homen-grupo.fnlc12.pw Open in urlscan Pro
2606:4700:3030::6815:2f56 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://homen-grupo.fnlc12.pw/sign-in/
Submission: On December 09 via automatic, source openphish (December 9th 2024, 1:28:26 pm UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3030::6815:2f56, located in United States and belongs to CLOUDFLARENET, US. The main domain is homen-grupo.fnlc12.pw.
TLS certificate: Issued by WE1 on November 8th 2024. Valid for: 3 months.

This is the only time homen-grupo.fnlc12.pw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3030::6815:2f56	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	172.67.145.251 172.67.145.251	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
1	135.181.63.70 135.181.63.70	24940 (HETZNER-A...) (HETZNER-AS Hetzner Online GmbH)
11	5

2 2606:4700:3030::6815:2f56 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

homen-grupo.fnlc12.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.67.145.251 (United States)

ASN13335 (CLOUDFLARENET, US)

homen-grupo.fnlc12.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 135.181.63.70 (Helsinki, Finland)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: cdn15.top4top.io

h.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	fnlc12.pw 1 redirects homen-grupo.fnlc12.pw	114 KB
1	top4top.io h.top4top.io	31 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	31 KB
11	3

	Domain	Requested by
10	homen-grupo.fnlc12.pw	1 redirects homen-grupo.fnlc12.pw
1	h.top4top.io	homen-grupo.fnlc12.pw
1	code.jquery.com	homen-grupo.fnlc12.pw
11	3

This site contains no links.

Subject Issuer	Validity	Valid
fnlc12.pw WE1	`2024-11-08` - `2025-02-06`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
top4top.io R11	`2024-12-01` - `2025-03-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://homen-grupo.fnlc12.pw/sign-in/
Frame ID: 399CB9884FCAD877B9CA68786C86F94B
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Web

Page URL History Show full URLs

https://homen-grupo.fnlc12.pw/sign-in HTTP 301
https://homen-grupo.fnlc12.pw/sign-in/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

5
IPs

2
Countries

175 kB
Transfer

295 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://homen-grupo.fnlc12.pw/sign-in HTTP 301
https://homen-grupo.fnlc12.pw/sign-in/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response homen-grupo.fnlc12.pw/sign-in/ Redirect Chain https://homen-grupo.fnlc12.pw/sign-in https://homen-grupo.fnlc12.pw/sign-in/	89 KB 22 KB	187ms 187ms	Document text/html	2606:4700:3030::6815:2f56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://homen-grupo.fnlc12.pw/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:2f56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `79c767fcbcd0c696431d14687a5a7bdf0fb894a18acde3abaa34cd4daee1b24c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 8ef55681de584db1-FRA content-encoding zstd content-type text/html; charset=UTF-8 date Mon, 09 Dec 2024 13:28:22 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OttH6K5eGx%2B5Uoc84OBr6gGqjoRD4fiLVJ%2B45xp9BNepCgN6%2BYp29OfS7Pqx6aonPL6p8miBEQaQWLoRaxvLvNn2QgUrCGb5KLW5iMwYA5ZylYxvehizKF4%2BZwmxN8kogy3DKPX0rTDTItY81O0oeRkCFyU%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=6057&min_rtt=5920&rtt_var=701&sent=13&recv=14&lost=0&retrans=0&sent_bytes=4983&recv_bytes=2393&delivery_rate=793393&cwnd=258&unsent_bytes=0&cid=7a1e5374c2d65d0b&ts=716&x=0" Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8ef5567e8ae24db1-FRA content-type text/html; charset=iso-8859-1 date Mon, 09 Dec 2024 13:28:22 GMT location https://homen-grupo.fnlc12.pw/sign-in/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2enbVsJ%2BZyTmRNpjZ3u2x2RfZY77PKmUu9JmbOP4tv3Oic9dHjH%2BpXCDes3OrzV1Ceq2p%2Byn5NBJKZNTZ50SNweYUf8hOxc4BR02RxUaI9ucUbECCjXuIwEIHddnGXDZzf3CvsW7smoUXUZN3KPPjnQlwI4%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=5985&min_rtt=5920&rtt_var=1033&sent=8&recv=11&lost=0&retrans=0&sent_bytes=4000&recv_bytes=2335&delivery_rate=631655&cwnd=254&unsent_bytes=0&cid=7a1e5374c2d65d0b&ts=528&x=0"
GET H3	404	main.3c9dcec00d5a12b9aa18.css homen-grupo.fnlc12.pw/sign-in/lib/	0 0	508ms 508ms	Stylesheet text/html	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://homen-grupo.fnlc12.pw/sign-in/lib/main.3c9dcec00d5a12b9aa18.css Requested by Host: homen-grupo.fnlc12.pw URL: https://homen-grupo.fnlc12.pw/sign-in/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hSyLSbAFkQw5nqv%2BXdgaDi8SnGutJuHVBbds9qf1%2FXJoKDhgm0Dn608QBFRshdVj0gFpwfejpjmdB6FT%2Ftz3ZV2um78Qrc5hxyjb%2FwPCaHvme%2B4gQl8C5CtkXWmIBvLOkvjsjdloaT0%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8ef556830f9718e7-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=8046&min_rtt=6136&rtt_var=647&sent=90&recv=49&lost=0&retrans=0&sent_bytes=95015&recv_bytes=6522&delivery_rate=5641062&cwnd=52800&unsent_bytes=0&cid=44fadc96d829dc30&ts=691&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:22 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=0,i=?0
GET H3	200	Portugal.png homen-grupo.fnlc12.pw/sign-in/	86 KB 87 KB	69ms 69ms	Image image/png	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://homen-grupo.fnlc12.pw/sign-in/Portugal.png Requested by Host: homen-grupo.fnlc12.pw URL: https://homen-grupo.fnlc12.pw/sign-in/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `04e311fc683fed5ab4402adb11154426e0d44d02953d7cd255af3d8f20b63ff1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cf-cache-status HIT age 5355 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Czgk9wCG22qrmu8PLsHvT7rABh7m%2FYrfk7acfmlSx3KbPQ%2FKtt%2BMkpc4MNNDF6ULr3pZu5TamAATBgL8oF%2Bv3IN64RhTnLVZJxDSLtrsjlW8w0G5hRGiy%2FXyzVxCze2oPGZRgmwuU9M%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=6320&min_rtt=6136&rtt_var=1194&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4278&recv_bytes=4865&delivery_rate=875&cwnd=12000&unsent_bytes=0&cid=44fadc96d829dc30&ts=579&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:22 GMT content-type image/png last-modified Wed, 20 Nov 2024 06:30:40 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8ef55685199318e7-FRA accept-ranges bytes content-length 88037 server cloudflare
GET H2	200	jquery-3.5.1.min.js Show response code.jquery.com/	87 KB 31 KB	120ms 32ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.min.js Requested by Host: homen-grupo.fnlc12.pw URL: https://homen-grupo.fnlc12.pw/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/ Response headers content-encoding gzip etag W/"28feccc0-15d84" age 3125578 x-cache HIT, HIT date Mon, 09 Dec 2024 13:28:22 GMT content-type application/javascript; charset=utf-8 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-cache-hits 21664, 298495 x-served-by cache-lga21981-LGA, cache-mad2200109-MAD vary Accept-Encoding cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1733750903.670221,VS0,VE0 cross-origin-resource-policy cross-origin via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 30879 server nginx
GET H2	200	p_2616gsb1a1.png h.top4top.io/	31 KB 31 KB	144ms 67ms	Image image/png	135.181.63.70 HETZNER-AS Hetzne...
General Check archive.org Show headers Download Go to Show image Full URL https://h.top4top.io/p_2616gsb1a1.png Requested by Host: homen-grupo.fnlc12.pw URL: https://homen-grupo.fnlc12.pw/sign-in/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 135.181.63.70 Helsinki, Finland, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE), Reverse DNS cdn15.top4top.io Software nginx / Resource Hash `b4908fed4d98b96a44f7bdfe007dee60f1181927499dfb7b2a3999bdaddafff9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/ Response headers cache-control max-age=7200 etag "63ff3efc-7b81" x-file-id x53188891x expires Mon, 09 Dec 2024 15:28:22 GMT accept-ranges bytes content-length 31617 date Mon, 09 Dec 2024 13:28:22 GMT content-type image/png last-modified Wed, 01 Mar 2023 12:03:08 GMT server nginx content-disposition inline; filename="Telegram_2019_Logo.svg.png"
GET H3	404	chat-bg-pattern-light.ee148af944f6580293ae.png homen-grupo.fnlc12.pw/sign-in/	315 B 315 B	588ms 588ms	Image text/html	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://homen-grupo.fnlc12.pw/sign-in/chat-bg-pattern-light.ee148af944f6580293ae.png Requested by Host: homen-grupo.fnlc12.pw URL: https://homen-grupo.fnlc12.pw/sign-in/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6YYOqdZNESZrSC1Or9UQNeLHz5xO0%2BjCSBis%2FJSohqbFX4sACQ5NQbuoDYxx9TC3pnGjbJA1ymHP4g3FSm2s76SHMoXBFkbfA8FMUprpCrJWiHvo%2FE6fYmB%2F8W6M235yz9hOfgfe6%2FU%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8ef556863ace18e7-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=7870&min_rtt=6136&rtt_var=839&sent=93&recv=51&lost=0&retrans=0&sent_bytes=95991&recv_bytes=6979&delivery_rate=143181&cwnd=52800&unsent_bytes=0&cid=44fadc96d829dc30&ts=1287&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:23 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=3,i
GET DATA	200 OK	truncated /	244 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET H3	404	favicon.ico homen-grupo.fnlc12.pw/sign-in/	315 B 904 B	504ms 504ms	Other text/html	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://homen-grupo.fnlc12.pw/sign-in/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LqGxWckRJB%2BYzAWqPtju1JJN8Imu8Xj3ktsgHMLNS9M%2Fr0ofoPkF4wBygW9ADlepwGKYQfVLZIzJ%2BLFmVllU96WXLaTy%2F3KygeQMExxHzL2w5ldejZ9MZD96XM7St6N7%2FWRbM0VYdGQ%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8ef55689edff18e7-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=7715&min_rtt=6136&rtt_var=938&sent=96&recv=53&lost=0&retrans=0&sent_bytes=96966&recv_bytes=7421&delivery_rate=1626&cwnd=52800&unsent_bytes=0&cid=44fadc96d829dc30&ts=1793&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:23 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=1,i
GET H3	404	favicon.svg homen-grupo.fnlc12.pw/sign-in/	315 B 902 B	505ms 505ms	Other text/html	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://homen-grupo.fnlc12.pw/sign-in/favicon.svg Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J0XXbUFtoIgvR%2F%2FbtLPHfcdD5Bknos6wVbKa8bIJBri0nT484%2FS7hpXCwtszlroxrFEevps6V30JaOUY8CYxpcFK0G0%2BqHIMS24e5WzDpVJJghg9g0l5Mal0J1lATq%2BCuZ%2FD89hnS8M%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8ef5568e8a0518e7-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=7634&min_rtt=6136&rtt_var=865&sent=99&recv=55&lost=0&retrans=0&sent_bytes=97941&recv_bytes=7864&delivery_rate=1894&cwnd=52800&unsent_bytes=0&cid=44fadc96d829dc30&ts=2532&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:24 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=1,i
GET H3	404	favicon-32x32.png homen-grupo.fnlc12.pw/sign-in/	315 B 900 B	485ms 485ms	Other text/html	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://homen-grupo.fnlc12.pw/sign-in/favicon-32x32.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B6XrZtc1WVLsvR%2FB%2FUERdvi5jIOlidjiyw2kzhrvHKgYb163rdDFIanb4hRSBtHUITgpXjS732zOObcq3ZdOeQBPiSOZ6kRQHS3WxbYpLGYgsPNGnODRUOGZLPnMLkDy5vKzFJCtPj4%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8ef55691bced18e7-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=7593&min_rtt=6136&rtt_var=731&sent=101&recv=56&lost=0&retrans=0&sent_bytes=98890&recv_bytes=8274&delivery_rate=1829&cwnd=52800&unsent_bytes=0&cid=44fadc96d829dc30&ts=3021&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:25 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=1,i
GET H3	404	favicon-16x16.png homen-grupo.fnlc12.pw/sign-in/	315 B 905 B	538ms 538ms	Other text/html	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://homen-grupo.fnlc12.pw/sign-in/favicon-16x16.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zT15X%2FM6uKmLwxBx0iBjszN9%2BOs6eCLF3YO2JPtZ%2BQbdic3PLJthZzEcNOw8JUFfl6A4CcckZhOTCVUfd0Y5nV8QIYk59GJ6%2F%2Bwmaz%2BYuAI2HL7ZvyUSdc8VO0VkL0M4zjOV0wNWPrg%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8ef55694cfb918e7-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=7471&min_rtt=6136&rtt_var=791&sent=104&recv=58&lost=0&retrans=0&sent_bytes=99861&recv_bytes=8721&delivery_rate=1956&cwnd=52800&unsent_bytes=0&cid=44fadc96d829dc30&ts=3560&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:25 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=1,i
GET H3	404	icon-192x192.png homen-grupo.fnlc12.pw/sign-in/	315 B 896 B	489ms 488ms	Other text/html	172.67.145.251 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://homen-grupo.fnlc12.pw/sign-in/icon-192x192.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.145.251 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://homen-grupo.fnlc12.pw/sign-in/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5titxtluBZlhRXyWm8cFQ%2F9bR3o0wHZb8tWL0pvJ6qoNXi7xLwAbd1FEHkbwVmaMfoYHJF6Byq7lVHASNIgEcjYiDvkBp1DZzu1Ho09mlp924ptWidQis9iMU3kg%2BI0H0ufkMV1tRHo%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8ef556982aff18e7-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=7313&min_rtt=6136&rtt_var=911&sent=107&recv=60&lost=0&retrans=0&sent_bytes=100837&recv_bytes=9167&delivery_rate=1776&cwnd=52800&unsent_bytes=0&cid=44fadc96d829dc30&ts=4051&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 09 Dec 2024 13:28:26 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			homen-grupo.fnlc12.pw/	1969-12-31 23:59:59	Name: PHPSESSID Value: 26f6ace15e6a6a04f36ca814a679d421

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://homen-grupo.fnlc12.pw/sign-in/lib/main.3c9dcec00d5a12b9aa18.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://homen-grupo.fnlc12.pw/sign-in/chat-bg-pattern-light.ee148af944f6580293ae.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://homen-grupo.fnlc12.pw/sign-in/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://homen-grupo.fnlc12.pw/sign-in/favicon.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://homen-grupo.fnlc12.pw/sign-in/favicon-32x32.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://homen-grupo.fnlc12.pw/sign-in/favicon-16x16.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://homen-grupo.fnlc12.pw/sign-in/icon-192x192.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
h.top4top.io
homen-grupo.fnlc12.pw
135.181.63.70
172.67.145.251
2606:4700:3030::6815:2f56
2a04:4e42::649
04e311fc683fed5ab4402adb11154426e0d44d02953d7cd255af3d8f20b63ff1
6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef
79c767fcbcd0c696431d14687a5a7bdf0fb894a18acde3abaa34cd4daee1b24c
b4908fed4d98b96a44f7bdfe007dee60f1181927499dfb7b2a3999bdaddafff9
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

homen-grupo.fnlc12.pw Open in urlscan Pro 2606:4700:3030::6815:2f56 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

5 IPs

2 Countries

175 kBTransfer

295 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

7 Console Messages

Indicators

homen-grupo.fnlc12.pw Open in urlscan Pro
2606:4700:3030::6815:2f56 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

5
IPs

2
Countries

175 kB
Transfer

295 kB
Size

1
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!