ads-facebook.ga
Open in
urlscan Pro
2606:4700:3033::6812:226f
Malicious Activity!
Public Scan
Submission: On May 12 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on May 12th 2020. Valid for: 5 months.
This is the only time ads-facebook.ga was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3033::6812:226f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
14 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
fbcdn.net
static.xx.fbcdn.net |
255 KB |
1 |
facebook.com
facebook.com |
948 B |
1 |
ads-facebook.ga
ads-facebook.ga |
4 KB |
14 | 3 |
Domain | Requested by | |
---|---|---|
12 | static.xx.fbcdn.net |
ads-facebook.ga
|
1 | facebook.com |
ads-facebook.ga
|
1 | ads-facebook.ga | |
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
m.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-05-12 - 2020-10-09 |
5 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-04-15 - 2020-07-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ads-facebook.ga/
Frame ID: 81C7B12443A62640F371FEDDC0875BF7
Requests: 14 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: OCULTARMOSTRAR
Search URL Search Domain Scan URL
Title: Esqueceu a senha?
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: العربية
Search URL Search Domain Scan URL
Title: English (US)
Search URL Search Domain Scan URL
Title: Français (France)
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ads-facebook.ga/ |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FU7Hdz185W2.js
static.xx.fbcdn.net/rsrc.php/v3/ym/r/ |
97 KB 25 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
swkN4gXeiCH.js
static.xx.fbcdn.net/rsrc.php/v3/yA/r/ |
18 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GXSvxG8riDx.js
static.xx.fbcdn.net/rsrc.php/v3/yR/r/ |
49 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Gulh_VkEaQw.js
static.xx.fbcdn.net/rsrc.php/v3is4v4/yD/l/pt_BR/ |
45 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EH5ka8spIkZ.js
static.xx.fbcdn.net/rsrc.php/v3icm24/y3/l/pt_BR/ |
38 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ZsqLc6-5FQP.js
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
226JQE_aiL9.css
static.xx.fbcdn.net/rsrc.php/v3/yG/l/0,cross/ |
99 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l7dk_vrKtOR.js
static.xx.fbcdn.net/rsrc.php/v3/yU/r/ |
111 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9DGqyzQsrfu.js
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ |
56 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fLx5L6V570h.js
static.xx.fbcdn.net/rsrc.php/v3i4B74/y9/l/pt_BR/ |
137 KB 38 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0b5T-7QaF1I.css
static.xx.fbcdn.net/rsrc.php/v3/yf/l/0,cross/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
facebook.com/security/ |
43 B 948 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
edlsFKKb9S2.png
static.xx.fbcdn.net/rsrc.php/v3/yl/r/ |
73 KB 73 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ads-facebook.ga/ | Name: __cfduid Value: d1a3b7428fefbd0aaac07ef2aec374dd11589248272 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads-facebook.ga
facebook.com
static.xx.fbcdn.net
2606:4700:3033::6812:226f
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
028954d5ac469ff3b836c237f38c38dced30f7d9d7d25be4c2603369cf07c550
33a634e1bd262aa6f77cfef0b8bd26f743d3d9db6017d8bff0a648a41e892e90
366c78f147150f663298e8ba6d05e7c2df02a5689106a5f14341e902a7c8747b
4b5d23fc3213c2deeb619f16d6e9df49a8082200b0cc94a2e3dbc2925ac9eb2e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5519a57fd9a71f25735c7ae709a0365f4be5478635e44bdafdebd97100ae3668
595eb0cecf61baafbf2c264f2e7b009b4aa987914b041873146a39cd6e82fb2e
a710784577f41e7baa7d8a7fcd6fbe43290890f8004e8af7ca51da23088b1f54
aabef569717537681f4400d00ae2c129a852e2b6ee1c47fa4367f6fdf77f8440
aec832850250e5c3e2e9d18372b24a73aa0f73d2240c6dee606ce3cc43fb40c2
af505c66cb04e754c413bc9ece01930a6ba0941f26f03b173b3978420b50c417
e494cb43139528858aa7d4256fb1befb6b0b1cdb4b20234ae1793872d93ff503
f4b627d014cf23c0e75fa59a5aa83747b5c139fc9084870967b5c7029790e2ac
fdb53a60ab2b6816aa47ffe39a6b7bda7104d7c88f65da85f129086e76af6675