facelansd.ubpages.com
Open in
urlscan Pro
3.69.136.55
Malicious Activity!
Public Scan
Submission: On December 13 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 8th 2021. Valid for: a year.
This is the only time facelansd.ubpages.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 3.69.136.55 3.69.136.55 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 13.35.253.50 13.35.253.50 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2600:9000:211... 2600:9000:211e:ba00:1d:11cf:5800:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 3 | 198.54.126.153 198.54.126.153 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 2 | 67.202.114.216 67.202.114.216 | 32748 (STEADFAST) (STEADFAST) | |
1 | 34.193.63.26 34.193.63.26 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2606:4700:20:... 2606:4700:20::681a:164 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:10:... 2606:4700:10::6816:4aab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 9 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-136-55.eu-central-1.compute.amazonaws.com
facelansd.ubpages.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-50.fra6.r.cloudfront.net
builder-assets.unbounce.com |
ASN16509 (AMAZON-02, US)
d34qb8suadcc4g.cloudfront.net |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium4-1.web-hosting.com
l0v3x.us |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-63-26.compute-1.amazonaws.com
events.ub-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
amung.us
1 redirects
whos.amung.us widgets.amung.us |
2 KB |
3 |
l0v3x.us
1 redirects
l0v3x.us |
500 KB |
2 |
cloudfront.net
d34qb8suadcc4g.cloudfront.net |
32 KB |
2 |
unbounce.com
builder-assets.unbounce.com |
36 KB |
1 |
geojs.io
get.geojs.io |
967 B |
1 |
ub-analytics.com
events.ub-analytics.com |
245 B |
1 |
ubpages.com
facelansd.ubpages.com |
3 KB |
12 | 7 |
Domain | Requested by | |
---|---|---|
3 | l0v3x.us |
1 redirects
facelansd.ubpages.com
|
2 | whos.amung.us |
1 redirects
facelansd.ubpages.com
|
2 | d34qb8suadcc4g.cloudfront.net |
facelansd.ubpages.com
d34qb8suadcc4g.cloudfront.net |
2 | builder-assets.unbounce.com |
facelansd.ubpages.com
|
1 | widgets.amung.us | |
1 | get.geojs.io |
facelansd.ubpages.com
|
1 | events.ub-analytics.com |
facelansd.ubpages.com
|
1 | facelansd.ubpages.com | |
12 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ubpages.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-08 - 2022-08-08 |
a year | crt.sh |
*.unbounce.com Amazon |
2021-03-10 - 2022-04-08 |
a year | crt.sh |
*.cloudfront.net Amazon |
2021-03-19 - 2022-03-17 |
a year | crt.sh |
l0v3x.us Sectigo RSA Domain Validation Secure Server CA |
2021-09-27 - 2022-09-27 |
a year | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
*.ub-analytics.com Amazon |
2021-05-10 - 2022-06-08 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-11 - 2022-06-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://facelansd.ubpages.com/?fbclid=IwAR0ygGfwWg9JGAG7TOdSasDRvdKPC5oH45RFvntOp-zynAhPCfWdS_k0ZTs
Frame ID: 099B62B9BDD7DEFCD110013FEA14DA0E
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://l0v3x.us/s-a/location HTTP 301
- https://l0v3x.us/s-a/location/
- https://whos.amung.us/widget/fearless HTTP 307
- https://widgets.amung.us/classic/00/51.png
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
facelansd.ubpages.com/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-7b78720.z.css
builder-assets.unbounce.com/published-css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ub.js
d34qb8suadcc4g.cloudfront.net/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
l0v3x.us/s-a/ |
718 KB 500 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
28 B 28 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.bundle-fed11df.z.js
builder-assets.unbounce.com/published-js/ |
102 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp-2.14.0.js
d34qb8suadcc4g.cloudfront.net/ |
98 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
0281c665-0609-432b-ad5b-c200cf572288
https://facelansd.ubpages.com/ |
5 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i
events.ub-analytics.com/ |
43 B 245 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
l0v3x.us/s-a/location/ Redirect Chain
|
1 KB 658 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
geo.json
get.geojs.io/v1/ip/ |
314 B 967 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
51.png
widgets.amung.us/classic/00/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
51 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| ub object| UnbounceSnowplowNamespace function| ubSnowplow function| setImmediate function| clearImmediate boolean| VimeoPlayerResizeEmbeds_ function| ownKeys function| _objectSpread function| _defineProperty function| _typeof object| Snowplow function| sh boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt object| to_object string| a function| checking function| creatingInput function| searchingForms3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
facelansd.ubpages.com/ | Name: ubpv Value: a%2Cd6c6cd38-7c0c-44ae-a1ff-8efd3efaee6b |
|
facelansd.ubpages.com/ | Name: ubvs Value: f69a5ba2-9e1b-4fa8-9b07-c5cedd80c8e5 |
|
.ubpages.com/ | Name: ubvt Value: f69a5ba2-9e1b-4fa8-9b07-c5cedd80c8e5 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
builder-assets.unbounce.com
d34qb8suadcc4g.cloudfront.net
events.ub-analytics.com
facelansd.ubpages.com
get.geojs.io
l0v3x.us
whos.amung.us
widgets.amung.us
13.35.253.50
198.54.126.153
2600:9000:211e:ba00:1d:11cf:5800:93a1
2606:4700:10::6816:4aab
2606:4700:20::681a:164
3.69.136.55
34.193.63.26
67.202.114.216
0bbb0c157e8aad81455cc5e2d258b835053a0b404b32632adaed6a9075042bc4
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
2e8292b18fc2acc297e1aa6acc6abe05136604137e744ba1b49984df330562bb
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f
747c40e1d678d5472826912c0d17a077e41fa017ef215eb1f740f8af6bf78c81
7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863
802192e37da7c2c69e384c66eca7561614fb9449689e96a04d80a036b83db92e
864915b9f3915970b805a67155c42548e41af00c2021da4bfdcd56bda49affbc
95537bdf3d28c9cdd389e52043a545aafd3425af33c266c912f8949a0ee814c6
9c29517d31f5827419cfb4f4ff8cd13b478ec5345cfbb24e4f02072c723a87e7
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d964244aacd605f252dc3e815ecfd0d5aa910fcd659064b913da2cbe32407dbf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fed11df35baed7ee38458ff705b4b46ed7993830ea46f9b166c7e4d08afb3ab3