violation-activity-page.ml Open in urlscan Pro
2400:cb00:2048:1::681c:1bac Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://violation-activity-page.ml/wrong.html
Submission: On August 31 via automatic, source openphish (August 31st 2018, 9:33:06 pm UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 2400:cb00:2048:1::681c:1bac, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is violation-activity-page.ml.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on August 31st 2018. Valid for: 6 months.

This is the only time violation-activity-page.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1	2400:cb00:204... 2400:cb00:2048:1::681c:1bac	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
8	3

1 2400:cb00:2048:1::681c:1bac (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

violation-activity-page.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	fbcdn.net static.xx.fbcdn.net	196 KB
1	facebook.com facebook.com	1013 B
1	violation-activity-page.ml violation-activity-page.ml	6 KB
8	3

	Domain	Requested by
6	static.xx.fbcdn.net	violation-activity-page.ml
1	facebook.com	violation-activity-page.ml
1	violation-activity-page.ml
8	3

This site contains no links.

Subject Issuer	Validity	Valid
sni187114.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-08-31` - `2019-03-09`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://violation-activity-page.ml/wrong.html
Frame ID: 79CF7BE90069C67D04E03461597615C5
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

203 kB
Transfer

620 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request wrong.html Show response
violation-activity-page.ml/ 21 KB
6 KB 278ms
255ms Document
text/html 2400:cb00:2048:1::681c:1bac
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://violation-activity-page.ml/wrong.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2400:cb00:2048:1::681c:1bac , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25c17176adb6552cdcfda08e1def0a951ba4ab0f501b25c9a14f0bb47c545be2

Request headers

:method: GET
:authority: violation-activity-page.ml
:scheme: https
:path: /wrong.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 79CF7BE90069C67D04E03461597615C5

Response headers

status: 200
date: Fri, 31 Aug 2018 21:32:51 GMT
content-type: text/html
set-cookie: __cfduid=d7a39b792e4f5898abceaf0c7aeb951151535751171; expires=Sat, 31-Aug-19 21:32:51 GMT; path=/; domain=.violation-activity-page.ml; HttpOnly; Secure
last-modified: Thu, 26 Jul 2018 19:02:38 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 45329cb359b36511-FRA
content-encoding: gzip

GET
S 200 _p46hdzQL-L.css
static.xx.fbcdn.net/rsrc.php/v3/yq/l/0,cross/ 90 KB
22 KB 18ms
6ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yq/l/0,cross/_p46hdzQL-L.css

Requested by

Host: violation-activity-page.ml
URL: https://violation-activity-page.ml/wrong.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

4e95def789e9b673d7b1ddb9052acc0a3ad5669e2b8b03f6fe930ec90bc50d6e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://violation-activity-page.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Nov8IPgYnDxtGgEt7nKEig==
status: 200
content-length: 21480
x-xss-protection: 0
x-fb-debug: /VS6H+Ns86yRa20wTOVxo6vrramhkF7GM33Gl3er5ldM5q+eDbVBvH4iXgJr1eyrvFMFde5nrJNpD9wJrdnYKw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Fri, 31 Aug 2018 21:32:51 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 25 Aug 2019 14:16:15 GMT

GET
S 200 5Fyktx2AyVZ.css
static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/ 11 KB
3 KB 18ms
7ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/5Fyktx2AyVZ.css

Requested by

Host: violation-activity-page.ml
URL: https://violation-activity-page.ml/wrong.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

906e2571b6c27afc6840bac557421f26dc5797b91781f298f3307ebf5e45b8d0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://violation-activity-page.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Dv2v0jcbYTD/9H15B2gngQ==
status: 200
content-length: 2683
x-xss-protection: 0
x-fb-debug: xPlJNmGXk1QfLCtUhhO2vWbaI7EmGn/G8vMP42GCCVvr2N7kLEB27JQo4LOGG1/1kdzGJdQitgPg6Bi7PUMR1g==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Fri, 31 Aug 2018 21:32:51 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 27 Aug 2019 21:18:02 GMT

GET
S 200 HiFZrOv7w3y.js Show response
static.xx.fbcdn.net/rsrc.php/v3inLb4/y7/l/en_GB/ 372 KB
109 KB 18ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3inLb4/y7/l/en_GB/HiFZrOv7w3y.js

Requested by

Host: violation-activity-page.ml
URL: https://violation-activity-page.ml/wrong.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

e05901cf560ac394963e264cb703c59a3a58e4ad6e5c6bcbbf442b503d498c52

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://violation-activity-page.ml/
Origin: https://violation-activity-page.ml

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ggByRLUDeq456AYD9pFMvQ==
status: 200
content-length: 110913
x-xss-protection: 0
x-fb-debug: URzGizuDaBCuO/82dT6B8DlAg1tQkmxu7vbLd+afEEwSXfot8cSbU8qLpDsWn+IZ3IsHao+ESwcGzBiHCBsc4Q==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Fri, 31 Aug 2018 21:32:51 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Aug 2019 18:31:08 GMT

GET
S 200 hsts-pixel.gif
facebook.com/security/ 43 B
1013 B 41ms
30ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://facebook.com/security/hsts-pixel.gif

Requested by

Host: violation-activity-page.ml
URL: https://violation-activity-page.ml/wrong.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://violation-activity-page.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: no-cache
x-fb-debug: qa3UJc4ES7kzzC6POdLr5ORdPQSeYG8H3K+aWzerk71cjSghAo9fh+MeYWIw18sJ6R9zZfCl7vUPD+oKukzSPg==
x-frame-options: DENY
date: Fri, 31 Aug 2018 21:32:51 GMT
expect-ct: max-age=86400, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 2h080_r2TnN.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ 45 KB
16 KB 11ms
11ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/2h080_r2TnN.js

Requested by

Host: violation-activity-page.ml
URL: https://violation-activity-page.ml/wrong.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

e02f47138ef880a62e34b92ceec98b9ba8c90512338c50c48d2a2e361f114675

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://violation-activity-page.ml/
Origin: https://violation-activity-page.ml

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 44sipEP4ZHfiIuzAlmeMWw==
status: 200
content-length: 15796
x-xss-protection: 0
x-fb-debug: tMoHMBH1IE9i+8otVNQFkIqLEgxWOum8PhJ70Hl4d7GKu+KTxwbfon5zTB9z4P9zU/L87He3J1+UApEg1XXhXQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Fri, 31 Aug 2018 21:32:51 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 25 Aug 2019 14:16:15 GMT

GET
S 200 WdKuQF-6lcA.js Show response
static.xx.fbcdn.net/rsrc.php/v3i41C4/yt/l/en_GB/ 55 KB
19 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i41C4/yt/l/en_GB/WdKuQF-6lcA.js

Requested by

Host: violation-activity-page.ml
URL: https://violation-activity-page.ml/wrong.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

d9574de096cd80abaa019ba29a1dbafa5c317d4d5b4d2a9932117bd4bb5e590e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://violation-activity-page.ml/
Origin: https://violation-activity-page.ml

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 7WuRTg3mfYyqkvFaKVuKxw==
status: 200
content-length: 18912
x-xss-protection: 0
x-fb-debug: wilCeXk31tRNh4B/zQ1AFw9mG6sQYWyIkiLVDodbGHtejFPOWysfReJkRzYswzRLxslSWFJvmrGUqLFeWDHttQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Fri, 31 Aug 2018 21:32:51 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Aug 2019 19:07:09 GMT

GET
S 200 7IsmKXzeWpQ.png
static.xx.fbcdn.net/rsrc.php/v3/yy/r/ 27 KB
28 KB 7ms
6ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/7IsmKXzeWpQ.png

Requested by

Host: violation-activity-page.ml
URL: https://violation-activity-page.ml/wrong.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

ae127952c345cb89ae93585bc66dc06ce20d683aa6948be2e490a285ea6a09fe

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yq/l/0,cross/_p46hdzQL-L.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fb-debug: rKj6+jPuygvYJdWNehypbWSczjQjCj4n1sViHj5Tc354gSwfT5MuOzzUq0Q60sWiVpOojUQn0jqYwaO7D8bapQ==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: cYCog8Odtq+FpXuzhqkVeA==
date: Fri, 31 Aug 2018 21:32:51 GMT
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
timing-allow-origin: *
content-length: 27990
x-xss-protection: 0
expires: Sun, 25 Aug 2019 16:53:17 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.violation-activity-page.ml/	1970-01-19 03:21:27	Name: __cfduid Value: d7a39b792e4f5898abceaf0c7aeb951151535751171

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
static.xx.fbcdn.net
violation-activity-page.ml
2400:cb00:2048:1::681c:1bac
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
25c17176adb6552cdcfda08e1def0a951ba4ab0f501b25c9a14f0bb47c545be2
4e95def789e9b673d7b1ddb9052acc0a3ad5669e2b8b03f6fe930ec90bc50d6e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
906e2571b6c27afc6840bac557421f26dc5797b91781f298f3307ebf5e45b8d0
ae127952c345cb89ae93585bc66dc06ce20d683aa6948be2e490a285ea6a09fe
d9574de096cd80abaa019ba29a1dbafa5c317d4d5b4d2a9932117bd4bb5e590e
e02f47138ef880a62e34b92ceec98b9ba8c90512338c50c48d2a2e361f114675
e05901cf560ac394963e264cb703c59a3a58e4ad6e5c6bcbbf442b503d498c52

violation-activity-page.ml Open in urlscan Pro 2400:cb00:2048:1::681c:1bac Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

203 kBTransfer

620 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

1 Cookies

Indicators

violation-activity-page.ml Open in urlscan Pro
2400:cb00:2048:1::681c:1bac Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

203 kB
Transfer

620 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!