page-review.stretto.ro
Open in
urlscan Pro
89.42.218.79
Malicious Activity!
Public Scan
Submitted URL: https://fb-under-review-16304.firebaseapp.com/
Effective URL: https://page-review.stretto.ro/
Submission: On February 10 via api from JP — Scanned from JP
Effective URL: https://page-review.stretto.ro/
Submission: On February 10 via api from JP — Scanned from JP
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 12 HTTP transactions.
The main IP is 89.42.218.79, located in
Romania and
belongs to ROMARG HOSTING, RO.
The main domain is page-review.stretto.ro.
TLS certificate: Issued by R3 on February 9th 2023. Valid for: 3 months.
This is the only time page-review.stretto.ro was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 9th 2023. Valid for: 3 months.
This is the only time page-review.stretto.ro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
| 11 | 89.42.218.79 89.42.218.79 | 205275 (ROMARG HO...) (ROMARG HOSTING) | |
| 12 | 3 |
11
89.42.218.79
(Romania)
ASN205275 (ROMARG HOSTING, RO)
PTR: server-0361.whmpanels.com
ASN205275 (ROMARG HOSTING, RO)
PTR: server-0361.whmpanels.com
| page-review.stretto.ro |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
stretto.ro
page-review.stretto.ro |
242 KB |
| 1 |
firebaseapp.com
fb-under-review-16304.firebaseapp.com |
448 B |
| 12 | 2 |
| Domain | Requested by | |
|---|---|---|
| 11 | page-review.stretto.ro |
fb-under-review-16304.firebaseapp.com
page-review.stretto.ro |
| 1 | fb-under-review-16304.firebaseapp.com | |
| 12 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| firebaseapp.com GTS CA 1D4 |
2022-12-20 - 2023-03-20 |
3 months | crt.sh |
| www.page-review.stretto.ro R3 |
2023-02-09 - 2023-05-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://page-review.stretto.ro/
Frame ID: 1C09D947B9EACE4C3320F79A0E5A520C
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Policies | Help Center - Appeal RequestPage URL History Show full URLs
- https://fb-under-review-16304.firebaseapp.com/ Page URL
- https://page-review.stretto.ro/ Page URL
Detected technologies
React
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <[^>]+data-react
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://fb-under-review-16304.firebaseapp.com/ Page URL
- https://page-review.stretto.ro/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
fb-under-review-16304.firebaseapp.com/ |
153 B 448 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
page-review.stretto.ro/ |
351 B 493 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.js
page-review.stretto.ro/app-assets/js/ |
166 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
187.main.min.js
page-review.stretto.ro/app-assets/js/ |
1 KB 586 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
755.main.min.js
page-review.stretto.ro/app-assets/js/ |
88 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
803.main.min.js
page-review.stretto.ro/app-assets/js/ |
23 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
144.main.min.js
page-review.stretto.ro/app-assets/js/ |
56 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
788.main.min.js
page-review.stretto.ro/app-assets/js/ |
34 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
558.main.min.js
page-review.stretto.ro/app-assets/js/ |
3 KB 710 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
style.css
page-review.stretto.ro/app-assets/style/ |
256 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
4a455df5ba8390917507.png
page-review.stretto.ro/app-assets/image/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
banner.d0611e90403789ff1926.png
page-review.stretto.ro/app-assets/image/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange object| webpackChunkfb0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fb-under-review-16304.firebaseapp.com
page-review.stretto.ro
2620:0:890::100
89.42.218.79
04282dbe5856aeabd44f6f40c32b814877af3da7bc8807b5a0bdcaf41714c83a
10519736ae6a33bb3eba0c5700555ba3a7c62d6fd519a8e8929ac9764a8ff93d
1a78ce446ce74c6662468c0c7d92935108336bd6817f23a7a3147f924ce4a742
20869002862dd9901ec1f160fb5146a1ae76136edf5cc34d98051818e06fbd19
28853c473e0f6e00721af9e3def3d287982e0ac0db41a9cee9d51ab4ac12430e
30c3919bab123d24363d28d8a9a461ac58646dbd1ff04d5f301006af14f0aa79
40686e41cc63bd683e2a12d7c77d1b341bb9d425c698945d8663d4159296d67d
4e7707fadcf9e2b0dd69ac76362f94098d70f6182eebf94d4f1e1aa451558056
5b44279abdeb358fb4c343c3da5d5e14939c668a1c91900c106218bf2a561b60
5fac99241f2b937b8bd4940e51e2b609e11e2f6a90fbd6f0d87a1f7baf2db581
6523207b31b02c40fd0364d902630cdd595aa25765e4ae47df7d94460ec3f4e5
65f6d12c23f84af032ac4bc4981ab35974c9d972398b106fd68262956f58dafd
9b201f6a31c1850183806499b9222a3d25ad22f09f374b3e00d384754f5db5d4
a082b75a101d482e1ee0dc1ce52f47ea478912168545b06505cb9b0fa0b95d54
dd5abb59217579a8477c8ae0199a9bf75707f3e884080b2bb468e34a5f378161
ee0988b0726b1c5346af9443d7ec170a74097c30d4a4b5a61c48d54f4397fbe7
fad2f6e2d3e8f8dd1f85d2ef4f5c1f000aed7b2b0af3e3081affd495f4be7897