aujvm5e.groovepages.com Open in urlscan Pro
104.18.74.92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://g4hxreeg8.live/96dc49
Effective URL:
https://aujvm5e.groovepages.com/mbay1
Submission: On September 29 via manual (September 29th 2021, 10:53:54 pm UTC) from US — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 10 domains to perform 20 HTTP transactions. The main IP is 104.18.74.92, located in and belongs to CLOUDFLARENET, US. The main domain is aujvm5e.groovepages.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 10th 2021. Valid for: a year.

This is the only time aujvm5e.groovepages.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1	162.0.229.216 162.0.229.216	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2 3	104.18.74.92 104.18.74.92	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.202 142.250.185.202	15169 (GOOGLE) (GOOGLE)
4	172.67.139.13 172.67.139.13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.23.52 104.18.23.52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	162.213.251.230 162.213.251.230	22612 (NAMECHEAP...) (NAMECHEAP-NET)
3	104.21.81.131 104.21.81.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.161.92.183 51.161.92.183	16276 (OVH) (OVH)
1	172.67.70.233 172.67.70.233	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.60.216.19 185.60.216.19	32934 (FACEBOOK) (FACEBOOK)
2	67.202.114.214 67.202.114.214	32748 (STEADFAST) (STEADFAST)
20	12

1 162.0.229.216 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium123-4.web-hosting.com

g4hxreeg8.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.74.92 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

aujvm5e.groovepages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.139.13 (United States)

ASN13335 (CLOUDFLARENET, US)

app.groove.cm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.23.52 (None, )

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.213.251.230 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: premium87-5.web-hosting.com

australia2099yj.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.21.81.131 (None, )

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.161.92.183 (Canada)

ASN16276 (OVH, FR)
PTR: ip183.ip-51-161-92.net

matomo.groovetech.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.70.233 (United States)

ASN13335 (CLOUDFLARENET, US)

get.geojs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.60.216.19 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-frx5.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.114.214 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	fontawesome.com kit.fontawesome.com ka-f.fontawesome.com	23 KB
4	groove.cm app.groove.cm	78 KB
3	australia2099yj.tk 1 redirects australia2099yj.tk	31 KB
3	groovepages.com 2 redirects aujvm5e.groovepages.com	7 KB
2	amung.us whos.amung.us	56 B
2	groovetech.io matomo.groovetech.io	32 KB
2	googleapis.com fonts.googleapis.com	273 KB
1	fbcdn.net static.xx.fbcdn.net	2 KB
1	geojs.io get.geojs.io	979 B
1	g4hxreeg8.live g4hxreeg8.live	358 B
20	10

	Domain	Requested by
4	app.groove.cm	aujvm5e.groovepages.com
3	ka-f.fontawesome.com	kit.fontawesome.com
3	australia2099yj.tk	1 redirects aujvm5e.groovepages.com
3	aujvm5e.groovepages.com	2 redirects g4hxreeg8.live
2	whos.amung.us
2	matomo.groovetech.io	aujvm5e.groovepages.com
2	fonts.googleapis.com	aujvm5e.groovepages.com app.groove.cm
1	static.xx.fbcdn.net
1	get.geojs.io	g4hxreeg8.live
1	kit.fontawesome.com	aujvm5e.groovepages.com
1	g4hxreeg8.live
20	11

This site contains no links.

Subject Issuer	Validity	Valid
g4hxreeg8.live R3	`2021-09-24` - `2021-12-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-10` - `2022-06-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
australia2099yj.tk R3	`2021-09-13` - `2021-12-12`	3 months	crt.sh
*.groovetech.io Sectigo RSA Domain Validation Secure Server CA	`2021-08-18` - `2022-08-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-09` - `2021-12-08`	3 months	crt.sh
whos.amung.us Sectigo RSA Domain Validation Secure Server CA	`2020-05-21` - `2022-05-21`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://aujvm5e.groovepages.com/mbay1
Frame ID: 7FBA5F273E21D01BF02A4B63B6756B33
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Facebook-Video-216.131.111.168

Page URL History Show full URLs

https://g4hxreeg8.live/96dc49 Page URL
https://aujvm5e.groovepages.com/mbay1/ HTTP 301
http://aujvm5e.groovepages.com/mbay1 HTTP 301
https://aujvm5e.groovepages.com/mbay1 Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

10
Domains

11
Subdomains

12
IPs

4
Countries

447 kB
Transfer

2284 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://g4hxreeg8.live/96dc49 Page URL
https://aujvm5e.groovepages.com/mbay1/ HTTP 301
http://aujvm5e.groovepages.com/mbay1 HTTP 301
https://aujvm5e.groovepages.com/mbay1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://australia2099yj.tk/location HTTP 301
https://australia2099yj.tk/location/

20 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 96dc49
g4hxreeg8.live/ 548 B
358 B 579ms
216ms Document
text/html 162.0.229.216
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://g4hxreeg8.live/96dc49
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.0.229.216 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium123-4.web-hosting.com
Software: LiteSpeed / PHP/7.2.34
Resource Hash

Request headers

:method: GET
:authority: g4hxreeg8.live
:scheme: https
:path: /96dc49
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

x-powered-by: PHP/7.2.34
content-type: text/html; charset=UTF-8
content-length: 181
content-encoding: br
vary: Accept-Encoding
date: Wed, 29 Sep 2021 22:53:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

GET
H2

200

Primary Request mbay1 Show response
aujvm5e.groovepages.com/
Redirect Chain

https://aujvm5e.groovepages.com/mbay1/
http://aujvm5e.groovepages.com/mbay1
https://aujvm5e.groovepages.com/mbay1

74 KB
7 KB

145ms
144ms

Document
text/html

104.18.74.92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aujvm5e.groovepages.com/mbay1
Requested by: Host: g4hxreeg8.live
URL: https://g4hxreeg8.live/96dc49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.74.92 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49a492ac36626f0a118a8188b2d56573023a5b031f7dd54e19a2fa34795d7d2b

Request headers

:method: GET
:authority: aujvm5e.groovepages.com
:scheme: https
:path: /mbay1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g4hxreeg8.live/96dc49

Response headers

date: Wed, 29 Sep 2021 22:53:49 GMT
content-type: text/html
last-modified: Tue, 28 Sep 2021 21:16:11 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6968ca2fa99321a5-DUS
content-encoding: gzip

Redirect headers

Date: Wed, 29 Sep 2021 22:53:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 29 Sep 2021 23:53:49 GMT
Location: https://aujvm5e.groovepages.com/mbay1
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6968ca2f799921b1-DUS

GET
H2 200 css2
fonts.googleapis.com/ 711 KB
137 KB 148ms
83ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap

Requested by

Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

737f58a54373c1aa49d507b05f690cddc0a8f4794047a345b4a653aa1b945dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 22:53:49 GMT
server: ESF
date: Wed, 29 Sep 2021 22:53:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Sep 2021 22:53:49 GMT

GET
H2 200 inpage_published.css
app.groove.cm/groovepages/css/ 362 KB
52 KB 130ms
38ms Stylesheet
text/css 172.67.139.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/css/inpage_published.css
Requested by: Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.139.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5949002a116a1582e56d4b4ddc5a6263f24087df3945c9ad2dbc5f6c54578ae4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Sep 2021 06:52:26 GMT
server: cloudflare
age: 4776
etag: W/"61516a2a-5a968"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2SXheBC2xT66hxepZ2YDTKcmWKZ4rMyktE5ZYZKAwfqj8eI%2FKodmfeX1%2FwpvhA9a%2B%2BX3vE5PyNWyj1uEOZWJigWE%2BBxc97SETOE%2BYjZmA8jvRO820LdQUcmmD3yCl0hx"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6968ca31580c6586-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 chunk-vendors.css
app.groove.cm/groovepages/css/ 0
0 126ms
34ms Stylesheet
text/html 172.67.139.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/css/chunk-vendors.css
Requested by: Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.139.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 e7647a48d4.js Show response
kit.fontawesome.com/ 11 KB
4 KB 83ms
44ms Script
text/javascript 104.18.23.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/e7647a48d4.js

