![](/screenshots/6458f04e-2a17-40bd-beee-3a51e69a7734.png)
aujvm5e.groovepages.com
Open in
urlscan Pro
104.18.74.92
Malicious Activity!
Public Scan
Effective URL: https://aujvm5e.groovepages.com/mbay1
Submission: On September 29 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 10th 2021. Valid for: a year.
This is the only time aujvm5e.groovepages.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 162.0.229.216 162.0.229.216 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 3 | 104.18.74.92 104.18.74.92 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.250.185.202 142.250.185.202 | 15169 (GOOGLE) (GOOGLE) | |
4 | 172.67.139.13 172.67.139.13 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.23.52 104.18.23.52 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 162.213.251.230 162.213.251.230 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
3 | 104.21.81.131 104.21.81.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 51.161.92.183 51.161.92.183 | 16276 (OVH) (OVH) | |
1 | 172.67.70.233 172.67.70.233 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 185.60.216.19 185.60.216.19 | 32934 (FACEBOOK) (FACEBOOK) | |
2 | 67.202.114.214 67.202.114.214 | 32748 (STEADFAST) (STEADFAST) | |
20 | 12 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium123-4.web-hosting.com
g4hxreeg8.live |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
fonts.googleapis.com |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium87-5.web-hosting.com
australia2099yj.tk |
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-frx5.fbcdn.net
static.xx.fbcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
fontawesome.com
kit.fontawesome.com ka-f.fontawesome.com |
23 KB |
4 |
groove.cm
app.groove.cm |
78 KB |
3 |
australia2099yj.tk
1 redirects
australia2099yj.tk |
31 KB |
3 |
groovepages.com
2 redirects
aujvm5e.groovepages.com |
7 KB |
2 |
amung.us
whos.amung.us |
56 B |
2 |
groovetech.io
matomo.groovetech.io |
32 KB |
2 |
googleapis.com
fonts.googleapis.com |
273 KB |
1 |
fbcdn.net
static.xx.fbcdn.net |
2 KB |
1 |
geojs.io
get.geojs.io |
979 B |
1 |
g4hxreeg8.live
g4hxreeg8.live |
358 B |
20 | 10 |
Domain | Requested by | |
---|---|---|
4 | app.groove.cm |
aujvm5e.groovepages.com
|
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
3 | australia2099yj.tk |
1 redirects
aujvm5e.groovepages.com
|
3 | aujvm5e.groovepages.com |
2 redirects
g4hxreeg8.live
|
2 | whos.amung.us | |
2 | matomo.groovetech.io |
aujvm5e.groovepages.com
|
2 | fonts.googleapis.com |
aujvm5e.groovepages.com
app.groove.cm |
1 | static.xx.fbcdn.net | |
1 | get.geojs.io |
g4hxreeg8.live
|
1 | kit.fontawesome.com |
aujvm5e.groovepages.com
|
1 | g4hxreeg8.live | |
20 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
g4hxreeg8.live R3 |
2021-09-24 - 2021-12-23 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-10 - 2022-06-09 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
australia2099yj.tk R3 |
2021-09-13 - 2021-12-12 |
3 months | crt.sh |
*.groovetech.io Sectigo RSA Domain Validation Secure Server CA |
2021-08-18 - 2022-08-18 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-09-09 - 2021-12-08 |
3 months | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://aujvm5e.groovepages.com/mbay1
Frame ID: 7FBA5F273E21D01BF02A4B63B6756B33
Requests: 21 HTTP requests in this frame
Screenshot
![](/screenshots/6458f04e-2a17-40bd-beee-3a51e69a7734.png)
Page Title
Facebook-Video-216.131.111.168Page URL History Show full URLs
- https://g4hxreeg8.live/96dc49 Page URL
-
https://aujvm5e.groovepages.com/mbay1/
HTTP 301
http://aujvm5e.groovepages.com/mbay1 HTTP 301
https://aujvm5e.groovepages.com/mbay1 Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://g4hxreeg8.live/96dc49 Page URL
-
https://aujvm5e.groovepages.com/mbay1/
HTTP 301
http://aujvm5e.groovepages.com/mbay1 HTTP 301
https://aujvm5e.groovepages.com/mbay1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://australia2099yj.tk/location HTTP 301
- https://australia2099yj.tk/location/
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
96dc49
g4hxreeg8.live/ |
548 B 358 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
mbay1
aujvm5e.groovepages.com/ Redirect Chain
|
74 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
711 KB 137 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpage_published.css
app.groove.cm/groovepages/css/ |
362 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.css
app.groove.cm/groovepages/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e7647a48d4.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
692 KB 136 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpage_published.js
app.groove.cm/groovepages/js/ |
71 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.js
app.groove.cm/groovepages/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
australia2099yj.tk/ |
170 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 4 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 2 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
matomo.js
matomo.groovetech.io/ |
100 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
matomo.php
matomo.groovetech.io/ |
43 B 217 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
australia2099yj.tk/location/ Redirect Chain
|
1 KB 642 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
geo.json
get.geojs.io/v1/ip/ |
348 B 979 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
28 B 28 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
28 B 28 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster string| t object| FontAwesomeKitConfig string| websiteurl undefined| encodeSite object| _paq function| mergeContentSettings object| site object| JSON_PIWIK object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log function| sh boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| checking function| creatingInput function| searchingForms3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
aujvm5e.groovepages.com/ | Name: hasVisitedPopupPage Value: true |
|
aujvm5e.groovepages.com/ | Name: _pk_id.4.0263 Value: 47dcfa44585957ee.1632956030.1.1632956030.1632956030. |
|
aujvm5e.groovepages.com/ | Name: _pk_ses.4.0263 Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.groove.cm
aujvm5e.groovepages.com
australia2099yj.tk
fonts.googleapis.com
g4hxreeg8.live
get.geojs.io
ka-f.fontawesome.com
kit.fontawesome.com
matomo.groovetech.io
static.xx.fbcdn.net
whos.amung.us
104.18.23.52
104.18.74.92
104.21.81.131
142.250.185.202
162.0.229.216
162.213.251.230
172.67.139.13
172.67.70.233
185.60.216.19
51.161.92.183
67.202.114.214
0abffe0768d60d00efc54d38297110f302455579dfd0d7ea5a531ff0f5ccac59
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
41346d69be30652af697ece205857c4653ffe33304514bf00d001254d3e0c5dc
49a492ac36626f0a118a8188b2d56573023a5b031f7dd54e19a2fa34795d7d2b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5949002a116a1582e56d4b4ddc5a6263f24087df3945c9ad2dbc5f6c54578ae4
68a6c788c7fecfdfc924d45eb5ee870312e8cdd3bb682158cc7f0f4b81fd5047
68fed142b211b51c4d2e9b610dd4d09bc4812739b5beaa63535d88e38e90a946
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
737f58a54373c1aa49d507b05f690cddc0a8f4794047a345b4a653aa1b945dc6
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
bb8a74896b23a167b5669b0ecb26100b9295145fdd5a71e08df836638af23061
d964244aacd605f252dc3e815ecfd0d5aa910fcd659064b913da2cbe32407dbf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9226518a41ee73e5626f667d0cffd5694c278850d186ce5508f3b6b6e7d37ac
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda