gc-shell.com
Open in
urlscan Pro
162.241.27.21
Malicious Activity!
Public Scan
Submission: On January 09 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on December 15th 2019. Valid for: 3 months.
This is the only time gc-shell.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 162.241.27.21 162.241.27.21 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
4 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
2 3 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
1 | 23.23.229.94 23.23.229.94 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
8 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-241-27-21.unifiedlayer.com
gc-shell.com |
ASN32934 (FACEBOOK - Facebook, Inc., US)
static.xx.fbcdn.net |
ASN32934 (FACEBOOK - Facebook, Inc., US)
facebook.com | |
fbcdn.net | |
fbsbx.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-23-23-229-94.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
fbcdn.net
1 redirects
static.xx.fbcdn.net fbcdn.net |
102 KB |
2 |
gc-shell.com
gc-shell.com |
86 KB |
1 |
ipify.org
api.ipify.org |
236 B |
1 |
fbsbx.com
fbsbx.com |
752 B |
1 |
facebook.com
1 redirects
facebook.com |
271 B |
8 | 5 |
Domain | Requested by | |
---|---|---|
4 | static.xx.fbcdn.net |
gc-shell.com
|
2 | gc-shell.com |
gc-shell.com
|
1 | api.ipify.org |
gc-shell.com
|
1 | fbsbx.com |
gc-shell.com
|
1 | fbcdn.net | 1 redirects |
1 | facebook.com | 1 redirects |
8 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gc-shell.com Let's Encrypt Authority X3 |
2019-12-15 - 2020-03-14 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2019-12-06 - 2020-03-05 |
3 months | crt.sh |
fbcdn.net DigiCert SHA2 High Assurance Server CA |
2019-12-11 - 2020-03-10 |
3 months | crt.sh |
*.ipify.org COMODO RSA Domain Validation Secure Server CA |
2018-01-24 - 2021-01-23 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://gc-shell.com/loginfb/
Frame ID: 3A3AA43279344AECC7F664E44C1067C5
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://facebook.com/security/hsts-pixel.gif?c=3.2 HTTP 302
- https://fbcdn.net/security/hsts-pixel.gif?c=2 HTTP 302
- https://fbsbx.com/security/hsts-pixel.gif
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
gc-shell.com/loginfb/ |
18 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_HTZJB2UYLe.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ |
75 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ksTuOWcamdZ.css
static.xx.fbcdn.net/rsrc.php/v3/y0/l/0,cross/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Lxy8gMtuPCC.js
static.xx.fbcdn.net/rsrc.php/v3/ye/r/ |
202 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
gc-shell.com/loginfb/ |
77 KB 78 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
fbsbx.com/security/ Redirect Chain
|
43 B 752 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
13 B 236 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-2_e3ML2w0e.png
static.xx.fbcdn.net/rsrc.php/v3/ye/r/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| envFlush object| Env boolean| DEFER_COOKIES number| __DEV__ undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer object| ErrorGuard object| ErrorUtils object| TimeSlice function| CavalryLogger function| __updateOrientation function| httpGet string| publicIp string| ip20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
facebook.com
fbcdn.net
fbsbx.com
gc-shell.com
static.xx.fbcdn.net
162.241.27.21
23.23.229.94
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
04a118609d761c99a168dde028e7894f9b3682ce016f4c416933a9263b533c3c
09b7c020640cd6854b5dae2b74cbf1474461266aa7841863bb64462e73e93904
2b9b8c579edc93f91b7673dd77b6ff8ba3d4e4eb87424007e3e63c9ed2c916cb
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54abddc52325245214aec8a2497f787ef0ba9602d262a52540d4abd948d90be2
68b65c4f6a2694e6d1c272599562dbd6706ed2d54949db6eee9064bea9c096d0
ddf05cbd5f705114177889db0ccf54e3e47fcade1c4f0e5b8530555292b3a9f2
ff66059146bb2a2ffeb5df0e2c1b90df103e2bbb407c74bfb22eea5d8ca819eb