facebook.profilephp.com Open in urlscan Pro
52.95.165.115  Malicious Activity! Public Scan

URL: http://facebook.profilephp.com/
Submission: On November 08 via automatic, source openphish — Scanned from DE

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 52.95.165.115, located in São Paulo, Brazil and belongs to AMAZON-02, US. The main domain is facebook.profilephp.com.
This is the only time facebook.profilephp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
4 52.95.165.115 16509 (AMAZON-02)
1 18.66.112.28 16509 (AMAZON-02)
1 2a03:2880:f01... 32934 (FACEBOOK)
6 3
Apex Domain
Subdomains
Transfer
4 profilephp.com
facebook.profilephp.com
180 KB
1 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 600
1 KB
1 fpnpmcdn.net
fpnpmcdn.net — Cisco Umbrella Rank: 22970
1 KB
6 3
Domain Requested by
4 facebook.profilephp.com facebook.profilephp.com
1 static.xx.fbcdn.net facebook.profilephp.com
1 fpnpmcdn.net facebook.profilephp.com
6 3

This site contains no links.

Subject Issuer Validity Valid
fpcdn.io
Amazon
2022-03-23 -
2023-04-21
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-08-17 -
2022-11-15
3 months crt.sh

This page contains 1 frames:

Primary Page: http://facebook.profilephp.com/
Frame ID: 8982EC5EAEF28F7D59E5031C45A02EDA
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Facebook - Inicia sesión o regístrate

Page Statistics

6
Requests

33 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

182 kB
Transfer

181 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
facebook.profilephp.com/
3 KB
3 KB
Document
General
Full URL
http://facebook.profilephp.com/
Protocol
HTTP/1.1
Server
52.95.165.115 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-website-sa-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
64170505ce92190c2ac68e674d45a952f67d5311b6a1b58aeb0d59d91d9d92d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
2566
Content-Type
text/html
Date
Tue, 08 Nov 2022 13:05:48 GMT
ETag
"e8c10757025609550dabd23a6981437e"
Last-Modified
Sun, 24 Jul 2022 23:26:43 GMT
Server
AmazonS3
x-amz-id-2
XWzlbY3OPkIu1+Ig64k3i0cB2M2OwaBhVAlWL9B7Exi9uuhiqZTo9riOmJWZ+Ub6qFYeBhq4QBQ=
x-amz-request-id
93Y3BHPKSP42Z414
main.d0dade37.chunk.css
facebook.profilephp.com/static/css/
127 B
460 B
Stylesheet
General
Full URL
http://facebook.profilephp.com/static/css/main.d0dade37.chunk.css
Requested by
Host: facebook.profilephp.com
URL: http://facebook.profilephp.com/
Protocol
HTTP/1.1
Server
52.95.165.115 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-website-sa-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
c1cd6f8ff06260fd5bcc21ecf055ef8e965e3d33ed9e57f273e089f96e43a9a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://facebook.profilephp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 13:05:48 GMT
Last-Modified
Sun, 24 Jul 2022 23:26:40 GMT
Server
AmazonS3
x-amz-request-id
93Y5TQ4VBKWQ23EY
ETag
"3e6d2bba6cf15b056940ca2c27791ebe"
Content-Type
text/css
Content-Length
127
x-amz-id-2
s9VqDLRMBOYJ7Rp0tgXuI61jIpqFhBH5PDegnAtYkNlpFsdj39Y52r3O5rTmo15fkzGIyGHm4LQ=
2.cfd4d76c.chunk.js
facebook.profilephp.com/static/js/
171 KB
171 KB
Script
General
Full URL
http://facebook.profilephp.com/static/js/2.cfd4d76c.chunk.js
Requested by
Host: facebook.profilephp.com
URL: http://facebook.profilephp.com/
Protocol
HTTP/1.1
Server
52.95.165.115 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-website-sa-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
2dd54783de176b53a90cb1beba5cc9a01672772cc37dd222b6742dcd718c2e91

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://facebook.profilephp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 13:05:49 GMT
Last-Modified
Sun, 24 Jul 2022 23:26:34 GMT
Server
AmazonS3
x-amz-request-id
6DWA7FM6SPHAN966
ETag
"5437be9eb9778c3fb94adca20537b9ac"
Content-Type
application/javascript
Content-Length
175123
x-amz-id-2
96AuWhz6mdM5qzZ6nm/Xj7TBeWx9PSGLpdYVneyQeIodKTmYoTQkFGfxgtqaCYz0Tf0MgO1QppM=
main.46d5232d.chunk.js
facebook.profilephp.com/static/js/
5 KB
5 KB
Script
General
Full URL
http://facebook.profilephp.com/static/js/main.46d5232d.chunk.js
Requested by
Host: facebook.profilephp.com
URL: http://facebook.profilephp.com/
Protocol
HTTP/1.1
Server
52.95.165.115 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-website-sa-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
c29880c51e89b9670aca4d97dfee13bfbcca7a0ddd64dd060e7052b2d5be0137

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://facebook.profilephp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 13:05:49 GMT
Last-Modified
Sun, 24 Jul 2022 23:26:37 GMT
Server
AmazonS3
x-amz-request-id
6DW6KD3WWA5SR9E0
ETag
"d104211a5c851e6b5206dcfb86905486"
Content-Type
application/javascript
Content-Length
5013
x-amz-id-2
At6hPts80YheKbbLu1AE9CO4DZM2cfPj8sUIQvJvdQVpLkOyWL/BdU8o+tbyD+goTo3UNypfsTE=
loader_v3.6.2.js
fpnpmcdn.net/v3/vPeirs9pijzYwywzBJ74/
624 B
1 KB
Script
General
Full URL
https://fpnpmcdn.net/v3/vPeirs9pijzYwywzBJ74/loader_v3.6.2.js
Requested by
Host: facebook.profilephp.com
URL: http://facebook.profilephp.com/static/js/2.cfd4d76c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-28.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
a67d8b2faa29347afc1a2121385f8178943a8ae817fe503cefb55dcc6810921d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://facebook.profilephp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 02:28:59 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
38209
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
624
server
CloudFront
etag
"/uaWhW9my66gHJVy63IrderJwo8"
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3572, s-maxage=624628
x-amz-cf-id
yjgsl7_qAWh5zDZjT49r6UDouDHwb7v3Lwh9cNDsI6KpURAuow1waQ==
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/
2 KB
1 KB
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/y8/r/dF5SId3UHWd.svg
Requested by
Host: facebook.profilephp.com
URL: http://facebook.profilephp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://facebook.profilephp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 13:05:48 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
NiMA5zHIsmaYxSYEaw9fHg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1027
x-fb-rlafr
0
x-fb-debug
RxCF6T4EIL8ze/P0a6FVyvUxMaV/E84VylK419nCnXibxdtR8aDbRaudi/dtGAAJsVtD002u6qO3X96Cq9LE9A==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 02 Nov 2023 16:55:30 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| webpackJsonpreact function| setImmediate function| clearImmediate undefined| __fpjs_p_l_b

0 Cookies