facebook-acc.fornews.me Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

URL: http://facebook-acc.fornews.me/
Submission: On April 24 via api from CA — Scanned from NL

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 19 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is facebook-acc.fornews.me.
This is the only time facebook-acc.fornews.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

IP Address AS Autonomous System
6 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 194.233.79.216 141995 (CAPL-AS-A...)
1 139.180.157.226 20473 (AS-CHOOPA)
1 149.28.138.212 20473 (AS-CHOOPA)
7 34.102.176.152 396982 (GOOGLE-CL...)
19 8
Apex Domain
Subdomains
Transfer
7 wixstatic.com
static.wixstatic.com — Cisco Umbrella Rank: 6267
99 KB
6 fornews.me
facebook-acc.fornews.me
309 KB
1 jmkp.co.id
www.jmkp.co.id
42 KB
1 syifajayaenergy.co.id
syifajayaenergy.co.id
275 KB
1 mbahguru.co.id
mbahguru.co.id
87 KB
1 gstatic.com
fonts.gstatic.com
8 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 344
6 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 119
1 KB
19 8
Domain Requested by
7 static.wixstatic.com
6 facebook-acc.fornews.me facebook-acc.fornews.me
1 www.jmkp.co.id
1 syifajayaenergy.co.id
1 mbahguru.co.id
1 fonts.gstatic.com fonts.googleapis.com
1 cdnjs.cloudflare.com facebook-acc.fornews.me
1 fonts.googleapis.com facebook-acc.fornews.me
19 8

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3
2023-04-03 -
2023-06-26
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-04-03 -
2023-06-26
3 months crt.sh
mbahguru.co.id
R3
2023-04-22 -
2023-07-21
3 months crt.sh
syifajayaenergy.co.id
R3
2023-04-16 -
2023-07-15
3 months crt.sh
jmkp.co.id
R3
2023-03-06 -
2023-06-04
3 months crt.sh
*.wixstatic.com
Sectigo RSA Domain Validation Secure Server CA
2023-03-05 -
2023-09-01
6 months crt.sh

This page contains 1 frames:

Primary Page: http://facebook-acc.fornews.me/
Frame ID: 1E4CA1C776B9DBF1169C0437EE080D24
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Mango Live

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

19
Requests

68 %
HTTPS

50 %
IPv6

8
Domains

8
Subdomains

8
IPs

3
Countries

829 kB
Transfer

1491 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
facebook-acc.fornews.me/
487 B
1 KB
Document
General
Full URL
http://facebook-acc.fornews.me/
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18b9b037811462faf3d8c7988f0fc254a8d7c7506b89d5738d6ba9114641ffad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
7bcea8feabbc0c8d-AMS
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 24 Apr 2023 13:23:19 GMT
Last-Modified
Sat, 22 Oct 2022 00:26:58 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nLm72vdngjxI1B304w0pOkg%2BwIngcVDhiNuKSTFY3i9kUToxXDtPa8IgJUz4HLqK3bICQTd%2B5QYOLwfRjSvdWXHAFi1zNsYamd9sp79QSk6FC%2BwFmKPyTIlPC18oXucukP8nx2S1AAJviaAw5Qz%2FYh6j7haREQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
index.e6c00783.js
facebook-acc.fornews.me/assets/
673 KB
200 KB
Script
General
Full URL
http://facebook-acc.fornews.me/assets/index.e6c00783.js
Requested by
Host: facebook-acc.fornews.me
URL: http://facebook-acc.fornews.me/
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94788b4753dfe4bd67266f5702bc0488fbf05f979addd2c04ef76efb9a34cbad

Request headers

Referer
http://facebook-acc.fornews.me/
Origin
http://facebook-acc.fornews.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Mon, 24 Apr 2023 13:23:20 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Sat, 22 Oct 2022 00:26:58 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A67qe%2FOeWBfCFDLkLvMmAd2fkmZ%2B6v4qBxcmfZmbLWTmRYW65UWUWxfZlUyYMwm5U4Y%2BmM0XPsdRtrJh26cqdjrQNCrb0JrheZJAjoS6Tzsu4v5rDy60FLCkumxFcHZqT9aXqy1gJyQp7FD3a%2FNB6bBqyTIwiA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
7bcea9012cd70c8d-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
index.85530def.css
facebook-acc.fornews.me/assets/
40 KB
11 KB
Stylesheet
General
Full URL
http://facebook-acc.fornews.me/assets/index.85530def.css
Requested by
Host: facebook-acc.fornews.me
URL: http://facebook-acc.fornews.me/
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85530defde2a1663d742bee2f909764d3c326c9bd66c1dbdb203e619e801b5a4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Mon, 24 Apr 2023 13:23:20 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Sat, 22 Oct 2022 00:26:58 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yu0jlwFvVtB7rKhdXQ6if5mmOj9imb%2F0xqBS2duELhhwGgVtw9g3Ha82Fedo9e%2FCxIev1iIeelFJm%2F51HvLSrl1Uh1DR2vjyu0v0Cwn%2FSpHzpQYzh%2BxHy4OpnPjwUBAYInSLkuFbYbDWRaGFOg8fdZN2f2adlg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
7bcea9015835b75b-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
css2
fonts.googleapis.com/
3 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap
Requested by
Host: facebook-acc.fornews.me
URL: http://facebook-acc.fornews.me/assets/index.85530def.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aaf91d71be6d13f30d318c24fbbe2ff7e7609f982088f1c9534383ff20959311
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 24 Apr 2023 13:23:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 24 Apr 2023 12:55:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 24 Apr 2023 13:23:20 GMT
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/
30 KB
6 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: facebook-acc.fornews.me
URL: http://facebook-acc.fornews.me/assets/index.85530def.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 13:23:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
929418
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MroWEABUQuWTv0whUhyBiRM1FKDhmIkjMdkDG50TBpWHa2w7I2DVfB%2BXHOhZg6r1ERgFKFTJQgl59N9OH1vigudnXTZ4RkfOjBFwwcl9xqfX677pNu3Aj0hshcZDN5uMNuerp5zuBXjXTzrscZHKEy9u"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7bcea9059ca606d4-AMS
expires
Sat, 13 Apr 2024 13:23:20 GMT
Index.1166647c.js
facebook-acc.fornews.me/assets/
191 KB
63 KB
Script
General
Full URL
http://facebook-acc.fornews.me/assets/Index.1166647c.js
Requested by
Host: facebook-acc.fornews.me
URL: http://facebook-acc.fornews.me/assets/index.e6c00783.js
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bf3a1ce7b1773935eebc7da337c80aa82a1cf1693f11789a88838365cdc781b

Request headers

Referer
Origin
http://facebook-acc.fornews.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Mon, 24 Apr 2023 13:23:22 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Sat, 22 Oct 2022 00:26:58 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRV2A2nImbB22mc49OIFVSx%2FF5pjqRQRXFLV3ocRU8frVUSMd85m%2BRo%2Fa14u2CX94yJB3%2BpshPRzlHDNrsrgqBxMr1mkOEI2TCUs4%2F3pHTIM061fEFNubjFwMu6sIsjHDlwW%2FVfi%2FSnSk9bYoLBpZZj62PUSOg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
7bcea909c9e50c8d-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Index.14d39171.css
facebook-acc.fornews.me/assets/
13 KB
5 KB
Stylesheet
General
Full URL
http://facebook-acc.fornews.me/assets/Index.14d39171.css
Requested by
Host: facebook-acc.fornews.me
URL: http://facebook-acc.fornews.me/assets/index.e6c00783.js
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14d39171841cf7d848ae41e705f797f93721e7c78562367e514a0875536180bb

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Mon, 24 Apr 2023 13:23:21 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Sat, 22 Oct 2022 00:26:58 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fpwjcgcWYk119RLid%2BQ1SzFey04mItNJJrEgk26n5sxRGdT6WzpVHVJIEtsSFa76PGgcLnIQrnwmk6hH3BNJbdM2fN%2FthJMMEi7adFQv%2BGei0jC5Y6gNnTivP0tTEaSZq85tvqsFShg39fIziy5si70BaYTq%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
7bcea909c91cb75b-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://facebook-acc.fornews.me
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 18:01:47 GMT
x-content-type-options
nosniff
age
156095
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7884
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Apr 2024 18:01:47 GMT
Mango-live.png
mbahguru.co.id/wp-content/uploads/2020/08/
87 KB
87 KB
Image
General
Full URL
https://mbahguru.co.id/wp-content/uploads/2020/08/Mango-live.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.233.79.216 , Singapore, ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG),
Reverse DNS
vmi844959.contaboserver.net
Software
nginx /
Resource Hash
3bfad49db0c0ef78285e189e38e1b294945fa194346f2b400b1a6b5cdd705841
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 13:23:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Tue, 04 Aug 2020 20:02:06 GMT
server
nginx
content-encoding
gzip
etag
W/"5f29bebe-15b1f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000
x-xss-protection
1; mode=block
expires
Tue, 23 Apr 2024 13:23:56 GMT
mango-live-mod-apk.png
syifajayaenergy.co.id/wp-content/uploads/2021/11/
276 KB
275 KB
Image
General
Full URL
https://syifajayaenergy.co.id/wp-content/uploads/2021/11/mango-live-mod-apk.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.180.157.226 , Singapore, ASN20473 (AS-CHOOPA, US),
Reverse DNS
139.180.157.226.vultrusercontent.com
Software
nginx /
Resource Hash
3eab4a10e908868003708d08a94108aef185ee0127d0cc679230200463525e0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 13:23:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 25 Nov 2021 19:50:16 GMT
server
nginx
content-encoding
gzip
etag
W/"619fe8f8-45195"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000
x-xss-protection
1; mode=block
expires
Tue, 23 Apr 2024 13:23:23 GMT
Title-VIP.jpg
www.jmkp.co.id/wp-content/uploads/2022/05/
42 KB
42 KB
Image
General
Full URL
https://www.jmkp.co.id/wp-content/uploads/2022/05/Title-VIP.jpg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.28.138.212 , Singapore, ASN20473 (AS-CHOOPA, US),
Reverse DNS
149.28.138.212.vultrusercontent.com
Software
Apache/2.4.56 (Debian) /
Resource Hash
b938c466b97b0a4321790b911f9a5f42d670c527673cca14fab1b911306ca06a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Mon, 24 Apr 2023 13:23:25 GMT
Last-Modified
Sun, 05 Jun 2022 16:38:10 GMT
Server
Apache/2.4.56 (Debian)
Vary
Accept-Encoding
Content-Type
image/jpeg
Cache-Control
max-age=10368000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
42912
Expires
Tue, 22 Aug 2023 13:23:25 GMT
66f76d_2209da23e70b4a7ab8cc16c5669c973c~mv2.webp
static.wixstatic.com/media/
7 KB
7 KB
Image
General
Full URL
https://static.wixstatic.com/media/66f76d_2209da23e70b4a7ab8cc16c5669c973c~mv2.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
de8cd4304b473d3d93a5ff1c78261a41cec46de9682708525e767409831e56d0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires
Sat, 22 Apr 2023 15:52:17 GMT
date
Sat, 22 Apr 2023 14:52:17 GMT
via
1.1 google
age
167465
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7208
last-modified
Wed, 12 Oct 2022 13:26:41 GMT
server
openresty/1.21.4.1
etag
"b0592c308313e785cdb6e3193754c663"
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=15552000, immutable
accept-ranges
bytes
timing-allow-origin
*
x-seen-by
gcp.us-central-1.media-router-77bc6f7769-mng2t
66f76d_9e5f0ad86f6942048a7b13596c52fc66~mv2.webp
static.wixstatic.com/media/
5 KB
5 KB
Image
General
Full URL
https://static.wixstatic.com/media/66f76d_9e5f0ad86f6942048a7b13596c52fc66~mv2.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
32660cf5cc2e349feab1398204e85db9db84e8a1623723411ed36915a60bb74b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires
Mon, 24 Apr 2023 14:23:22 GMT
date
Mon, 24 Apr 2023 13:23:22 GMT
via
1.1 google
last-modified
Wed, 12 Oct 2022 13:26:41 GMT
server
openresty/1.21.4.1
etag
"5ba09667102a09a1b90a31a08dfac0d9"
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=15552000, immutable
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5188
x-seen-by
gcp.us-central-1.media-router-77bc6f7769-59x22
66f76d_e34c85c296c245e09d26fdda290e23ca~mv2.webp
static.wixstatic.com/media/
6 KB
6 KB
Image
General
Full URL
https://static.wixstatic.com/media/66f76d_e34c85c296c245e09d26fdda290e23ca~mv2.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
c2acc96a9bf1c63d8a3eed8f76025c3295f6f15c5c521c91afcc9cbb6ac854e1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires
Mon, 24 Apr 2023 14:23:22 GMT
date
Mon, 24 Apr 2023 13:23:22 GMT
via
1.1 google
last-modified
Wed, 12 Oct 2022 13:26:41 GMT
server
openresty/1.21.4.1
etag
"8728a1f91dd63c373de1ee506ace24a0"
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=15552000, immutable
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5934
x-seen-by
gcp.us-central-1.media-router-77bc6f7769-mv2x7
310739104_434727565465648_2887968557010782041_n.jpg
static.wixstatic.com/media/66f76d_9ac1d21b0c83451786c7fea3ff362793~mv2.jpg/v1/crop/x_0,y_44,w_262,h_268/fill/w_161,h_165,al_c,q_80,usm_0.66_1.00_0.01,enc_auto/
5 KB
5 KB
Image
General
Full URL
https://static.wixstatic.com/media/66f76d_9ac1d21b0c83451786c7fea3ff362793~mv2.jpg/v1/crop/x_0,y_44,w_262,h_268/fill/w_161,h_165,al_c,q_80,usm_0.66_1.00_0.01,enc_auto/310739104_434727565465648_2887968557010782041_n.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
e107308594e0274ca3dc1608d20663828f1fabcc41640ad86e365955f349a5b7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 13:23:22 GMT
via
1.1 google
server
openresty/1.21.4.1
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=15552000, immutable
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
wix-tracer
2OsHvtBLH0JleoIIt2UvGwqRvVY
content-length
5234
x-seen-by
image-manipulator-54fd5c7947-vr9md
66f76d_0953142b81344b888d3352c6e052050f~mv2.webp
static.wixstatic.com/media/
55 KB
55 KB
Image
General
Full URL
https://static.wixstatic.com/media/66f76d_0953142b81344b888d3352c6e052050f~mv2.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
585ef023149c6f06656e0727e2feed0ea62bd099564042832d22f1bff290a25d

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires
Sat, 22 Apr 2023 15:52:17 GMT
date
Sat, 22 Apr 2023 14:52:17 GMT
via
1.1 google
age
167465
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56558
last-modified
Wed, 12 Oct 2022 13:26:54 GMT
server
openresty/1.21.4.1
etag
"163786a516021975c325605e6d2866d7"
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=15552000, immutable
accept-ranges
bytes
timing-allow-origin
*
x-seen-by
gcp.us-central-1.media-router-77bc6f7769-sbtd6
66f76d_4f440aa6a8604dfd9ec49976c897a59a~mv2.webp
static.wixstatic.com/media/
13 KB
13 KB
Image
General
Full URL
https://static.wixstatic.com/media/66f76d_4f440aa6a8604dfd9ec49976c897a59a~mv2.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
a528e46ea92d5fa601b443b79bb8f63eb476e910a7b1849704c2b1708e4455cb

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires
Mon, 24 Apr 2023 14:23:22 GMT
date
Mon, 24 Apr 2023 13:23:22 GMT
via
1.1 google
last-modified
Wed, 12 Oct 2022 13:26:54 GMT
server
openresty/1.21.4.1
etag
"cb12a83a4d290a6d7164ded9b0429c04"
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=15552000, immutable
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13660
x-seen-by
gcp.us-central-1.media-router-77bc6f7769-nn92f
fb.092a3cd5.png
facebook-acc.fornews.me/assets/
28 KB
29 KB
Image
General
Full URL
http://facebook-acc.fornews.me/assets/fb.092a3cd5.png
Protocol
HTTP/1.1
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Mon, 24 Apr 2023 13:23:25 GMT
CF-Cache-Status
MISS
Last-Modified
Sat, 22 Oct 2022 00:26:58 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=clr0%2FbUBXIHun49IyV8u8Ufm91iPt8gn4K%2FfZUvWioovXipDFT2%2FEQpf5IsBlNfA7Gx0JcW9Q4uFm3998uD1a%2FwQFOt%2B29v650%2B%2FWUkNtdKi3M4yp6y8qV67Qx3GlQXUHHXOWJ82W%2FGZHkpBLBVGy95sIZqTUg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
7bcea9110df70c8d-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
28789
Live%20Streaming.png
static.wixstatic.com/media/66f76d_d0a5990f0e934542bf9919cbd7f46e3f~mv2.png/v1/fill/w_152,h_114,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/
6 KB
7 KB
Image
General
Full URL
https://static.wixstatic.com/media/66f76d_d0a5990f0e934542bf9919cbd7f46e3f~mv2.png/v1/fill/w_152,h_114,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/Live%20Streaming.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.176.152 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
152.176.102.34.bc.googleusercontent.com
Software
openresty/1.21.4.1 /
Resource Hash
e96724d67ae9f3f78185fda74c4c881fa056d95c31fc9b5dac5241e05f2f99df

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://facebook-acc.fornews.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 13:23:22 GMT
via
1.1 google
server
openresty/1.21.4.1
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=15552000, immutable
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
wix-tracer
2OsHvuif8psdgcC2F8mw54BTTay
content-length
6578
x-seen-by
image-manipulator-54fd5c7947-k5fxk

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| vttjs function| WebVTT boolean| __VUE__

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
facebook-acc.fornews.me
fonts.googleapis.com
fonts.gstatic.com
mbahguru.co.id
static.wixstatic.com
syifajayaenergy.co.id
www.jmkp.co.id
139.180.157.226
149.28.138.212
194.233.79.216
2606:4700::6811:190e
2a00:1450:4001:810::2003
2a00:1450:4001:830::200a
2a06:98c1:3120::3
34.102.176.152
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
14d39171841cf7d848ae41e705f797f93721e7c78562367e514a0875536180bb
18b9b037811462faf3d8c7988f0fc254a8d7c7506b89d5738d6ba9114641ffad
32660cf5cc2e349feab1398204e85db9db84e8a1623723411ed36915a60bb74b
3bfad49db0c0ef78285e189e38e1b294945fa194346f2b400b1a6b5cdd705841
3eab4a10e908868003708d08a94108aef185ee0127d0cc679230200463525e0a
585ef023149c6f06656e0727e2feed0ea62bd099564042832d22f1bff290a25d
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
85530defde2a1663d742bee2f909764d3c326c9bd66c1dbdb203e619e801b5a4
8bf3a1ce7b1773935eebc7da337c80aa82a1cf1693f11789a88838365cdc781b
94788b4753dfe4bd67266f5702bc0488fbf05f979addd2c04ef76efb9a34cbad
a528e46ea92d5fa601b443b79bb8f63eb476e910a7b1849704c2b1708e4455cb
aaf91d71be6d13f30d318c24fbbe2ff7e7609f982088f1c9534383ff20959311
b938c466b97b0a4321790b911f9a5f42d670c527673cca14fab1b911306ca06a
c2acc96a9bf1c63d8a3eed8f76025c3295f6f15c5c521c91afcc9cbb6ac854e1
de8cd4304b473d3d93a5ff1c78261a41cec46de9682708525e767409831e56d0
e107308594e0274ca3dc1608d20663828f1fabcc41640ad86e365955f349a5b7
e96724d67ae9f3f78185fda74c4c881fa056d95c31fc9b5dac5241e05f2f99df