urlscan.io logo urlscan.io
SecurityTrails logo

twtspain.com Open in urlscan Pro
20.8.121.168  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Submission: On December 16 via api from BE — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 36 HTTP transactions. The main IP is 20.8.121.168, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is twtspain.com.
TLS certificate: Issued by R10 on December 14th 2024. Valid for: 3 months.
This is the only time twtspain.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
15 20.8.121.168 8075 (MICROSOFT...)
2 2 157.240.8.35 32934 (FACEBOOK)
1 1 2a03:2880:f11... 32934 (FACEBOOK)
2 157.240.8.23 32934 (FACEBOOK)
36 3
15    20.8.121.168 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
twtspain.com
2    157.240.8.35 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-syd2.facebook.com
facebook.com
fbcdn.net
1    2a03:2880:f119:8083:face:b00c:0:25de (Sydney, Australia)

ASN32934 (FACEBOOK, US)
fbsbx.com
2    157.240.8.23 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-syd2.fbcdn.net
connect.facebook.net
static.xx.fbcdn.net
Apex Domain
Subdomains		 Transfer
15 twtspain.com
twtspain.com
156 KB
2 fbcdn.net
fbcdn.net — Cisco Umbrella Rank: 179
static.xx.fbcdn.net — Cisco Umbrella Rank: 965 Failed
8 KB
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
176 B
1 fbsbx.com
fbsbx.com — Cisco Umbrella Rank: 2065
883 B
1 facebook.com
facebook.com — Cisco Umbrella Rank: 48
107 B
36 5
Domain Requested by
15 twtspain.com twtspain.com
1 static.xx.fbcdn.net twtspain.com
1 connect.facebook.net twtspain.com
1 fbsbx.com 1 redirects
1 fbcdn.net 1 redirects
1 facebook.com 1 redirects
36 6

This site contains links to these domains. Also see Links.

Domain
l.facebook.com
www.facebook.com
Subject Issuer Validity Valid
www.twtspain.com
R10		 2024-12-14 -
2025-03-14		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-09-25 -
2024-12-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Frame ID: EB384E1EC1A808A4FBE20BCE8AA241FF
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log into Facebook

Page Statistics

36
Requests

44 %
HTTPS

25 %
IPv6

5
Domains

6
Subdomains

3
IPs

2
Countries

164 kB
Transfer

527 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://facebook.com/security/hsts-pixel.gif?c=3.2.5 HTTP 302
  • https://fbcdn.net/security/hsts-pixel.gif?c=2.5 HTTP 302
  • https://fbsbx.com/security/hsts-pixel.gif?c=5 HTTP 302
  • https://connect.facebook.net/security/hsts-pixel.gif

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index31d5.html
twtspain.com/www.facebook.com/login/ 		61 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
85c04c924a05af7be765f5186fae47636d0554edcfc069624ebfc7df9c0fab24

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
18875
content-type
text/html
date
Mon, 16 Dec 2024 23:29:11 GMT
etag
"80f96ebedcdcd91:0"
last-modified
Fri, 01 Sep 2023 14:01:03 GMT
server
Microsoft-IIS/10.0
vary
Accept-Encoding
sIr_RWZ4iKd1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/y_/l/0%2ccross/ 		32 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/y_/l/0%2ccross/sIr_RWZ4iKd1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3fcea8cc280a765f19210b2e5e5d45ef1c03a033998023bcf09e4e6e8c59b28d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

content-encoding
gzip
etag
"00c1d6c873c01:0"
accept-ranges
bytes
content-length
7781
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
KxGJ10xTR_J1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yV/l/0%2ccross/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yV/l/0%2ccross/KxGJ10xTR_J1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b9c625ff0b7babe5a5337136b0df00331a6262a1077b7e23a450a05d216761f0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

content-encoding
gzip
etag
"00c1d6c873c01:0"
accept-ranges
bytes
content-length
1528
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
yjh8OiWBZix1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yV/l/0%2ccross/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yV/l/0%2ccross/yjh8OiWBZix1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fa5559ef39be3e94b2c1be6d46ce1d4f7d7890edce4ce60c3548dc984d74a584

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

content-encoding
gzip
etag
"00c1d6c873c01:0"
accept-ranges
bytes
content-length
1164
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
ZKa6wx6ImIq1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yU/l/0%2ccross/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yU/l/0%2ccross/ZKa6wx6ImIq1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5f9a7bebb8e7e5a2ca3b73bdedd7082bfddabd5381ceb2a09f961e0d54aecd8c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

content-encoding
gzip
etag
"00c1d6c873c01:0"
accept-ranges
bytes
content-length
5172
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
yotEdcUw9Gj1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yi/l/0%2ccross/ 		567 B
606 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yi/l/0%2ccross/yotEdcUw9Gj1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a77aabd09c9363b9a7e78221b1dfaa2f7f20d2c6b88f839c9118db747044bfad

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

accept-ranges
bytes
content-length
567
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
J7WmBMD4Opg1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yk/l/0%2ccross/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yk/l/0%2ccross/J7WmBMD4Opg1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e9be604e58d92b8056705197033c01ef6512e8b0f1a55ad7bfd0563263f7271c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

accept-ranges
bytes
content-length
2367
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
foC4gVUEQiA1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yB/l/0%2ccross/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yB/l/0%2ccross/foC4gVUEQiA1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d524413c187f9ebc1c1a2f54e30c4844349e1afa3f0d9c860b367c1f63e4ae04

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

accept-ranges
bytes
content-length
1794
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
1FPNULrhhBJ1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yc/l/0%2ccross/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yc/l/0%2ccross/1FPNULrhhBJ1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b3fe489560df7e8aa886aef389aaaa1f87dfbe49c0d8bd6d59cb4ae2be279af7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

accept-ranges
bytes
content-length
1768
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
wirBY3ywJUz1f8e.css
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yi/l/0%2ccross/ 		294 B
333 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yi/l/0%2ccross/wirBY3ywJUz1f8e.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b9bffa22531e38621da38d1be43d8ab6cdb63fe913150d776bbe3f59067286e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

accept-ranges
bytes
content-length
294
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
gK4S0TktjyT1f8e.js
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yJ/r/ 		371 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yJ/r/gK4S0TktjyT1f8e.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
38d44638bbed8bab21243db2e42be082ce119be0ef3b335c86c803343ca42fe1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

content-encoding
gzip
etag
"00c1d6c873c01:0"
accept-ranges
bytes
content-length
107303
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
application/javascript
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
dF5SId3UHWd.svg
twtspain.com/static.xx.fbcdn.net/rsrc.php/y8/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

accept-ranges
bytes
content-length
2385
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:11 GMT
content-type
image/svg+xml
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
hsts-pixel.gif
connect.facebook.net/security/
Redirect Chain
  • https://facebook.com/security/hsts-pixel.gif?c=3.2.5
  • https://fbcdn.net/security/hsts-pixel.gif?c=2.5
  • https://fbsbx.com/security/hsts-pixel.gif?c=5
  • https://connect.facebook.net/security/hsts-pixel.gif
43 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://connect.facebook.net/security/hsts-pixel.gif
Requested by
Host: twtspain.com
URL: https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:
Protocol
H3
Server
157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-syd2.fbcdn.net
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-Wlq7LTYq' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 23:29:13 GMT
content-type
image/gif
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-Wlq7LTYq' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
private, no-cache, no-store, must-revalidate
x-fb-debug
A8B9JvYIliN7Z//TFWz5w9kpxVUqLVZp1sPphFlM7Ltf+Z0FzRIwggT7CY2yPJQq/xfexmU8bI1ghhAhm5gLpA==
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=52, mss=1232, tbw=61990, tp=81, tpl=0, uplat=0, ullat=-1
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
access-control-allow-origin
*
content-length
57
x-xss-protection
0
origin-agent-cluster
?1

Redirect headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1368, tbw=3338, tp=-1, tpl=-1, uplat=202, ullat=0
location
https://connect.facebook.net/security/hsts-pixel.gif
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
date
Mon, 16 Dec 2024 23:29:13 GMT
origin-agent-cluster
?1
content-type
text/html; charset="utf-8"
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-debug
HyELbrgS8L3PCV003Qr/21ad3zoVDeimNDBsznPuR0sJMeuf7E1hnGqDxuMxg7ShICbfbDi6BmSXZKOz8Mr9kw==
truncated
/ 		78 B
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f90ce92f6d627a995bf0300ac429ace9c65072877367d8bd8e5bc2052ceae93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
text/css;charset=utf-8
Y0L6f5sxdIV.png
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yB/r/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png
Requested by
Host: twtspain.com
URL: https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/y_/l/0%2ccross/sIr_RWZ4iKd1f8e.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
633002f58522bb2b155769bd8c96d8ed33271f888a2402d46d8e24935cdd03a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/y_/l/0%2ccross/sIr_RWZ4iKd1f8e.css?_nc_x=Ij3Wp8lg5Kz

Response headers

accept-ranges
bytes
content-length
6739
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:12 GMT
content-type
image/png
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
O7nelmd9XSI.png
twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yU/r/ 		95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png
Requested by
Host: twtspain.com
URL: https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yU/l/0%2ccross/ZKa6wx6ImIq1f8e.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yU/l/0%2ccross/ZKa6wx6ImIq1f8e.css?_nc_x=Ij3Wp8lg5Kz

Response headers

accept-ranges
bytes
content-length
95
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:12 GMT
content-type
image/png
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0
RyiBoMJog7l.js
static.xx.fbcdn.net/rsrc.php/v3/ym/r/ 		0
0
NMZZZMrkoOp.js
static.xx.fbcdn.net/rsrc.php/v3i7M54/yp/l/en_US/ 		0
0
hIgAazG_TmP.js
static.xx.fbcdn.net/rsrc.php/v3/yM/r/ 		0
0
zWG4-abWBMb.js
static.xx.fbcdn.net/rsrc.php/v3/yX/r/ 		0
0
Qj-KptigT60.js
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ 		0
0
M08arqdo_nN.js
static.xx.fbcdn.net/rsrc.php/v3/yC/r/ 		0
0
FKznuKD295b.js
static.xx.fbcdn.net/rsrc.php/v3/y8/r/ 		0
0
WTleyrLZU_5.js
static.xx.fbcdn.net/rsrc.php/v3/yl/r/ 		0
0
FLJXkx8ys-6.js
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ 		0
0
gb_2sOlx922.js
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ 		0
0
LgvwffuKmeX.js
static.xx.fbcdn.net/rsrc.php/v3/yf/r/ 		0
0
usZ7l8xcwmf.js
static.xx.fbcdn.net/rsrc.php/v3/yZ/r/ 		0
0
rXZqi4nB91N.js
static.xx.fbcdn.net/rsrc.php/v3/yk/r/ 		0
0
_tJ17sGyxOX.js
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: twtspain.com
URL: https://twtspain.com/static.xx.fbcdn.net/rsrc.php/v3/yJ/r/gK4S0TktjyT1f8e.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-syd2.fbcdn.net
Software
/
Resource Hash
ab6777f622dce53efa7d6a93432292afba7757445eb4cc111b25810882375b98
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/

Response headers

content-md5
KEhj6cufAXQKNgFUtPQxFQ==
content-encoding
zstd
report-to
{"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Fri, 05 Dec 2025 06:22:51 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 16 Dec 2024 23:29:12 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
x-fb-debug
hzdAbKVCLMCAiwp2yCrCa/CeNVcd5WXQWvK/MQhWLUxpUMxSC6NZSunzkwCFzSsTgtLl8++oNiQe+WOwYA99jQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
priority
u=1
reporting-endpoints
permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=5430, tp=28, tpl=0, uplat=1, ullat=-1
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
access-control-allow-origin
*
content-length
7702
origin-agent-cluster
?1
6Kq_ckQkhEj.js
static.xx.fbcdn.net/rsrc.php/v3/yA/r/ 		0
0
j5viPPTAKWI.js
static.xx.fbcdn.net/rsrc.php/v3/y7/r/ 		0
0
DZJQTHW68mi.js
static.xx.fbcdn.net/rsrc.php/v3iqES4/yW/l/en_US/ 		0
0
1CuuL8eXovk.js
static.xx.fbcdn.net/rsrc.php/v3/y7/r/ 		0
0
mTNaUxZfqus.js
static.xx.fbcdn.net/rsrc.php/v3/yB/r/ 		0
0
DDQEq41pTuz.js
static.xx.fbcdn.net/rsrc.php/v3/yL/r/ 		0
0
B8BxsscfVBr.ico
twtspain.com/static.xx.fbcdn.net/rsrc.php/yv/r/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://twtspain.com/static.xx.fbcdn.net/rsrc.php/yv/r/B8BxsscfVBr.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.8.121.168 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://twtspain.com/www.facebook.com/login/index31d5.html?next=https:

Response headers

accept-ranges
bytes
content-length
1150
etag
"00c1d6c873c01:0"
date
Mon, 16 Dec 2024 23:29:12 GMT
content-type
image/x-icon
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
server
Microsoft-IIS/10.0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/RyiBoMJog7l.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yp/l/en_US/NMZZZMrkoOp.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yM/r/hIgAazG_TmP.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/zWG4-abWBMb.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/Qj-KptigT60.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/M08arqdo_nN.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/FKznuKD295b.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/WTleyrLZU_5.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/FLJXkx8ys-6.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/gb_2sOlx922.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/LgvwffuKmeX.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yZ/r/usZ7l8xcwmf.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/rXZqi4nB91N.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yA/r/6Kq_ckQkhEj.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/j5viPPTAKWI.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3iqES4/yW/l/en_US/DZJQTHW68mi.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/1CuuL8eXovk.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/mTNaUxZfqus.js?_nc_x=Ij3Wp8lg5Kz
Domain
static.xx.fbcdn.net
URL
https://static.xx.fbcdn.net/rsrc.php/v3/yL/r/DDQEq41pTuz.js?_nc_x=Ij3Wp8lg5Kz

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| envFlush object| Env function| __annotator function| __bodyWrapper function| __t function| __w function| emptyFunction function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireInterop function| importDefault function| importNamespace function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ function| getErrorSafe object| ErrorGuard object| ErrorSerializer object| ErrorUtils function| Arbiter function| $ function| ge object| Parent object| TimeSlice function| goURI object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister object| Bootloader function| $E number| __bigPipeFactory string| _script_path

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
facebook.com
fbcdn.net
fbsbx.com
static.xx.fbcdn.net
twtspain.com
static.xx.fbcdn.net
157.240.8.23
157.240.8.35
20.8.121.168
2a03:2880:f119:8083:face:b00c:0:25de
0f90ce92f6d627a995bf0300ac429ace9c65072877367d8bd8e5bc2052ceae93
38d44638bbed8bab21243db2e42be082ce119be0ef3b335c86c803343ca42fe1
3fcea8cc280a765f19210b2e5e5d45ef1c03a033998023bcf09e4e6e8c59b28d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5f9a7bebb8e7e5a2ca3b73bdedd7082bfddabd5381ceb2a09f961e0d54aecd8c
633002f58522bb2b155769bd8c96d8ed33271f888a2402d46d8e24935cdd03a2
85c04c924a05af7be765f5186fae47636d0554edcfc069624ebfc7df9c0fab24
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
a77aabd09c9363b9a7e78221b1dfaa2f7f20d2c6b88f839c9118db747044bfad
ab6777f622dce53efa7d6a93432292afba7757445eb4cc111b25810882375b98
b3fe489560df7e8aa886aef389aaaa1f87dfbe49c0d8bd6d59cb4ae2be279af7
b9bffa22531e38621da38d1be43d8ab6cdb63fe913150d776bbe3f59067286e9
b9c625ff0b7babe5a5337136b0df00331a6262a1077b7e23a450a05d216761f0
c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c
d524413c187f9ebc1c1a2f54e30c4844349e1afa3f0d9c860b367c1f63e4ae04
e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
e9be604e58d92b8056705197033c01ef6512e8b0f1a55ad7bfd0563263f7271c
fa5559ef39be3e94b2c1be6d46ce1d4f7d7890edce4ce60c3548dc984d74a584