urlscan.io logo urlscan.io
SecurityTrails logo

facebook.com.hostershub.com Open in urlscan Pro
64.20.63.204  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://facebook.com.hostershub.com/?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chr...
Submission: On January 07 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 64.20.63.204, located in United States and belongs to IS-AS-1, US. The main domain is facebook.com.hostershub.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 3rd 2022. Valid for: 3 months.
This is the only time facebook.com.hostershub.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 64.20.63.204 19318 (IS-AS-1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a03:2880:f00... 32934 (FACEBOOK)
3 3
Apex Domain
Subdomains		 Transfer
1 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 658
2 KB
1 fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 5446
29 KB
1 hostershub.com
facebook.com.hostershub.com
2 KB
3 3
Domain Requested by
1 static.xx.fbcdn.net facebook.com.hostershub.com
1 pro.fontawesome.com facebook.com.hostershub.com
1 facebook.com.hostershub.com
3 3

This site contains no links.

Subject Issuer Validity Valid
facebook.com.hostershub.com
cPanel, Inc. Certification Authority		 2022-01-03 -
2022-04-03		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-01 -
2023-01-01		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-10-16 -
2022-01-14		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://facebook.com.hostershub.com/?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36
Frame ID: 64722BD46E073A95A37E29C6111019ED
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

3
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

34 kB
Transfer

161 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
facebook.com.hostershub.com/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://facebook.com.hostershub.com/?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.20.63.204 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
webhosting1000.kimhengcenter.com
Software
LiteSpeed / PHP/7.0.33
Resource Hash
f5af9981b804979706f7807e722ec107de6a319c3cc92028e0e4098b8c6a5bbe

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

x-powered-by
PHP/7.0.33
content-type
text/html; charset=UTF-8
content-length
2285
content-encoding
br
vary
Accept-Encoding
date
Fri, 07 Jan 2022 16:05:56 GMT
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
all.css
pro.fontawesome.com/releases/v5.10.0/css/ 		153 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Requested by
Host: facebook.com.hostershub.com
URL: https://facebook.com.hostershub.com/?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

Referer
https://facebook.com.hostershub.com/
Origin
https://facebook.com.hostershub.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 07 Jan 2022 16:05:57 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
age
100751
x-amz-request-id
TW2YASNHT0BR3M4J
x-amz-id-2
JmW/A8MNSKXf9KIUH/h1vFQKpivQoimvPj/LvR6l7337ET7g1UE6miCbrMg3dWHS1xK3sGPvVAg=
last-modified
Mon, 28 Jun 2021 16:54:32 GMT
server
cloudflare
etag
W/"aa1272633e7e552395d147a499bad186"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6c9e6e38bf86f907-NRT
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Requested by
Host: facebook.com.hostershub.com
URL: https://facebook.com.hostershub.com/?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://facebook.com.hostershub.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
br
x-content-type-options
nosniff
content-md5
NiMA5zHIsmaYxSYEaw9fHg==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1027
x-xss-protection
0
x-fb-debug
KCI5vMSr+oMOl+y4TtG4JmhmyRoURJ4EoP9s7TtptDKU0SlLgspshVGltCyv4R1It068jLYyNRQtpXCEavIrEw==
x-fb-trip-id
382461245
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Fri, 07 Jan 2022 16:05:57 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-fb-rlafr
0
timing-allow-origin
*
expires
Fri, 06 Jan 2023 04:33:47 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onsecuritypolicyviolation object| onslotchange function| transfer

0 Cookies