pemulihan-m-facebook.zooxd.xyz Open in urlscan Pro
2606:4700:3031::6815:2f41 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pemulihan-m-facebook.zooxd.xyz/
Submission Tags: @phishunt_io
Submission: On July 30 via api (July 30th 2024, 4:45:50 pm UTC) from DE — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3031::6815:2f41, located in United States and belongs to CLOUDFLARENET, US. The main domain is pemulihan-m-facebook.zooxd.xyz.
TLS certificate: Issued by WE1 on July 12th 2024. Valid for: 3 months.

This is the only time pemulihan-m-facebook.zooxd.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 10	2606:4700:303... 2606:4700:3031::6815:2f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::6812:2844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3030::ac43:8b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	4

10 2606:4700:3031::6815:2f41 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pemulihan-m-facebook.zooxd.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2844 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3030::ac43:8b77 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	zooxd.xyz 1 redirects pemulihan-m-facebook.zooxd.xyz	91 KB
6	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 3618 ka-f.fontawesome.com — Cisco Umbrella Rank: 7493	188 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	25 KB
16	3

	Domain	Requested by
10	pemulihan-m-facebook.zooxd.xyz	1 redirects pemulihan-m-facebook.zooxd.xyz
5	ka-f.fontawesome.com	kit.fontawesome.com pemulihan-m-facebook.zooxd.xyz
1	kit.fontawesome.com	pemulihan-m-facebook.zooxd.xyz
1	cdn.jsdelivr.net	pemulihan-m-facebook.zooxd.xyz
16	4

This site contains no links.

Subject Issuer	Validity	Valid
zooxd.xyz WE1	`2024-07-12` - `2024-10-10`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-01-27`	6 months	crt.sh
ka-f.fontawesome.com WE1	`2024-07-01` - `2024-09-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pemulihan-m-facebook.zooxd.xyz/
Frame ID: 358A227D8FCE469ADA0B5CD5208536DE
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Masuk | Masuk Facebook

Page URL History Show full URLs

https://pemulihan-m-facebook.zooxd.xyz/ Page URL
https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/phish-bypass?atok=56oIYgOPILTS7EOaXnejiPeUV64u1Kcii8C6hJXeXzA-172235... HTTP 301
https://pemulihan-m-facebook.zooxd.xyz/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

304 kB
Transfer

559 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pemulihan-m-facebook.zooxd.xyz/ Page URL
https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/phish-bypass?atok=56oIYgOPILTS7EOaXnejiPeUV64u1Kcii8C6hJXeXzA-1722357941-0.0.1.1-%2F HTTP 301
https://pemulihan-m-facebook.zooxd.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
pemulihan-m-facebook.zooxd.xyz/ 4 KB
2 KB 56ms
15ms Document
text/html 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pemulihan-m-facebook.zooxd.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3aec225f9b629268943a680cb0eeb7647461f8e5c7e1f51415d35f62b61d167a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-ray: 8ab6d20e0a702c18-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 30 Jul 2024 16:45:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=roCJ%2BfTjGfbdZYGf49s2D1OPLUDNv2fd5STu4zQTmmsVzGpNnMGNDXtbObjXgg3ipMGtwNPftFDaEfFgqOpxp7PdbAoiHosrBNuWjEYbdoEDSnMjUXvfUWJ7tYgOgefX57XCyxjQF%2BdOWntP%2BfMpWm%2BOtwbZQDRbJD3r%2BfU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
pemulihan-m-facebook.zooxd.xyz/cdn-cgi/styles/ 23 KB
5 KB 9ms
9ms Stylesheet
text/css 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/styles/cf.errors.css

Requested by

Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2024 16:34:40 GMT
server: cloudflare
etag: W/"669fdba0-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8ab6d20e2a922c18-FRA
expires: Tue, 30 Jul 2024 18:45:41 GMT

GET
H2 200 icon-exclamation.png
pemulihan-m-facebook.zooxd.xyz/cdn-cgi/images/ 452 B
539 B 9ms
9ms Image
image/png 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2024 16:34:40 GMT
server: cloudflare
etag: "669fdba0-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8ab6d20e4ac12c18-FRA
content-length: 452
expires: Tue, 30 Jul 2024 18:45:41 GMT

GET
H2 404 favicon.ico
pemulihan-m-facebook.zooxd.xyz/ 315 B
620 B 701ms
700ms Other
text/html 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pemulihan-m-facebook.zooxd.xyz/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:42 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDuelo6vR9UzkkDpBhtvTpk9S9Ktq8G%2FkDSR%2Fr4YTlGPuj332%2FYqYsqT0DG9BnLndan7%2BL%2BkWSbZ4GOgGv0UPM7kTFHaVQToAhhKtYLew6oAF53P4E6%2FNGJDcGcoPp1u22Ur%2FN1P%2F7dmxiiOy%2BouMNpamHWRL1Pz1yd1VOI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8ab6d20e5ad62c18-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

Primary Request / Show response
pemulihan-m-facebook.zooxd.xyz/
Redirect Chain

https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/phish-bypass?atok=56oIYgOPILTS7EOaXnejiPeUV64u1Kcii8C6hJXeXzA-1722357941-0.0.1.1-%2F
https://pemulihan-m-facebook.zooxd.xyz/

2 KB
1 KB

202ms
202ms

Document
text/html

2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pemulihan-m-facebook.zooxd.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57873a75629cc860c5861cbf8a6a0501eb596ab375f1dbc4257cfe901c5dfe5d

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ab6d22598202c18-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 30 Jul 2024 16:45:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mct7%2BtqaHtv0GaetwmJH0RuXaayp4mSsSbN%2Fp4IQAMy7AMYRMosTybxi5zoHGvROmCmaq7MMoj6Wd%2Bf4LTDiuQPeEMeO8ADxS3zRNQW4A36Ex%2BoTAQTt2obL%2BJPOUyphfkJNJxkhkxa6GpgTKvMQSQEdRzOdXPtvQfdyEuY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

cache-control: private, no-cache
cf-ray: 8ab6d2258ffb2c18-FRA
content-length: 167
content-type: text/html
date: Tue, 30 Jul 2024 16:45:45 GMT
location: https://pemulihan-m-facebook.zooxd.xyz/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ 152 KB
25 KB 111ms
33ms Stylesheet
text/css 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

Requested by

Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
Origin: https://pemulihan-m-facebook.zooxd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 30 Jul 2024 16:45:45 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2300144
x-jsd-version: 5.0.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
x-served-by: cache-fra-eddf8230097-FRA, cache-mad2200117-MAD
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 fathz.css
pemulihan-m-facebook.zooxd.xyz/assets/ 8 KB
2 KB 202ms
201ms Stylesheet
text/css 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pemulihan-m-facebook.zooxd.xyz/assets/fathz.css
Requested by: Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c7cda6a003bf7152e41c46ddde71082add49a60775d42181142924a822d385c

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:45 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 19 Apr 2023 21:32:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=As7zchNDmOgRND7PUWw%2BvBHvzUIRSsJHU%2FyjPCBsJrIizY9qLliJxOviCs3qPCj6TacDEJWe6OKfNH1li8fWnIWOcHr3Dm7yIYYX9mpD2tGEM%2FQbqHumU63NvuDjumrnVUMixFE2CYRm1RDNJm3D5roZ9t9%2B9xDviO9flz8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8ab6d226d9ba2c18-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 logofb4.jpg
pemulihan-m-facebook.zooxd.xyz/assets/img/ 37 KB
37 KB 688ms
688ms Image
image/jpeg 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pemulihan-m-facebook.zooxd.xyz/assets/img/logofb4.jpg
Requested by: Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 551ff4c8d45f936d4ca93e260436a484ac5419368427ee7cb07a6e87d3b069a6

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:46 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 17 Apr 2023 18:49:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CqdIazXDN6otE%2F2CKgeSq24w5iR9v5bqptAMgFok64egPObsLy9Pf38z%2FmihOhWxRkFDj1U%2BMzsn%2BqVeAEMkhrQ%2Fuxw%2BBCctLMH%2F1Tmrg%2BBnGdYvmRxUpPOi8DqPM2sx4l9wMhmvuA7IppUyPc5vd%2BFvFW9%2F0g%2Fb5SzTWPw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ab6d226e9bc2c18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 37488

GET
H2 200 fbsesi.jpg
pemulihan-m-facebook.zooxd.xyz/assets/img/ 35 KB
35 KB 205ms
204ms Image
image/jpeg 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pemulihan-m-facebook.zooxd.xyz/assets/img/fbsesi.jpg
Requested by: Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8474304468ae321be76c829655cd11cd7a21a6310e85427e49b9b11ddd7e15bd

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:45 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 05 Apr 2023 08:37:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HP9420RSSJO9nP1W9gwc362wznXEwHJMcH3k9SGq4Kt9fu3reEuhvNAzpBcD1uUwu0cPhL%2Fk4Q6WEGpNT8kpcR0Ng7EGj6Ljjh10pKk1jeFsWldmVmJ5mH2yEvdB4cSxjR6Z2ry0dp0z5t%2Bc7pdGX7P9t%2BAp7SBLKDcS1N4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ab6d226e9be2c18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 35678

GET
H2 200 08380760ee.js Show response
kit.fontawesome.com/ 13 KB
5 KB 532ms
486ms Script
text/javascript 2606:4700:4400::6812:2844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit.fontawesome.com/08380760ee.js
Requested by: Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c231cd4f497d9992054e1082851dafe7c92b2f1bc937b7b2baed3a5cc6f82a4e

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
Origin: https://pemulihan-m-facebook.zooxd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:45 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
content-type: text/javascript
cache-control: max-age=60, public, stale-while-revalidate=30
cf-ray: 8ab6d2273b702c72-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F-cBSSuhY9iMMSLnH3zC

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v6.6.0/css/ 94 KB
22 KB 54ms
30ms Fetch
text/css 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.6.0/css/free.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f99c17690330c805c47da3d7592864d6acf0f73817d432447e1b0c66ad28f221

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:46 GMT
content-encoding: gzip
via: 1.1 fd3cce3e0bafd8b312277d0ad9f4762e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 15 Jul 2024 22:20:40 GMT
server: cloudflare
etag: W/"4ca760f49cd8a14911c81e6c14328874"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKHJNjIXzGIJGUkvR4gnsYC4zwfa0Hsbp7PEV2JC%2FXBhg5W4ne15cOLj2wzxxrICNmmmn2uay0VJPa67djBmFbOiM7RdLgMBTPyNy0FmTAZbyUNNNjKOe7zkD99BqpWHqFrG4jxQEFUVFiejhhz%2BcXCpTw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 8ab6d22a7f329c00-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: jzQxbxSjFM29kzECvqm2lxDKy_lNM1pGiRw23D9Q2qQp52Wh7wNGVA==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v6.6.0/css/ 27 KB
5 KB 80ms
56ms Fetch
text/css 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v4-shims.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae3c19265723696f50e3226dcd43fbc7ea617697e0d7169a8e52c854ae3826c

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:46 GMT
content-encoding: gzip
via: 1.1 05ad9acef0768042c9e1e6aa1757dea6.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 15 Jul 2024 22:20:39 GMT
server: cloudflare
etag: W/"5e5b0d8c7be5919570a305b6bc229a36"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNv%2BdolJfw1tYYvAVuvPPVcr%2FlNAKVNEPL1Q0AEEknzzdFUREuOTNS6qC1VIq394fPsB%2FXGe7NQzraYtCcV6MJW17sLHDaM3hhmT3IX1UGUB3jPYjYVDT8iUNTbDSNTbfGKtKo3oxXU2UU5Ke8Y1es29JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 8ab6d22a7f359c00-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: A_zZDHsGv1thjqTiae3ojxlodTqWZAUltwngPPYSQ48Z_cuEax3igA==

GET
H2 200 free-v5-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.6.0/css/ 823 B
718 B 82ms
59ms Fetch
text/css 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v5-font-face.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f264c31cdb355f351235359240c30acae2bbe0a43c73fa6a035123e6d953a01

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:46 GMT
via: 1.1 8c91fcc64b7a86489661ea1249599ca2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 15 Jul 2024 22:20:39 GMT
server: cloudflare
etag: W/"8972ae5004bc634ffa6641be3960e78a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XqPpsEMfWomSHiiw5m2piQ%2Bqurtz3gKktLrUY02uTLWcEz8xHn9D9Cpekkt3bUUT0kBi1qyzCTfyh0XTf73D8MnPEvlwiOLY8g3PEulD2N9BDZn5S8facM%2BBuUlca5XDNzMM%2F5e6g5kg1ZO8n4donzJRLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 8ab6d22a7f379c00-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 7yFN-btD1o_jogx9mtqKhDrHF5yw3G59R8lsYFnXdp20sng7lF7nIw==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.6.0/css/ 2 KB
1 KB 48ms
26ms Fetch
text/css 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v4-font-face.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddfbe9ee1f7088339a85fa25a259765ade4258c082a7921b9f569ff9616f904a

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:46 GMT
content-encoding: gzip
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 15 Jul 2024 22:20:39 GMT
server: cloudflare
etag: W/"a5a0c9048efb7cb5df90023064d09ba4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5N9iUCcEkbBy4NEFvD01T74WTRZ%2F7uGfizeKW7q100Izeau2VgOMFd93qPC2iLDXiOq9lZMCGxqCsSmOl%2F70PDHmp%2F9zP5ucPArQfF%2Fz4etDtmKglZt%2Bt8CT96hIn71mn9cp4AWDKKnVhDaN%2FIO21IFa3A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 8ab6d22a7f309c00-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 9Ec3YNGKB29Hcdk5MmegPyDzlQklQ1wUbXi3C4yvbQjipejP0Pq30w==

GET
H2 200 free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.6.0/webfonts/ 154 KB
154 KB 68ms
67ms Font
font/woff2 2606:4700:3030::ac43:8b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.6.0/webfonts/free-fa-solid-900.woff2
Requested by: Host: pemulihan-m-facebook.zooxd.xyz
URL: https://pemulihan-m-facebook.zooxd.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:8b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 340e6d7f301471e307e50c2ed43fe45debc8ebbf24febef17b24f0b06f8883f2

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
Origin: https://pemulihan-m-facebook.zooxd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:46 GMT
via: 1.1 3345a8f17bb96a1199a195b00a8d2c0e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 157192
last-modified: Mon, 15 Jul 2024 22:44:08 GMT
server: cloudflare
etag: "76cf3ff0dbd23dd4504e2089f0df4acb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJY4ORBxUpg4GOHaEiasPVJAtKBm6HpEn3kDhQSHts%2BroeC%2Bo%2Bv5Bs%2B6lXp1C3zowuO1YgYf7NrgPKUGUdFPn1ohiLR5faUqFI3e%2Fx%2Bhq9ziQMKFaAETKfdPoeTqHinJ6%2B7b7KKDFWO18fFxZnuTC2Biiw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8ab6d22aefdf9c00-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: iUy8va9sQxaIBDpADYsBW7ffDi3_feeO3J29oUtrwpG5KbLP3yhCow==

GET
H2 200 favfb.png
pemulihan-m-facebook.zooxd.xyz/assets/img/ 7 KB
7 KB 280ms
280ms Other
image/png 2606:4700:3031::6815:2f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pemulihan-m-facebook.zooxd.xyz/assets/img/favfb.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5

Request headers

Referer: https://pemulihan-m-facebook.zooxd.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 16:45:46 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 31 Mar 2023 05:03:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tha2xaMmT3sIkj697xHWnlL%2BZ%2BZDgqAN80yxxwvnm3Yv1Y7PBJFjylD%2FpinAzBpkSiY8zjd9AOo6ex2Eb7Yxkju3RHxEVu%2FRddAociZ5i1HLQSDDBkgBdDxvGUfCymgozvt6M36nYjNR%2F9JC0ksFDvi9S8ztidYjZGTVpmw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ab6d22b8f8f2c18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 6690

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network) Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| FontAwesomeKitConfig

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pemulihan-m-facebook.zooxd.xyz/	1970-01-20 22:27:24	Name: __cf_mw_byp Value: 56oIYgOPILTS7EOaXnejiPeUV64u1Kcii8C6hJXeXzA-1722357941-0.0.1.1-/

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pemulihan-m-facebook.zooxd.xyz/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
ka-f.fontawesome.com
kit.fontawesome.com
pemulihan-m-facebook.zooxd.xyz
2606:4700:3030::ac43:8b77
2606:4700:3031::6815:2f41
2606:4700:4400::6812:2844
2a04:4e42:600::485
0c7cda6a003bf7152e41c46ddde71082add49a60775d42181142924a822d385c
1ae3c19265723696f50e3226dcd43fbc7ea617697e0d7169a8e52c854ae3826c
340e6d7f301471e307e50c2ed43fe45debc8ebbf24febef17b24f0b06f8883f2
3aec225f9b629268943a680cb0eeb7647461f8e5c7e1f51415d35f62b61d167a
3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
551ff4c8d45f936d4ca93e260436a484ac5419368427ee7cb07a6e87d3b069a6
57873a75629cc860c5861cbf8a6a0501eb596ab375f1dbc4257cfe901c5dfe5d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
7f264c31cdb355f351235359240c30acae2bbe0a43c73fa6a035123e6d953a01
8474304468ae321be76c829655cd11cd7a21a6310e85427e49b9b11ddd7e15bd
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
c231cd4f497d9992054e1082851dafe7c92b2f1bc937b7b2baed3a5cc6f82a4e
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
ddfbe9ee1f7088339a85fa25a259765ade4258c082a7921b9f569ff9616f904a
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f99c17690330c805c47da3d7592864d6acf0f73817d432447e1b0c66ad28f221

pemulihan-m-facebook.zooxd.xyz Open in urlscan Pro 2606:4700:3031::6815:2f41 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

3 Domains

4 Subdomains

4 IPs

1 Countries

304 kBTransfer

559 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

pemulihan-m-facebook.zooxd.xyz Open in urlscan Pro
2606:4700:3031::6815:2f41 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

304 kB
Transfer

559 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!