Requested by

Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.23.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb8a74896b23a167b5669b0ecb26100b9295145fdd5a71e08df836638af23061

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://aujvm5e.groovepages.com/
Origin: https://aujvm5e.groovepages.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:49 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
cf-ray: 6968ca30fb0921b1-DUS
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FqkjI2S7ORmPj4pta62B

GET
H2 200 css2
fonts.googleapis.com/ 692 KB
136 KB 118ms
118ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,700;0,900;1,400&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap

Requested by

Host: app.groove.cm
URL: https://app.groove.cm/groovepages/css/inpage_published.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

0abffe0768d60d00efc54d38297110f302455579dfd0d7ea5a531ff0f5ccac59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.groove.cm/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 22:53:49 GMT
server: ESF
date: Wed, 29 Sep 2021 22:53:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Sep 2021 22:53:49 GMT

GET
H2 200 inpage_published.js Show response
app.groove.cm/groovepages/js/ 71 KB
26 KB 40ms
39ms Script
application/javascript 172.67.139.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/js/inpage_published.js
Requested by: Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.139.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68a6c788c7fecfdfc924d45eb5ee870312e8cdd3bb682158cc7f0f4b81fd5047

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Sep 2021 06:52:26 GMT
server: cloudflare
age: 4743
etag: W/"61516a2a-11ba5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FDt9%2FQ3bMMc40wR%2BAnIO%2F%2Bo9S16BILOpyoLc1HeEw6B%2F1RArOeicccbtjUNGY5HCrUCPiWP7m6%2Ft%2FNe0jIYv7b18Wy36ZxBcI0HkCn56490SX8bEKX3N8Eo0UI%2Bo6EvI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6968ca31e8d76586-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 chunk-vendors.js Show response
app.groove.cm/groovepages/js/ 0
0 41ms
40ms Script
text/html 172.67.139.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.groove.cm/groovepages/js/chunk-vendors.js
Requested by: Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.139.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 / Show response
australia2099yj.tk/ 170 KB
30 KB 782ms
381ms Script
application/javascript 162.213.251.230
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://australia2099yj.tk/?api=1&lan=mobile&ht=2&counter0=e851h6kcgt
Requested by: Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.213.251.230 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium87-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: e9226518a41ee73e5626f667d0cffd5694c278850d186ce5508f3b6b6e7d37ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Sep 2021 22:53:50 GMT
content-encoding: br
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate
x-turbo-charged-by: LiteSpeed
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 179ms
48ms Fetch
text/css 104.21.81.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=e7647a48d4
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e7647a48d4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.81.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:50 GMT
via: 1.1 3f1a5dbb6451309426050e13abf469c6.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG50-P1
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bv1OT6UriqcGrztt67z%2Fc7GeG%2BRGc8asIXGSJtbw7I%2Fgg7SNHZ2bb9ZgtYHiZw%2FQa%2FystbVwrNsEZe3nbRbGDFXsOu4CN1BSliGKAneAEJMLl6GwRbIRC8632o%2Fup%2BxsKZttrUhG%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6968ca338d7e40db-CDG
access-control-allow-headers: fa-kit-token
x-amz-cf-id: AdJvuSqEY6dfyf3Wdiqgr4kpgN4s6dcPt8Gcz_inZbGiqvapkD__eg==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 171ms
40ms Fetch
text/css 104.21.81.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=e7647a48d4
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e7647a48d4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.81.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:50 GMT
via: 1.1 b1d588fd1c781c1c3a3cb8e0d6c6f49e.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG50-P1
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uQAyKnGjJJVmf5Jkvk54W%2BqvUk7lLQnPbeVdDuT%2BOszCMM9NQ6JTtbej5cL3%2FPqCHk1n94U7G44LUtG1XByXQvhjxUimFJjBFc%2B4F2QKD1%2BT1EJ9OVx4QkeqYhlNgpY%2BSTK006JKjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6968ca338d8140db-CDG
access-control-allow-headers: fa-kit-token
x-amz-cf-id: KzWAn59iccAckjFB7r3lWHwUBey0ARMI8QcHgxtHEMAITxGi_QweUQ==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 3 KB
2 KB 170ms
40ms Fetch
text/css 104.21.81.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=e7647a48d4
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/e7647a48d4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.81.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:50 GMT
via: 1.1 16de6e3636993b2d3f832b9ae653bd69.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG50-P1
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6jXYOntoiEtKGosmb78U3eVYOKmV%2F45RxkurElwkBaQ1VBK4YcpHNKThU7QZGIs66SwWFaMAL1qiFYVgVilkXzov7mfG3W6tdmAIAuw5bVwZdrfW8QjmTTNh%2FbE2ckCSy1iymOmUIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 6968ca338d8240db-CDG
access-control-allow-headers: fa-kit-token
x-amz-cf-id: RpkLszo6XdTt9CaSlDdlgP_dqgB_L9FDQ7NW7qgThUp0VG-0P7eXLg==

GET
H/1.1 200
OK matomo.js Show response
matomo.groovetech.io/ 100 KB
32 KB 566ms
210ms Script
application/javascript 51.161.92.183
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.groovetech.io/matomo.js
Requested by: Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.161.92.183 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip183.ip-51-161-92.net
Software: nginx/1.19.2 /
Resource Hash: 68fed142b211b51c4d2e9b610dd4d09bc4812739b5beaa63535d88e38e90a946

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:50 GMT
content-encoding: gzip
last-modified: Tue, 21 Jul 2020 21:11:02 GMT
server: nginx/1.19.2
etag: "19167-5aafa0f820d0f-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 32444

GET
H/1.1 200
OK matomo.php
matomo.groovetech.io/ 43 B
217 B 157ms
157ms Image
image/gif 51.161.92.183
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matomo.groovetech.io/matomo.php?action_name=aujvm5e.groovepages.com%2FHome&idsite=4&rec=1&r=791825&h=22&m=53&s=50&url=https%3A%2F%2Faujvm5e.groovepages.com%2Fmbay1&_id=47dcfa44585957ee&_idts=1632956030&_idvc=1&_idn=0&_refts=0&_viewts=1632956030&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&dimension1=447800&dimension2=2orrvj3x6&gt_ms=352&pv_id=lTdL0j
Requested by: Host: aujvm5e.groovepages.com
URL: https://aujvm5e.groovepages.com/mbay1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.161.92.183 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip183.ip-51-161-92.net
Software: nginx/1.19.2 / PHP/7.4.16
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:50 GMT
cache-control: no-store
server: nginx/1.19.2
x-powered-by: PHP/7.4.16
content-length: 43
content-type: image/gif

GET
H2

200

/ Show response
australia2099yj.tk/location/
Redirect Chain

https://australia2099yj.tk/location
https://australia2099yj.tk/location/

1 KB
642 B

160ms
160ms

Script
application/javascript

162.213.251.230
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://australia2099yj.tk/location/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.213.251.230 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium87-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: d964244aacd605f252dc3e815ecfd0d5aa910fcd659064b913da2cbe32407dbf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:50 GMT
content-encoding: br
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-length: 437
expires: Wed, 06 Oct 2021 22:53:50 GMT

Redirect headers

location: https://australia2099yj.tk/location/
date: Wed, 29 Sep 2021 22:53:50 GMT
x-turbo-charged-by: LiteSpeed
server: LiteSpeed
content-length: 707
content-type: text/html

GET
H2 200 geo.json Show response
get.geojs.io/v1/ip/ 348 B
979 B 132ms
52ms XHR
application/json 172.67.70.233
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.geojs.io/v1/ip/geo.json

Requested by

Host: g4hxreeg8.live
URL: https://g4hxreeg8.live/96dc49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.70.233 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41346d69be30652af697ece205857c4653ffe33304514bf00d001254d3e0c5dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: 7ef027fddac1eaf3a838261eb1b20306-AMS
x-geojs-location: AMS
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dljwyUfbq5QP7Gs1JgWV2437c6GGFLZ%2Bid9szdy0pmzxv2f%2BURxJwtaUCfz7s9rs9u3Vu3ogIAESaSXQbdnsALOTWCCUFy1ttz1ZpN50YlGlB8%2FTRViC8XYbbf5rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
cf-ray: 6968ca38be6fcd8b-CDG

GET
H2 200 dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ 2 KB
2 KB 39ms
10ms Image
image/svg+xml 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.216.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-frx5.fbcdn.net

Software

Resource Hash

9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self';script-src .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src .fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self';script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: br
x-content-type-options: nosniff
content-md5: NiMA5zHIsmaYxSYEaw9fHg==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1027
x-xss-protection: 0
x-fb-debug: Gai977zYBUrmfCr0rGYjs7lgzrezaUqQt7vJfkAYQlLOqnhgEmFQcAMn+oEMtjtMlRsA1yM3At53wc+vA9u/Hg==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
date: Wed, 29 Sep 2021 22:53:50 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
timing-allow-origin: *
priority: u=3,i
expires: Wed, 28 Sep 2022 05:24:09 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 /
whos.amung.us/pingjs/ 28 B
28 B 370ms
114ms Image
text/javascript 67.202.114.214
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://whos.amung.us/pingjs/?k=e851h6kcgt&title=LACHANZATEAMXD&x=https://youtube.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.202.114.214 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: amung.us
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:51 GMT
content-encoding: gzip
content-type: text/javascript;charset=UTF-8

GET
H2 200 /
whos.amung.us/pingjs/ 28 B
28 B 369ms
113ms Image
text/javascript 67.202.114.214
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://whos.amung.us/pingjs/?k=msmjdfddus&title=LACHANZATEAMXD&x=https://youtube.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.202.114.214 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: amung.us
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aujvm5e.groovepages.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 22:53:51 GMT
content-encoding: gzip
content-type: text/javascript;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
aujvm5e.groovepages.com/	1969-12-31 23:59:59	Name: hasVisitedPopupPage Value: true
aujvm5e.groovepages.com/	1970-01-20 07:01:51	Name: _pk_id.4.0263 Value: 47dcfa44585957ee.1632956030.1.1632956030.1632956030.
aujvm5e.groovepages.com/	1970-01-19 21:35:57	Name: _pk_ses.4.0263 Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.groove.cm
aujvm5e.groovepages.com
australia2099yj.tk
fonts.googleapis.com
g4hxreeg8.live
get.geojs.io
ka-f.fontawesome.com
kit.fontawesome.com
matomo.groovetech.io
static.xx.fbcdn.net
whos.amung.us
104.18.23.52
104.18.74.92
104.21.81.131
142.250.185.202
162.0.229.216
162.213.251.230
172.67.139.13
172.67.70.233
185.60.216.19
51.161.92.183
67.202.114.214
0abffe0768d60d00efc54d38297110f302455579dfd0d7ea5a531ff0f5ccac59
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
41346d69be30652af697ece205857c4653ffe33304514bf00d001254d3e0c5dc
49a492ac36626f0a118a8188b2d56573023a5b031f7dd54e19a2fa34795d7d2b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5949002a116a1582e56d4b4ddc5a6263f24087df3945c9ad2dbc5f6c54578ae4
68a6c788c7fecfdfc924d45eb5ee870312e8cdd3bb682158cc7f0f4b81fd5047
68fed142b211b51c4d2e9b610dd4d09bc4812739b5beaa63535d88e38e90a946
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
737f58a54373c1aa49d507b05f690cddc0a8f4794047a345b4a653aa1b945dc6
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
bb8a74896b23a167b5669b0ecb26100b9295145fdd5a71e08df836638af23061
d964244aacd605f252dc3e815ecfd0d5aa910fcd659064b913da2cbe32407dbf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9226518a41ee73e5626f667d0cffd5694c278850d186ce5508f3b6b6e7d37ac
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

aujvm5e.groovepages.com Open in urlscan Pro 104.18.74.92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

10 Domains

11 Subdomains

12 IPs

4 Countries

447 kBTransfer

2284 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

3 Cookies

Indicators

aujvm5e.groovepages.com Open in urlscan Pro
104.18.74.92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

10
Domains

11
Subdomains

12
IPs

4
Countries

447 kB
Transfer

2284 kB
Size

3
Cookies

20 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!