glofiba.org Open in urlscan Pro
104.161.94.143 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://glofiba.org/index.html
Submission: On April 26 via automatic, source phishtank (April 26th 2022, 1:25:06 am UTC) — Scanned from DE

Summary HTTP 20 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 104.161.94.143, located in Phoenix, United States and belongs to IOFLOOD, US. The main domain is glofiba.org.

This is the only time glofiba.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1	104.161.94.143 104.161.94.143	53755 (IOFLOOD) (IOFLOOD)
18	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
20	3

1 104.161.94.143 (Phoenix, United States)

ASN53755 (IOFLOOD, US)
PTR: devip1.noc401.com

glofiba.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany) 2 redirects

ASN32934 (FACEBOOK, US)

fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fbsbx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	fbcdn.net 1 redirects static.xx.fbcdn.net — Cisco Umbrella Rank: 624 fbcdn.net — Cisco Umbrella Rank: 147	5 KB
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 137	923 B
1	fbsbx.com 1 redirects fbsbx.com — Cisco Umbrella Rank: 1175	140 B
1	facebook.com 1 redirects facebook.com — Cisco Umbrella Rank: 31	381 B
1	glofiba.org glofiba.org	81 KB
20	5

	Domain	Requested by
18	static.xx.fbcdn.net	glofiba.org
1	connect.facebook.net	glofiba.org
1	fbsbx.com	1 redirects
1	fbcdn.net	1 redirects
1	facebook.com	1 redirects
1	glofiba.org
20	6

This site contains links to these domains. Also see Links.

Domain
web.facebook.com
fr-fr.facebook.com
ar-ar.facebook.com
id-id.facebook.com
es-la.facebook.com
pt-br.facebook.com
it-it.facebook.com
pl-pl.facebook.com
de-de.facebook.com
hi-in.facebook.com
zh-cn.facebook.com
messenger.com
pay.facebook.com
www.oculus.com
portal.facebook.com
l.facebook.com
www.bulletin.com
about.facebook.com
developers.facebook.com

Subject Issuer	Validity	Valid
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-01` - `2022-05-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://glofiba.org/index.html
Frame ID: 6C699E7C385156BE3682EFB78D596439
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log into Facebook

Page Statistics

20
Requests

90 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

3
IPs

2
Countries

87 kB
Transfer

97 kB
Size

0
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://web.facebook.com/recover/initiate/?ars=facebook_login
Title: Forgot account?

Search URL Search Domain Scan URL

URL: https://fr-fr.facebook.com/login.php
Title: Français (France)

Search URL Search Domain Scan URL

URL: https://ar-ar.facebook.com/login.php
Title: العربية

Search URL Search Domain Scan URL

URL: https://id-id.facebook.com/login.php
Title: Bahasa Indonesia

Search URL Search Domain Scan URL

URL: https://es-la.facebook.com/login.php
Title: Español

Search URL Search Domain Scan URL

URL: https://pt-br.facebook.com/login.php
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://it-it.facebook.com/login.php
Title: Italiano

Search URL Search Domain Scan URL

URL: https://pl-pl.facebook.com/login.php
Title: Polski

Search URL Search Domain Scan URL

URL: https://de-de.facebook.com/login.php
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://hi-in.facebook.com/login.php
Title: हिन्दी

Search URL Search Domain Scan URL

URL: https://zh-cn.facebook.com/login.php
Title: 中文(简体)

Search URL Search Domain Scan URL

URL: https://messenger.com/
Title: Messenger

Search URL Search Domain Scan URL

URL: https://web.facebook.com/watch/
Title: Watch

Search URL Search Domain Scan URL

URL: https://pay.facebook.com/
Title: Facebook Pay

Search URL Search Domain Scan URL

URL: https://www.oculus.com/
Title: Oculus

Search URL Search Domain Scan URL

URL: https://portal.facebook.com/
Title: Portal

Search URL Search Domain Scan URL

URL: https://l.facebook.com/l.php?u=https%3A%2F%2Fwww.instagram.com%2F&h=AT32r4ORBZJVRWu278d969zL6VCXinwVakcEYowObUsYv-YLdJ4DxLV1MbfszzPdov3IU36T-f5AJ9AYTzk6ex1Y52JWWfq1PgwSRo7b_B8XucVc3JHB9eUCkyAG5OPH8cTV4IBwTkHOuzI_63XxlA
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.bulletin.com/
Title: Bulletin

Search URL Search Domain Scan URL

URL: https://about.facebook.com/
Title: About

Search URL Search Domain Scan URL

URL: https://developers.facebook.com/?ref=pf
Title: Developers

Search URL Search Domain Scan URL

URL: https://web.facebook.com/help/568137493302217
Title: Ad Choices

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://facebook.com/security/hsts-pixel.gif?c=3.2.5 HTTP 302
https://fbcdn.net/security/hsts-pixel.gif?c=2.5 HTTP 302
https://fbsbx.com/security/hsts-pixel.gif?c=5 HTTP 302
https://connect.facebook.net/security/hsts-pixel.gif

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
glofiba.org/ 81 KB
81 KB 727ms
173ms Document
text/html 104.161.94.143
IOFLOOD

General

Check archive.org

Show headers Download Go to

Full URL: http://glofiba.org/index.html
Protocol: HTTP/1.1
Server: 104.161.94.143 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS: devip1.noc401.com
Software: Apache /
Resource Hash: 97e52f2bca1e046b926f3a35db47b979924280db4882280cc4aae05988f40601

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 82620
Content-Type: text/html
Date: Tue, 26 Apr 2022 01:25:01 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Wed, 10 Nov 2021 07:40:07 GMT
Server: Apache
Vary: Accept-Encoding

GET
H2 404 6ta_nVWP4hs.css
static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/ 0
0 193ms
176ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/6ta_nVWP4hs.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 404 eyWWCgeNCeT.css
static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/ 0
0 286ms
269ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/eyWWCgeNCeT.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 200 BNdSVw6cAaf.css
static.xx.fbcdn.net/rsrc.php/v3/y-/l/0,cross/ 14 KB
4 KB 225ms
209ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y-/l/0,cross/BNdSVw6cAaf.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: glofiba.org
URL: http://glofiba.org/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e44b1f828576233d6cd2b85dddf8aade38471e0c2f4217917f8aa858c4c7e02c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 01:25:01 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 0IDutRvKQt1OesT1lS7Olg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 3507
x-fb-rlafr: 0
x-fb-debug: iok36omHff9ulVg8TuIuydyu5czJKbo8ZLGQTZBLWdhtULmt+vfn8CBtYWGML3oa63ub4EBVKMNvIFvkd+7fGA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-content-cdn-origin-ts: 1650936301962
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 26 Apr 2023 01:25:01 GMT

GET
H2 404 iKuj0fAGEho.css
static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/ 0
0 287ms
271ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/iKuj0fAGEho.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 404 fbWj5dcnmIq.css
static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/ 0
0 566ms
550ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/fbWj5dcnmIq.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 404 NE1fbqd0zjy.css
static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/ 0
0 195ms
179ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/NE1fbqd0zjy.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2 404 QYIG_Wp71tb.js
static.xx.fbcdn.net/rsrc.php/v3/yX/r/ 0
0 557ms
541ms Script
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/QYIG_Wp71tb.js?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 200 dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 2 KB
1 KB 11ms
8ms Image
image/svg+xml 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg

Requested by

Host: glofiba.org
URL: http://glofiba.org/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 01:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: NiMA5zHIsmaYxSYEaw9fHg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1027
x-fb-rlafr: 0
x-fb-debug: 3ejfSt8fe5Sv21Lu3wnU7NYPtXaUNo9Ymszh48+ypcf1y1ehemqhcNfsOYQRISQzF3HnyRTg75jLcNJ1BZuoEA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 14 Apr 2023 19:42:51 GMT

GET
H2

200

hsts-pixel.gif
connect.facebook.net/security/
Redirect Chain

https://facebook.com/security/hsts-pixel.gif?c=3.2.5
https://fbcdn.net/security/hsts-pixel.gif?c=2.5
https://fbsbx.com/security/hsts-pixel.gif?c=5
https://connect.facebook.net/security/hsts-pixel.gif

43 B
923 B

30ms
8ms

Image
image/gif

2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://connect.facebook.net/security/hsts-pixel.gif

Requested by

Host: glofiba.org
URL: http://glofiba.org/index.html

Protocol

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 57
x-xss-protection: 0
pragma: no-cache
x-fb-debug: MGBl+jKW7WKf/gGR0gkLsNlYjauZTzvowfai00fQXEE9MM+1DIAdAPpYTgi6yhggB8xhH1T7lPplcfKaZQrdBw==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Tue, 26 Apr 2022 01:25:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, no-cache, no-store, must-revalidate
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

x-fb-debug: IpLXIXq57l2hur8HiHCjnWRCS04hjN0XHvLiRMhKc73nkTDPi63peJCXutFB6knE4PwgbxaDHe3GKQfK8bHQ5A==
location: https://connect.facebook.net/security/hsts-pixel.gif
date: Tue, 26 Apr 2022 01:25:02 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 404 6ta_nVWP4hs.css
static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/ 0
0 14ms
8ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/6ta_nVWP4hs.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 B07VGN7qgQG.js
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ 0
0 557ms
545ms Script
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/B07VGN7qgQG.js?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 zxMDZz8Q8hy.js
static.xx.fbcdn.net/rsrc.php/v3/yg/r/ 0
0 191ms
184ms Script
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/zxMDZz8Q8hy.js?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 t6JOsCOAZIb.js
static.xx.fbcdn.net/rsrc.php/v3/ye/r/ 0
0 191ms
187ms Script
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/t6JOsCOAZIb.js?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 1V8Pn6OJKZm.js
static.xx.fbcdn.net/rsrc.php/v3i7M54/yp/l/en_US/ 0
0 188ms
184ms Script
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yp/l/en_US/1V8Pn6OJKZm.js?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 UC5F8LOJDJu.js
static.xx.fbcdn.net/rsrc.php/v3/y8/r/ 0
0 180ms
176ms Script
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/UC5F8LOJDJu.js?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 NE1fbqd0zjy.css
static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/ 0
0 10ms
7ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/NE1fbqd0zjy.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 eyWWCgeNCeT.css
static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/ 0
0 8ms
7ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/eyWWCgeNCeT.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 iKuj0fAGEho.css
static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/ 0
0 9ms
8ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/iKuj0fAGEho.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H3 404 fbWj5dcnmIq.css
static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/ 0
0 9ms
8ms Stylesheet
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/fbWj5dcnmIq.css?_nc_x=Ij3Wp8lg5Kz
Requested by: Host: glofiba.org
URL: http://glofiba.org/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://glofiba.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

26 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/6ta_nVWP4hs.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/NE1fbqd0zjy.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/eyWWCgeNCeT.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/iKuj0fAGEho.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/QYIG_Wp71tb.js?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/fbWj5dcnmIq.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/6ta_nVWP4hs.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/NE1fbqd0zjy.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/eyWWCgeNCeT.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/iKuj0fAGEho.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/fbWj5dcnmIq.css?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/UC5F8LOJDJu.js?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/zxMDZz8Q8hy.js?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yp/l/en_US/1V8Pn6OJKZm.js?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/t6JOsCOAZIb.js?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/B07VGN7qgQG.js?_nc_x=Ij3Wp8lg5Kz Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/fbWj5dcnmIq.css?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/eyWWCgeNCeT.css?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/6ta_nVWP4hs.css?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/NE1fbqd0zjy.css?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/iKuj0fAGEho.css?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yp/l/en_US/1V8Pn6OJKZm.js?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/B07VGN7qgQG.js?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/UC5F8LOJDJu.js?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/zxMDZz8Q8hy.js?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://glofiba.org/index.html Message: The resource https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/t6JOsCOAZIb.js?_nc_x=Ij3Wp8lg5Kz was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
facebook.com
fbcdn.net
fbsbx.com
glofiba.org
static.xx.fbcdn.net
104.161.94.143
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a03:2880:f12d:83:face:b00c:0:25de
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
97e52f2bca1e046b926f3a35db47b979924280db4882280cc4aae05988f40601
e44b1f828576233d6cd2b85dddf8aade38471e0c2f4217917f8aa858c4c7e02c

glofiba.org Open in urlscan Pro 104.161.94.143 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

20 Requests

90 %HTTPS

80 %IPv6

5 Domains

6 Subdomains

3 IPs

2 Countries

87 kBTransfer

97 kBSize

0 Cookies

21 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

26 Console Messages

Indicators

glofiba.org Open in urlscan Pro
104.161.94.143 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

90 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

3
IPs

2
Countries

87 kB
Transfer

97 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!