urlscan.io logo urlscan.io
SecurityTrails logo

trangress-user-case-60d51.firebaseapp.com Open in urlscan Pro
199.36.158.100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://trangress-user-case-60d51.firebaseapp.com/
Submission: On November 13 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is trangress-user-case-60d51.firebaseapp.com.
TLS certificate: Issued by GTS CA 1D4 on September 11th 2023. Valid for: 3 months.
This is the only time trangress-user-case-60d51.firebaseapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
6 199.36.158.100 54113 (FASTLY)
2 18.161.21.98 16509 (AMAZON-02)
8 2
Domain Requested by
6 trangress-user-case-60d51.firebaseapp.com trangress-user-case-60d51.firebaseapp.com
2 zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com trangress-user-case-60d51.firebaseapp.com
8 2

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
Subject Issuer Validity Valid
firebaseapp.com
GTS CA 1D4		 2023-09-11 -
2023-12-10		 3 months crt.sh
*.execute-api.ap-southeast-1.amazonaws.com
Amazon RSA 2048 M01		 2023-03-15 -
2024-04-13		 a year crt.sh

This page contains 1 frames:

Primary Page: https://trangress-user-case-60d51.firebaseapp.com/
Frame ID: 521EBF3E4DA1692E8C67EC24160FCD4D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Meta for business

