![](/screenshots/14487ee2-630e-4b39-affe-980743dd18f3.png)
page-id-fe789.web.app
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Submission: On June 21 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by GTS CA 1D4 on June 13th 2022. Valid for: 3 months.
This is the only time page-id-fe789.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
4 | 199.188.200.6 199.188.200.6 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
5 | 3 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server236-4.web-hosting.com
potrioot.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
potrioot.xyz
potrioot.xyz |
356 KB |
1 |
web.app
page-id-fe789.web.app |
736 B |
5 | 2 |
Domain | Requested by | |
---|---|---|
4 | potrioot.xyz |
page-id-fe789.web.app
potrioot.xyz |
1 | page-id-fe789.web.app | |
5 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2022-06-13 - 2022-09-11 |
3 months | crt.sh |
potrioot.xyz Sectigo RSA Domain Validation Secure Server CA |
2022-05-19 - 2023-05-19 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://page-id-fe789.web.app/contact/
Frame ID: 02E7DA5492BBF04389D4F928B2F046FD
Requests: 1 HTTP requests in this frame
Frame:
https://potrioot.xyz/logs/help/
Frame ID: 45DB26561839CC35696FB83DB9C341A4
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
page-id-fe789.web.app/contact/ |
1 KB 736 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
potrioot.xyz/logs/help/ Frame 45DB |
259 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.css
potrioot.xyz/logs/help/ Frame 45DB |
773 KB 286 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
verify.png
potrioot.xyz/logs/help/ Frame 45DB |
885 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
potrioot.xyz/logs/help/ Frame 45DB |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
15 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
596 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
60 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
18 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 45DB |
21 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
page-id-fe789.web.app
potrioot.xyz
199.188.200.6
2620:0:890::100
0e06af3b6b89191b68c2d9b9e37340fb566321cf5a6d1441395fa903432c36ea
10cf7f2d6cc4628ed0a5065c1d49c1472fa5dfed5481ccd31fc31c2aba2c5d82
1a336100e0780fe2208239c8badd0d07362787de04e431e4c71fda9cba0dbdb0
28fd721db350cf99303abd1fc6be7e546adb6f55a20285903e9c586ee5dd8e14
303b0287a94fd69058645faaf666fc24d099a644a61a6c6a36d40ae5bc6b0def
4678cf560d4ad57aa5c7c9e0783cf2be05dba9b41c7ebfed68ae21d30d5ff14d
4b252b8838aa77981055420be47754a110f4d33514fdb42af983f8bb3f7501fc
55188686a3a3f3aeb908a31650560c8bf7d1ead77794ba2b04a3c41af28db0da
5aaf62fae22726833ee9736565e82156d138373ee93a8e56d1554abad557f495
6a855630b89ad9d411ba46b8e9e0b1fcb81456566bd4dead4761da7f9360b7f0
84e30295e10b684475b110001987652754c5738c32f691a1196f95107b0784f6
95de340615908cf648c7cac64868a62108e2eb5c4087e12e12525f6b41a8101d
9f0076f985d264701b339fa4e400d0967394563d706a238ac3022a446e37ff14
c4c38fc887667a8516d745038168cfacddf8c5e40546f8c048bb8b04d1d93ffc
c8853ef037084bbf8a07362a25975312e0e077eea1f683ac349a5968808bbda4
da948036aa0d7225b6829dea7984aaaf1e296eab82ba41618657b51d2c315691
db9e585d5ae38beadec4a3130b9b0ae1001557b415f2b1cb09eb4657985f5f5b
e923e0ff2471538339599f7a038553b9459c1a255c87fc38b4c8f64e17f11bed