trangress-user-case-60d51.firebaseapp.com
Open in
urlscan Pro
199.36.158.100
Malicious Activity!
Public Scan
Submission: On November 13 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1D4 on September 11th 2023. Valid for: 3 months.
This is the only time trangress-user-case-60d51.firebaseapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
2 | 18.161.21.98 18.161.21.98 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-18-161-21-98.bos50.r.cloudfront.net
zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
firebaseapp.com
trangress-user-case-60d51.firebaseapp.com |
254 KB |
2 |
amazonaws.com
zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com |
770 B |
8 | 2 |
Domain | Requested by | |
---|---|---|
6 | trangress-user-case-60d51.firebaseapp.com |
trangress-user-case-60d51.firebaseapp.com
|
2 | zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com |
trangress-user-case-60d51.firebaseapp.com
|
8 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1D4 |
2023-09-11 - 2023-12-10 |
3 months | crt.sh |
*.execute-api.ap-southeast-1.amazonaws.com Amazon RSA 2048 M01 |
2023-03-15 - 2024-04-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://trangress-user-case-60d51.firebaseapp.com/
Frame ID: 521EBF3E4DA1692E8C67EC24160FCD4D
Requests: 7 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Terms of Service © 2023
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
trangress-user-case-60d51.firebaseapp.com/ |
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
trangress-user-case-60d51.firebaseapp.com/assets/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
trangress-user-case-60d51.firebaseapp.com/assets/ |
87 KB 27 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner.jpg
trangress-user-case-60d51.firebaseapp.com/images/ |
248 KB 215 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mt.svg
trangress-user-case-60d51.firebaseapp.com/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
trangress-user-case-60d51.firebaseapp.com/assets/ |
24 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
user
zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com/v1/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user
zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com/v1/ |
388 B 770 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| _0x2638 function| _0x53a90 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
trangress-user-case-60d51.firebaseapp.com
zqjtqfpcdc.execute-api.ap-southeast-1.amazonaws.com
18.161.21.98
199.36.158.100
3957151c7a511ea40978ce0d6244d7d20335eb91be7acfb2256f1d0397b293bf
548f9c152d5b4a25040d1433b2354400a9d4dc05bab1ef1bb4fbf356ecc9723b
5c6769fc0c1d7e26f08c966fa86cc21923d0cdd0fcd72292006cc1f8c5f00d93
656448835d3b67eb8e539e6716d665b6f3cd4632b0ed677c06e132b44fb2d4a4
8dc60907ac963cd8e7d0fd087922db987072689dfef86bab61abc4892b01e47e
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
a5fc890bef4a064801ab2a0a46f45895e4551371a3a7a78bcdd41fa04748762e