passionfruit12226132.brizy.site
Open in
urlscan Pro
34.237.47.210
Malicious Activity!
Public Scan
Effective URL: https://passionfruit12226132.brizy.site/
Submission: On June 26 via manual from PL — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 1st 2022. Valid for: a year.
This is the only time passionfruit12226132.brizy.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 89.42.231.136 89.42.231.136 | 48459 (CIANET-AS) (CIANET-AS) | |
1 | 104.244.42.5 104.244.42.5 | 13414 (TWITTER) (TWITTER) | |
1 | 34.237.47.210 34.237.47.210 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 84.17.46.53 84.17.46.53 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
1 | 2606:4700:303... 2606:4700:3037::6815:3ab7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
1 | 67.202.114.212 67.202.114.212 | 32748 (STEADFAST) (STEADFAST) | |
2 | 2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
11 | 9 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-47-210.compute-1.amazonaws.com
passionfruit12226132.brizy.site |
ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com
b-cloud.b-cdn.net |
ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
b-cdn.net
b-cloud.b-cdn.net — Cisco Umbrella Rank: 301433 |
128 KB |
2 |
fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 532 |
3 KB |
1 |
amung.us
whos.amung.us — Cisco Umbrella Rank: 14886 |
25 B |
1 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 5855 |
9 KB |
1 |
mackfbs.me
mackfbs.me |
113 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 71 |
2 KB |
1 |
brizy.site
passionfruit12226132.brizy.site |
2 KB |
1 |
t.co
t.co — Cisco Umbrella Rank: 455 |
519 B |
1 |
curl.ro
1 redirects
curl.ro |
966 B |
11 | 9 |
Domain | Requested by | |
---|---|---|
3 | b-cloud.b-cdn.net |
passionfruit12226132.brizy.site
|
2 | static.xx.fbcdn.net | |
1 | whos.amung.us | |
1 | i.imgur.com | |
1 | mackfbs.me |
passionfruit12226132.brizy.site
|
1 | fonts.googleapis.com |
passionfruit12226132.brizy.site
|
1 | passionfruit12226132.brizy.site |
t.co
|
1 | t.co | |
1 | curl.ro | 1 redirects |
11 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-03-07 - 2023-03-06 |
a year | crt.sh |
*.brizy.site Sectigo RSA Domain Validation Secure Server CA |
2022-04-01 - 2023-05-02 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
*.b-cdn.net Sectigo RSA Domain Validation Secure Server CA |
2021-11-07 - 2022-11-11 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-10 - 2023-05-09 |
a year | crt.sh |
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-08 - 2023-03-16 |
a year | crt.sh |
*.amung.us Sectigo RSA Domain Validation Secure Server CA |
2022-05-18 - 2023-06-17 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2022-04-04 - 2022-07-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://passionfruit12226132.brizy.site/
Frame ID: E3705F3FB208D58476F88F3DA77FD98B
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Melden Sie sich bei Facebook an, um das Video anzusehenPage URL History Show full URLs
-
https://curl.ro/xhemb
HTTP 301
https://t.co/pQfpYYsSHY Page URL
- https://passionfruit12226132.brizy.site/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://curl.ro/xhemb
HTTP 301
https://t.co/pQfpYYsSHY Page URL
- https://passionfruit12226132.brizy.site/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://curl.ro/xhemb HTTP 301
- https://t.co/pQfpYYsSHY
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
pQfpYYsSHY
t.co/ Redirect Chain
|
275 B 519 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
passionfruit12226132.brizy.site/ |
9 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
34 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preview.css
b-cloud.b-cdn.net/builds/free/237-cloud/editor/css/ |
238 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
mackfbs.me/ |
179 KB 113 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
group-jq.js
b-cloud.b-cdn.net/builds/free/237-cloud/editor/js/ |
89 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preview.js
b-cloud.b-cdn.net/builds/free/237-cloud/editor/js/ |
181 KB 57 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
103 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wCOStwT.png
i.imgur.com/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
25 B 25 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| data function| _0x38e3 function| _0x1342 function| _0x948242 function| _0x5e7b function| checkbody function| insertHtml function| jQuery object| BrizyLibs function| brzPopup object| Brz3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
curl.ro/ | Name: XSRF-TOKEN Value: eyJpdiI6InNmV0p3THBuUVBQalg5RjBYbVFNZmc9PSIsInZhbHVlIjoiOTI5bVVNOU02eUp1MTVwSVlidFYrdHc3b0M3OWVtM0I1MmVxM2grY01TSXlwRWVHMnFqUDZESlplejkzZWZvVDdjaTBvMWUrRVJ2MVA3K3kzS0c0WkExR2NlSWJ6Nm1Nb1I5d1NEMGNBY1IxVDZHczRkMDJjQ2RyM2JCZWJRYWEiLCJtYWMiOiI4Y2Y5NmUwNzM1MmMxZDdjOWQ1MGRkMWRmNjI5OTcyOWM0MTAyNmMxNmYzNDVkZTNkNzA2MjQyZmQyM2FjMGVkIn0%3D |
|
curl.ro/ | Name: phpshort_session Value: eyJpdiI6Im5PSTdLT2Z3UlJ0Ull2TDZ1ekRxZ0E9PSIsInZhbHVlIjoiWUNzVlZhYjZVU0N0NW9DelU0SGt3UkE2V2tnTm44OHdaYzErenIxazhzXC9VM0F2Y3ZGMnRnUDlxUWUzUzhjdU1Mcm1JZ2pQWjZHMlQwNFJEbzU2Vk53T2RWRnZCRVwvdGZiODVhbHdscFFYSXNcL3hlQlZDemVQY1BKVEx3S3FCdFkiLCJtYWMiOiI2Y2EyNDVjMWU2ZmZiYzFlMmZlNjg3ZGJmNmEzMjdjMmE3MGNlMjgyMmEwZjU0YzgwMjJjOTNiYjUxYWE2Y2MzIn0%3D |
|
.t.co/ | Name: muc Value: 0b35b73b-8551-40b0-923e-6b5e68398e70 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
b-cloud.b-cdn.net
curl.ro
fonts.googleapis.com
i.imgur.com
mackfbs.me
passionfruit12226132.brizy.site
static.xx.fbcdn.net
t.co
whos.amung.us
104.244.42.5
151.101.112.193
2606:4700:3037::6815:3ab7
2a00:1450:4001:812::200a
2a03:2880:f01c:216:face:b00c:0:3
34.237.47.210
67.202.114.212
84.17.46.53
89.42.231.136
0c4fbfd9d019d99f3e026fe0a41e5158bb3ec85c8c634d25328e4862559fc784
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
1f466a2190699ade5ae25a46cd131b319712afecd43d010721ff16f138580270
3b443e63989cfbf4f92fe13acbaf14cf4423c2f63f378cb23c955b4dbfd1036c
46c9c3d941c8e6b2f74597612ea53c6d5ccb77a898ac6c5420b931965639597f
634d838fecff20190c0240c70c5b316fef0de1333282707b4bc22ffa3f943ea3
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
9ba2b2408fc39bca2b4b7f77744aa1ee4b4d027b583f8c866eabbea3de13161a
a19fc5244f2c5bd7f96ebefe24cdb3bbb9759140e04df643ff68e132c162d428
b342c02cf1b71aed9e48e8f28e24df74a833a8b3a2265839a7df3308f85a9ac0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855