urlscan.io logo urlscan.io
SecurityTrails logo

480321.myshoptet.com Open in urlscan Pro
185.64.219.37  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Submission: On November 26 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 17 HTTP transactions. The main IP is 185.64.219.37, located in Czech Republic and belongs to VSHOSTING, CZ. The main domain is 480321.myshoptet.com.
This is the only time 480321.myshoptet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 185.64.219.37 43541 (VSHOSTING)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:9000:211... 16509 (AMAZON-02)
2 4 162.0.217.44 22612 (NAMECHEAP...)
1 13.35.253.12 16509 (AMAZON-02)
1 3.220.57.224 14618 (AMAZON-AES)
6 2a03:2880:f02... 32934 (FACEBOOK)
1 67.202.94.93 32748 (STEADFAST)
17 9
1    185.64.219.37 (Czech Republic)

ASN43541 (VSHOSTING, CZ)
PTR: shoptet-lb-prot.vshosting.cz
480321.myshoptet.com
2    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2600:9000:211e:b200:4:c961:9640:93a1 (United States)

ASN16509 (AMAZON-02, US)
a.mailmunch.co
4    162.0.217.44 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: business146-5.web-hosting.com
wolfteam.xyz
1    13.35.253.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-12.fra6.r.cloudfront.net
cf.mailmunch.co
1    3.220.57.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-57-224.compute-1.amazonaws.com
analytics.mailmunch.co
6    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net
1    67.202.94.93 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
Domain Requested by
6 static.xx.fbcdn.net wolfteam.xyz
480321.myshoptet.com
4 wolfteam.xyz 2 redirects 480321.myshoptet.com
2 a.mailmunch.co 480321.myshoptet.com
2 ajax.googleapis.com 480321.myshoptet.com
1 whos.amung.us 480321.myshoptet.com
1 analytics.mailmunch.co 480321.myshoptet.com
1 cf.mailmunch.co 480321.myshoptet.com
1 cdnjs.cloudflare.com 480321.myshoptet.com
1 480321.myshoptet.com
17 9

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
*.mailmunch.co
Amazon		 2021-02-25 -
2022-03-26		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-04 -
2021-12-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Frame ID: 7993FF5DC8B4B16C67D5A111232CABE6
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook - Sign in or sign up

Page Statistics

17
Requests

71 %
HTTPS

44 %
IPv6

7
Domains

9
Subdomains

9
IPs

3
Countries

195 kB
Transfer

312 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2 HTTP 301
  • https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
Request Chain 11
  • https://wolfteam.xyz/fbs/location HTTP 301
  • https://wolfteam.xyz/fbs/location/

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Facebooks.html
480321.myshoptet.com/user/documents/upload/ 		19 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
HTTP/1.1
Server
185.64.219.37 , Czech Republic, ASN43541 (VSHOSTING, CZ),
Reverse DNS
shoptet-lb-prot.vshosting.cz
Software
nginx /
Resource Hash
968d338c7d0a0970a130de9cf729ce2498069b1bc746de76bfa38f4b49a1e70a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Fri, 26 Nov 2021 01:28:36 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 16 Nov 2021 15:46:49 GMT
ETag
W/"4c4c-5d0e9d561b866"
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Expires
Fri, 03 Dec 2021 01:28:36 GMT
Cache-Control
max-age=604800
Content-Encoding
gzip
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 		82 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:22:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
137159
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29671
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 24 Nov 2022 11:22:37 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 20:08:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
278420
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Nov 2022 20:08:16 GMT
jquery.maskedinput.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.min.js
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb82877818fa23c8c028053cc5744c5d7947faca82bd50a82b918016499bfb62
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 01:28:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
278769
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
1714
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-10e4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bv5BcmPi%2F7guSKv3fRJy1MQNqm1Ey1%2BFJGYfa7HOgzbwiKkUeLFxXUYDrR8VgZOLaiUCTiHzcIsasa0GX7vBa4KE4xACW%2BB888GmcSCPG2NWtfW0%2FeYy2Pheva%2BleJuoEsKcutIX9hty%2FjFMk8ldwdqX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6b3f574c8dbd68e6-FRA
expires
Wed, 16 Nov 2022 01:28:36 GMT
form.js
a.mailmunch.co/app/v1/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.mailmunch.co/app/v1/form.js
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:b200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4586094215d4273115514adeeed2f2e84b5c66829ba0198af21e71e17bd127d1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 06:05:44 GMT
content-encoding
gzip
age
156173
x-cache
Hit from cloudfront
content-length
4347
access-control-allow-origin
*
last-modified
Tue, 23 Nov 2021 10:27:44 GMT
server
AmazonS3
etag
"172d7f2975f10d92db20b25c33340788"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
text/javascript
via
1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=172800
x-amz-cf-pop
FRA56-C2
accept-ranges
bytes
x-amz-cf-id
we60zszyJwnGTfeMFf0nnj1CpRRCr2iErIgkXiOAMoj0WIMWq9sknA==
safe_image_20%281%29.png
a.mailmunch.co/attachments/assets/000/506/296/large/ 		127 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.mailmunch.co/attachments/assets/000/506/296/large/safe_image_20%281%29.png?1625122013
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:b200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eaceb8aa11b0e7657eee87cc22d4ba5013411e3b5a3943a23741540a8f3a26f8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 11:55:06 GMT
via
1.1 c1e2423613b2dcb4230386a2b285734e.cloudfront.net (CloudFront)
age
3332011
x-cache
Hit from cloudfront
content-length
130285
last-modified
Thu, 01 Jul 2021 06:46:57 GMT
server
AmazonS3
etag
"cb21468aa12dbeec433451717358ee84"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
max-age=31556952
x-amz-cf-pop
FRA56-C2
accept-ranges
bytes
x-amz-cf-id
W81BES1FtKUX_iM8UQ_PBeqvPBml4CxrcMafK3F-qUj1YY7wagJiWA==
expires
Fri, 01 Jul 2022 06:46:53 GMT
/
wolfteam.xyz/fbs/
Redirect Chain
  • https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
  • https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
43 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Server
162.0.217.44 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business146-5.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
af58c341dc45bd6c33c0a554c30923175834bbeb37967db5692b84bf04130c38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 01:28:36 GMT
content-encoding
br
x-content-type-options
nosniff
x-powered-by
PHP/7.2.34
vary
Accept-Encoding
content-length
9177
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
LiteSpeed
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload;
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate
x-turbo-charged-by
LiteSpeed
expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date
Fri, 26 Nov 2021 01:28:36 GMT
referrer-policy
no-referrer-when-downgrade
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/html
location
https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
x-xss-protection
1; mode=block
x-turbo-charged-by
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload;
content-length
707
x-content-type-options
nosniff
logo_full_black.png
cf.mailmunch.co/partner/mailmunch/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.mailmunch.co/partner/mailmunch/logo_full_black.png
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-12.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
60615cf3ddf0b34046ce24ba4a0f5a5c352c10a9ae6e03043b93f8e0f5c6b509

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 00:17:12 GMT
Via
1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
Age
7195
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
3019
Last-Modified
Mon, 31 Aug 2020 13:06:57 GMT
Server
AmazonS3
ETag
"9b53f488aacdce3693ba93861ca034cf"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
HEAD, GET, POST, PUT, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
ETag
X-Amz-Cf-Pop
FRA6-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
mowq2idY9ShwKMltNDS7s9GKYYdNOn9eczikCCQN3n8Y4EfDfMXlMA==
/
analytics.mailmunch.co/event/ 		35 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://analytics.mailmunch.co/event/?site_id=936841&document_id=387725&event_name=views&cache=1637890116623&referrer=http%3A%2F%2F480321.myshoptet.com%2Fuser%2Fdocuments%2Fupload%2FFacebooks.html
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
HTTP/1.1
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 01:28:36 GMT
Via
1.1 vegur
Server
Cowboy
X-Powered-By
Express
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
tbmm-v7ExV2.css
static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/tbmm-v7ExV2.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: wolfteam.xyz
URL: https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
kl88ihvTqaW.css
static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/kl88ihvTqaW.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: wolfteam.xyz
URL: https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
Zk78-DQhWlO.css
static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/Zk78-DQhWlO.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: wolfteam.xyz
URL: https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
/
wolfteam.xyz/fbs/location/
Redirect Chain
  • https://wolfteam.xyz/fbs/location
  • https://wolfteam.xyz/fbs/location/
1 KB
839 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wolfteam.xyz/fbs/location/
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Server
162.0.217.44 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business146-5.web-hosting.com
Software
LiteSpeed / PHP/7.2.34
Resource Hash
492e177452644336a270296bc6e93670a6f09b49a705c7b9395ded43672b7d46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 01:28:36 GMT
content-encoding
br
referrer-policy
no-referrer-when-downgrade
server
LiteSpeed
x-powered-by
PHP/7.2.34
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload;
vary
Accept-Encoding
content-length
435
x-content-type-options
nosniff
expires
Fri, 03 Dec 2021 01:28:36 GMT

Redirect headers

date
Fri, 26 Nov 2021 01:28:36 GMT
referrer-policy
no-referrer-when-downgrade
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/html
location
https://wolfteam.xyz/fbs/location/
x-xss-protection
1; mode=block
x-turbo-charged-by
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload;
content-length
707
x-content-type-options
nosniff
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
br
x-content-type-options
nosniff
content-md5
NiMA5zHIsmaYxSYEaw9fHg==
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1027
x-xss-protection
0
x-fb-debug
UZr/V1q++5r3BU+B8FUY8W3H790ZuHC2uLC07c7ishvlw5HRw21jAoI1APj0zHzCc+7hMynOaPgdymEAH/ypeg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Fri, 26 Nov 2021 01:28:36 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-fb-rlafr
0
timing-allow-origin
*
priority
u=3,i
expires
Sat, 12 Nov 2022 01:29:02 GMT
/
whos.amung.us/pingjs/ 		28 B
28 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://whos.amung.us/pingjs/?k=lonelywolf&t=%F0%9F%90%BA%20TEAM%20%F0%9F%90%BA%20WOLF%20%F0%9F%90%BA&x=https://www.lobo.com//watch?v=lonelywolf
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
HTTP/1.1
Server
67.202.94.93 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 01:28:37 GMT
content-encoding
gzip
transfer-encoding
chunked
content-type
text/javascript;charset=UTF-8
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/5NR43BsYs8o.png
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 01:28:36 GMT
x-content-type-options
nosniff
content-md5
zS7nNbuF+qoavNDFbgWDdA==
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1307
x-fb-rlafr
0
x-fb-debug
MjNxQFEc8dU1nbTpMatuX+A2qyDO8P2ZOSbhsB/+2RVNsD3Hy8vv0gtEkrFBFKyPR8OFOnjhWLCMYAqWD8uhOg==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sat, 12 Nov 2022 05:19:59 GMT
lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/lqbz1hqlAFx.png
Requested by
Host: 480321.myshoptet.com
URL: http://480321.myshoptet.com/user/documents/upload/Facebooks.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://480321.myshoptet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 01:28:36 GMT
x-content-type-options
nosniff
content-md5
8kNJ+LeRDyhmr8oF+ZZjoQ==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1364
x-fb-rlafr
0
x-fb-debug
XqGrj8UCFJqRN6EligGcYoiUhT4vRF0B8EOUKy+WjX+lzpx0JL2djJxkZn7Xb4y9DTpE1UbSLKafl/+/fmudKQ==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 25 Nov 2022 01:48:07 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| WebFont function| _classCallCheck function| _inherits function| loadFlatPicker function| loadPlugins function| initDatePicker function| isColorDarkOrLight function| validateRecipient function| addDidYouMeanContent function| checkLeadQualityPermissions function| checkGlobalLeadQualityPermission function| validateEmailTypes function| initializeLoading function| terminateLoading function| removeDidYouMeanContent function| checkDidYouMeanContentUniqueness function| updateSubmitButton function| _createClass function| _get function| Field string| formsDomain string| environment function| EmailField function| TextField function| Checkbox function| Dropdown function| HiddenField function| DateField function| NumberField function| Form function| MMForms string| successUrl string| redirectUrl string| submitUrl string| subscribePixel string| couponsList function| isValidEmail function| fireSubscribePixel function| extractMergeTags object| fonts object| customFonts object| googleFonts object| loadableFonts function| fireEvent boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| __updateOrientation function| checking function| creatingInput function| searchingForms

1 Cookies

Domain/Path Name / Value
480321.myshoptet.com/ Name: SRV_ID
Value: shoptet-www2

3 Console Messages

Source Level URL
Text
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/tbmm-v7ExV2.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/Zk78-DQhWlO.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/kl88ihvTqaW.css?_nc_x=Ij3Wp8lg5Kz
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN