facebook.profilephp.com
Open in
urlscan Pro
52.95.165.115
Malicious Activity!
Public Scan
Submission: On November 08 via automatic, source openphish — Scanned from DE
Summary
This is the only time facebook.profilephp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 52.95.165.115 52.95.165.115 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.66.112.28 18.66.112.28 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
6 | 3 |
ASN16509 (AMAZON-02, US)
PTR: s3-website-sa-east-1.amazonaws.com
facebook.profilephp.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-28.fra56.r.cloudfront.net
fpnpmcdn.net |
ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
profilephp.com
facebook.profilephp.com |
180 KB |
1 |
fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 600 |
1 KB |
1 |
fpnpmcdn.net
fpnpmcdn.net — Cisco Umbrella Rank: 22970 |
1 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
4 | facebook.profilephp.com |
facebook.profilephp.com
|
1 | static.xx.fbcdn.net |
facebook.profilephp.com
|
1 | fpnpmcdn.net |
facebook.profilephp.com
|
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fpcdn.io Amazon |
2022-03-23 - 2023-04-21 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2022-08-17 - 2022-11-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://facebook.profilephp.com/
Frame ID: 8982EC5EAEF28F7D59E5031C45A02EDA
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
facebook.profilephp.com/ |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.d0dade37.chunk.css
facebook.profilephp.com/static/css/ |
127 B 460 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.cfd4d76c.chunk.js
facebook.profilephp.com/static/js/ |
171 KB 171 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.46d5232d.chunk.js
facebook.profilephp.com/static/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader_v3.6.2.js
fpnpmcdn.net/v3/vPeirs9pijzYwywzBJ74/ |
624 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| webpackJsonpreact function| setImmediate function| clearImmediate undefined| __fpjs_p_l_b0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
facebook.profilephp.com
fpnpmcdn.net
static.xx.fbcdn.net
18.66.112.28
2a03:2880:f01c:8012:face:b00c:0:3
52.95.165.115
2dd54783de176b53a90cb1beba5cc9a01672772cc37dd222b6742dcd718c2e91
64170505ce92190c2ac68e674d45a952f67d5311b6a1b58aeb0d59d91d9d92d3
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
a67d8b2faa29347afc1a2121385f8178943a8ae817fe503cefb55dcc6810921d
c1cd6f8ff06260fd5bcc21ecf055ef8e965e3d33ed9e57f273e089f96e43a9a7
c29880c51e89b9670aca4d97dfee13bfbcca7a0ddd64dd060e7052b2d5be0137