urlscan.io logo urlscan.io
SecurityTrails logo

www.xn--faebook-35a.com Open in urlscan Pro Puny
www.faċebook.com IDN
54.225.138.190  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.xn--faebook-35a.com/
Submission: On June 30 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 54.225.138.190, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is www.xn--faebook-35a.com.
This is the only time www.xn--faebook-35a.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 54.225.138.190 14618 (AMAZON-AES)
4 2a03:2880:f02... 32934 (FACEBOOK)
1 54.204.5.111 14618 (AMAZON-AES)
7 3
Apex Domain
Subdomains		 Transfer
4 fbcdn.net
static.xx.fbcdn.net
43 KB
3 xn--faebook-35a.com
www.xn--faebook-35a.com
93 KB
7 2
Domain Requested by
4 static.xx.fbcdn.net www.xn--faebook-35a.com
3 www.xn--faebook-35a.com www.xn--faebook-35a.com
7 2

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
Subject Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2016-12-09 -
2018-01-25		 a year crt.sh

This page contains 1 frames:

Primary Page: http://www.xn--faebook-35a.com/
Frame ID: 13640.1
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

7
Requests

57 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

136 kB
Transfer

213 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.xn--faebook-35a.com/ 		8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.xn--faebook-35a.com/
Protocol
HTTP/1.1
Server
54.225.138.190 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-225-138-190.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
f2872a8fa1c82dd299864f2a51fd7839742f6cecf8e3c9e0bf7abe6f0b2ff0d9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Fri, 30 Jun 2017 22:35:17 GMT
Via
1.1 vegur
Etag
W/"1e89-15bfe13c058"
Last-Modified
Fri, 12 May 2017 19:12:39 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7817
HhUtKFxLSHK.css
static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/HhUtKFxLSHK.css
Requested by
Host: www.xn--faebook-35a.com
URL: http://www.xn--faebook-35a.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
dcd539cf9f40ed0b1bfb7ca58a773fb8f065a81918e657ffdac4da209e4235b3
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';report-uri https://www.facebook.com/csp.php
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.xn--faebook-35a.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';report-uri https://www.facebook.com/csp.php
content-encoding
gzip
x-content-type-options
nosniff
content-md5
8SZ0ef3JqIJziiFiAINAXw==
status
200
content-length
1128
x-xss-protection
0
x-fb-debug
Pv9WF7rB6VTX0nzQGJV7frxxza3ibDmpx0D4DN+NvNEh0D8PrJgOeaqt3eWGgED2q8Y1e8gliAxfRdqQhwox6w==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Fri, 30 Jun 2017 22:35:18 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
timing-allow-origin
*
expires
Sat, 30 Jun 2018 15:12:08 GMT
PG6A-BWEZgL.css
static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/ 		32 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/PG6A-BWEZgL.css
Requested by
Host: www.xn--faebook-35a.com
URL: http://www.xn--faebook-35a.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
1eac08faffbeea7af7055f537afb16e416f650d9e8c200eb151b7cea94edb4a2
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.xn--faebook-35a.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding
gzip
x-content-type-options
nosniff
content-md5
avetUFrPJe+8C5vj2QqJpg==
status
200
content-length
9180
x-xss-protection
0
x-fb-debug
AEPUxm1fCTzq1KadiAE3E9QK/cXaT5mK7J52kGvXtj4CQUVDmUzGGFI8/zjEidSc+cINYD6BzkJAwoLGdL5v2A==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Fri, 30 Jun 2017 22:35:18 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
timing-allow-origin
*
expires
Sat, 30 Jun 2018 14:52:28 GMT
HFrqdBOA9kL.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ 		62 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/HFrqdBOA9kL.css
Requested by
Host: www.xn--faebook-35a.com
URL: http://www.xn--faebook-35a.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
6942cb1b184c225d69176a013dc91783eba52be9247853e96ce63f24f1a84fb4
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://www.xn--faebook-35a.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding
gzip
x-content-type-options
nosniff
content-md5
qQzbczMVsZ0iuo9MyY7nNQ==
status
200
content-length
14226
x-xss-protection
0
x-fb-debug
cl11OKHGn/1iyFhxbe9GQf+mls/rZelh/fWZH8quv92Lqhdw2i2ZK77ABLP8HzqG2sH9o1BL1xxB1V7TCdfflg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Fri, 30 Jun 2017 22:35:18 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
timing-allow-origin
*
expires
Sat, 30 Jun 2018 14:52:28 GMT
jquery-3.2.1.min.js
www.xn--faebook-35a.com/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.xn--faebook-35a.com/jquery-3.2.1.min.js
Requested by
Host: www.xn--faebook-35a.com
URL: http://www.xn--faebook-35a.com/
Protocol
HTTP/1.1
Server
54.225.138.190 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-225-138-190.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer
http://www.xn--faebook-35a.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Fri, 30 Jun 2017 22:35:18 GMT
Via
1.1 vegur
Etag
W/"15283-15bfe13c058"
Last-Modified
Fri, 12 May 2017 19:12:39 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
application/javascript
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
86659
index.js
www.xn--faebook-35a.com/ 		411 B
411 B 		Script
General
Check archive.org
Download Go to
Full URL
http://www.xn--faebook-35a.com/index.js
Requested by
Host: www.xn--faebook-35a.com
URL: http://www.xn--faebook-35a.com/
Protocol
HTTP/1.1
Server
54.204.5.111 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-204-5-111.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
87a73edc46c1297f1c192e689f07ce9bc8da093b84f3a47d22ccb634e52b2fc1

Request headers

Referer
http://www.xn--faebook-35a.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Fri, 30 Jun 2017 22:35:18 GMT
Via
1.1 vegur
Etag
W/"19b-15bfe13c058"
Last-Modified
Fri, 12 May 2017 19:12:39 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
application/javascript
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
411
soTZ64Lm58O.png
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/soTZ64Lm58O.png
Requested by
Host: www.xn--faebook-35a.com
URL: http://www.xn--faebook-35a.com/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c91a5c3f550fdb7f796cc26710a04f820f3b03e3f50aaf0eec3d0d5548fb1634
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/HhUtKFxLSHK.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

x-fb-debug
LE58QXOAshpdoaHbKSfKdkhDYWEX2QpZCu0MiT7Xc6jejGvzPNeQBv/1fDM1Q1NZmkBAW+GdpfcdrVsm0kmF7A==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
5mlgS2affMx30ieB65iS4A==
date
Fri, 30 Jun 2017 22:35:18 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
timing-allow-origin
*
content-length
19787
x-xss-protection
0
expires
Sat, 30 Jun 2018 12:53:25 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies