grub-wabkp18.wikaba.com Open in urlscan Pro
94.176.238.82  Malicious Activity! Public Scan

URL: http://grub-wabkp18.wikaba.com/auth/
Submission Tags: @ipnigh
Submission: On July 26 via api from GB

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 94.176.238.82, located in Vilnius, Lithuania and belongs to RACKRAY UAB Rakrejus, LT. The main domain is grub-wabkp18.wikaba.com.
This is the only time grub-wabkp18.wikaba.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 94.176.238.82 62282 (RACKRAY U...)
16 2a03:2880:f11... 32934 (FACEBOOK)
1 2a03:2880:21f... 32934 (FACEBOOK)
1 2a03:2880:f11... 32934 (FACEBOOK)
20 4
Domain Requested by
16 z-m-static.xx.fbcdn.net grub-wabkp18.wikaba.com
z-m-static.xx.fbcdn.net
2 grub-wabkp18.wikaba.com z-m-static.xx.fbcdn.net
1 facebook.com grub-wabkp18.wikaba.com
1 h.facebook.com grub-wabkp18.wikaba.com
20 4

This site contains links to these domains. Also see Links.

Domain
m.facebook.com
Subject Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-06-06 -
2019-09-04
3 months crt.sh

1970-01-01 -
1970-01-01
a few seconds crt.sh

This page contains 1 frames:

Primary Page: http://grub-wabkp18.wikaba.com/auth/
Frame ID: BD45DF91E98E802998000BF7CD47306D
Requests: 20 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

20
Requests

85 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

350 kB
Transfer

1184 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
grub-wabkp18.wikaba.com/auth/
92 KB
24 KB
Document
General
Full URL
http://grub-wabkp18.wikaba.com/auth/
Protocol
HTTP/1.1
Server
94.176.238.82 Vilnius, Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
node04.spacehosting.live
Software
nginx /
Resource Hash
424ec606b543f391ab61fa53d5df24f586b075b70772ad840193024ed900ee20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
grub-wabkp18.wikaba.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

Server
nginx
Date
Fri, 26 Jul 2019 20:06:08 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Last-Modified
Thu, 02 May 2019 13:04:56 GMT
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Nginx-Cache-Status
EXPIRED
X-Server-Powered-By
Engintron
Content-Encoding
gzip
upXpD3lr9Z5.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/
100 KB
18 KB
Stylesheet
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/upXpD3lr9Z5.css
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
e7c40c9c740d3d33e5c699496579b9834dfc94c12a966e65fc330056238fe635
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
NZNlozAgLfJKL84sGaWhV4z1e+Q4pb4KFgOJPEV8Xsp9eqHJQAv0DRUP632DaEkG3LdN6katB5E1ZTobFmOHmQ==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
vHKLDvWkpAUxQ0gr6GugcA==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
18364
expires
Sat, 25 Jul 2020 20:04:30 GMT
y3IjvQ6xfzr.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/
46 KB
10 KB
Stylesheet
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/y3IjvQ6xfzr.css
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
dbc69c1a84b0bacfef76a2c57cd25d5a326c8949db88aaf3dee01293a4539604
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
qum83ikjG6LlGPYCZUvy1Yj8+qV3lRukJtUlQAUb/s3GVJQbDCQiDwZghXemJTIpzrgx5jVtNVjDCtHyDmoWEw==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
L058luyWK6mI9SvTDupbHQ==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
10565
expires
Mon, 20 Jul 2020 11:56:02 GMT
jQj1x1CcZTT.js
z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/
444 KB
102 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
43fbafd05d31a7cd74972b47fc32b9cef067990ff04364175a90ca842f31db81
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
1uiIFYeNF+6RW5FYB0em5HXK8BifgBXfcaMn7L5szsRvXS+JqZIup/t6PN/SfhNULBKwLYRAbq5xCghbElrWBA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
UH3gMuiTMQZ3grB3JgjKgA==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
104352
expires
Sat, 18 Jul 2020 15:40:55 GMT
/
h.facebook.com/hr/xp/
43 B
1 KB
Image
General
Full URL
http://h.facebook.com/hr/xp/?app=m_login&rtime=1556774979&zc
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
HTTP/1.1
Security
, ,
Server
2a03:2880:21ff:fffe:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://grub-wabkp18.wikaba.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Origin, Accept-Encoding
X-XSS-Protection
0
Pragma
no-cache
X-FB-Debug
UidZMcsMfHeFBX6DSl224Xf6VKJ5M15PekahIX8Xh+kss/PRrJYUqYFDmFvXDW8RKBTgztmDujopNcDQ4EIdwg==
Date
Fri, 26 Jul 2019 20:06:08 GMT
X-Frame-Options
DENY
Access-Control-Allow-Methods
OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
http://h.facebook.com
Access-Control-Expose-Headers
X-FB-Debug, X-Loader-Length
Cache-Control
private, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Expires
Sat, 01 Jan 2000 00:00:00 GMT
hsts-pixel.gif
facebook.com/security/
43 B
188 B
Image
General
Full URL
https://facebook.com/security/hsts-pixel.gif
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://grub-wabkp18.wikaba.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
x-xss-protection
0
pragma
no-cache
x-fb-debug
25WUqW9gGfNgsYVZ2Xx4JKKeo3K4RnC4o1I2aSHa/wMtEi9QM6cSduZ4a0hYFo94f0j3WIt2MdgX+XFFdwG3MQ==
date
Fri, 26 Jul 2019 20:06:08 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
Mj6r4HmJHYi.js
z-m-static.xx.fbcdn.net/rsrc.php/v3iooI4/y6/l/en_GB/
53 KB
15 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3iooI4/y6/l/en_GB/Mj6r4HmJHYi.js
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0f609452aef659075fabc39d695a39cc5a4899276f99ad689f102fe51128990c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
E/P5IBITcYn7hm50bkpbQTFkjHe8Yd/bZ8rafTbnZGFngIAsF4zqv9x5v5IfXJwSfXaPcVHyeyi1AXWROxuw5Q==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
578GOS1kjt6ZfFssqk5N+w==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
14770
expires
Tue, 21 Jul 2020 13:15:38 GMT
idnWT1arnzh.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yl/r/
32 KB
9 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yl/r/idnWT1arnzh.js
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c8c85346ba8c9751199e0846fddcf7288c78cc77c4e44f35688c9e97959c3b13
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
VmMUVgOqtwH5+8hfAmqXiAUiuFbDEFvMRG29yICcDHpAjTnICzIz+T/bEGnsFaoC88lFbVFvSQyvyIcUdkK8uw==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
+uLB37QB7nIkYtvNvzIvbQ==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
9131
expires
Sat, 25 Jul 2020 20:04:31 GMT
7VnMv5rHrHh.png
z-m-static.xx.fbcdn.net/rsrc.php/v3/yx/r/
43 KB
43 KB
Image
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yx/r/7VnMv5rHrHh.png
Requested by
Host: grub-wabkp18.wikaba.com
URL: http://grub-wabkp18.wikaba.com/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
d386a9d294e7cd38e8fc4adff2f221d53a513303a1a06a6c8c16c4e928e92205
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/upXpD3lr9Z5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-fb-debug
yfuAxVBxpYlPAc26ohBZPgVnHZ8uf9Y8dNDcIVxkojS4n5DC0GTaQ+bCF21Kp80+5pdxQguXPvdjICBkdwLyEw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
SBIhXR7ZGi9yaEIE+u1cIQ==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
43831
expires
Thu, 16 Jul 2020 08:34:02 GMT
fz45rNsJh3t.js
z-m-static.xx.fbcdn.net/rsrc.php/v3iLl54/yl/l/en_GB/
50 KB
14 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3iLl54/yl/l/en_GB/fz45rNsJh3t.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
59ca9385bcaddd3583d0147d7d5fd916cd02d28a94af59cbd2d4cad741d42155
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
n+PCF/DtITXSJxJmTOUMn20n3IqoDQaXo0eyXk1zVp08SwxsLjKFrYyuBuDGg8DqQg4TJS1ZWVn3ozRgcC3kIw==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
qgr/4zf1uRJl3gltWd8x1Q==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
14248
expires
Sat, 25 Jul 2020 20:04:31 GMT
j0ze7QubiVY.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/y-/r/
47 KB
12 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/y-/r/j0ze7QubiVY.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
62ab3797c07a33b7030157d5288533aca26be12cdb831be375752fde712cb54c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
/FwlB51JJlmB/KO8wfAiG9RQJTCltrPmKwoosiDxqgVe8Ra1KgO+4gi7Txv7LgPp7X/WaWfDUKp+gUnqI9Za1w==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
NyOmTkK8TaHdpQ7m1REHhQ==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
12382
expires
Fri, 24 Jul 2020 04:08:29 GMT
sc3QB7l113M.js
z-m-static.xx.fbcdn.net/rsrc.php/v3iN6O4/yy/l/en_GB/
28 KB
9 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3iN6O4/yy/l/en_GB/sc3QB7l113M.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
6ef99c6fe73738327d4a017abf484460d6719ba58fdc2d55ca16205f22bda1e9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
FjSeJZY8qQtmc33TsXeHFp5nW0Sb1zGIfXpYnGGSVEClYlHQnhHQ09iEmSlo+zh0nlQuTEb/nk/dySgY8k0yBA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
qJUt770qh3+8aPyp+EF7dg==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
8627
expires
Sat, 25 Jul 2020 20:04:31 GMT
dC4KnPJyu6M.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yD/r/
12 KB
4 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yD/r/dC4KnPJyu6M.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c97d0121b977a02fd1f1a9337e9a30aca9681eb7f7f459cea20ebe57ef1cbac5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
tLlUqCLBsg1v/nCApTeE0uH3NFGHwXaml+i+okZR4Ivi8a/v6u+MJojmmF7X09gzIyB6PL65PqdYWGdQtxtDVA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
tXvvXjC/eeMGZPUhtUP26A==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
4035
expires
Wed, 22 Jul 2020 22:25:55 GMT
--d1ZYWrjv6.js
z-m-static.xx.fbcdn.net/rsrc.php/v3i3kA4/y_/l/en_GB/
48 KB
10 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3i3kA4/y_/l/en_GB/--d1ZYWrjv6.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
7b116716ec38106494605fdb6571db8e680257d5042085dfbdba47e8fc339953
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
uAozXjipHfH+lWFYhFgIhqiGUh5aaL2br3fkc+s7iODSFapxW76NpVa1Go7Dt8QIM1QI5asIAjsfJOor6gaf7w==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
wusgdO7BGPDGyPDTG5xZYQ==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
9967
expires
Fri, 24 Jul 2020 17:48:52 GMT
_lc6-vWL24i.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yh/r/
34 KB
9 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yh/r/_lc6-vWL24i.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
5a02e285bd9dccaa561f7a1e9e8df98ecad40aeb493c035cf9b410a637794d7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
nFuJmmt5qMC8oLXmpUqmPlSW3HM5ZprQFBTSNxlJoDM/XMvUYsNeZkEF449+GO2Lta7ols5fVivtriLRFjmrqA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
Cdqu9MBxdq21bp9RJCutqA==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
9480
expires
Thu, 23 Jul 2020 05:24:25 GMT
UpWM3yse__c.js
z-m-static.xx.fbcdn.net/rsrc.php/v3ig7n4/yP/l/en_GB/
40 KB
10 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3ig7n4/yP/l/en_GB/UpWM3yse__c.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
da76fd32a976e6f3853aa48c688ee5ec337d94a03c070f51aa88ab346d8f382b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
VTjuneFvFOHOmP3uPLjrFCKVrkgpLNhn0nc0vIQLlTy6RR0Vib2hD98Dm1QMVWy3PWtIhW0xHMhhtQIW5qgs6g==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
gZ2MGt+b8CEANuf5R2XZkA==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
9628
expires
Fri, 24 Jul 2020 17:48:52 GMT
ZDkYDWlp1vg.js
z-m-static.xx.fbcdn.net/rsrc.php/v3izp84/yY/l/en_GB/
65 KB
13 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3izp84/yY/l/en_GB/ZDkYDWlp1vg.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c0ac3288d32fe47e3bf8edd7d6479279b0113695a8f5996c461c65e5cd46e403
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
rLBwVUjzv6uOCKmPVKSsBZxxCFFr8l9BlrTVvpCVbA5kMmIfZD0AsHTf+QLCxwGFWY624JpPzDHq4CjuWi+YzA==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
dB2EDmUDVRxqmci+DBrNzw==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
13467
expires
Sat, 25 Jul 2020 20:04:31 GMT
v4WgC_pJT9B.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yz/r/
7 KB
2 KB
Script
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yz/r/v4WgC_pJT9B.js
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
a01808b8a2d6e28821f87b2b3bf59abfb34c2aa9050ecd6ba212d3c2c8f28538
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Referer
http://grub-wabkp18.wikaba.com/
Origin
http://grub-wabkp18.wikaba.com

Response headers

x-fb-debug
5X60FnsxffwSVZd70Mo5XG9vs8mW7ebn2hiLfJOx/j4TfwmNQ5TRX0wgyUO52QYAZKMx33cCsCnApOz91MwOBQ==
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
zhO7kDvY1KlYWGjrr+zJSw==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
2214
expires
Thu, 23 Jul 2020 13:25:02 GMT
bz
grub-wabkp18.wikaba.com/a/
321 B
542 B
XHR
General
Full URL
http://grub-wabkp18.wikaba.com/a/bz
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
HTTP/1.1
Security
, ,
Server
94.176.238.82 Vilnius, Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
node04.spacehosting.live
Software
nginx /
Resource Hash
82497abbb1465a86f5d4d23d5e47a256a6aad5695a986ffeb484d97a0486834e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://grub-wabkp18.wikaba.com/auth/
Origin
http://grub-wabkp18.wikaba.com
X_FB_BACKGROUND_STATE
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Fri, 26 Jul 2019 20:06:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=iso-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
7VnMv5rHrHh.png
z-m-static.xx.fbcdn.net/rsrc.php/v3/yx/r/
43 KB
43 KB
Image
General
Full URL
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yx/r/7VnMv5rHrHh.png
Requested by
Host: z-m-static.xx.fbcdn.net
URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
d386a9d294e7cd38e8fc4adff2f221d53a513303a1a06a6c8c16c4e928e92205
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://z-m-static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/upXpD3lr9Z5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Response headers

x-fb-debug
yfuAxVBxpYlPAc26ohBZPgVnHZ8uf9Y8dNDcIVxkojS4n5DC0GTaQ+bCF21Kp80+5pdxQguXPvdjICBkdwLyEw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
SBIhXR7ZGi9yaEIE+u1cIQ==
access-control-allow-origin
*
date
Fri, 26 Jul 2019 20:06:09 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
content-length
43831
expires
Thu, 16 Jul 2020 08:34:02 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| envFlush object| Env number| __DEV__ undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d object| ErrorUtils object| TimeSlice function| CavalryLogger function| __updateOrientation function| ProfilingCounters object| bigPipe function| __fbNativeSetTimeout function| __fbNativeClearTimeout function| __fbNativeSetInterval function| __fbNativeClearInterval function| __fbNativeRequestAnimationFrame function| __fbNativeCancelAnimationFrame object| MAjaxify string| _script_path

0 Cookies

1 Console Messages

Source Level URL
Text
console-api error URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3inLb4/yp/l/en_GB/jQj1x1CcZTT.js(Line 54)
Message:
ErrorUtils caught an error: "<![EX[["Could not find element \"%s\"%s from module \"%s\"","m_login_password...". Subsequent errors won't be logged; see https://fburl.com/debugjs.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
grub-wabkp18.wikaba.com
h.facebook.com
z-m-static.xx.fbcdn.net
2a03:2880:21ff:fffe:face:b00c:0:1
2a03:2880:f11c:8183:face:b00c:0:25de
2a03:2880:f11c:8184:face:b00c:0:14c9
94.176.238.82
0f609452aef659075fabc39d695a39cc5a4899276f99ad689f102fe51128990c
424ec606b543f391ab61fa53d5df24f586b075b70772ad840193024ed900ee20
43fbafd05d31a7cd74972b47fc32b9cef067990ff04364175a90ca842f31db81
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
59ca9385bcaddd3583d0147d7d5fd916cd02d28a94af59cbd2d4cad741d42155
5a02e285bd9dccaa561f7a1e9e8df98ecad40aeb493c035cf9b410a637794d7f
62ab3797c07a33b7030157d5288533aca26be12cdb831be375752fde712cb54c
6ef99c6fe73738327d4a017abf484460d6719ba58fdc2d55ca16205f22bda1e9
7b116716ec38106494605fdb6571db8e680257d5042085dfbdba47e8fc339953
82497abbb1465a86f5d4d23d5e47a256a6aad5695a986ffeb484d97a0486834e
a01808b8a2d6e28821f87b2b3bf59abfb34c2aa9050ecd6ba212d3c2c8f28538
c0ac3288d32fe47e3bf8edd7d6479279b0113695a8f5996c461c65e5cd46e403
c8c85346ba8c9751199e0846fddcf7288c78cc77c4e44f35688c9e97959c3b13
c97d0121b977a02fd1f1a9337e9a30aca9681eb7f7f459cea20ebe57ef1cbac5
d386a9d294e7cd38e8fc4adff2f221d53a513303a1a06a6c8c16c4e928e92205
da76fd32a976e6f3853aa48c688ee5ec337d94a03c070f51aa88ab346d8f382b
dbc69c1a84b0bacfef76a2c57cd25d5a326c8949db88aaf3dee01293a4539604
e7c40c9c740d3d33e5c699496579b9834dfc94c12a966e65fc330056238fe635