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

255 kB
Transfer

387 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
trangress-user-case-60d51.firebaseapp.com/ 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trangress-user-case-60d51.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
548f9c152d5b4a25040d1433b2354400a9d4dc05bab1ef1bb4fbf356ecc9723b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
1356
content-type
text/html; charset=utf-8
date
Mon, 13 Nov 2023 20:50:14 GMT
etag
"23978b19d4c9c2597ab7126eeb6c7b0fe3b5cc11825a24e2e116d32d1ff2e95d-br"
last-modified
Mon, 13 Nov 2023 17:16:36 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
1
x-served-by
cache-lga21969-LGA
x-timer
S1699908615.555123,VS0,VE2
index.css
trangress-user-case-60d51.firebaseapp.com/assets/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://trangress-user-case-60d51.firebaseapp.com/assets/index.css
Requested by
Host: trangress-user-case-60d51.firebaseapp.com
URL: https://trangress-user-case-60d51.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5fc890bef4a064801ab2a0a46f45895e4551371a3a7a78bcdd41fa04748762e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://trangress-user-case-60d51.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-served-by
cache-lga21969-LGA
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 13 Nov 2023 20:50:14 GMT
last-modified
Mon, 13 Nov 2023 17:16:36 GMT
x-timer
S1699908615.578748,VS0,VE2
etag
"02f095baa4db903025bd806c9259cb707a5b02c30ab529ba7d353c34e0079630-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
3033
x-cache-hits
1
jquery.js
trangress-user-case-60d51.firebaseapp.com/assets/ 		87 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trangress-user-case-60d51.firebaseapp.com/assets/jquery.js
Requested by
Host: trangress-user-case-60d51.firebaseapp.com
URL: https://trangress-user-case-60d51.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://trangress-user-case-60d51.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-served-by
cache-lga21969-LGA
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 13 Nov 2023 20:50:14 GMT
last-modified
Mon, 13 Nov 2023 17:16:36 GMT
x-timer
S1699908615.578702,VS0,VE2
etag
"4a5e50a03d96d19110bad68c196cd594434f0bab218f963abbf1d37b56038402-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
27959
x-cache-hits
1
banner.jpg
trangress-user-case-60d51.firebaseapp.com/images/ 		248 KB
215 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trangress-user-case-60d51.firebaseapp.com/images/banner.jpg
Requested by
Host: trangress-user-case-60d51.firebaseapp.com
URL: https://trangress-user-case-60d51.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5c6769fc0c1d7e26f08c966fa86cc21923d0cdd0fcd72292006cc1f8c5f00d93
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://trangress-user-case-60d51.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-served-by
cache-lga21969-LGA
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 13 Nov 2023 20:50:14 GMT
last-modified
Mon, 13 Nov 2023 17:16:36 GMT
x-timer
S1699908615.578682,VS0,VE2
etag
"6bbbec7409c97ed4e0cd04705d7be9dfd6099b8ea472a8393b58f5faff95c853-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
image/jpeg
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
219942
x-cache-hits
1
mt.svg
trangress-user-case-60d51.firebaseapp.com/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trangress-user-case-60d51.firebaseapp.com/images/mt.svg
Requested by
Host: trangress-user-case-60d51.firebaseapp.com
URL: https://trangress-user-case-60d51.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3957151c7a511ea40978ce0d6244d7d20335eb91be7acfb2256f1d0397b293bf
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://trangress-user-case-60d51.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-served-by
cache-lga21969-LGA
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 13 Nov 2023 20:50:14 GMT
last-modified
Mon, 13 Nov 2023 17:16:36 GMT
x-timer
S1699908615.578675,VS0,VE10
etag
"a8677fe3c157f66f3d6775e5e224bd42430dd445c6d9a39423cfc4c2669355d7-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1513
x-cache-hits
1
index.js
trangress-user-case-60d51.firebaseapp.com/assets/ 		24 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trangress-user-case-60d51.firebaseapp.com/assets/index.js?ver=0.0.1
Requested by
Host: trangress-user-case-60d51.firebaseapp.com
URL: https://trangress-user-case-60d51.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
656448835d3b67eb8e539e6716d665b6f3cd4632b0ed677c06e132b44fb2d4a4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://trangress-user-case-60d51.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-served-by
cache-lga21969-LGA
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 13 Nov 2023 20:50:14 GMT
last-modified
Mon, 13 Nov 2023 17:16:36 GMT
x-timer
S1699908615.611795,VS0,VE1
etag
"bd368195e43b2a80d56b5ea96e1c5351e9a95e56e81f0095bd9dfbcd1b1ab191-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
5400
x-cache-hits
1
user
zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com/v1/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com/v1/user?%22%22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.21.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-21-98.bos50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://trangress-user-case-60d51.firebaseapp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET,OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Mon, 13 Nov 2023 20:50:15 GMT
via
1.1 405b8ed0c1df92e14644e6db88a3af5a.cloudfront.net (CloudFront)
x-amz-apigw-id
OWrROGhDyQ0EPaA=
x-amz-cf-id
6i2KVr1o4GWovAPjFiU1hS3RgBebziC-Kcn2V8fYh-J3HBD0P_M6YQ==
x-amz-cf-pop
BOS50-P1
x-amzn-requestid
525eca63-b92a-4236-be64-979133254682
x-cache
Miss from cloudfront
user
zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com/v1/ 		388 B
770 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com/v1/user?%22%22
Requested by
Host: trangress-user-case-60d51.firebaseapp.com
URL: https://trangress-user-case-60d51.firebaseapp.com/assets/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.21.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-21-98.bos50.r.cloudfront.net
Software
/
Resource Hash
8dc60907ac963cd8e7d0fd087922db987072689dfef86bab61abc4892b01e47e

Request headers

Accept
*/*
Referer
https://trangress-user-case-60d51.firebaseapp.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 13 Nov 2023 20:50:16 GMT
via
1.1 405b8ed0c1df92e14644e6db88a3af5a.cloudfront.net (CloudFront)
x-amz-cf-pop
BOS50-P1
x-amzn-trace-id
Root=1-65528c08-03f4dcff06d4a0ea48cb743c;Sampled=0;lineage=33eec79e:0
x-amzn-requestid
9acc5652-079e-4a27-91ad-a652c97cf591
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
OWrRXEwASQ0EeoQ=
content-length
388
x-amz-cf-id
PxkpNLxBqi21hyQEEi6M_IMkSaREDKIUNzN9eIFpH3Gns4EyF0zHTg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| _0x2638 function| _0x53a9

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload