maersk-dc-vote.cf Open in urlscan Pro
70.39.184.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://maersk-dc-vote.cf/
Effective URL:
http://maersk-dc-vote.cf/index.xhtml
Submission: On August 02 via manual (August 2nd 2018, 9:57:11 am UTC) from GB

Summary HTTP 14 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 70.39.184.114, located in Los Angeles, United States and belongs to GTT-BACKBONE GTT, DE. The main domain is maersk-dc-vote.cf.

This is the only time maersk-dc-vote.cf was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 3	70.39.184.114 70.39.184.114	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
9	2a03:2880:f12... 2a03:2880:f12d:84:face:b00c:0:14c9	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	8.37.228.128 8.37.228.128	54994 (QUANTILNE...) (QUANTILNETWORKS - QUANTIL NETWORKS INC)
14	4

3 70.39.184.114 (Los Angeles, United States) 1 redirects

ASN3257 (GTT-BACKBONE GTT, DE)

maersk-dc-vote.cf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f12d:84:face:b00c:0:14c9 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

z-m-static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.37.228.128 (Pasadena, United States)

ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US)

www.wapka.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	fbcdn.net z-m-static.xx.fbcdn.net	12 KB
3	maersk-dc-vote.cf 1 redirects maersk-dc-vote.cf	5 KB
2	wapka.mobi www.wapka.mobi	29 KB
1	facebook.com facebook.com	209 B
14	4

	Domain	Requested by
9	z-m-static.xx.fbcdn.net	maersk-dc-vote.cf
3	maersk-dc-vote.cf	1 redirects maersk-dc-vote.cf
2	www.wapka.mobi	maersk-dc-vote.cf
1	facebook.com	maersk-dc-vote.cf
14	4

This site contains links to these domains. Also see Links.

Domain
wap.maersk-dc-vote.cf
goo.gl
res.apk.vidmate.net
www.vidmate.com
vidmate.en.uptodown.com
www.9apps.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://maersk-dc-vote.cf/index.xhtml
Frame ID: DF5BB1EBC7C70020BA3FBC8A121B4507
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://maersk-dc-vote.cf/ HTTP 302
http://maersk-dc-vote.cf/index.xhtml Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

14
Requests

0 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

46 kB
Transfer

57 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: http://wap.maersk-dc-vote.cf/
Title: Create your own WAP site (Wapka.Mobi)

Search URL Search Domain Scan URL

URL: https://goo.gl/isiy7T

Search URL Search Domain Scan URL

URL: http://res.apk.vidmate.net/data/apk/VidMate_wapkad.apk

Search URL Search Domain Scan URL

URL: http://www.vidmate.com/featured-search/telugu-movie
Title: Telugu Movie

Search URL Search Domain Scan URL

URL: https://vidmate.en.uptodown.com/android
Title: Download the best Android apps on Uptodown

Search URL Search Domain Scan URL

URL: https://www.9apps.com/android-apps-featured/
Title: Download Android App for Free

Search URL Search Domain Scan URL

URL: https://www.9apps.com/android-apps/SHAREit-Connect-and-Transfer/
Title: Shareit

Search URL Search Domain Scan URL

URL: https://www.9apps.com/android-games/Teen-Patti-Indian-Poker/
Title: Teen Patti

Search URL Search Domain Scan URL

URL: https://www.9apps.com/android-apps/imo-free-video-calls-and-chat/
Title: IMO

Search URL Search Domain Scan URL

URL: https://www.9apps.com/phone/
Title: Phone

Search URL Search Domain Scan URL

URL: https://www.9apps.com/android-apps/UC-Browser-Surf-it-Fast/
Title: UC Browser

Search URL Search Domain Scan URL

URL: https://www.9apps.com/
Title: 9Apps

Search URL Search Domain Scan URL

URL: https://www.9apps.com/android-apps/HD-Video-Downloader-and-Live-TV-VidMate/
Title: Vidmate

Search URL Search Domain Scan URL

URL: https://www.9apps.com/new-android-apps-1/
Title: New Apps

Search URL Search Domain Scan URL

URL: https://www.9apps.com/android-games-1/
Title: Android Games

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://maersk-dc-vote.cf/ HTTP 302
http://maersk-dc-vote.cf/index.xhtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set index.xhtml Show response
maersk-dc-vote.cf/
Redirect Chain

http://maersk-dc-vote.cf/
http://maersk-dc-vote.cf/index.xhtml

11 KB
5 KB

197ms
197ms

Document
text/html

70.39.184.114
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: HTTP/1.1
Server: 70.39.184.114 Los Angeles, United States, ASN3257 (GTT-BACKBONE GTT, DE),
Reverse DNS
Software: nginx /
Resource Hash: d704cde4bd0ced1fc25d8c47abc033cd3c9cf15f4f0179166e60c08d3fe7a788

Request headers

Host: maersk-dc-vote.cf
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: DF5BB1EBC7C70020BA3FBC8A121B4507

Response headers

Server: nginx
Date: Thu, 02 Aug 2018 09:56:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=440d0e9678b5dc74cbae11bbc0336d1b; path=/; domain=maersk-dc-vote.cf __utmnemowapka=0xc52a12b423d5b401; expires=Sun, 30-Jul-2028 09:56:59 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 02 Aug 2018 09:56:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: index.xhtml

GET
H/1.1 200
OK styles.css
maersk-dc-vote.cf/ 2 B
204 B 320ms
165ms Stylesheet
text/css 70.39.184.114
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: http://maersk-dc-vote.cf/styles.css
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: HTTP/1.1
Server: 70.39.184.114 Los Angeles, United States, ASN3257 (GTT-BACKBONE GTT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: maersk-dc-vote.cf
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://maersk-dc-vote.cf/index.xhtml
Cookie: PHPSESSID=440d0e9678b5dc74cbae11bbc0336d1b; __utmnemowapka=0xc52a12b423d5b401
Connection: keep-alive
Cache-Control: no-cache
Referer: http://maersk-dc-vote.cf/index.xhtml
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 02 Aug 2018 09:57:00 GMT
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/css

GET
S 200 QzsHSoWJZTl.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/ 6 KB
2 KB 54ms
7ms Stylesheet
text/css 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://z-m-static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/QzsHSoWJZTl.css

Requested by

Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml

Protocol

SPDY

Server

2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

320709c726fb66be91c2aa3e84171ff32ebfac42e17a9367cd5f86ae99b26281

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
content-md5: YhNTQMzZPa71++aHUhLTpQ==
status: 200
content-length: 1086
x-xss-protection: 0
x-fb-debug: rglX4oy8mDXPNzB2y25MlMi8MdT6ZzVAH/2N1+LTL9VuhCxPevTsZ+FrKCVJN00k5nhhZMRGvHG3oTnFW3EHLw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Thu, 02 Aug 2018 09:56:59 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 23 Jul 2019 19:50:06 GMT

GET
S 404 sgo1lNRn61R.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/ 0
0 164ms
116ms Stylesheet
text/html 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/sgo1lNRn61R.css
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: SPDY
Server: 2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/html; charset="utf-8"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 404 Iw5lWhazCuE.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/ 0
0 79ms
32ms Stylesheet
text/html 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/Iw5lWhazCuE.css
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: SPDY
Server: 2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/html; charset="utf-8"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 RWAN3d_LMcN.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/ 1 KB
585 B 56ms
10ms Stylesheet
text/css 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://z-m-static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/RWAN3d_LMcN.css

Requested by

Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml

Protocol

SPDY

Server

2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

03596cb2eb660361267037e352084251b06ad8845b864a792afe007e8418e2df

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
content-md5: rCPR7T5R1DuMZXm0Ryik6A==
status: 200
content-length: 392
x-xss-protection: 0
x-fb-debug: /tHW6cjHCrWYySybtHiMF6HYoKHAvpvPELb5ykq5V3VIRi9xx7+SZnbAvZ9YMVYXcN8aRV+dS6Zw6OgDD17ifQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Thu, 02 Aug 2018 09:56:59 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 25 Jul 2019 05:08:37 GMT

GET
S 404 RBqhrCAtVN0.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/ 0
0 176ms
130ms Stylesheet
text/html 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/RBqhrCAtVN0.css
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: SPDY
Server: 2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/html; charset="utf-8"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 404 8-joHCSQf4h.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/ 0
0 177ms
132ms Stylesheet
text/html 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/8-joHCSQf4h.css
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: SPDY
Server: 2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/html; charset="utf-8"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 404 zr6BrWCawRw.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/ 0
0 239ms
194ms Stylesheet
text/html 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/zr6BrWCawRw.css
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: SPDY
Server: 2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/html; charset="utf-8"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 404 WKi_U9o1QdR.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yj/l/0,cross/ 0
0 159ms
114ms Stylesheet
text/html 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yj/l/0,cross/WKi_U9o1QdR.css
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: SPDY
Server: 2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/html; charset="utf-8"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 hsts-pixel.gif
facebook.com/security/ 43 B
209 B 30ms
30ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://facebook.com/security/hsts-pixel.gif

Requested by

Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml

Protocol

SPDY

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 2K8zZo0K9VBPTo+fmPDb19L+YmXLDoL7kKuPIPGtQ5nnSQWtTRrNihFKZQ1WOgInVT/Dj6oafQ1rsBhjYxFKtw==
x-frame-options: DENY
date: Thu, 02 Aug 2018 09:57:00 GMT
expect-ct: max-age=86400, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK starhalo.png
www.wapka.mobi/pictures/ 20 KB
20 KB 473ms
162ms Image
image/png 8.37.228.128
QUANTIL NETWORKS INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.wapka.mobi/pictures/starhalo.png
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: HTTP/1.1
Server: 8.37.228.128 Pasadena, United States, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82eff072e86f7d0447ef6e13939d00829c1446a5597301e1ba88d19799c19dad

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 02 Aug 2018 09:57:00 GMT
Last-Modified: Thu, 21 Jun 2018 06:13:22 GMT
Server: nginx
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20409
Content-Type: image/png

GET
H/1.1 200
OK in_banner_320x50_2.png
www.wapka.mobi/pictures/ 9 KB
9 KB 426ms
163ms Image
image/png 8.37.228.128
QUANTIL NETWORKS INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.wapka.mobi/pictures/in_banner_320x50_2.png
Requested by: Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml
Protocol: HTTP/1.1
Server: 8.37.228.128 Pasadena, United States, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US),
Reverse DNS
Software: nginx /
Resource Hash: e2bc6eddd330f2e4e34aeea46ae3e482e52c25c0334adaf0164df819593ff0c4

Request headers

Referer: http://maersk-dc-vote.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 02 Aug 2018 09:57:00 GMT
Last-Modified: Sat, 27 May 2017 09:58:01 GMT
Server: nginx
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9299
Content-Type: image/png

GET
S 200 _oEuhC7SNbB.png
z-m-static.xx.fbcdn.net/rsrc.php/v3/yC/r/ 9 KB
9 KB 6ms
6ms Image
image/png 2a03:2880:f12d:84:face:b00c:0:14c9
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://z-m-static.xx.fbcdn.net/rsrc.php/v3/yC/r/_oEuhC7SNbB.png

Requested by

Host: maersk-dc-vote.cf
URL: http://maersk-dc-vote.cf/index.xhtml

Protocol

SPDY

Server

2a03:2880:f12d:84:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

83b68bcb97fba04f9d378ecbad0d7d699425afabee4d70cf2b270c043bbd8660

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://z-m-static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/QzsHSoWJZTl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fb-debug: QZ6kDzTdMBSRh1dDGvcWTHUyFESpKVrVnSwjAeE3ToacFia/Ecd0b3v69fquHws6eogZ/jSzzk9nYhKnK1jsYQ==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: ykKwML6SNe5FuthzyKupWA==
date: Thu, 02 Aug 2018 09:57:00 GMT
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
timing-allow-origin: *
content-length: 9304
x-xss-protection: 0
expires: Wed, 24 Jul 2019 08:24:19 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| envFlush object| Env

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
maersk-dc-vote.cf
www.wapka.mobi
z-m-static.xx.fbcdn.net
2a03:2880:f11c:8183:face:b00c:0:25de
2a03:2880:f12d:84:face:b00c:0:14c9
70.39.184.114
8.37.228.128
03596cb2eb660361267037e352084251b06ad8845b864a792afe007e8418e2df
320709c726fb66be91c2aa3e84171ff32ebfac42e17a9367cd5f86ae99b26281
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
82eff072e86f7d0447ef6e13939d00829c1446a5597301e1ba88d19799c19dad
83b68bcb97fba04f9d378ecbad0d7d699425afabee4d70cf2b270c043bbd8660
d704cde4bd0ced1fc25d8c47abc033cd3c9cf15f4f0179166e60c08d3fe7a788
e2bc6eddd330f2e4e34aeea46ae3e482e52c25c0334adaf0164df819593ff0c4

maersk-dc-vote.cf Open in urlscan Pro 70.39.184.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

46 kBTransfer

57 kBSize

0 Cookies

15 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

maersk-dc-vote.cf Open in urlscan Pro
70.39.184.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

46 kB
Transfer

57 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!