grupoaurora.pe
Open in
urlscan Pro
50.87.249.35
Malicious Activity!
Public Scan
Effective URL: https://grupoaurora.pe/proyecto/malecon-acacias/login/facebook1.php
Submission: On January 21 via manual from DK — Scanned from DK
Summary
TLS certificate: Issued by R3 on January 18th 2023. Valid for: 3 months.
This is the only time grupoaurora.pe was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 50.87.249.35 50.87.249.35 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
11 | 2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
13 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2072.bluehost.com
grupoaurora.pe |
ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net |
ASN32934 (FACEBOOK, US)
facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 811 |
183 KB |
2 |
grupoaurora.pe
1 redirects
grupoaurora.pe |
20 KB |
1 |
facebook.com
facebook.com — Cisco Umbrella Rank: 28 |
2 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
11 | static.xx.fbcdn.net |
grupoaurora.pe
static.xx.fbcdn.net |
2 | grupoaurora.pe | 1 redirects |
1 | facebook.com |
grupoaurora.pe
|
13 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
about.meta.com |
messenger.com |
m.facebook.com |
pay.facebook.com |
www.oculus.com |
portal.facebook.com |
lm.facebook.com |
www.bulletin.com |
developers.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.grupoaurora.pe R3 |
2023-01-18 - 2023-04-18 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2022-10-30 - 2023-01-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://grupoaurora.pe/proyecto/malecon-acacias/login/facebook1.php
Frame ID: 60CEF138C89AE2FD810E59465DB2E252
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Facebook - log in or sign upPage URL History Show full URLs
-
http://grupoaurora.pe/proyecto/malecon-acacias/login/facebook1.php
HTTP 301
https://grupoaurora.pe/proyecto/malecon-acacias/login/facebook1.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: About
Search URL Search Domain Scan URL
Title: Messenger
Search URL Search Domain Scan URL
Title: Watch
Search URL Search Domain Scan URL
Title: Meta Pay
Search URL Search Domain Scan URL
Title: Oculus
Search URL Search Domain Scan URL
Title: Portal
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Bulletin
Search URL Search Domain Scan URL
Title: Developers
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://grupoaurora.pe/proyecto/malecon-acacias/login/facebook1.php
HTTP 301
https://grupoaurora.pe/proyecto/malecon-acacias/login/facebook1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
facebook1.php
grupoaurora.pe/proyecto/malecon-acacias/login/ Redirect Chain
|
78 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_uwl5ZHCZLG.css
static.xx.fbcdn.net/rsrc.php/v3/yB/l/0,cross/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qm0xAdCCfP5.css
static.xx.fbcdn.net/rsrc.php/v3/yL/l/0,cross/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eScmVcFuskP.css
static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VUpSh3diKNx.css
static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/ |
36 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Kazxrm3cMip.js
static.xx.fbcdn.net/rsrc.php/v3/yB/r/ |
247 KB 65 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
dF5SId3UHWd.svg
static.xx.fbcdn.net/rsrc.php/y8/r/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
facebook.com/security/ |
43 B 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8u61af828FL.js
static.xx.fbcdn.net/rsrc.php/v3iczx4/yB/l/en_US/ |
182 KB 50 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QBkA9ZfAK-V.js
static.xx.fbcdn.net/rsrc.php/v3/ym/r/ |
41 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PKMVQj4LZST.js
static.xx.fbcdn.net/rsrc.php/v3/yU/r/ |
34 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w-3OJOxUYMY.js
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ |
22 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ENSponm7cFY.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| envFlush object| Env number| __DEV__ undefined| MAX_CALLS_TO_EXEC function| __annotator function| __bodyWrapper function| __t function| __w function| emptyFunction function| FB_enumerate function| __m object| babelHelpers function| define function| require function| importDefault function| importNamespace function| requireDynamic function| requireLazy object| __onBeforeModuleFactory object| __onAfterModuleFactory function| __d function| $RefreshReg$ function| $RefreshSig$ function| getErrorSafe object| ErrorGuard object| ErrorSerializer object| ErrorUtils function| __updateOrientation object| TimeSlice number| __bigPipeFactory function| now_inl number| __bigPipeFR number| __bigPipeCtor object| bigPipe0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
facebook.com
grupoaurora.pe
static.xx.fbcdn.net
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
50.87.249.35
0dccdcf76b5b913f6bc771111aac36a38f2742badc410fe6fb3066f70b2b9ded
1c8f7a41ad8211ec42034c574446aaeed4d33cc1424de76639030a2c8dd1e818
44242153eaedf57d56187e96398976a76a64ccc8d982cad9e3040a7fad9223da
457f7366f7bc440db21ff29610d04181fbf97864c0e8117596f0fe4ed85c226a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a5164eb6123ddd4ae8675dfebccb8bbda4e7e285642c6c346881bfba644361e
5a5a9cd0d67d209a3eb697ec873eb8139a30ef4311497db71750c6195b1e2aa4
5fb3ed6c4e62afd610b39480be7f8a068b41f95a3ec8f1d48f6631d3b413cfd7
9369cfe626229f9f63885ae535e81a785dc6782eb804301f950d503cc98d297e
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
abaeab740ccfa1b4f2f39315d7a0b62f1061f76176d4852d163049ec72234b7d
bf20fe5658a2643dcf30a1c99152f5581d3d9cfe8a073d06d06b44022bdbdd3e
c2f1b763a6cd6269f7a75b81402d88f068ccca860bb463b2b9c2b92aab3ec70b