raspberry14802169.brizy.site Open in urlscan Pro
34.237.47.210  Malicious Activity! Public Scan

Submitted URL: http://raspberry14802169.brizy.site/
Effective URL: https://raspberry14802169.brizy.site/
Submission: On December 11 via automatic, source openphish — Scanned from DE

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 8 HTTP transactions. The main IP is 34.237.47.210, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is raspberry14802169.brizy.site.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 1st 2022. Valid for: a year.
This is the only time raspberry14802169.brizy.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2 34.237.47.210 14618 (AMAZON-AES)
1 2400:52e0:1e0... 200325 (BUNNYCDN)
3 2400:52e0:1e0... 200325 (BUNNYCDN)
1 3 142.93.150.145 14061 (DIGITALOC...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
8 6
Apex Domain
Subdomains
Transfer
3 newssites09.com
newssites09.com
502 KB
3 b-cdn.net
b-cloud.b-cdn.net — Cisco Umbrella Rank: 319854
156 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 15781
widgets.amung.us — Cisco Umbrella Rank: 23530
2 KB
2 brizy.site
raspberry14802169.brizy.site
2 KB
1 bunny.net
fonts.bunny.net — Cisco Umbrella Rank: 15654
2 KB
8 5
Domain Requested by
3 newssites09.com 1 redirects raspberry14802169.brizy.site
3 b-cloud.b-cdn.net raspberry14802169.brizy.site
2 raspberry14802169.brizy.site 1 redirects
1 widgets.amung.us
1 whos.amung.us 1 redirects
1 fonts.bunny.net raspberry14802169.brizy.site
8 6

This site contains no links.

Subject Issuer Validity Valid
*.brizy.site
Sectigo RSA Domain Validation Secure Server CA
2022-04-01 -
2023-05-02
a year crt.sh
fonts.bunny.net
R3
2022-10-28 -
2023-01-26
3 months crt.sh
*.b-cdn.net
Sectigo RSA Domain Validation Secure Server CA
2022-11-07 -
2023-11-11
a year crt.sh
newssites09.com
R3
2022-12-07 -
2023-03-07
3 months crt.sh

This page contains 1 frames:

Primary Page: https://raspberry14802169.brizy.site/
Frame ID: 061F13F43D8798208C365C427D6DAA74
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Log into Facebook | Facebook

Page URL History Show full URLs

  1. http://raspberry14802169.brizy.site/ HTTP 301
    https://raspberry14802169.brizy.site/ Page URL

Page Statistics

8
Requests

75 %
HTTPS

60 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

663 kB
Transfer

1437 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://raspberry14802169.brizy.site/ HTTP 301
    https://raspberry14802169.brizy.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://newssites09.com/location HTTP 301
  • https://newssites09.com/location/
Request Chain 7
  • https://whos.amung.us/widget/aury1991 HTTP 307
  • https://widgets.amung.us/classic/00/56.png

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
raspberry14802169.brizy.site/
Redirect Chain
  • http://raspberry14802169.brizy.site/
  • https://raspberry14802169.brizy.site/
8 KB
2 KB
Document
General
Full URL
https://raspberry14802169.brizy.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.237.47.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-237-47-210.compute-1.amazonaws.com
Software
nginx /
Resource Hash
07af47027feb44cea461f153304c15c005bb91fc43033e380fd5473cd996f8ad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
204244
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-length
1884
content-type
text/html; charset=UTF-8
date
Sun, 11 Dec 2022 01:23:49 GMT
expires
-1
pragma
no-cache
server
nginx
vary
Accept-Encoding
via
1.1 varnish (Varnish/6.2)
x-brizy-preview
1
x-cache
HIT
x-cache-hits
3345
x-varnish
78083885 70898991

Redirect headers

Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Sun, 11 Dec 2022 01:23:49 GMT
Location
https://raspberry14802169.brizy.site/
Server
nginx
css
fonts.bunny.net/
44 KB
2 KB
Stylesheet
General
Full URL
https://fonts.bunny.net/css?family=Overpass:100,100italic,200,200italic,300,300italic,regular,italic,600,600italic,700,700italic,800,800italic,900,900italic|Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic&subset=arabic,bengali,cyrillic,cyrillic-ext,devanagari,greek,greek-ext,gujarati,hebrew,khmer,korean,latin-ext,tamil,telugu,thai,vietnamese&display=swap
Requested by
Host: raspberry14802169.brizy.site
URL: https://raspberry14802169.brizy.site/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::865:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-865 /
Resource Hash
0e5ac9cd01d9d801dd8d9e1bcb7154a9af03cafcbb9d022e72b8841c4d9ae2ba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://raspberry14802169.brizy.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Sun, 11 Dec 2022 01:23:49 GMT
content-encoding
br
cdn-edgestorageid
860
x-do-app-origin
1fb91846-e6b7-11ec-b1dc-0c42a19a82a7
x-do-orig-status
200
cdn-cachedat
11/29/2022 14:31:00
cdn-pullzone
781720
last-modified
Tue, 29 Nov 2022 14:31:00 GMT
server
BunnyCDN-DE1-865
cdn-proxyver
1.03
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=2592000
cdn-requestid
cad3b8c1ac457715924897b522de8176
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
preview.css
b-cloud.b-cdn.net/builds/free/250-cloud/editor/css/
271 KB
37 KB
Stylesheet
General
Full URL
https://b-cloud.b-cdn.net/builds/free/250-cloud/editor/css/preview.css
Requested by
Host: raspberry14802169.brizy.site
URL: https://raspberry14802169.brizy.site/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1055:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1055 /
Resource Hash
13a40abb1652971b9dfd83b44d83d1d22284fc0e92ecc9d1be30c757179584f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://raspberry14802169.brizy.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Sun, 11 Dec 2022 01:23:49 GMT
content-encoding
br
cdn-edgestorageid
1055
x-amz-request-id
X8ZXKY1VW2M4Y391
cdn-cachedat
11/17/2022 11:54:15
cdn-pullzone
246147
x-amz-id-2
qAO7ZUk7/HWnWCd7tAHvUseJ8aKQCZj+ytwi+xtgozKVKMS2586ibqNcmitgoafbsdS31gbho4M=
last-modified
Thu, 17 Nov 2022 09:39:08 GMT
server
BunnyCDN-DE1-1055
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"d7364dba8295e3829f7e631d075bc388"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
0b2237e14ae841078f5313115d555964
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://s3.amazonaws.com/brizy.cloud/builds/free/250-cloud/editor/css/preview.css>; rel="canonical"
cdn-requestpullsuccess
True
/
newssites09.com/
716 KB
501 KB
Script
General
Full URL
https://newssites09.com/?api=1&lan=twthk&ht=2&counter0=aury1991
Requested by
Host: raspberry14802169.brizy.site
URL: https://raspberry14802169.brizy.site/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
142.93.150.145 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
f400973ecf3e718d371e5ab591f93a78b845361d1ffa16b7981558a4ab27e8d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://raspberry14802169.brizy.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 11 Dec 2022 01:23:50 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Expires
Thu, 19 Nov 1981 08:52:00 GMT
group-jq.js
b-cloud.b-cdn.net/builds/free/250-cloud/editor/js/
98 KB
37 KB
Script
General
Full URL
https://b-cloud.b-cdn.net/builds/free/250-cloud/editor/js/group-jq.js
Requested by
Host: raspberry14802169.brizy.site
URL: https://raspberry14802169.brizy.site/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1055:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1055 /
Resource Hash
ad896313b504c4c70397664e5894379c052d248d1cb384a7772230b9429dff0f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://raspberry14802169.brizy.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Sun, 11 Dec 2022 01:23:49 GMT
content-encoding
br
cdn-edgestorageid
1055
x-amz-request-id
X8ZN6GE8WKP40TK4
cdn-cachedat
11/17/2022 11:54:15
cdn-pullzone
246147
x-amz-id-2
QXL/A/O1T0ZGR6vaorujZKzYXSC5xE5pkHTA3JHnUR3sCmFshFaUNDaKf2Pxa7BGjYyi57fVNnM=
last-modified
Thu, 17 Nov 2022 09:44:42 GMT
server
BunnyCDN-DE1-1055
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"4d182f886a2c9b4750d67b18a8d83d3e"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cache-control
public, max-age=31919000
cdn-requestid
bdf8db41b38fbd5d48b31482bce3272d
cdn-requestcountrycode
DE
link
<https://s3.amazonaws.com/brizy.cloud/builds/free/250-cloud/editor/js/group-jq.js>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
preview.js
b-cloud.b-cdn.net/builds/free/250-cloud/editor/js/
244 KB
81 KB
Script
General
Full URL
https://b-cloud.b-cdn.net/builds/free/250-cloud/editor/js/preview.js
Requested by
Host: raspberry14802169.brizy.site
URL: https://raspberry14802169.brizy.site/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1055:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1055 /
Resource Hash
a6b7cf6b12d3dda3265b40d8106389ca02209846aa5ba44afb23478870407597

