nauticacalanna.com Open in urlscan Pro
185.46.121.85  Malicious Activity! Public Scan

URL: http://nauticacalanna.com/facebook/
Submission: On July 27 via automatic, source openphish

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 185.46.121.85, located in United States and belongs to IHNET-EU, US. The main domain is nauticacalanna.com.
This is the only time nauticacalanna.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 185.46.121.85 62134 (IHNET-EU)
6 2a03:2880:f01... 32934 (FACEBOOK)
7 2
Apex Domain
Subdomains
Transfer
6 fbcdn.net
static.xx.fbcdn.net
153 KB
1 nauticacalanna.com
nauticacalanna.com
3 KB
7 2
Domain Requested by
6 static.xx.fbcdn.net nauticacalanna.com
1 nauticacalanna.com
7 2

This site contains no links.

Subject Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2016-12-09 -
2018-01-25
a year crt.sh

This page contains 1 frames:

Primary Page: http://nauticacalanna.com/facebook/
Frame ID: 14993.1
Requests: 7 HTTP requests in this frame

Screenshot


Page Statistics

7
Requests

86 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

155 kB
Transfer

436 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
nauticacalanna.com/facebook/
6 KB
3 KB
Document
General
Full URL
http://nauticacalanna.com/facebook/
Protocol
HTTP/1.1
Server
185.46.121.85 , United States, ASN62134 (IHNET-EU, US),
Reverse DNS
basicdesign.it
Software
Apache / PHP/5.3.29
Resource Hash
d78246359afac1ac129feca45c23602a15dfa145d0ab5cffda32ea926824525e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 27 Jul 2017 11:43:29 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.3.29
Vary
Accept-Encoding
Content-Type
text/html
Cache-Control
max-age=0
Connection
close
Accept-Ranges
none
Content-Length
2672
Expires
Thu, 27 Jul 2017 11:43:29 GMT
vrtI6gSMBHY.css
static.xx.fbcdn.net/rsrc.php/v3/ym/r/
82 KB
18 KB
Stylesheet
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/vrtI6gSMBHY.css
Requested by
Host: nauticacalanna.com
URL: http://nauticacalanna.com/facebook/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f013:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
3bfdea8d0650b4745aa7caf205632369fc2cd890128b3b9ef9cc43310ff550cf
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://nauticacalanna.com/facebook/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding
gzip
x-content-type-options
nosniff
content-md5
OA66yfG40P3sWz7wh+h6Hw==
status
200
content-length
18212
x-xss-protection
0
x-fb-debug
4HQjit3spG9jePx+6naJVg4U4EupCD6wsZznAJPbI6VuX++lEWnmu7umaRO4j7UPhGG4f/ecs7xIUkSxCJDhyg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Thu, 27 Jul 2017 11:43:13 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
timing-allow-origin
*
expires
Wed, 18 Jul 2018 23:18:26 GMT
Z8euUHHv9oz.css
static.xx.fbcdn.net/rsrc.php/v3/yE/r/
30 KB
9 KB
Stylesheet
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/Z8euUHHv9oz.css
Requested by
Host: nauticacalanna.com
URL: http://nauticacalanna.com/facebook/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f013:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
74b55ab60d10cc84d7017fd4dc185fa2ddd91c9d8d06da0b10e3fdce888568bd
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://nauticacalanna.com/facebook/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding
gzip
x-content-type-options
nosniff
content-md5
2GnSurd1cf5aMl6W1MSP3A==
status
200
content-length
8874
x-xss-protection
0
x-fb-debug
Wr4HLzAL5cpOZszci/dqJuUnNiW3J84DKKpIbivfcLS7C5mUCrXC6aaZXSb0NpNqMR3ndMPA7iBjZOAlFfPR5g==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Thu, 27 Jul 2017 11:43:13 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 26 Jul 2018 23:23:47 GMT
1MvRNkgkT4i.js
static.xx.fbcdn.net/rsrc.php/v3iAQ94/yn/l/en_US/
272 KB
80 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iAQ94/yn/l/en_US/1MvRNkgkT4i.js
Requested by
Host: nauticacalanna.com
URL: http://nauticacalanna.com/facebook/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f013:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
772ffcc73b3f08fe454c3930b8808887d280a087ff66c8fb0a7ed38ac138ed8c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://nauticacalanna.com/facebook/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding
gzip
x-content-type-options
nosniff
content-md5
1JeaRKWWQYvQvIRa2MHxgA==
status
200
content-length
82194
x-xss-protection
0
x-fb-debug
GKo40iLADm3jRbX2O/FCYj5pLBou07M6Nt3RREPsMy3LugxvzgWBJ9FaO31cvl9B/tyhi4wS6If/XRVT5mkitQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
date
Thu, 27 Jul 2017 11:43:13 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
timing-allow-origin
*
expires
Sat, 21 Jul 2018 19:11:25 GMT
-8EW_cOeUPr.png
static.xx.fbcdn.net/rsrc.php/v3/yu/r/
45 KB
45 KB
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yu/r/-8EW_cOeUPr.png
Requested by
Host: nauticacalanna.com
URL: http://nauticacalanna.com/facebook/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f013:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c4f5e4faa6a6e23509fd82b213d44b9a243e8f11cea9da6e1008d81925d4115d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self' *.m-freeway.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/vrtI6gSMBHY.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

x-fb-debug
ahmtCxqsjEyeVxA79/O2UnqS73EirOonx86hlfEiN0AVg5BY8nVnELNQOMnSg7zLxktLwm1Tzp34/1XgMa5FNw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
YVOi6tbtnYonv3uTjiV9kw==
date
Thu, 27 Jul 2017 11:43:14 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self' *.m-freeway.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
timing-allow-origin
*
content-length
46076
x-xss-protection
0
expires
Tue, 29 May 2018 19:58:50 GMT
XxDnuKvrKVS.png
static.xx.fbcdn.net/rsrc.php/v3/yN/r/
425 B
434 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/XxDnuKvrKVS.png
Requested by
Host: nauticacalanna.com
URL: http://nauticacalanna.com/facebook/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f013:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
5b1e71b215fd3b949e2a88f4e6ab000e52f9705d2bb68b141056e5fe4508fe05
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/vrtI6gSMBHY.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

x-fb-debug
gatbJxmk+Km6SFhpJPWLUmmMjG0lmfEsA8KU7orsFqWjL50RfpyUggiicwBYQ0QJnckPHPYI9WxRQ+9jGND8Uw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
+qY1iHhYbJSAGCuuhsP2eQ==
date
Thu, 27 Jul 2017 11:43:14 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
timing-allow-origin
*
content-length
425
x-xss-protection
0
expires
Sun, 15 Jul 2018 00:21:31 GMT
GPGyYijOozz.png
static.xx.fbcdn.net/rsrc.php/v3/yQ/r/
513 B
522 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yQ/r/GPGyYijOozz.png
Requested by
Host: nauticacalanna.com
URL: http://nauticacalanna.com/facebook/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f013:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
56f94b66fce20c0d3a8c04bc5e2f56562077846f80842fb15095726c3163c27d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/vrtI6gSMBHY.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

x-fb-debug
ItkQGnt5qRQtT8CagOf1KDH8+zaVwC0EhFoDNzXfemb6U3Tz2Stj5OBMT3j2A+YtEBzQX2RZRVllSDcOvNCsKA==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
8iYqq7l9hQOyVpI97pEx0A==
date
Thu, 27 Jul 2017 11:43:14 GMT
status
200
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
timing-allow-origin
*
content-length
513
x-xss-protection
0
expires
Thu, 19 Jul 2018 18:01:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies