free-facebook-nonaktif.nedfile.eu.org Open in urlscan Pro
2606:4700:3037::ac43:d539 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://free-facebook-nonaktif.nedfile.eu.org/
Submission Tags: @phishunt_io
Submission: On July 26 via api (July 26th 2023, 10:25:58 am UTC) from DE — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3037::ac43:d539, located in United States and belongs to CLOUDFLARENET, US. The main domain is free-facebook-nonaktif.nedfile.eu.org.
TLS certificate: Issued by GTS CA 1P5 on June 22nd 2023. Valid for: 3 months.

This is the only time free-facebook-nonaktif.nedfile.eu.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
4	2606:4700:303... 2606:4700:3037::ac43:d539	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1634	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:e2:... 2606:4700:e2::ac40:8209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	4

4 2606:4700:3037::ac43:d539 (United States)

ASN13335 (CLOUDFLARENET, US)

free-facebook-nonaktif.nedfile.eu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e2::ac40:8209 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1957 ka-f.fontawesome.com — Cisco Umbrella Rank: 4535	182 KB
4	eu.org free-facebook-nonaktif.nedfile.eu.org	76 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 361	48 KB
12	3

	Domain	Requested by
5	ka-f.fontawesome.com	kit.fontawesome.com free-facebook-nonaktif.nedfile.eu.org
4	free-facebook-nonaktif.nedfile.eu.org	free-facebook-nonaktif.nedfile.eu.org
2	cdn.jsdelivr.net	free-facebook-nonaktif.nedfile.eu.org
1	kit.fontawesome.com	free-facebook-nonaktif.nedfile.eu.org
12	4

This site contains no links.

Subject Issuer	Validity	Valid
nedfile.eu.org GTS CA 1P5	`2023-06-22` - `2023-09-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2023-07-13` - `2023-10-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://free-facebook-nonaktif.nedfile.eu.org/
Frame ID: 37E94EF13E526B582DC05E1CC519780C
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Masuk | Masuk Facebook

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

12
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

305 kB
Transfer

599 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
free-facebook-nonaktif.nedfile.eu.org/ 2 KB
1 KB 477ms
382ms Document
text/html 2606:4700:3037::ac43:d539
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://free-facebook-nonaktif.nedfile.eu.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d539 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b170cedbe53ad64c6b89cd2773917bbf8ca3a6c81b771756b851bd484869575e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7ecbf0f25af02bc2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 26 Jul 2023 10:25:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iD3rBw8esA5NQS1IhY6N0eSBDLJ5G1BXoUBtSdlgmIOENoySy9AmHUqgFAF6YaNbCwnNZepn%2B3yYGfOtDT1cnV0oakXj%2FNkrXMnsZc7gfxhIJftMlMCsLdNu1yO%2BPlRccHWrkvvC259gjlzEGzsrx1LvAyGeM6t58aF0Xc29TV5LIHtl"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ 152 KB
24 KB 87ms
38ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

Requested by

Host: free-facebook-nonaktif.nedfile.eu.org
URL: https://free-facebook-nonaktif.nedfile.eu.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://free-facebook-nonaktif.nedfile.eu.org/
Origin: https://free-facebook-nonaktif.nedfile.eu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 13312335
x-jsd-version: 5.0.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230097-FRA, cache-yyz4521-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FBhhq6VFQqUEazM7fsf0CfqPX3byxMU%2FTjsWhbO5TSQywEjfNhJUcTxssoupbn3Eyiyon7Ya0h%2FLHckxYKSs5ZglwnIjY1Yr47%2FEdPt%2BtRkqp4FaIvHBOXjc2c6VioSMct1JwCbETSS%2FHFlXpV8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7ecbf0f51fd23816-FRA