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://raspberry14802169.brizy.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Sun, 11 Dec 2022 01:23:49 GMT
content-encoding
br
cdn-edgestorageid
1055
x-amz-request-id
X8ZHTF2MTFZ79JYA
cdn-cachedat
11/17/2022 11:54:15
cdn-pullzone
246147
x-amz-id-2
nGE8oRQLZcSe7rbxe5115yZUabTuKYvilo6uUYz4B8PR0Ubm4dsHuXiGCtGe8aaDq2/P/JGE7WU=
last-modified
Thu, 17 Nov 2022 09:44:42 GMT
server
BunnyCDN-DE1-1055
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"736b889c728e23528e1742f8668b7676"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
e647d0c9-3a16-4c3e-ae99-91e18e06d4b3
cache-control
public, max-age=31919000
cdn-requestid
58e373003aae846fb131e2eb016de002
cdn-requestcountrycode
DE
link
<https://s3.amazonaws.com/brizy.cloud/builds/free/250-cloud/editor/js/preview.js>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
/
newssites09.com/location/
Redirect Chain
  • https://newssites09.com/location
  • https://newssites09.com/location/
1 KB
668 B
Script
General
Full URL
https://newssites09.com/location/
Protocol
HTTP/1.1
Server
142.93.150.145 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
3c9fca9d8566ea2f7fd75073bb55438429144c9c0836b093e9ea932d11c9c7a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://raspberry14802169.brizy.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date
Sun, 11 Dec 2022 01:23:51 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Content-Length
467
Vary
Accept-Encoding
Content-Type
application/javascript

Redirect headers

Location
https://newssites09.com/location/
Date
Sun, 11 Dec 2022 01:23:50 GMT
Server
nginx
Connection
keep-alive
Content-Length
241
Content-Type
text/html; charset=iso-8859-1
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type
image/png
56.png
widgets.amung.us/classic/00/
Redirect Chain
  • https://whos.amung.us/widget/aury1991
  • https://widgets.amung.us/classic/00/56.png
1 KB
2 KB
Image
General
Full URL
https://widgets.amung.us/classic/00/56.png
Protocol
H2
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0124680377030216680cbbfa9d94c935426e26d4e4e78dbb43d900742f51272

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://raspberry14802169.brizy.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Sun, 11 Dec 2022 01:23:51 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:03:09 GMT
server
cloudflare
age
1353111
etag
"4c149ecd-5f2"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
777a6ad44aad8fe9-FRA
content-length
1522
expires
Sat, 26 Nov 2022 09:32:00 GMT

Redirect headers

location
https://widgets.amung.us/classic/00/56.png
date
Sun, 11 Dec 2022 01:23:51 GMT
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
777a6ad3699d8fe9-FRA
content-type
text/html; charset=UTF-8
truncated
/
51 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| jQuery object| BrizyLibs function| brzPopup object| Brz boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| checking function| creatingInput function| searchingForms

0 Cookies