getfacebookcredit.com Open in urlscan Pro
2606:4700:3034::681f:4d48  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response getfacebookcredit.com/login/	2 KB 2 KB	114ms 96ms	Document text/html	2606:4700:3034::681f:4d48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://getfacebookcredit.com/login/ Protocol HTTP/1.1 Server 2606:4700:3034::681f:4d48 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f14ee869cd4af0f030f57885d3ea597a241aee30ec0d66d476ff1a7630e2bf9 Request headers Host getfacebookcredit.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 10 Dec 2020 15:53:49 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=dbe46c30a381bc541605846675877b8ec1607615629; expires=Sat, 09-Jan-21 15:53:49 GMT; path=/; domain=.getfacebookcredit.com; HttpOnly; SameSite=Lax CF-Cache-Status DYNAMIC cf-request-id 06eef4e14c00000ebb27312000000001 Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZjwrkrKuqxzAgxnOlAXEqnIA0Ypd7o7gjYRNRcAEgFL4le3oSmimklUmqVHXIgh%2Fr9s9NGdeqrfDCbY3HVa9TmXX1iZFI5Gvp8QCpYdvuKA004AhNAW0KjoLoXOguuezR3w%3D"}],"group":"cf-nel","max_age":604800} NEL {"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 5ff8241549360ebb-FRA Content-Encoding gzip
GET H/1.1	200 OK	style.css getfacebookcredit.com/login/css/	3 KB 2 KB	51ms 50ms	Stylesheet text/css	2606:4700:3034::681f:4d48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://getfacebookcredit.com/login/css/style.css Requested by Host: getfacebookcredit.com URL: http://getfacebookcredit.com/login/ Protocol HTTP/1.1 Server 2606:4700:3034::681f:4d48 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4d561b2091d0f6e7bca53d29f9d54802791fbb1690a6c4d4c7d97f4a0a6cf061 Request headers Referer http://getfacebookcredit.com/login/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 10 Dec 2020 15:53:49 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Sun, 06 Dec 2020 21:26:34 GMT Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FzY6BIkBVPZomxmQ%2FZ39HnVjNjnuR1%2BRRvz9Vo4Sbbyp0uUgBxuqlduzxNXldcl4352z59HciWnAW0uxYpXQWvvD1F8F2vu1K5Fv8%2FFlt9XJH5zGxM0iya2KVwdMHwLVqNM%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 5ff82415eb370ebb-FRA NEL {"report_to":"cf-nel","max_age":604800} cf-request-id 06eef4e1ae00000ebbbb1c5000000001
GET		font-awesome.min.css stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/	0 0
GET H/1.1	200 OK	fb.png getfacebookcredit.com/login/img/	62 KB 62 KB	60ms 54ms	Image image/png	2606:4700:3034::681f:4d48 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://getfacebookcredit.com/login/img/fb.png Requested by Host: getfacebookcredit.com URL: http://getfacebookcredit.com/login/ Protocol HTTP/1.1 Server 2606:4700:3034::681f:4d48 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0ba32e1b5d53b974c33b93f72150bfd666dcdf5fcb60faabb3f6bdf0341f61ca Request headers Referer http://getfacebookcredit.com/login/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 10 Dec 2020 15:53:49 GMT CF-Cache-Status MISS Last-Modified Sun, 06 Dec 2020 21:16:22 GMT Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Q0pzvMw05I0vsygPDLPflnLr09cOHbefmgKDilc%2BQqgrt%2Bf%2BxYJ8%2B0H9ql93ly8vm1%2FSIrX59Opw4CtwLAMovBbpeVaD1EbUxyegaqL1%2FmpsFbt7td2Xd0kuoQDXSZ7dtKc%3D"}],"group":"cf-nel","max_age":604800} Content-Type image/png Cache-Control max-age=14400 NEL {"report_to":"cf-nel","max_age":604800} Connection keep-alive Accept-Ranges bytes CF-RAY 5ff82415ebd02bc2-FRA Content-Length 63047 cf-request-id 06eef4e1b200002bc22c9ad000000001
GET H2	200	css fonts.googleapis.com/	11 KB 1 KB	40ms 15ms	Stylesheet text/css	2a00:1450:4001:801::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 Requested by Host: getfacebookcredit.com URL: http://getfacebookcredit.com/login/css/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e5843c1c13f4693b9c325451314a807de8287ee46c1636e943a2f99f68a596a8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer http://getfacebookcredit.com/login/css/style.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 10 Dec 2020 15:53:49 GMT server ESF date Thu, 10 Dec 2020 15:53:49 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 10 Dec 2020 15:53:49 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	26ms 7ms	Font font/woff2	2a00:1450:4001:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin http://getfacebookcredit.com Referer https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 09 Dec 2020 23:06:17 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:58 GMT server sffe age 60458 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11020 x-xss-protection 0 expires Thu, 09 Dec 2021 23:06:17 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	25ms 6ms	Font font/woff2	2a00:1450:4001:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin http://getfacebookcredit.com Referer https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 08 Dec 2020 17:20:25 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:50 GMT server sffe age 167610 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11016 x-xss-protection 0 expires Wed, 08 Dec 2021 17:20:25 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

stackpath.bootstrapcdn.com

URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.getfacebookcredit.com/	1970-01-19 15:16:47	Name: __cfduid Value: dbe46c30a381bc541605846675877b8ec1607615629

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
getfacebookcredit.com
stackpath.bootstrapcdn.com
stackpath.bootstrapcdn.com
2606:4700:3034::681f:4d48
2a00:1450:4001:801::200a
2a00:1450:4001:825::2003
0ba32e1b5d53b974c33b93f72150bfd666dcdf5fcb60faabb3f6bdf0341f61ca
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
4d561b2091d0f6e7bca53d29f9d54802791fbb1690a6c4d4c7d97f4a0a6cf061
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
9f14ee869cd4af0f030f57885d3ea597a241aee30ec0d66d476ff1a7630e2bf9
e5843c1c13f4693b9c325451314a807de8287ee46c1636e943a2f99f68a596a8