facebook-com-account-login-verify-please-login-to-continue.reactto.me
Open in
urlscan Pro
2606:4700:3032::681c:7d4
Malicious Activity!
Public Scan
Effective URL: https://facebook-com-account-login-verify-please-login-to-continue.reactto.me/
Submission Tags: 6724962
Submission: On August 09 via api from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 7th 2020. Valid for: a year.
This is the only time facebook-com-account-login-verify-please-login-to-continue.reactto.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 2606:4700:303... 2606:4700:3032::681c:7d4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
21 | 3 |
ASN13335 (CLOUDFLARENET, US)
facebook-com-account-login-verify-please-login-to-continue.reactto.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
fbcdn.net
static.xx.fbcdn.net |
352 KB |
5 |
reactto.me
1 redirects
facebook-com-account-login-verify-please-login-to-continue.reactto.me |
122 KB |
1 |
facebook.com
facebook.com |
799 B |
21 | 3 |
Domain | Requested by | |
---|---|---|
16 | static.xx.fbcdn.net |
facebook-com-account-login-verify-please-login-to-continue.reactto.me
static.xx.fbcdn.net |
5 | facebook-com-account-login-verify-please-login-to-continue.reactto.me |
1 redirects
static.xx.fbcdn.net
|
1 | facebook.com |
facebook-com-account-login-verify-please-login-to-continue.reactto.me
|
21 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-07 - 2021-08-07 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-07-21 - 2020-10-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://facebook-com-account-login-verify-please-login-to-continue.reactto.me/
Frame ID: 4A658BC88023E6EBD8A622A6359295C8
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://facebook-com-account-login-verify-please-login-to-continue.reactto.me/
HTTP 301
https://facebook-com-account-login-verify-please-login-to-continue.reactto.me/ Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://facebook-com-account-login-verify-please-login-to-continue.reactto.me/
HTTP 301
https://facebook-com-account-login-verify-please-login-to-continue.reactto.me/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
facebook-com-account-login-verify-please-login-to-continue.reactto.me/ Redirect Chain
|
146 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8y13FsTMRo5.css
static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/ |
67 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CEI1v4fMXk3.css
static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oHY3xFhiNuh.js
static.xx.fbcdn.net/rsrc.php/v3/yW/r/ |
224 KB 58 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
facebook.com/security/ |
43 B 799 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Dbcy_MQFBjF.js
static.xx.fbcdn.net/rsrc.php/v3/ym/r/ |
90 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IMsLMO8AtfR.js
static.xx.fbcdn.net/rsrc.php/v3i9Xz4/ys/l/en_GB/ |
101 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dHQyogm9_lp.js
static.xx.fbcdn.net/rsrc.php/v3iooI4/yY/l/en_GB/ |
75 KB 23 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Ho7IpEoe3xB.js
static.xx.fbcdn.net/rsrc.php/v3/yR/r/ |
24 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__9198r-lEO.js
static.xx.fbcdn.net/rsrc.php/v3iN6O4/yb/l/en_GB/ |
31 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fq2mkRT12mf.js
static.xx.fbcdn.net/rsrc.php/v3/y1/r/ |
97 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
H-jikb57W1u.png
static.xx.fbcdn.net/rsrc.php/v3/yL/r/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2Vvphl5S0Xa.js
static.xx.fbcdn.net/rsrc.php/v3/yj/r/ |
19 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NyGGAtDjLKJ.js
static.xx.fbcdn.net/rsrc.php/v3/yk/r/ |
81 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Q7NTDv3mkl_.js
facebook-com-account-login-verify-please-login-to-continue.reactto.me/ |
95 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lN7lq9VgPIV.js
static.xx.fbcdn.net/rsrc.php/v3ilqt4/yG/l/en_GB/ |
45 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RVVTk5-WR9l.js
static.xx.fbcdn.net/rsrc.php/v3iLQG4/ye/l/en_GB/ |
36 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6KqFq7q8hV0.js
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
bz
facebook-com-account-login-verify-please-login-to-continue.reactto.me/a/ |
146 KB 32 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
bz
facebook-com-account-login-verify-please-login-to-continue.reactto.me/a/ |
146 KB 32 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
H-jikb57W1u.png
static.xx.fbcdn.net/rsrc.php/v3/yL/r/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| envFlush object| Env number| __DEV__ undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer object| ErrorGuard object| ErrorUtils function| CavalryLogger function| __updateOrientation object| TimeSlice function| ProfilingCounters function| now_inl object| bigPipe object| MAjaxify string| _script_path function| __fbNativeSetTimeout function| __fbNativeClearTimeout function| __fbNativeSetInterval function| __fbNativeClearInterval function| __fbNativeRequestAnimationFrame function| __fbNativeCancelAnimationFrame3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.facebook-com-account-login-verify-please-login-to-continue.reactto.me/ | Name: wd Value: 1600x1200 |
|
facebook-com-account-login-verify-please-login-to-continue.reactto.me/ | Name: PHPSESSID Value: galop54mcb90pqhost5vcl8dvl |
|
.reactto.me/ | Name: __cfduid Value: d64f27a63a8e892303fa2faf519c76ea41596938725 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0; includeSubDomains |
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
facebook-com-account-login-verify-please-login-to-continue.reactto.me
facebook.com
static.xx.fbcdn.net
2606:4700:3032::681c:7d4
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
193c2114c0a8b50df559a1037c75d0b14a7722be8961f6f0662ba13b4ec74be9
25a5848441128f9f56f5ee0fa78f9925a3e0c81ce87c70bcdb2522ab6fcfb905
3462af6c03a2a0af90a466b4df7fd0ec149c83f16d26a4541b2b7defd765e80a
3aeb9926e1253074a5477e7c00bbe4edf208fbffa19b7c74990ed661567b496f
3e15db1e79c5943a6331ed52de56d0bcdda3b3335d2d895152bfb637073bd613
3ff79ba87c9c315159df54aa2b4b9566e19779ee791423f8e2ef651584dfd0c8
4ed7bd06929c54d0b4c28d424ee1c7574373b369bfe28b3d84680e06df1d6d25
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5839d77ac3bf7735b090b9848cb1823387ae00ab6667b739eb8f3d4d84516e25
5a16bbb6833b777be0551f5d739ca3f29f6cf6ae6b074802416be3748c114cf4
7339520b7bda797bd42d2375322b5848148a1209e640b0fa0ef0293d615db066
ae98c31e694aa135f3e8123fc870c277df3747ea7de2e85fa34a2ce048632f4f
b4c7cba1eae5b7cee08d80c767ec16c738ca421c6d163bb81efc48423861bb09
c5533cdc876cbe0ede8f7cc87d44bc4baccf9c4a29e5f5d9f844214504448276
c70b7bcea7c55d0f6ac26d7f03d75257eba7346c6082d2d80cd02ea1e3984ce3
d4f79431a934e454752c6b7592d96778122c9408a2198e2cd27f00bd96a9642d
e38621464ff00aca741d626b6641fa9f539654f6bdca1e257b36b3fa8255a52d
f4231226f35d7fe64857739aaaf67e4507317d0c0228ae6d3b2575388e1c2a89