cdnmp.com
Open in
urlscan Pro
2606:4700:10::ac43:1975
Malicious Activity!
Public Scan
Effective URL: https://cdnmp.com/691166965/content/Facebooks.html
Submission: On November 06 via manual from CZ — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 6th 2021. Valid for: a year.
This is the only time cdnmp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 136.243.224.221 136.243.224.221 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2606:4700:10:... 2606:4700:10::ac43:1975 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2600:9000:21f... 2600:9000:21f3:da00:4:c961:9640:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 4 | 162.0.217.44 162.0.217.44 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 13.225.87.109 13.225.87.109 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.84.165.132 54.84.165.132 | 14618 (AMAZON-AES) (AMAZON-AES) | |
6 | 2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 67.202.114.212 67.202.114.212 | 32748 (STEADFAST) (STEADFAST) | |
17 | 9 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business146-5.web-hosting.com
wolfteam.xyz |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-109.fra2.r.cloudfront.net
cf.mailmunch.co |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-165-132.compute-1.amazonaws.com
analytics.mailmunch.co |
ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
fbcdn.net
static.xx.fbcdn.net |
5 KB |
4 |
wolfteam.xyz
2 redirects
wolfteam.xyz |
10 KB |
4 |
mailmunch.co
a.mailmunch.co cf.mailmunch.co analytics.mailmunch.co |
136 KB |
2 |
googleapis.com
ajax.googleapis.com |
35 KB |
1 |
amung.us
whos.amung.us |
30 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
2 KB |
1 |
cdnmp.com
cdnmp.com |
5 KB |
1 |
zaya.io
1 redirects
zaya.io |
1 KB |
17 | 8 |
Domain | Requested by | |
---|---|---|
6 | static.xx.fbcdn.net |
wolfteam.xyz
cdnmp.com |
4 | wolfteam.xyz |
2 redirects
cdnmp.com
|
2 | a.mailmunch.co |
cdnmp.com
|
2 | ajax.googleapis.com |
cdnmp.com
|
1 | whos.amung.us |
cdnmp.com
|
1 | analytics.mailmunch.co |
cdnmp.com
|
1 | cf.mailmunch.co |
cdnmp.com
|
1 | cdnjs.cloudflare.com |
cdnmp.com
|
1 | cdnmp.com | |
1 | zaya.io | 1 redirects |
17 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-05-06 - 2022-05-05 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-10-18 - 2022-01-10 |
3 months | crt.sh |
*.mailmunch.co Amazon |
2021-02-25 - 2022-03-26 |
a year | crt.sh |
analytics.mailmunch.co R3 |
2021-10-14 - 2022-01-12 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-08-16 - 2021-11-14 |
3 months | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://cdnmp.com/691166965/content/Facebooks.html
Frame ID: DDAE5B7E4F17E235DA5C622C26C02A93
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Facebook - Sign in or sign upPage URL History Show full URLs
-
https://zaya.io/ak4k7
HTTP 301
https://cdnmp.com/691166965/content/Facebooks.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://zaya.io/ak4k7
HTTP 301
https://cdnmp.com/691166965/content/Facebooks.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://wolfteam.xyz/fbs?api=1&lan=facebooknew&ht=2 HTTP 301
- https://wolfteam.xyz/fbs/?api=1&lan=facebooknew&ht=2
- https://wolfteam.xyz/fbs/location HTTP 301
- https://wolfteam.xyz/fbs/location/
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Facebooks.html
cdnmp.com/691166965/content/ Redirect Chain
|
19 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ |
82 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form.js
a.mailmunch.co/app/v1/ |
14 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
safe_image_20%281%29.png
a.mailmunch.co/attachments/assets/000/506/296/large/ |
127 KB 128 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wolfteam.xyz/fbs/ Redirect Chain
|
