pemulihan-m-facebook.zooxd.xyz
Open in
urlscan Pro
2606:4700:3031::6815:2f41
Malicious Activity!
Public Scan
Submission Tags: @phishunt_io
Submission: On July 30 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by WE1 on July 12th 2024. Valid for: 3 months.
This is the only time pemulihan-m-facebook.zooxd.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network) Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 2606:4700:303... 2606:4700:3031::6815:2f41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:600... 2a04:4e42:600::485 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700:440... 2606:4700:4400::6812:2844 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:303... 2606:4700:3030::ac43:8b77 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 4 |
ASN13335 (CLOUDFLARENET, US)
pemulihan-m-facebook.zooxd.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
zooxd.xyz
1 redirects
pemulihan-m-facebook.zooxd.xyz |
91 KB |
6 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3618 ka-f.fontawesome.com — Cisco Umbrella Rank: 7493 |
188 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 410 |
25 KB |
16 | 3 |
Domain | Requested by | |
---|---|---|
10 | pemulihan-m-facebook.zooxd.xyz |
1 redirects
pemulihan-m-facebook.zooxd.xyz
|
5 | ka-f.fontawesome.com |
kit.fontawesome.com
pemulihan-m-facebook.zooxd.xyz |
1 | kit.fontawesome.com |
pemulihan-m-facebook.zooxd.xyz
|
1 | cdn.jsdelivr.net |
pemulihan-m-facebook.zooxd.xyz
|
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
zooxd.xyz WE1 |
2024-07-12 - 2024-10-10 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3 |
2024-07-30 - 2025-08-31 |
a year | crt.sh |
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-07-30 - 2025-01-27 |
6 months | crt.sh |
ka-f.fontawesome.com WE1 |
2024-07-01 - 2024-09-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pemulihan-m-facebook.zooxd.xyz/
Frame ID: 358A227D8FCE469ADA0B5CD5208536DE
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Masuk | Masuk FacebookPage URL History Show full URLs
- https://pemulihan-m-facebook.zooxd.xyz/ Page URL
-
https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/phish-bypass?atok=56oIYgOPILTS7EOaXnejiPeUV64u1Kcii8C6hJXeXzA-172235...
HTTP 301
https://pemulihan-m-facebook.zooxd.xyz/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://pemulihan-m-facebook.zooxd.xyz/ Page URL
-
https://pemulihan-m-facebook.zooxd.xyz/cdn-cgi/phish-bypass?atok=56oIYgOPILTS7EOaXnejiPeUV64u1Kcii8C6hJXeXzA-1722357941-0.0.1.1-%2F
HTTP 301
https://pemulihan-m-facebook.zooxd.xyz/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
pemulihan-m-facebook.zooxd.xyz/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
pemulihan-m-facebook.zooxd.xyz/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
pemulihan-m-facebook.zooxd.xyz/cdn-cgi/images/ |
452 B 539 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
pemulihan-m-facebook.zooxd.xyz/ |
315 B 620 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
pemulihan-m-facebook.zooxd.xyz/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fathz.css
pemulihan-m-facebook.zooxd.xyz/assets/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logofb4.jpg
pemulihan-m-facebook.zooxd.xyz/assets/img/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbsesi.jpg
pemulihan-m-facebook.zooxd.xyz/assets/img/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
08380760ee.js
kit.fontawesome.com/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
94 KB 22 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
823 B 718 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.6.0/webfonts/ |
154 KB 154 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favfb.png
pemulihan-m-facebook.zooxd.xyz/assets/img/ |
7 KB 7 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network) Generic Cloudflare (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FontAwesomeKitConfig1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.pemulihan-m-facebook.zooxd.xyz/ | Name: __cf_mw_byp Value: 56oIYgOPILTS7EOaXnejiPeUV64u1Kcii8C6hJXeXzA-1722357941-0.0.1.1-/ |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
ka-f.fontawesome.com
kit.fontawesome.com
pemulihan-m-facebook.zooxd.xyz
2606:4700:3030::ac43:8b77
2606:4700:3031::6815:2f41
2606:4700:4400::6812:2844
2a04:4e42:600::485
0c7cda6a003bf7152e41c46ddde71082add49a60775d42181142924a822d385c
1ae3c19265723696f50e3226dcd43fbc7ea617697e0d7169a8e52c854ae3826c
340e6d7f301471e307e50c2ed43fe45debc8ebbf24febef17b24f0b06f8883f2
3aec225f9b629268943a680cb0eeb7647461f8e5c7e1f51415d35f62b61d167a
3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
551ff4c8d45f936d4ca93e260436a484ac5419368427ee7cb07a6e87d3b069a6
57873a75629cc860c5861cbf8a6a0501eb596ab375f1dbc4257cfe901c5dfe5d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
7f264c31cdb355f351235359240c30acae2bbe0a43c73fa6a035123e6d953a01
8474304468ae321be76c829655cd11cd7a21a6310e85427e49b9b11ddd7e15bd
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
c231cd4f497d9992054e1082851dafe7c92b2f1bc937b7b2baed3a5cc6f82a4e
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
ddfbe9ee1f7088339a85fa25a259765ade4258c082a7921b9f569ff9616f904a
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f99c17690330c805c47da3d7592864d6acf0f73817d432447e1b0c66ad28f221