ftst.mallory.uber.space

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 185.26.156.37, located in Germany and belongs to UVENSYS, DE. The main domain is ftst.mallory.uber.space.
TLS certificate: Issued by R10 on August 17th 2024. Valid for: 3 months.

This is the only time ftst.mallory.uber.space was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	185.26.156.37 185.26.156.37	58010 (UVENSYS) (UVENSYS)
2	157.240.241.1 157.240.241.1	32934 (FACEBOOK) (FACEBOOK)
1	151.101.67.42 151.101.67.42	54113 (FASTLY) (FASTLY)
6	3

3 185.26.156.37 (Germany)

ASN58010 (UVENSYS, DE)
PTR: betelgeuse.uberspace.de

ftst.mallory.uber.space	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.67.42 (San Francisco, United States)

ASN54113 (FASTLY, US)

open.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	uber.space ftst.mallory.uber.space	216 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	91 KB
1	spotify.com open.spotify.com — Cisco Umbrella Rank: 4029
6	3

	Domain	Requested by
3	ftst.mallory.uber.space	ftst.mallory.uber.space
2	connect.facebook.net	ftst.mallory.uber.space connect.facebook.net
1	open.spotify.com	ftst.mallory.uber.space
6	3

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
open.spotify.com

Subject Issuer	Validity	Valid
ftst.mallory.uber.space R10	`2024-08-17` - `2024-11-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-26` - `2024-08-24`	3 months	crt.sh
open.spotify.com Certainly Intermediate R1	`2024-08-10` - `2024-09-09`	a month	crt.sh

This page contains 2 frames:

Primary Page: https://ftst.mallory.uber.space/
Frame ID: 03199F0568ED658E4C50FB8074162639
Requests: 5 HTTP requests in this frame

Frame: https://open.spotify.com/embed/artist/6qiNRwi0hEd46IP3PfKnok
Frame ID: B651FFD728538712351212381DAA9F6B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FACING THE SWARM THOUGHT

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

307 kB
Transfer

524 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/FacingTheSwarmThought
Title: Facebook

Search URL Search Domain Scan URL

URL: https://open.spotify.com/artist/6qiNRwi0hEd46IP3PfKnok?si=uK1CYOVDSSSSpyYMKAKovQ
Title: Spotify

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ftst.mallory.uber.space/ 1 KB
1 KB 769ms
118ms Document
text/html 185.26.156.37
UVENSYS

General

Check archive.org

Show headers Download Go to

Full URL

https://ftst.mallory.uber.space/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.26.156.37 , Germany, ASN58010 (UVENSYS, DE),

Reverse DNS

betelgeuse.uberspace.de

Software

nginx /

Resource Hash

79b487f2dacb417f9eaf6a6619b342a1069a25d7b494a2280eea4e3d6c71453a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 17 Aug 2024 02:56:28 GMT
etag: W/"4a1-5eccfc935fac3"
last-modified: Sun, 06 Nov 2022 16:27:41 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 sdk.js Show response
connect.facebook.net/de_DE/ 3 KB
4 KB 118ms
37ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js

Requested by

Host: ftst.mallory.uber.space
URL: https://ftst.mallory.uber.space/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

/

Resource Hash

4cbd57a7cf0c3a31e45764dd6a7472336e0dd88ae627ba1cf45217d8e79d8034

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ftst.mallory.uber.space/
Origin: https://ftst.mallory.uber.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 17 Aug 2024 02:56:28 GMT
content-md5: myBlFYBvGOnaTfHHz7npEg==
document-policy: force-load-at-top
x-fb-server-load: 36
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=12, mss=1316, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: o0GIR0S/FSq40Mj91V0z0V8Z3ZUjU4ScnZeORg/5AHVtXi53EH+tnMRIhlObe4PXdVNeWV07ta5QyOKG/OhqrA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 0626e871156def146ee0fecc54e12a96
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "0d90313e59c3ea24a3ee376d4eb6e59f"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Sat, 17 Aug 2024 03:16:20 GMT

GET
H2 200 ballonse.jpg
ftst.mallory.uber.space/static/img/ 214 KB
215 KB 235ms
234ms Image
image/jpeg 185.26.156.37
UVENSYS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ftst.mallory.uber.space/static/img/ballonse.jpg

Requested by

Host: ftst.mallory.uber.space
URL: https://ftst.mallory.uber.space/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.26.156.37 , Germany, ASN58010 (UVENSYS, DE),

Reverse DNS

betelgeuse.uberspace.de

Software

nginx /

Resource Hash

e8d0ff67c66f83e61780d46579572f1293dc99bc3fb9a1a18c8f072faee4594a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ftst.mallory.uber.space/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 02:56:28 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 Dec 2021 16:34:32 GMT
server: nginx
etag: "35957-5d45fa10f7299"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
accept-ranges: bytes
content-length: 219479
x-xss-protection: 1; mode=block

GET
H2 200 6qiNRwi0hEd46IP3PfKnok
open.spotify.com/embed/artist/ Frame B651 0
0 202ms
146ms Document
text/html 151.101.67.42
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/embed/artist/6qiNRwi0hEd46IP3PfKnok

Requested by

Host: ftst.mallory.uber.space
URL: https://ftst.mallory.uber.space/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

151.101.67.42 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy / Next.js

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://ftst.mallory.uber.space/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
critical-origin-trial: Tpcd
date: Sat, 17 Aug 2024 02:56:28 GMT
etag: "1wxz61otlca3"
origin-trial: AjTBCzHiqtNU3PxD6GL8VpVl68/SfxkZJuLQbbyvSNj6/o9VuhZ5EPb/2dTYqi+Mot0AD6XOHBeIatAwEt4lAQcAAABOeyJvcmlnaW4iOiJodHRwczovL29wZW4uc3BvdGlmeS5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTl9
server: envoy
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: HTTP/1.1 fringe, HTTP/2 edgeproxy, 1.1 google, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-envoy-upstream-service-time: 76
x-powered-by: Next.js
x-served-by: cache-yyz4532-YYZ, cache-yyz4532-YYZ
x-timer: S1723863389.540330,VS0,VE127

GET
H2 200 sdk.js Show response
connect.facebook.net/de_DE/ 305 KB
88 KB 35ms
34ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js?hash=d986a227893aff2ecb88ec2c8fbdf427

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

/

Resource Hash

5dba1f4bf50264880644ae8281c703076806726b481a81b20ed15338df035e43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ftst.mallory.uber.space/
Origin: https://ftst.mallory.uber.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 17 Aug 2024 02:56:28 GMT
content-md5: 9WOTE4B7euzgK/bPwtxwNA==
document-policy: force-load-at-top
x-fb-server-load: 28
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89233
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=35, rtx=0, c=20, mss=1316, tbw=6615, tp=-1, tpl=-1, uplat=1, ullat=-1
x-fb-debug: X/p+316ihWXu7OkBhI2lkIhrioqcLpNZYzLxu8H6y1ZQlWt6E+3k+WVA1ua3dSnneJM62W9I241lWnTxZOVV8g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 881cb3afb375f9ab80d94a40fc423d75
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "bfa668cded1a1cc103c7d70e98012f94"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Sun, 17 Aug 2025 02:16:12 GMT

GET
H2 404 favicon.ico
ftst.mallory.uber.space/ 196 B
428 B 140ms
138ms Other
text/html 185.26.156.37
UVENSYS

General

Check archive.org

Show headers Download Go to

Full URL

https://ftst.mallory.uber.space/favicon.ico

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.26.156.37 , Germany, ASN58010 (UVENSYS, DE),

Reverse DNS

betelgeuse.uberspace.de

Software

nginx /

Resource Hash

80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ftst.mallory.uber.space/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 02:56:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1
content-length: 196
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| FB object| __buffer

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.spotify.com/	1970-01-21 07:36:39	Name: sp_t Value: 53a67d05f56bd6220bcba099330c91d1
			.spotify.com/	1970-01-20 22:52:29	Name: sp_landing Value: https%3A%2F%2Fftst.mallory.uber.space%2F%3Fsp_cid%3D53a67d05f56bd6220bcba099330c91d1%26device%3Ddesktop

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ftst.mallory.uber.space/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
ftst.mallory.uber.space
open.spotify.com
151.101.67.42
157.240.241.1
185.26.156.37
4cbd57a7cf0c3a31e45764dd6a7472336e0dd88ae627ba1cf45217d8e79d8034
5dba1f4bf50264880644ae8281c703076806726b481a81b20ed15338df035e43
79b487f2dacb417f9eaf6a6619b342a1069a25d7b494a2280eea4e3d6c71453a
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
e8d0ff67c66f83e61780d46579572f1293dc99bc3fb9a1a18c8f072faee4594a

ftst.mallory.uber.space Open in urlscan Pro 185.26.156.37 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

307 kBTransfer

524 kBSize

2 Cookies

2 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

ftst.mallory.uber.space Open in urlscan Pro
185.26.156.37 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

307 kB
Transfer

524 kB
Size

2
Cookies

6 HTTP transactions
0 data transactions