298123.groovepages.com
Open in
urlscan Pro
104.18.216.62
Malicious Activity!
Public Scan
Effective URL: https://298123.groovepages.com/93952
Submission: On September 29 via manual from CA — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 10th 2021. Valid for: a year.
This is the only time 298123.groovepages.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.186.119 172.67.186.119 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 3 | 104.18.216.62 104.18.216.62 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 172.217.23.106 172.217.23.106 | 15169 (GOOGLE) (GOOGLE) | |
4 | 104.21.8.86 104.21.8.86 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.23.52 104.18.23.52 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 172.67.218.254 172.67.218.254 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 104.21.81.131 104.21.81.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 51.161.92.183 51.161.92.183 | 16276 (OVH) (OVH) | |
1 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
1 | 67.202.114.212 67.202.114.212 | 32748 (STEADFAST) (STEADFAST) | |
2 | 157.240.236.1 157.240.236.1 | 32934 (FACEBOOK) (FACEBOOK) | |
18 | 10 |
ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f106.1e100.net
fonts.googleapis.com |
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frx5.fbcdn.net
static.xx.fbcdn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
fontawesome.com
kit.fontawesome.com ka-f.fontawesome.com |
23 KB |
4 |
groove.cm
app.groove.cm |
78 KB |
3 |
groovepages.com
2 redirects
298123.groovepages.com |
7 KB |
2 |
fbcdn.net
static.xx.fbcdn.net |
3 KB |
2 |
groovetech.io
matomo.groovetech.io |
32 KB |
2 |
2bpr.xyz
1 redirects
2bpr.xyz |
10 KB |
2 |
googleapis.com
fonts.googleapis.com |
273 KB |
1 |
amung.us
whos.amung.us |
27 B |
1 |
imgur.com
i.imgur.com |
9 KB |
1 |
kit.do
1 redirects
kit.do |
2 KB |
18 | 10 |
Domain | Requested by | |
---|---|---|
4 | app.groove.cm |
298123.groovepages.com
|
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
3 | 298123.groovepages.com | 2 redirects |
2 | static.xx.fbcdn.net |
298123.groovepages.com
|
2 | matomo.groovetech.io |
298123.groovepages.com
|
2 | 2bpr.xyz |
1 redirects
298123.groovepages.com
|
2 | fonts.googleapis.com |
298123.groovepages.com
app.groove.cm |
1 | whos.amung.us |
298123.groovepages.com
|
1 | i.imgur.com |
298123.groovepages.com
|
1 | kit.fontawesome.com |
298123.groovepages.com
|
1 | kit.do | 1 redirects |
18 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-10 - 2022-06-09 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
*.groovetech.io Sectigo RSA Domain Validation Secure Server CA |
2021-08-18 - 2022-08-18 |
a year | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-07-09 - 2021-10-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://298123.groovepages.com/93952
Frame ID: 9C0550009D79FBD1E7CD094CA46AA181
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://kit.do/a36Aov
HTTP 302
https://298123.groovepages.com/93952/ HTTP 301
http://298123.groovepages.com/93952 HTTP 301
https://298123.groovepages.com/93952 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://kit.do/a36Aov
HTTP 302
https://298123.groovepages.com/93952/ HTTP 301
http://298123.groovepages.com/93952 HTTP 301
https://298123.groovepages.com/93952 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://2bpr.xyz/async?&user=christofer&html=mobile HTTP 301
- https://2bpr.xyz/async/?&user=christofer&html=mobile
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
93952
