEyMTNmOGY3NGI5YTI3YzdjNjdmMTc3ZTNhMzcyNzEwNTRjNTM5NmM3NjIyNjVmODdlY2YxNGUxIiwidGFnIjoiIn0%3D
zaya.io/ Name: dark_mode
Value: 0

3 Console Messages

Source Level URL
Text
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/Zk78-DQhWlO.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/tbmm-v7ExV2.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/kl88ihvTqaW.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: the server responded with a status of 404 ()