facebook.com.hostershub.com
Open in
urlscan Pro
64.20.63.204
Malicious Activity!
Public Scan
Submission: On January 07 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 3rd 2022. Valid for: 3 months.
This is the only time facebook.com.hostershub.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 64.20.63.204 64.20.63.204 | 19318 (IS-AS-1) (IS-AS-1) | |
1 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a03:2880:f00... 2a03:2880:f00f:8:face:b00c:0:1 | 32934 (FACEBOOK) (FACEBOOK) | |
3 | 3 |
ASN19318 (IS-AS-1, US)
PTR: webhosting1000.kimhengcenter.com
facebook.com.hostershub.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 658 |
2 KB |
1 |
fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 5446 |
29 KB |
1 |
hostershub.com
facebook.com.hostershub.com |
2 KB |
3 | 3 |
Domain | Requested by | |
---|---|---|
1 | static.xx.fbcdn.net |
facebook.com.hostershub.com
|
1 | pro.fontawesome.com |
facebook.com.hostershub.com
|
1 | facebook.com.hostershub.com | |
3 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
facebook.com.hostershub.com cPanel, Inc. Certification Authority |
2022-01-03 - 2022-04-03 |
3 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-10-16 - 2022-01-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://facebook.com.hostershub.com/?user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36
Frame ID: 64722BD46E073A95A37E29C6111019ED
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
FacebookDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
facebook.com.hostershub.com/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
pro.fontawesome.com/releases/v5.10.0/css/ |
153 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onsecuritypolicyviolation object| onslotchange function| transfer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
facebook.com.hostershub.com
pro.fontawesome.com
static.xx.fbcdn.net
2606:4700::6812:1634
2a03:2880:f00f:8:face:b00c:0:1
64.20.63.204
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
f5af9981b804979706f7807e722ec107de6a319c3cc92028e0e4098b8c6a5bbe