298123.groovepages.com/ Redirect Chain
|
74 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
711 KB 137 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpage_published.css
app.groove.cm/groovepages/css/ |
362 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.css
app.groove.cm/groovepages/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e7647a48d4.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
692 KB 136 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpage_published.js
app.groove.cm/groovepages/js/ |
71 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.js
app.groove.cm/groovepages/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
2bpr.xyz/async/ Redirect Chain
|
43 KB 10 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
matomo.js
matomo.groovetech.io/ |
100 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
matomo.php
matomo.groovetech.io/ |
43 B 217 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wCOStwT.png
i.imgur.com/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
27 B 27 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lqbz1hqlAFx.png
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.kit.do/ | Name: XSRF-TOKEN Value: eyJpdiI6InlMNGU3ektpK3hGWVEzelNvRmlGbGc9PSIsInZhbHVlIjoiVTB4c09FanhyaTR2dUtnalY1akVpa3VpMytqTXRsREx4SjVTVDBhc0tiOUJPTUR3TExXK0lZblFtNzUrOGVRQSIsIm1hYyI6ImRmOTNlMDA2ZDNlNWM1MTIzNjQ3MDJmZWUwNmE2ZTRiMmMxZWIyNGVlZTBjYTdhNDk5Njk3ZDU3NjY3ZDRkMzQifQ%3D%3D |
|
.kit.do/ | Name: kitdo_session Value: eyJpdiI6IlhoSDFxTk05Nkt2L2thUmJ2UFozY3c9PSIsInZhbHVlIjoidytvT25mM2lzRnFlTHlhYmRIYzhRUytpcVFZL0dMZ0s5VytUYzJROU5EQVU2dFF6SEVtSDJjelMvUzJFZW9vYyIsIm1hYyI6IjQ1NjMzZTUwNjFjMzljMzIxMTRlMjY5OTIzMWNjNDcyMjkzZDk0NzlhZjJmMjFjZGQ0MmNkZThkOTEwOTNlOTEifQ%3D%3D |
|
.kit.do/ | Name: utid Value: eyJpdiI6IldYZVVxdEpXWTRDdnlDY1dFSWh1UlE9PSIsInZhbHVlIjoiZ1Z5UldVNDZRRTJuMnpFMmJENFVPY2lxMU8xSyt5Z0EyeUZGMHJwUmtoND0iLCJtYWMiOiJjNmQ2NGQzNTk2Y2E0ZjZhODQ0NDY4MzYyNmQyMWVkYjQyODYwYWFkNzdkN2I2MDE3MmUzNzJkYWI2OWU5N2ZkIn0%3D |
|
.kit.do/ | Name: locale Value: en |
|
298123.groovepages.com/ | Name: hasVisitedPopupPage Value: true |
|
298123.groovepages.com/ | Name: _pk_id.4.eb2b Value: 787def37edf081c2.1632929706.1.1632929706.1632929706. |
|
298123.groovepages.com/ | Name: _pk_ses.4.eb2b Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
298123.groovepages.com
2bpr.xyz
app.groove.cm
fonts.googleapis.com
i.imgur.com
ka-f.fontawesome.com
kit.do
kit.fontawesome.com
matomo.groovetech.io
static.xx.fbcdn.net
whos.amung.us
104.18.216.62
104.18.23.52
104.21.8.86
104.21.81.131
151.101.112.193
157.240.236.1
172.217.23.106
172.67.186.119
172.67.218.254
51.161.92.183
67.202.114.212
0abffe0768d60d00efc54d38297110f302455579dfd0d7ea5a531ff0f5ccac59
0c4fbfd9d019d99f3e026fe0a41e5158bb3ec85c8c634d25328e4862559fc784
0fd58536eb089f2060e86f14e60ef83f68169fbe34d95f8cdc2ad60abe4bb8c9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5949002a116a1582e56d4b4ddc5a6263f24087df3945c9ad2dbc5f6c54578ae4
68a6c788c7fecfdfc924d45eb5ee870312e8cdd3bb682158cc7f0f4b81fd5047
68fed142b211b51c4d2e9b610dd4d09bc4812739b5beaa63535d88e38e90a946
6914a5e5f6489139976ebff8ce9440dc1b1a050733baf822046b496eabf1aa58
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
737f58a54373c1aa49d507b05f690cddc0a8f4794047a345b4a653aa1b945dc6
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
aa4ed7d7d39c9a757c3320d9a4d235fabde518e2b160ca4f36f4e22b279fbcae
bb8a74896b23a167b5669b0ecb26100b9295145fdd5a71e08df836638af23061
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda