www-facebook-login.com Open in urlscan Pro
2606:4700:30::6818:79a3  Malicious Activity! Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response www-facebook-login.com/	14 KB 4 KB	359ms 353ms	Document text/html	2606:4700:30::6818:79a3 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://www-facebook-login.com/ Protocol HTTP/1.1 Server 2606:4700:30::6818:79a3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 0f8b73a3717f6e3d6cece909df10953911e477af468b90b1a3162553b26f52a5 Request headers Host www-facebook-login.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 16 Jan 2019 22:25:06 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=da26cb08dfb20bc65dea608dd248a15541547677505; expires=Thu, 16-Jan-20 22:25:05 GMT; path=/; domain=.www-facebook-login.com; HttpOnly Vary Accept-Encoding,User-Agent Server cloudflare CF-RAY 49a3fefc30b1c26f-FRA Content-Encoding gzip
GET H/1.1	200 OK	hONH9rGk3nS.css www-facebook-login.com/facebook/	65 KB 16 KB	382ms 382ms	Stylesheet text/css	2606:4700:30::6818:79a3 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://www-facebook-login.com/facebook/hONH9rGk3nS.css Requested by Host: www-facebook-login.com URL: http://www-facebook-login.com/ Protocol HTTP/1.1 Server 2606:4700:30::6818:79a3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 61a00039be67fedf06906feaf88526bf1b5abc2ee2967c412d6723349faf12f9 Request headers Pragma no-cache Origin http://www-facebook-login.com Accept-Encoding gzip, deflate Host www-facebook-login.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,*/*;q=0.1 Referer http://www-facebook-login.com/ Cookie __cfduid=da26cb08dfb20bc65dea608dd248a15541547677505 Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://www-facebook-login.com/ Origin http://www-facebook-login.com Response headers Date Wed, 16 Jan 2019 22:25:06 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 20 Dec 2018 15:48:17 GMT Server cloudflare ETag "10417-57d760f2d1d84-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 49a3fefe72b3c26f-FRA Content-Length 16428 Expires Thu, 17 Jan 2019 02:25:06 GMT
GET H/1.1	200 OK	LB-eAboC9Pc.css www-facebook-login.com/facebook/	12 KB 3 KB	273ms 267ms	Stylesheet text/css	2606:4700:30::6818:78a3 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://www-facebook-login.com/facebook/LB-eAboC9Pc.css Requested by Host: www-facebook-login.com URL: http://www-facebook-login.com/ Protocol HTTP/1.1 Server 2606:4700:30::6818:78a3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 1ae55cdfe77aae4bfc765952b7d53d5fd2c15009b2514260b89273d85b3d1bdd Request headers Pragma no-cache Origin http://www-facebook-login.com Accept-Encoding gzip, deflate Host www-facebook-login.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,*/*;q=0.1 Referer http://www-facebook-login.com/ Cookie __cfduid=da26cb08dfb20bc65dea608dd248a15541547677505 Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://www-facebook-login.com/ Origin http://www-facebook-login.com Response headers Date Wed, 16 Jan 2019 22:25:06 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Thu, 20 Dec 2018 15:48:21 GMT Server cloudflare ETag "2f44-57d760f60c4dd-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 49a3fefe7792643f-FRA Content-Length 3108 Expires Thu, 17 Jan 2019 02:25:06 GMT
GET H/1.1	200 OK	hsts-pixel.gif www-facebook-login.com/facebook/	43 B 436 B	271ms 265ms	Image image/gif	2606:4700:30::6818:78a3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://www-facebook-login.com/facebook/hsts-pixel.gif Requested by Host: www-facebook-login.com URL: http://www-facebook-login.com/ Protocol HTTP/1.1 Server 2606:4700:30::6818:78a3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www-facebook-login.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://www-facebook-login.com/ Cookie __cfduid=da26cb08dfb20bc65dea608dd248a15541547677505 Connection keep-alive Cache-Control no-cache Referer http://www-facebook-login.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 16 Jan 2019 22:25:06 GMT CF-Cache-Status MISS Last-Modified Thu, 20 Dec 2018 15:48:19 GMT Server cloudflare ETag "2b-57d760f44dfdd" Vary Accept-Encoding Content-Type image/gif Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 49a3fefe753d6439-FRA Content-Length 43 Expires Thu, 17 Jan 2019 02:25:06 GMT
GET H/1.1	200 OK	WHd-0m31OQC.png www-facebook-login.com/facebook/	29 KB 29 KB	502ms 502ms	Image image/png	2606:4700:30::6818:79a3 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://www-facebook-login.com/facebook/WHd-0m31OQC.png Requested by Host: www-facebook-login.com URL: http://www-facebook-login.com/ Protocol HTTP/1.1 Server 2606:4700:30::6818:79a3 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 8e51bfcabe422f0919c9f6dd49414cbcf4ecba3aeb049b12062e516cdb0ebbe9 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www-facebook-login.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://www-facebook-login.com/facebook/hONH9rGk3nS.css Cookie __cfduid=da26cb08dfb20bc65dea608dd248a15541547677505 Connection keep-alive Cache-Control no-cache Referer http://www-facebook-login.com/facebook/hONH9rGk3nS.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 16 Jan 2019 22:25:07 GMT CF-Cache-Status MISS Last-Modified Thu, 20 Dec 2018 15:48:28 GMT Server cloudflare ETag "7395-57d760fd686fb" Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 49a3ff01a5aec26f-FRA Content-Length 29589 Expires Thu, 17 Jan 2019 02:25:07 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| __updateOrientation

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.www-facebook-login.com/	1970-01-19 06:40:13	Name: __cfduid Value: da26cb08dfb20bc65dea608dd248a15541547677505

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www-facebook-login.com
2606:4700:30::6818:78a3
2606:4700:30::6818:79a3
0f8b73a3717f6e3d6cece909df10953911e477af468b90b1a3162553b26f52a5
1ae55cdfe77aae4bfc765952b7d53d5fd2c15009b2514260b89273d85b3d1bdd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
61a00039be67fedf06906feaf88526bf1b5abc2ee2967c412d6723349faf12f9
8e51bfcabe422f0919c9f6dd49414cbcf4ecba3aeb049b12062e516cdb0ebbe9