43 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_full_black.png
cf.mailmunch.co/partner/mailmunch/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
analytics.mailmunch.co/event/ |
35 B 344 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tbmm-v7ExV2.css
static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kl88ihvTqaW.css
static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Zk78-DQhWlO.css
static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
wolfteam.xyz/fbs/location/ Redirect Chain
|
1 KB 656 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
30 B 30 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)64 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| WebFont function| _classCallCheck function| _inherits function| loadFlatPicker function| loadPlugins function| initDatePicker function| isColorDarkOrLight function| validateRecipient function| addDidYouMeanContent function| checkLeadQualityPermissions function| checkGlobalLeadQualityPermission function| validateEmailTypes function| initializeLoading function| terminateLoading function| removeDidYouMeanContent function| checkDidYouMeanContentUniqueness function| updateSubmitButton function| _createClass function| _get function| Field string| formsDomain string| environment function| EmailField function| TextField function| Checkbox function| Dropdown function| HiddenField function| DateField function| NumberField function| Form function| MMForms string| successUrl string| redirectUrl string| submitUrl string| subscribePixel string| couponsList function| isValidEmail function| fireSubscribePixel function| extractMergeTags object| fonts object| customFonts object| googleFonts object| loadableFonts function| fireEvent boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| __updateOrientation function| checking function| creatingInput function| searchingForms3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
zaya.io/ | Name: XSRF-TOKEN Value: eyJpdiI6InhVVS8rZ0NyMjNCQWlHTnRoN05PTVE9PSIsInZhbHVlIjoiTnB2eU1NZVVIOEIxVDNEWkVjMUQxTFBTTzJsZ1MrWStOWlRxVUxOU2tjVEc2eW5malJTdWc1YTYydHZMUXlNMXh5RVhSUkwvWWMzeVVPcFRyN2ZraHNpNlJJUldzR21USUc2Zy8wcmM3N1d5UU9sMXdESmw1Z0t5bUlhb3FQZWciLCJtYWMiOiIyYzNlYzNkZmM0ZDY3ZGZmMWU1MjhhMjdhMzlhNTk2OWJmM2M5YjM5ZWJhZDlhNDJhNjEzMmI1YjAxYWFmZDIyIiwidGFnIjoiIn0%3D |
|
zaya.io/ | Name: phpshort_session Value: eyJpdiI6Inpqd3hnNGJLYXY4Yld0UVlVbTZ1ZkE9PSIsInZhbHVlIjoidGQ2SjFFSnhKWE82b3lBVDBQYzA4WnluSGRFTFM2N0VoTFBjUXBtUmZ5VmZTRjU4RVMzZllzWjQ3a2t1TE5OaDlXbTZsSDEySEx3cTJyZmplTi9wM3NpS1BDRXhPbWpmNy9uc2tqcVA2c0xXU1ZIWk9RTSt3a2Y0dytES1JxVGEiLCJtYWMiOiI0NDZkNjAzNDEyMTNmOGY3NGI5YTI3YzdjNjdmMTc3ZTNhMzcyNzEwNTRjNTM5NmM3NjIyNjVmODdlY2YxNGUxIiwidGFnIjoiIn0%3D |
|
zaya.io/ | Name: dark_mode Value: 0 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.mailmunch.co
ajax.googleapis.com
analytics.mailmunch.co
cdnjs.cloudflare.com
cdnmp.com
cf.mailmunch.co
static.xx.fbcdn.net
whos.amung.us
wolfteam.xyz
zaya.io
13.225.87.109
136.243.224.221
162.0.217.44
2600:9000:21f3:da00:4:c961:9640:93a1
2606:4700:10::ac43:1975
2606:4700::6810:125e
2a00:1450:4001:812::200a
2a03:2880:f02d:12:face:b00c:0:3
54.84.165.132
67.202.114.212
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
29eed6a5a6c6c99a356cc149a577f79b74403d48a1ff8f9fc5343901c11cfa50
4586094215d4273115514adeeed2f2e84b5c66829ba0198af21e71e17bd127d1
492e177452644336a270296bc6e93670a6f09b49a705c7b9395ded43672b7d46
60615cf3ddf0b34046ce24ba4a0f5a5c352c10a9ae6e03043b93f8e0f5c6b509
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
aa32e4f2768d0f0d912dd791138e09c5102da8b626d4b3162b7cb4e30e015327
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaceb8aa11b0e7657eee87cc22d4ba5013411e3b5a3943a23741540a8f3a26f8
fb82877818fa23c8c028053cc5744c5d7947faca82bd50a82b918016499bfb62