polar-savannah-13447.herokuapp.com
Open in
urlscan Pro
54.204.118.255
Malicious Activity!
Public Scan
Submission: On September 21 via automatic, source openphish
Summary
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on June 15th 2020. Valid for: a year.
This is the only time polar-savannah-13447.herokuapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 54.204.118.255 54.204.118.255 | 14618 (AMAZON-AES) (AMAZON-AES) | |
18 | 2a03:2880:f11... 2a03:2880:f11c:8184:face:b00c:0:14c9 | 32934 (FACEBOOK) (FACEBOOK) | |
2 3 | 2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
20 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-204-118-255.compute-1.amazonaws.com
polar-savannah-13447.herokuapp.com |
ASN32934 (FACEBOOK, US)
facebook.com | |
fbcdn.net | |
fbsbx.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
fbcdn.net
1 redirects
z-m-static.xx.fbcdn.net fbcdn.net |
308 KB |
1 |
fbsbx.com
fbsbx.com |
743 B |
1 |
facebook.com
1 redirects
facebook.com |
321 B |
1 |
herokuapp.com
polar-savannah-13447.herokuapp.com |
343 KB |
20 | 4 |
Domain | Requested by | |
---|---|---|
18 | z-m-static.xx.fbcdn.net |
polar-savannah-13447.herokuapp.com
z-m-static.xx.fbcdn.net |
1 | fbsbx.com |
polar-savannah-13447.herokuapp.com
|
1 | fbcdn.net | 1 redirects |
1 | facebook.com | 1 redirects |
1 | polar-savannah-13447.herokuapp.com | |
20 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.oculus.com |
portal.facebook.com |
pay.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.herokuapp.com DigiCert SHA2 High Assurance Server CA |
2020-06-15 - 2021-07-07 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-09-11 - 2020-12-10 |
3 months | crt.sh |
fbcdn.net DigiCert SHA2 High Assurance Server CA |
2020-08-18 - 2020-11-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://polar-savannah-13447.herokuapp.com/
Frame ID: 7AEEB3DDAE87531CACD2CB900DF6279F
Requests: 20 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title: Oculus
Search URL Search Domain Scan URL
Title: Portal
Search URL Search Domain Scan URL
Title: Facebook Pay
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://facebook.com/security/hsts-pixel.gif?c=3.2 HTTP 302
- https://fbcdn.net/security/hsts-pixel.gif?c=2 HTTP 302
- https://fbsbx.com/security/hsts-pixel.gif
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
polar-savannah-13447.herokuapp.com/ |
342 KB 343 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_q5U3AJMIrF.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/ |
95 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PdPpz2ZbIre.css
z-m-static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
j2v8Me7xzEx.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yF/r/ |
214 KB 56 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kherF2TGyJY.js
z-m-static.xx.fbcdn.net/rsrc.php/v3iN6O4/yX/l/en_GB/ |
78 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NtVNt9evXLJ.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yq/r/ |
19 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yo6T-x1gYxs.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yk/r/ |
68 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9wEbkEE5dwX.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yH/r/ |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FP2WiYmCTq5.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yE/r/ |
77 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_YLxpKv0Qxi.js
z-m-static.xx.fbcdn.net/rsrc.php/v3i3kA4/yI/l/en_GB/ |
51 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SMo8o8Rrb-q.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/ys/r/ |
106 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oUiwAOlEqFy.js
z-m-static.xx.fbcdn.net/rsrc.php/v3iLQG4/yy/l/en_GB/ |
35 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xOnkVwPFmLb.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yf/r/ |
25 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BwjU4B_qfpp.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yC/r/ |
10 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7oVtGLsr9D2.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/yH/r/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
z-m-static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
fbsbx.com/security/ Redirect Chain
|
43 B 743 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pB4Usen1RSA.js
z-m-static.xx.fbcdn.net/rsrc.php/v3/ys/r/ |
125 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OvlnSpA957d.js
z-m-static.xx.fbcdn.net/rsrc.php/v3i7QV4/yy/l/en_GB/ |
212 KB 58 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RkaAa6FHLia.png
z-m-static.xx.fbcdn.net/rsrc.php/v3/yv/r/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| envFlush object| Env number| __DEV__ undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer function| getErrorSafe object| ErrorGuard object| ErrorUtils function| CavalryLogger function| __updateOrientation object| TimeSlice function| now_inl object| bigPipe object| MAjaxify string| _script_path function| __fbNativeSetTimeout function| __fbNativeClearTimeout function| __fbNativeSetInterval function| __fbNativeClearInterval function| __fbNativeRequestAnimationFrame function| __fbNativeCancelAnimationFrame1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.polar-savannah-13447.herokuapp.com/ | Name: wd Value: 1600x1200 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
facebook.com
fbcdn.net
fbsbx.com
polar-savannah-13447.herokuapp.com
z-m-static.xx.fbcdn.net
2a03:2880:f11c:8184:face:b00c:0:14c9
2a03:2880:f12d:83:face:b00c:0:25de
54.204.118.255
045eb3a7ece33969b375ba49dd7fe979ad681b84346d0fced832e9e035f6ff38
09237b8d32ff40fdd035a30f3139b497fb01c87d3d76cfbc091ff19b21277755
17a5f0166d4daacea1e94680580a78e51a0fe14919ca734b6ebdeb78e3782d86
17e7873ee69be5f0a662598a550e4631dae55a96517ad24d9379ff3f9953602a
285d533549c7d13860ff77cd6a8bab57a4d75ae945a6a1c8aaca7d8940dbb06a
42bfffc1e9d0c57697ce98df3605a1b568ff37451a2ee0a36cfb3d9a365f0b43
46e7d7455f292ed282cfd1c545b3cac97182e5e7ce0c563ffd9ecd1635acf48a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5b87dc2ad665b277eb73cb32a3e651aea969f2d23b2bf371d0214fbee9d020fe
66b8317a0459b9e93e594c86f2a896d0b99d7d648750e7a04eae93395660283a
7f91a7149890ac9568bc220bb035f414a3ec96b5a5888962bfcc45da9c47d4d6
90fc2b7c560c83ab424924e01a937e83d53ee1a26c14a9e70311f499daff71a3
923246497ee8ba7ae8cda9db62fb4eafec4fe7c3fd21e1fada0368ea8b5422fd
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
99180e41a086b8a76ff073ead07eb11e0982c35a5663235e7ad4c757a29d2f51
a861cdaa0dfe5552cf4a71ef045d09f8e1f4f8a3a516fdd5cfb3d4f4b07efedb
ab02a71250e22b86c18299663c23a2cb9e093a89e2838b517b10e2449fa758bc
d2240d53841efb76405321f0a15c7c4befbc51f9a02af1dab479a4dc54bc301e
d3c27be76a9fe1c65832633de98e78ab23577d8f5496cdb2ee5ba17095dd31d5
df82954cd486194d79cc3562ea66482ae9de60a9820f00f315cbb3bcda2f0ba0