urlscan.io logo urlscan.io
SecurityTrails logo

fbsupport12002340239234.web.app Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://fbsupport12002340239234.web.app/
Submission: On January 31 via api from FR — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 7 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is fbsupport12002340239234.web.app.
TLS certificate: Issued by GTS CA 1D4 on December 19th 2022. Valid for: 3 months.
This is the only time fbsupport12002340239234.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 2620:0:890::100 54113 (FASTLY)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 34.117.59.81 396982 (GOOGLE-CL...)
2 147.182.166.66 14061 (DIGITALOC...)
7 5
Apex Domain
Subdomains		 Transfer
3 fadilbossi.games
fadilbossi.games
492 KB
2 apirocketreach.com
apirocketreach.com
321 B
1 ipinfo.io
ipinfo.io — Cisco Umbrella Rank: 6431
514 B
1 web.app
fbsupport12002340239234.web.app
707 B
7 4
Domain Requested by
3 fadilbossi.games fbsupport12002340239234.web.app
fadilbossi.games
2 apirocketreach.com fadilbossi.games
1 ipinfo.io fadilbossi.games
1 fbsupport12002340239234.web.app
7 4

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1D4		 2022-12-19 -
2023-03-19		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-01-30 -
2024-01-29		 a year crt.sh
ipinfo.io
R3		 2023-01-18 -
2023-04-18		 3 months crt.sh
apirocketreach.com
R3		 2023-01-05 -
2023-04-05		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://fbsupport12002340239234.web.app/
Frame ID: 69693D591883AE5D4F903D1209511AC3
Requests: 1 HTTP requests in this frame

Frame: https://fadilbossi.games/checkpoint/82822324234234123123
Frame ID: D4C45A2ACCE4BB260F88C4E4D10D34AA
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Support Case Resolve Program | Support | Meta Inc.

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

493 kB
Transfer

1088 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
fbsupport12002340239234.web.app/ 		1 KB
707 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fbsupport12002340239234.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7b4161960031f6f5002229cb0e3ea385c52c1f1ee050ac6858415280016c7bda
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
342
content-type
text/html; charset=utf-8
date
Tue, 31 Jan 2023 21:58:12 GMT
etag
"8f256e00b2b1138ea7aac9fd2b2fef73dfe4217298df93218cb621f83928d82b-br"
last-modified
Mon, 30 Jan 2023 22:48:29 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-qpg1231-QPG
x-timer
S1675202293.681610,VS0,VE226
82822324234234123123
fadilbossi.games/checkpoint/ Frame D4C4 		920 B
958 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fadilbossi.games/checkpoint/82822324234234123123
Requested by
Host: fbsupport12002340239234.web.app
URL: https://fbsupport12002340239234.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:560a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4080503e6f85bc0c7adc5c759e48f1d0e6f16676fdab96e908db0d034b86e194

Request headers

Referer
https://fbsupport12002340239234.web.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7925b51b4880e374-NRT
content-encoding
br
content-type
text/html
date
Tue, 31 Jan 2023 21:58:13 GMT
last-modified
Tue, 31 Jan 2023 05:09:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oRr6k5EIi%2F8BgYkODYjrjsPG3qVYXnP95fo2VMzJXXcrrnXdtEq6rG5JyGDfYD%2FoSQ2z2eLvTXiyS6uiigDgzG3L4oHibuutynmSdEVPz%2BpvaTuUlI%2F3%2F3EGzD64TD9m1qV6ixEvDImuFxTn5IVr"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
main.94a311d5.js
fadilbossi.games/static/js/ Frame D4C4 		1023 KB
476 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fadilbossi.games/static/js/main.94a311d5.js
Requested by
Host: fadilbossi.games
URL: https://fadilbossi.games/checkpoint/82822324234234123123
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:560a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2594defb3bd5c6aef7b5e224c540f0a45ca8f43a1f53cc4e270697f79865c932

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://fadilbossi.games/checkpoint/82822324234234123123
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 31 Jan 2023 21:58:13 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
226
cf-polished
origSize=1047509
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 31 Jan 2023 05:09:48 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jm7HZqZaxN1sdoYKpAsmg9G49BtjNe0ixbhJSqGU1TtG6xJeKTKV5HmZd0Q7xK6ZZE%2FYJXn3FARDjKvFV0fg9%2Feb11afIc2QtTEk5mp3XcoW3B%2BxLu8AtoQK%2FHiJwIWCfggBG5WSzpnyRRGz2yMi"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
7925b51d19bbe374-NRT
expires
Tue, 07 Feb 2023 21:54:27 GMT
main.ccde406a.css
fadilbossi.games/static/css/ Frame D4C4 		54 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fadilbossi.games/static/css/main.ccde406a.css
Requested by
Host: fadilbossi.games
URL: https://fadilbossi.games/checkpoint/82822324234234123123
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:560a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d81909dcdae81df7579bdb6a2258aa532fbf1af1ccaa22ed5bda48c1610d984

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://fadilbossi.games/checkpoint/82822324234234123123
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 31 Jan 2023 21:58:13 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
226
cf-polished
origSize=55489
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 31 Jan 2023 05:09:48 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5I1MQcYCrKJds6vxYsIMY4%2FnplZtkhB%2FF59Ok3s9GfwSv2cZwR0OImXpy%2FYFEAXjwKLW0twL1qfYtjkUVM3MQSxYN639f9JJ7Ai69ZlkBs3%2FtmlnUj7ZpeMPX%2FdWxy8gVpyjyfaruZE5abTvLr4z"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
7925b51d19bde374-NRT
expires
Tue, 07 Feb 2023 21:54:27 GMT
truncated
/ Frame D4C4 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c08c6dfc9dfff83ab4188480b0edf7bcfb4cf0d3a600605230908d30437ad70

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame D4C4 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
750ef4ec425c4273a3ae0b34e0f835ac199ab831d676d53d55087435a4396cfe

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame D4C4 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f83c526a4e06b75dba03d923f30defc04806f53880e3928e3b54dc24afdb35db

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame D4C4 		739 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0c8e64ab17241361361ac9ea2f433f848cd517a6ede7ac53e0296f368f608076

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/png
/
ipinfo.io/ Frame D4C4 		244 B
514 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ipinfo.io/?token=bd9c0d8d8bb209
Requested by
Host: fadilbossi.games
URL: https://fadilbossi.games/static/js/main.94a311d5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.59.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
81.59.117.34.bc.googleusercontent.com
Software
/
Resource Hash
d53151513e7a1b2af5e1c6ea71e31f8cafd10d424dbbf3f4d0c5b2e600ddc3cf
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://fadilbossi.games/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 31 Jan 2023 21:58:13 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-encoding
gzip
via
1.1 google
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
oneToken
apirocketreach.com/api/users/ Frame D4C4 		37 B
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apirocketreach.com/api/users/oneToken
Requested by
Host: fadilbossi.games
URL: https://fadilbossi.games/static/js/main.94a311d5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.182.166.66 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
4851ed4c04f358bf3a4886c77726c10d6304bdd5d5a7a4784851987cc5b1f966

Request headers

Accept
application/json, text/plain, */*
Referer
https://fadilbossi.games/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/json

Response headers

Date
Tue, 31 Jan 2023 21:58:14 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"25-RF0+ZEj5ypFumYpyPiU6rouDCys"
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
37
oneToken
apirocketreach.com/api/users/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://apirocketreach.com/api/users/oneToken
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.182.166.66 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://fadilbossi.games
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
0
Date
Tue, 31 Jan 2023 21:58:14 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Access-Control-Request-Headers
X-Powered-By
Express

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://apirocketreach.com/api/users/oneToken
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload