vww-facebook.com.vn - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 188.114.96.9, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is vww-facebook.com.vn.
TLS certificate: Issued by WE1 on September 27th 2024. Valid for: 3 months.

This is the only time vww-facebook.com.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
4	188.114.96.9 188.114.96.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.184.234 142.250.184.234	15169 (GOOGLE) (GOOGLE)
5	2

4 188.114.96.9 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

vww-facebook.com.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	vww-facebook.com.vn vww-facebook.com.vn	7 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 478	31 KB
5	2

	Domain	Requested by
4	vww-facebook.com.vn	vww-facebook.com.vn
1	ajax.googleapis.com	vww-facebook.com.vn
5	2

This site contains no links.

Subject Issuer	Validity	Valid
vww-facebook.com.vn WE1	`2024-09-27` - `2024-12-26`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in
Frame ID: 464B20FA4059AE31BAC29C37C879F27F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nguyễn Ánh Thư

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

38 kB
Transfer

98 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request CalXricPzQ3ys7pVwGO8.html Show response
vww-facebook.com.vn/ 5 KB
3 KB 654ms
616ms Document
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 19a41b6effa9d658d13bd1847e19fc6f0f88ccb88c2538194e2b18fe9e23b030

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8e28e3f3591c0b70-AMS
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Thu, 14 Nov 2024 17:58:35 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rPfm481mh4DPXeYM945U853b%2FCjh7adGbJrUVJX%2F31%2BF7ssedMS7m8qhMk5TXSCKSNWV7oI2nUSuPZZIZk0AuyT3IgXkiYs%2F%2BLg3bb9fZDez%2F31KoZ96cumuEE6JZNcSb6ErdY6R"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=16613&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4145&recv_bytes=4535&delivery_rate=748&cwnd=12000&unsent_bytes=0&cid=dd0fa3d83c20c062&ts=625&x=1" cfHdrFlush;dur=0
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
x-turbo-charged-by: LiteSpeed

GET
H3 200 fbstyle.css
vww-facebook.com.vn/theme/fbweb1/ 3 KB
2 KB 586ms
585ms Stylesheet
text/css 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vww-facebook.com.vn/theme/fbweb1/fbstyle.css
Requested by: Host: vww-facebook.com.vn
URL: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0dcfbe7c04021fdfca0e181c4bc1d53fdeed2a05a99f630fec43fad5766f9af2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in

Response headers

content-encoding: zstd
cf-cache-status: REVALIDATED
etag: W/"b66-65b721e0-3a943c3;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2aT2bWkN9yajvebkyL14XKokEpXDpN2VZDQw20R8xUOdlD99bB1TTUTUOrVQuBmbldwITvfO0Hvf%2FWfMvTRg49OUjasx3XIRpXCmiajm%2FiffyxFu0hy7Q%2BAiaQ8q%2Fei3sjBDFNI6"}],"group":"cf-nel","max_age":604800}
expires: Mon, 11 Nov 2024 22:13:17 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15575&sent=15&recv=13&lost=0&retrans=0&sent_bytes=6896&recv_bytes=5418&delivery_rate=224422&cwnd=12000&unsent_bytes=0&cid=dd0fa3d83c20c062&ts=1218&x=1", cfHdrFlush;dur=0
date: Thu, 14 Nov 2024 17:58:35 GMT
content-type: text/css
last-modified: Mon, 29 Jan 2024 03:56:16 GMT
vary: Accept-Encoding
cache-control: public, max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e28e3f73ec60b70-AMS
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.4/ 88 KB
31 KB 68ms
20ms Script
text/javascript 142.250.184.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js

Requested by

Host: vww-facebook.com.vn
URL: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f10.1e100.net

Software

sffe /

Resource Hash

a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://vww-facebook.com.vn/

Response headers

content-encoding: gzip
age: 25922
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Fri, 14 Nov 2025 10:46:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 10:46:33 GMT
last-modified: Tue, 04 Apr 2023 03:27:01 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31154
x-xss-protection: 0
server: sffe

GET
H3 200 logo.svg
vww-facebook.com.vn/theme/fbweb1/ 2 KB
2 KB 600ms
600ms Image
image/svg+xml 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vww-facebook.com.vn/theme/fbweb1/logo.svg
Requested by: Host: vww-facebook.com.vn
URL: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in

Response headers

content-encoding: zstd
cf-cache-status: REVALIDATED
etag: W/"951-65b7394a-3a943c5;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kq%2FB5HZag04b3O4Namuzn%2FujHiFl5jwjIxvklU4tKi4TROf60wKjJZnHhMQ6Wa8YZghA0VglaeT7J6Hq6JedfEuyk%2Fg9Euo%2F%2F4B5W%2B9oG%2BO38c0WkEhuAjVKKZSK45qf0V8UExIt"}],"group":"cf-nel","max_age":604800}
expires: Mon, 11 Nov 2024 22:13:17 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15218&sent=17&recv=14&lost=0&retrans=0&sent_bytes=8621&recv_bytes=5461&delivery_rate=2965&cwnd=12000&unsent_bytes=0&cid=dd0fa3d83c20c062&ts=1233&x=1", cfHdrFlush;dur=0
date: Thu, 14 Nov 2024 17:58:35 GMT
content-type: image/svg+xml
last-modified: Mon, 29 Jan 2024 05:36:10 GMT
vary: Accept-Encoding
cache-control: public, max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8e28e3f73ece0b70-AMS
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H3 200 favicon.ico
vww-facebook.com.vn/ 0
727 B 593ms
593ms Other
text/html 188.114.96.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vww-facebook.com.vn/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in

Response headers

content-encoding: zstd
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XG74AlCYKR4%2B4gKnQv8miQVUpPuRt2rmPzp58%2B4zeSbrE6siDgiAQo2YUEtquJO%2BPjD0ZUf9Dyk6TAT%2BuiULwaPdUFvwmTtI%2B%2BKY%2B1MwmG%2BvvgvHVW9oMCGzt4NaIQGxMA5h1YWJ"}],"group":"cf-nel","max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14821&sent=20&recv=16&lost=0&retrans=0&sent_bytes=10507&recv_bytes=5934&delivery_rate=154672&cwnd=12000&unsent_bytes=0&cid=dd0fa3d83c20c062&ts=1862&x=1", cfHdrFlush;dur=0
date: Thu, 14 Nov 2024 17:58:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 8e28e3fb3c490b70-AMS
x-turbo-charged-by: LiteSpeed
x-powered-by: PHP/7.4.33
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Login

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vww-facebook.com.vn/	1969-12-31 23:59:59	Name: PHPSESSID Value: qp6saamdeqlj7oo8mvhpdpsu2f

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://vww-facebook.com.vn/CalXricPzQ3ys7pVwGO8.html?G3B0aNbZT8=5xngE6OX2RtISor&fin=s_in Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
vww-facebook.com.vn
142.250.184.234
188.114.96.9
0dcfbe7c04021fdfca0e181c4bc1d53fdeed2a05a99f630fec43fad5766f9af2
19a41b6effa9d658d13bd1847e19fc6f0f88ccb88c2538194e2b18fe9e23b030
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

vww-facebook.com.vn Open in urlscan Pro 188.114.96.9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

38 kBTransfer

98 kBSize

1 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

vww-facebook.com.vn Open in urlscan Pro
188.114.96.9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

38 kB
Transfer

98 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!