GET
H2 200 fathz.css
free-facebook-nonaktif.nedfile.eu.org/assets/ 8 KB
2 KB 347ms
345ms Stylesheet
text/css 2606:4700:3037::ac43:d539
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://free-facebook-nonaktif.nedfile.eu.org/assets/fathz.css
Requested by: Host: free-facebook-nonaktif.nedfile.eu.org
URL: https://free-facebook-nonaktif.nedfile.eu.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d539 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c7cda6a003bf7152e41c46ddde71082add49a60775d42181142924a822d385c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://free-facebook-nonaktif.nedfile.eu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 19 Apr 2023 11:32:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZhoBSM5WO79BAqV0Cj16qN1YK9XfSp6Sd%2FsLq3w0J%2BRkO86cwNridHg0L7Hg8rNWSFiaHZn%2FJ%2FHrkB9ruJw9aWj7x%2BMfFOqaYFBzmxu809xApOc07%2FdtbZFByFToSaBa6MYqkN1Z1hjjjw%2Bap9igSrH8kvpGJ%2Bs5ezzgNYF0SAxCyBoO"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 7ecbf0f4cdcc2bc2-FRA
alt-svc: h3=":443"; ma=86400
expires: Wed, 02 Aug 2023 10:25:53 GMT

GET
H2 200 logofb4.jpg
free-facebook-nonaktif.nedfile.eu.org/assets/img/ 37 KB
37 KB 515ms
513ms Image
image/jpeg 2606:4700:3037::ac43:d539
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://free-facebook-nonaktif.nedfile.eu.org/assets/img/logofb4.jpg
Requested by: Host: free-facebook-nonaktif.nedfile.eu.org
URL: https://free-facebook-nonaktif.nedfile.eu.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d539 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 551ff4c8d45f936d4ca93e260436a484ac5419368427ee7cb07a6e87d3b069a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://free-facebook-nonaktif.nedfile.eu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
cf-cache-status: MISS
last-modified: Mon, 17 Apr 2023 08:49:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFpzTXYp5POg589aQdEufMtp0svwkI5M1Shghtm4eGqdd4aedIpZjq0YPC7nPfUQQ7%2FX5yuUSxAe%2FIBnldPp7Oy3axhIr1Jvv3ExCKFDhI3W%2BQNOS4tJI%2FRrUyW%2B51RAR%2FGf1bbLY9x4TT%2BMwlxkn8yfsTIAW8CMEeGMt2ZiFXCglRQC"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 7ecbf0f4ddd22bc2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 37488
expires: Wed, 02 Aug 2023 10:25:53 GMT

GET
H2 200 fbsesi.jpg
free-facebook-nonaktif.nedfile.eu.org/assets/img/ 35 KB
35 KB 489ms
488ms Image
image/jpeg 2606:4700:3037::ac43:d539
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://free-facebook-nonaktif.nedfile.eu.org/assets/img/fbsesi.jpg
Requested by: Host: free-facebook-nonaktif.nedfile.eu.org
URL: https://free-facebook-nonaktif.nedfile.eu.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d539 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8474304468ae321be76c829655cd11cd7a21a6310e85427e49b9b11ddd7e15bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://free-facebook-nonaktif.nedfile.eu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
cf-cache-status: MISS
last-modified: Tue, 04 Apr 2023 22:37:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fqkiLcHK84pMl0v48ITbCEGib%2FKr8K9YXioDqpWR8Ux%2B%2Bl%2F2osPN8aDSrJ5a0G%2FBgnzCKN5DBWUEHDE4uJhSviEaxUvAgXoWUbaluUmCL5MNdBN0zeLc6iJPVbrg%2B7oDFcelbU7EzsuE5wNPwakNAdePQVyORqmDYG%2Fc4I%2Fit46bxvh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 7ecbf0f4ddd32bc2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 35678
expires: Wed, 02 Aug 2023 10:25:53 GMT

GET
H2 200 08380760ee.js Show response
kit.fontawesome.com/ 11 KB
5 KB 93ms
47ms Script
text/javascript 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/08380760ee.js

Requested by

Host: free-facebook-nonaktif.nedfile.eu.org
URL: https://free-facebook-nonaktif.nedfile.eu.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9de1adcdc2d92f3ae6967d244c1996039a661f58857a965be25ca7c88ed9815b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://free-facebook-nonaktif.nedfile.eu.org/
Origin: https://free-facebook-nonaktif.nedfile.eu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 7ecbf0f51be91c38-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F3Vj-Fr-c8ZFb6MYebKi

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/ 77 KB
23 KB 79ms
34ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js

Requested by

Host: free-facebook-nonaktif.nedfile.eu.org
URL: https://free-facebook-nonaktif.nedfile.eu.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://free-facebook-nonaktif.nedfile.eu.org/
Origin: https://free-facebook-nonaktif.nedfile.eu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4893372
x-jsd-version: 5.0.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230080-FRA, cache-jnb7026-JNB
x-jsd-version-type: version
server: cloudflare
etag: W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XW7iN73RxNddGy6GBYhX%2BSQ0XkOg9vWK4Rwdsj6SURvhI%2FtAltXNcz3PawGTrcWPSzEJfkCpAaSkrexPby%2BYYBXNrMNbZLaxk%2BFGwCJL%2Bor9xAjSH8WHNTpdpZdVrN%2FCXcXomWvnguOW4dO96IU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 7ecbf0f51fd33816-FRA

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 100 KB
23 KB 98ms
50ms Fetch
text/css 2606:4700:e2::ac40:8209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://free-facebook-nonaktif.nedfile.eu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
via: 1.1 a3f6a09ce0b2cec8cd66e141dd4234ba.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR61-P6
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:21 GMT
server: cloudflare
etag: W/"5febfb939e2fc4ddf14fffae53b72cf0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6GQIyub%2Frr8buNrTfjy2jHsjDIadRiDXVh%2BNNt78ivLyjEWdyc31dQRpfTVPc7JSvWcZBKZFbb9Kos7MCV%2F9mOaoNMgSJghnVRzggiiB5ODGjKtlSsxH2WfyA9CcnMiEDlNTazORZCbqL2QlTXdtQq6wZA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7ecbf0f75f6d9016-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 94_0oB4CbSFCeBu5Xc5aXXlufhRroIoOtwhDskBuoAuG8wdynuFQEA==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 27 KB
5 KB 129ms
82ms Fetch
text/css 2606:4700:e2::ac40:8209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-shims.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://free-facebook-nonaktif.nedfile.eu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
via: 1.1 0ae80be4247067ed98935fa287036542.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR61-P6
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"5193a6de5225940ae4ef5f7c82126be9"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZbGGXlZAy9sr%2FxDMgYtnchKAKl4ruqkvVlsHiBB1jq1aVcP7ShfylYu0bkkYn943NVwqpZuIbYggIj1NLnWfNKjOYD%2B0ua5rKpF5A2PZYaKeFs9WK6DeCE5ExFqH84W%2FvyALL2g1Flx6dpKeUomNoOLp0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7ecbf0f75f709016-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: AlTcgSG-7vMeP8b68fKH5_YoIsF_tCxk27JGfntqowONsHi1Xvf_Mg==

GET
H2 200 free-v5-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 823 B
725 B 122ms
75ms Fetch
text/css 2606:4700:e2::ac40:8209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v5-font-face.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://free-facebook-nonaktif.nedfile.eu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
via: 1.1 1f5c5f517563ee9313e2cb0e2fd3ae46.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR61-P6
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"5856e3f07fbc36fc4d430a95a577a87f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKxbY2Ex%2Fc95v4QvAkfKoAjhHtME7e%2BjRuc3Je8G0YPtAIFd%2Fiq9w4EEeetokXMlgcK304wE5P2rjjH2GhOg%2BDp%2FQ13exWNXnQ7OIpNt1CM9zpdpqNNH0bhpBy3GkOxrg%2FSZe8w44%2BcABdXPZ9n65sBsIw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7ecbf0f75f729016-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: lu1e1LDPYBWql1AdSUhA0qjs6_UPsXKoPrSYyp9nqd4Xnwf5o4YrGA==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 2 KB
1 KB 87ms
40ms Fetch
text/css 2606:4700:e2::ac40:8209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-font-face.min.css?token=08380760ee
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/08380760ee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://free-facebook-nonaktif.nedfile.eu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
via: 1.1 3298c44116035984c2fac24b89183c4e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"9e7f9f634ace089bcdacc3fcc5f23ce5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lovGnwziSAw1JBDYeO5WGHFgD9ZW7CccGcZwMZ5gJ6bQkzBiryL%2F0Mvq1htWxNoppCp6KfXxTDOfWlH6Kwp3x0sfDGmcwvw24TizCO6lg4FYvxk%2FHoOiwnb6m7Egd45%2BTcpQzqTr%2BO199dHUR3xS0FCuCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7ecbf0f75f719016-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: hkj3WDh2YLz2KgPzqY1MLetLrSwOqhmelYGE5B5faH5csdGY3fDO7g==

GET
H2 200 free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.4.0/webfonts/ 147 KB
147 KB 52ms
51ms Font
font/woff2 2606:4700:e2::ac40:8209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/webfonts/free-fa-solid-900.woff2
Requested by: Host: free-facebook-nonaktif.nedfile.eu.org
URL: https://free-facebook-nonaktif.nedfile.eu.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1ed5cd319e1b6bcac2b0d2ab3ebe5474d72327ef3d700fd553f4cf1b5d23a35

Request headers

Referer: https://free-facebook-nonaktif.nedfile.eu.org/
Origin: https://free-facebook-nonaktif.nedfile.eu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 10:25:53 GMT
via: 1.1 1d1ac947176d7f8f6bd3207cb28e5bba.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LHR61-P6
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 150120
last-modified: Fri, 24 Mar 2023 05:23:18 GMT
server: cloudflare
etag: "47c0d51ac60ec37c20bc6f755cc9f71b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ce0d0t1cov%2BU6pApYr1FJ%2BUPvpFGcQRfbGbObZqwdKgRn1F4ercsvs0RVtPXAYQIkgh%2F3WRXQCmzGFkrHt8skVVDI18ZVJDyUItZwsyHY%2BeD0YcOIG%2Ff44hLOxJab5orOr0FDixPpjTpfQwWY3lIqup%2BIA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 7ecbf0f7f8109016-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: u_zMwDfxc3AZqo6xxjoWJj2YCF-fzkNslzkiktEtpUu7uwgjSp_gdQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| FontAwesomeKitConfig number| uidEvent object| bootstrap

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
free-facebook-nonaktif.nedfile.eu.org
ka-f.fontawesome.com
kit.fontawesome.com
2606:4700:3037::ac43:d539
2606:4700::6810:5614
2606:4700::6812:1634
2606:4700:e2::ac40:8209
0c7cda6a003bf7152e41c46ddde71082add49a60775d42181142924a822d385c
425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575
551ff4c8d45f936d4ca93e260436a484ac5419368427ee7cb07a6e87d3b069a6
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
8474304468ae321be76c829655cd11cd7a21a6310e85427e49b9b11ddd7e15bd
9de1adcdc2d92f3ae6967d244c1996039a661f58857a965be25ca7c88ed9815b
af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76
b170cedbe53ad64c6b89cd2773917bbf8ca3a6c81b771756b851bd484869575e
b1ed5cd319e1b6bcac2b0d2ab3ebe5474d72327ef3d700fd553f4cf1b5d23a35
d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd
fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1

free-facebook-nonaktif.nedfile.eu.org Open in urlscan Pro 2606:4700:3037::ac43:d539 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

100 %IPv6

3 Domains

4 Subdomains

4 IPs

1 Countries

305 kBTransfer

599 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

free-facebook-nonaktif.nedfile.eu.org Open in urlscan Pro
2606:4700:3037::ac43:d539 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

305 kB
Transfer

599 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!