facebookcom-login-privacy-n4fc.herokuapp.com
Open in
urlscan Pro
3.83.208.72
Malicious Activity!
Public Scan
Effective URL: https://facebookcom-login-privacy-n4fc.herokuapp.com/Login.php
Submission: On January 19 via manual from US
Summary
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on June 15th 2020. Valid for: a year.
This is the only time facebookcom-login-privacy-n4fc.herokuapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3034::6815:108d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 3.83.208.72 3.83.208.72 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-83-208-72.compute-1.amazonaws.com
facebookcom-login-privacy-n4fc.herokuapp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
herokuapp.com
facebookcom-login-privacy-n4fc.herokuapp.com |
61 KB |
1 |
t.ly
1 redirects
t.ly |
942 B |
1 | 2 |
Domain | Requested by | |
---|---|---|
1 | facebookcom-login-privacy-n4fc.herokuapp.com | |
1 | t.ly | 1 redirects |
1 | 2 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.herokuapp.com DigiCert SHA2 High Assurance Server CA |
2020-06-15 - 2021-07-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://facebookcom-login-privacy-n4fc.herokuapp.com/Login.php
Frame ID: 99E4324EC2C2EE6E180D0C0F17499314
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://t.ly/e6nSM8Sd5GK4WFSR
HTTP 301
https://facebookcom-login-privacy-n4fc.herokuapp.com/Login.php Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
46 Outgoing links
These are links going to different origins than the main page.
Title: Forgot Password?
Search URL Search Domain Scan URL
Title: Create a Page
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Français (France)
Search URL Search Domain Scan URL
Title: 中文(简体)
Search URL Search Domain Scan URL
Title: العربية
Search URL Search Domain Scan URL
Title: Português (Brasil)
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: हिन्दी
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: Sign Up
Search URL Search Domain Scan URL
Title: Log In
Search URL Search Domain Scan URL
Title: Messenger
Search URL Search Domain Scan URL
Title: Facebook Lite
Search URL Search Domain Scan URL
Title: Watch
Search URL Search Domain Scan URL
Title: People
Search URL Search Domain Scan URL
Title: Pages
Search URL Search Domain Scan URL
Title: Page Categories
Search URL Search Domain Scan URL
Title: Places
Search URL Search Domain Scan URL
Title: Games
Search URL Search Domain Scan URL
Title: Locations
Search URL Search Domain Scan URL
Title: Marketplace
Search URL Search Domain Scan URL
Title: Facebook Pay
Search URL Search Domain Scan URL
Title: Groups
Search URL Search Domain Scan URL
Title: Jobs
Search URL Search Domain Scan URL
Title: Oculus
Search URL Search Domain Scan URL
Title: Portal
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Local
Search URL Search Domain Scan URL
Title: Fundraisers
Search URL Search Domain Scan URL
Title: Services
Search URL Search Domain Scan URL
Title: Voting Information Center
Search URL Search Domain Scan URL
Title: About
Search URL Search Domain Scan URL
Title: Create Ad
Search URL Search Domain Scan URL
Title: Create Page
Search URL Search Domain Scan URL
Title: Developers
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Settings
Search URL Search Domain Scan URL
Title: Activity Log
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://t.ly/e6nSM8Sd5GK4WFSR
HTTP 301
https://facebookcom-login-privacy-n4fc.herokuapp.com/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login.php
facebookcom-login-privacy-n4fc.herokuapp.com/ Redirect Chain
|
61 KB 61 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
925 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
facebookcom-login-privacy-n4fc.herokuapp.com
t.ly
2606:4700:3034::6815:108d
3.83.208.72
3d4f6013014419835bf9f42e826df0f3c40afad25efbfa5c1096cd1c6218e39c
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
d02dc0ced8051449cc4dc92967c2c7df70a94272a2939f59e7972c7e84f21f78
e60e1c170d239ef8628c55986ae1b8e68239665363c6355cfc03336718bc2d7f
ed04e3a5e3c6b70cf974c182e9a98b86947d8a6155624893e5abe01691bfdacb