supportchazity.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://pagesbusine-community-standard.work/
Effective URL:
https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
Submission: On June 15 via api (June 15th 2024, 12:01:38 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 14 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is supportchazity.web.app.
TLS certificate: Issued by WR4 on May 21st 2024. Valid for: 3 months.

This is the only time supportchazity.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1	198.187.29.207 198.187.29.207	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 2	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
7	199.36.158.100 199.36.158.100	54113 (FASTLY) (FASTLY)
2	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.74.152 172.67.74.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	7

1 198.187.29.207 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server245-1.web-hosting.com

pagesbusine-community-standard.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:0:890::100 (United States) 1 redirects

ASN54113 (FASTLY, US)

supportchazity.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 199.36.158.100 (United States)

ASN54113 (FASTLY, US)

supportchazity.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

ws-sv1.endpointsynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

freeipapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	web.app 1 redirects supportchazity.web.app	2 MB
2	endpointsynergy.com ws-sv1.endpointsynergy.com	571 B
1	freeipapi.com freeipapi.com — Cisco Umbrella Rank: 112948	744 B
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2557	154 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	1 KB
1	pagesbusine-community-standard.work pagesbusine-community-standard.work	390 B
14	6

	Domain	Requested by
9	supportchazity.web.app	1 redirects pagesbusine-community-standard.work supportchazity.web.app
2	ws-sv1.endpointsynergy.com	supportchazity.web.app
1	freeipapi.com	supportchazity.web.app
1	api.ipify.org	supportchazity.web.app
1	fonts.googleapis.com	supportchazity.web.app
1	pagesbusine-community-standard.work
14	6

This site contains no links.

Subject Issuer	Validity	Valid
pagesbusine-community-standard.work Sectigo RSA Domain Validation Secure Server CA	`2024-06-14` - `2025-06-14`	a year	crt.sh
web.app WR4	`2024-05-21` - `2024-08-19`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
endpointsynergy.com GTS CA 1P5	`2024-05-31` - `2024-08-29`	3 months	crt.sh
ipify.org GTS CA 1P5	`2024-05-19` - `2024-08-17`	3 months	crt.sh
freeipapi.com Cloudflare Inc ECC CA-3	`2024-01-21` - `2024-12-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
Frame ID: C36C208D50B94595AF0318247EDFCABE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Select issue

Page URL History Show full URLs

https://pagesbusine-community-standard.work/ Page URL
https://supportchazity.web.app//?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce HTTP 301
https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

14
Requests

100 %
HTTPS

29 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

1637 kB
Transfer

2606 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pagesbusine-community-standard.work/ Page URL
https://supportchazity.web.app//?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce HTTP 301
https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
pagesbusine-community-standard.work/ 424 B
390 B 588ms
185ms Document
text/html 198.187.29.207
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://pagesbusine-community-standard.work/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.29.207 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server245-1.web-hosting.com
Software: LiteSpeed /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 223
content-type: text/html
date: Sat, 15 Jun 2024 12:01:33 GMT
last-modified: Sat, 15 Jun 2024 07:36:54 GMT
server: LiteSpeed
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H2

200

Primary Request / Show response
supportchazity.web.app/
Redirect Chain

https://supportchazity.web.app//?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce

2 KB
633 B

153ms
152ms

Document
text/html

2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce

Requested by

Host: pagesbusine-community-standard.work
URL: https://pagesbusine-community-standard.work/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

36d184b4a091e2b659362db806a37d7e09a4065d90b80e1376503e74bd476f59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pagesbusine-community-standard.work/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 422
content-type: text/html; charset=utf-8
date: Sat, 15 Jun 2024 12:01:33 GMT
etag: "72b1321b6dc2139257da9d22dd8d55d4759aa03adc36946d0ef87269fff8edf2-br"
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-cph2320022-CPH
x-timer: S1718452893.415803,VS0,VE115

Redirect headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 83
content-type: text/html; charset=utf-8
date: Sat, 15 Jun 2024 12:01:33 GMT
location: /?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-served-by: cache-cph2320022-CPH
x-timer: S1718452893.333882,VS0,VE44
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1 KB 155ms
60ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: supportchazity.web.app
URL: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3f6e8efb65dff0486271d787d60be7d84387c203bebd36159794e6e2c28c31f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 15 Jun 2024 12:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 15 Jun 2024 10:59:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Jun 2024 12:01:33 GMT

GET
H3 200 main.0f34b73c.js Show response
supportchazity.web.app/static/js/ 1 MB
266 KB 43ms
43ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://supportchazity.web.app/static/js/main.0f34b73c.js

Requested by

Host: supportchazity.web.app
URL: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a42055575d4e18cd9d3f0b3590217a4924c857a7fbb82e5edf137b4d9764d724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220109-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sat, 15 Jun 2024 12:01:33 GMT
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
x-timer: S1718452894.585576,VS0,VE2
etag: "4e7f6ce67ae98b7f9bf705550b2343b60e4c9e283eed234fb6806637960fd242-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 272511
x-cache-hits: 0

GET
H3 200 main.eef59862.css
supportchazity.web.app/static/css/ 88 KB
13 KB 113ms
112ms Stylesheet
text/css 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://supportchazity.web.app/static/css/main.eef59862.css

Requested by

Host: supportchazity.web.app
URL: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

389e7624671f84c5c6e14dd159a34d61c9126ba6c4eb8069b85faf9b00c334ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220109-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sat, 15 Jun 2024 12:01:33 GMT
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
x-timer: S1718452894.585663,VS0,VE70
etag: "b2901ce5a546e28ed1d3c908762e1490d55c48559d43f9ba1742493ec812df0a-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 13187
x-cache-hits: 0

GET
H3 200 loading.30c0aa7c3e2579d868a6.gif
supportchazity.web.app/static/media/ 136 KB
121 KB 43ms
43ms Image
image/gif 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://supportchazity.web.app/static/media/loading.30c0aa7c3e2579d868a6.gif

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fedd1fb82b84388842da3755d3b8da143446afe92bc4a2f9cfe5ce962cc71e88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220109-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sat, 15 Jun 2024 12:01:33 GMT
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
x-timer: S1718452894.803076,VS0,VE2
etag: "b64303385e679a3288c71f3e5702444da63cb0610b486052b69eee7cbe8b4dea-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/gif
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 124004
x-cache-hits: 0

OPTIONS
H3 200 settings
ws-sv1.endpointsynergy.com/ 0
0 788ms
719ms Preflight
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-sv1.endpointsynergy.com/settings
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://supportchazity.web.app
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://supportchazity.web.app
access-control-max-age: 600
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 894267fabf796907-FRA
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Sat, 15 Jun 2024 12:01:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JqaKEWrxiNA%2FglUf%2BGC6FcGx5%2Fi%2F4PZjrNi9xyRlCPU%2Fsc1g38oY44bvu8dlDme2AbBE9qFk8cT5oZUr6ihI4xw7Ei%2BjtnG%2FhaYMBJT6osESlVVFboz9SEKkFo03r74gBjHfc%2F189T90DC%2BLTA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin,Accept-Encoding

GET
H2 200 / Show response
api.ipify.org/ 21 B
154 B 508ms
417ms Fetch
application/json 172.67.74.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: supportchazity.web.app
URL: https://supportchazity.web.app/static/js/main.0f34b73c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06aaa62e1f9e61c7f18891b10f965e5af18ea57ae14e0f52d0ec488db6f641db

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 12:01:34 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json
access-control-allow-origin: *
cf-ray: 894267fadd052bf7-FRA
content-length: 21

POST
H3 200 settings Show response
ws-sv1.endpointsynergy.com/ 249 B
571 B 388ms
387ms XHR
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-sv1.endpointsynergy.com/settings
Requested by: Host: supportchazity.web.app
URL: https://supportchazity.web.app/static/js/main.0f34b73c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7d6c6bcb21d97d57a29042a24dca5818618ecf45adc7a5bee17fb9f6ab492be

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json, text/plain, */*
Referer: https://supportchazity.web.app/
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 12:01:34 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sx5NkRJrzevscW5jZ6LGVlfcgd1fTs5dQtdNqa1qLI9QvDQCgNH263pZhLuGgAmL%2BsRnvU3Y8JPp5vg3kOeMUCP9%2Fe9bMlWyoxRQHiHa2LkzHmfw6Y6Q91zQ9EH1n3CC9%2FxiHCxIenC9EVaGNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 894267ff3cc06907-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 favicon.ico
supportchazity.web.app/ 5 KB
2 KB 43ms
42ms Other
image/x-icon 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://supportchazity.web.app/favicon.ico

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b96d739c3a8ac4ef0b34212c8a2b7f23dcb7b039e0dd14ef170d8e9232972bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/?help-case=07e76124-54fd-4c1c-9374-b9cb7dec38ce
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220109-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sat, 15 Jun 2024 12:01:33 GMT
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
x-timer: S1718452894.807068,VS0,VE1
etag: "39ae4a082e523f41dc95ae21bd0721da30bc294a3d109f22dcc6db4935eb4355-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/x-icon
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1355
x-cache-hits: 0

GET
H3 200 80.255.7.119 Show response
freeipapi.com/api/json/ 395 B
744 B 127ms
62ms Fetch
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://freeipapi.com/api/json/80.255.7.119

Requested by

Host: supportchazity.web.app
URL: https://supportchazity.web.app/static/js/main.0f34b73c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0b836c0ba080a17b16b3e6030061d4149010f7ac24c4fdb0649ba52f4c91ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 12:01:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-ratelimit-remaining: 59
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rd5CX5YYqYPMASjGRnq%2BiSyoChmgxsvfx2PJi9Fohx0ZvSHdii0xZZZ7NVCKcxNq%2Fj3OQnPwaNLQxfis3XzlE%2BP%2BhRKcOBQz08fzoL71fxLxCQoEk1rZ8UMi%2FeJ5zOoK"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
x-ratelimit-limit: 60
cf-ray: 894267fdef023665-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 loadingLogo.085728eb.4eff47490162868e9ff2.gif
supportchazity.web.app/static/media/ 1 MB
1 MB 178ms
178ms Image
image/gif 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://supportchazity.web.app/static/media/loadingLogo.085728eb.4eff47490162868e9ff2.gif

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c296b7a52bb832ae0bdb761d86989ce156c5cff905215c534c34d76f0474ca2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/?id=9945de0d-7dd2-468d-a472-eefa2ec2ea1f
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220109-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sat, 15 Jun 2024 12:01:35 GMT
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
x-timer: S1718452895.989419,VS0,VE136
etag: "1f1b17e43a6fc0605803514f3273317635effd9197e19199964cc0a81d5c1a6d-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: image/gif
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1243815
x-cache-hits: 0

GET
H3 200 roboto-latin-400-normal.b009a76ad6afe4ebd301.woff2
supportchazity.web.app/static/media/ 15 KB
16 KB 41ms
40ms Font
font/woff2 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://supportchazity.web.app/static/media/roboto-latin-400-normal.b009a76ad6afe4ebd301.woff2

Requested by

Host: supportchazity.web.app
URL: https://supportchazity.web.app/static/css/main.eef59862.css

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/static/css/main.eef59862.css
Origin: https://supportchazity.web.app
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220109-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sat, 15 Jun 2024 12:01:34 GMT
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
x-timer: S1718452895.996429,VS0,VE2
etag: "c5c35e4f7eb9ad6aa543faad4550e57362bfd7ad88f9df6f3f7f4fb1ea808cd3"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: font/woff2
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 15744
x-cache-hits: 0

GET
H3 200 favicon.ico
supportchazity.web.app/ 5 KB
0 0ms
0ms Other
image/x-icon 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://supportchazity.web.app/favicon.ico
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b96d739c3a8ac4ef0b34212c8a2b7f23dcb7b039e0dd14ef170d8e9232972bf7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://supportchazity.web.app/?id=9945de0d-7dd2-468d-a472-eefa2ec2ea1f
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220109-FRA
date: Sat, 15 Jun 2024 12:01:33 GMT
content-encoding: br
last-modified: Wed, 12 Jun 2024 09:00:49 GMT
x-timer: S1718452894.807068,VS0,VE1
etag: "39ae4a082e523f41dc95ae21bd0721da30bc294a3d109f22dcc6db4935eb4355-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/x-icon
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1355
x-cache-hits: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| webpackChunksupport

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
fonts.googleapis.com
freeipapi.com
pagesbusine-community-standard.work
supportchazity.web.app
ws-sv1.endpointsynergy.com
172.67.74.152
188.114.96.3
188.114.97.3
198.187.29.207
199.36.158.100
2620:0:890::100
2a00:1450:4001:831::200a
06aaa62e1f9e61c7f18891b10f965e5af18ea57ae14e0f52d0ec488db6f641db
36d184b4a091e2b659362db806a37d7e09a4065d90b80e1376503e74bd476f59
389e7624671f84c5c6e14dd159a34d61c9126ba6c4eb8069b85faf9b00c334ae
3f6e8efb65dff0486271d787d60be7d84387c203bebd36159794e6e2c28c31f3
a0b836c0ba080a17b16b3e6030061d4149010f7ac24c4fdb0649ba52f4c91ae5
a42055575d4e18cd9d3f0b3590217a4924c857a7fbb82e5edf137b4d9764d724
b96d739c3a8ac4ef0b34212c8a2b7f23dcb7b039e0dd14ef170d8e9232972bf7
c296b7a52bb832ae0bdb761d86989ce156c5cff905215c534c34d76f0474ca2c
d7d6c6bcb21d97d57a29042a24dca5818618ecf45adc7a5bee17fb9f6ab492be
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fedd1fb82b84388842da3755d3b8da143446afe92bc4a2f9cfe5ce962cc71e88

supportchazity.web.app Open in urlscan Pro 2620:0:890::100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

29 %IPv6

6 Domains

6 Subdomains

7 IPs

3 Countries

1637 kBTransfer

2606 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

supportchazity.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

29 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

1637 kB
Transfer

2606 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!