supportcaseid3248136.vercel.app Open in urlscan Pro
76.76.21.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://shorten.world/admetacatalyststrategies
Effective URL:
https://supportcaseid3248136.vercel.app/
Submission: On December 16 via api (December 16th 2023, 4:22:41 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 8 domains to perform 13 HTTP transactions. The main IP is 76.76.21.164, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is supportcaseid3248136.vercel.app.
TLS certificate: Issued by R3 on December 15th 2023. Valid for: 3 months.

This is the only time supportcaseid3248136.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3032::ac43:c1a0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3037::6815:21ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	76.76.21.164 76.76.21.164	16509 (AMAZON-02) (AMAZON-02)
3	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	199.232.36.193 199.232.36.193	54113 (FASTLY) (FASTLY)
2	2606:4700:20:... 2606:4700:20::681a:92c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.117.186.192 34.117.186.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
13	7

1 2606:4700:3032::ac43:c1a0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

shorten.world	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:21ea (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

shorten.world	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.76.21.164 (Walnut, United States)

ASN16509 (AMAZON-02, US)

supportcaseid3248136.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.36.193 (New York, United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:92c (United States)

ASN13335 (CLOUDFLARENET, US)

ipapi.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.186.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.186.117.34.bc.googleusercontent.com

ipinfo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	vercel.app supportcaseid3248136.vercel.app	81 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	43 KB
2	ipapi.co ipapi.co — Cisco Umbrella Rank: 15570	363 B
2	shorten.world 2 redirects shorten.world	1 KB
1	ipinfo.io ipinfo.io — Cisco Umbrella Rank: 6752	553 B
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 7364	5 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	30 KB
0	1646415.com Failed 1646415.com Failed
13	8

	Domain	Requested by
4	supportcaseid3248136.vercel.app	supportcaseid3248136.vercel.app
3	cdn.jsdelivr.net	supportcaseid3248136.vercel.app
2	ipapi.co	code.jquery.com
2	shorten.world	2 redirects
1	ipinfo.io	code.jquery.com
1	i.imgur.com	supportcaseid3248136.vercel.app
1	code.jquery.com	supportcaseid3248136.vercel.app
0	1646415.com Failed	code.jquery.com
13	8

This site contains links to these domains. Also see Links.

Domain
www.facebook.com

Subject Issuer	Validity	Valid
*.vercel.app R3	`2023-12-15` - `2024-03-14`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-13` - `2024-03-12`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-16` - `2024-04-15`	a year	crt.sh
ipinfo.io R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://supportcaseid3248136.vercel.app/
Frame ID: 201F963A6172389A04800310AFC26FCD
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Meta

Page URL History Show full URLs

http://shorten.world/admetacatalyststrategies HTTP 301
https://shorten.world/admetacatalyststrategies HTTP 301
https://supportcaseid3248136.vercel.app/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

13
Requests

92 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

7
IPs

1
Countries

161 kB
Transfer

438 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/privacy/explanation/
Title: Meta Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://shorten.world/admetacatalyststrategies HTTP 301
https://shorten.world/admetacatalyststrategies HTTP 301
https://supportcaseid3248136.vercel.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
supportcaseid3248136.vercel.app/
Redirect Chain

http://shorten.world/admetacatalyststrategies
https://shorten.world/admetacatalyststrategies
https://supportcaseid3248136.vercel.app/

57 KB
10 KB

218ms
83ms

Document
text/html

76.76.21.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://supportcaseid3248136.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / PHP/8.1.17

Resource Hash

ce34283bd05839391d539ea0a34060231d15eadc1d07a4f8c4d23c4b227ca71e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 16 Dec 2023 16:22:36 GMT
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-powered-by: PHP/8.1.17
x-vercel-cache: MISS
x-vercel-id: iad1::iad1::dmdzf-1702743756462-0a4f0ef21d4e

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 83684416bc66741e-MIA
content-language: en
date: Sat, 16 Dec 2023 16:22:36 GMT
expires: 0
location: https://supportcaseid3248136.vercel.app/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWHcfyqHQgS0FrMMfFl3Dd8naYwldjuWqPfyRK%2FDX3cpJg%2BUbr5g5ajsse5vAkYisCjYEUY5nInWyMxRxFpa6QU8QqgwkEdZHyzPi7DzhnAT9QWyoNI0PIHKKJymr4mR%2FKPro%2FBpMKCm0r2e"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/ 152 KB
26 KB 108ms
34ms Stylesheet
text/css 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

Requested by

Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 16 Dec 2023 16:22:36 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1445985
x-jsd-version: 4.3.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25648
x-served-by: cache-fra-eddf8230028-FRA, cache-mia-kmia1760066-MIA
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 126ms
34ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 16:22:36 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2141140
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-mia-kmia1760052-MIA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1702743757.651203,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 22, 414196

GET
H2 200 app.css
supportcaseid3248136.vercel.app/css/ 10 KB
3 KB 65ms
65ms Stylesheet
text/css 76.76.21.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://supportcaseid3248136.vercel.app/css/app.css

Requested by

Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a537688c22d355d93d8b6fd4aab8bbb7924c5fb0ee1338b69ab1dfc4016d6dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 16:22:36 GMT
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: Vercel
x-vercel-id: iad1::cr8pv-1702743756724-9a9498e6e27c
age: 75287
etag: W/"3ee779e50ee35d7b68fe384aa92612ed"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="app.css"

GET
H2 200 ZUXA21k.png
i.imgur.com/ 5 KB
5 KB 218ms
71ms Image
image/png 199.232.36.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ZUXA21k.png

Requested by

Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.36.193 New York, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

f85ae19942302afb33ddc15deb32e501c38ae71a83645fbdf96321b1443d4c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 16:22:36 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 3454022
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 5127
x-served-by: cache-iad-kcgs7200047-IAD, cache-lga21957-LGA
last-modified: Sun, 23 Jul 2023 18:44:04 GMT
server: cat factory 1.0
x-timer: S1702743757.948495,VS0,VE2
etag: "3b365a98760b211155db1b2013fc89e9"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ABRh91uDkLM28fbfYU5vtHmGWu30Wwus3ESk1rZr_VYSJhEt74ouhw==
x-cache-hits: 12008, 1

GET
H2 200 email-icon-circle-28.jpg
supportcaseid3248136.vercel.app/images/ 63 KB
63 KB 63ms
61ms Image
image/jpeg 76.76.21.164
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://supportcaseid3248136.vercel.app/images/email-icon-circle-28.jpg

Requested by

Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

726be1e116ab2ab6670d94751d0568c157a75f4e625989793fa8e9b77800caa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 16:22:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: Vercel
x-vercel-id: iad1::cr8pv-1702743756798-d5c32671932c
age: 75287
etag: "e2ec2d4b04985880f2b12ef8c92fae3e"
x-vercel-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="email-icon-circle-28.jpg"
accept-ranges: bytes
content-length: 64005

GET
H2 200 newlogo1.png
supportcaseid3248136.vercel.app/images/ 5 KB
5 KB 97ms
96ms Image
image/png 76.76.21.164
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://supportcaseid3248136.vercel.app/images/newlogo1.png

Requested by

Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.164 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

096988abc603ffc3519d70d6dcb0475bb60b72f2e490c804f03fbf111074deab

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 16:22:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: Vercel
x-vercel-id: iad1::45hxf-1702743756797-bb0905893524
age: 75287
etag: "4632b63ae6c52a32586fb3db3faf1167"
x-vercel-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="newlogo1.png"
accept-ranges: bytes
content-length: 4645

GET
H2 200 jquery.cookie.js Show response
cdn.jsdelivr.net/npm/jquery.cookie@1.4.1/ 3 KB
2 KB 36ms
34ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery.cookie@1.4.1/jquery.cookie.js

Requested by

Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 16 Dec 2023 16:22:36 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1507286
x-jsd-version: 1.4.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1403
x-served-by: cache-fra-etou8220072-FRA, cache-mia-kmia1760066-MIA
x-jsd-version-type: version
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 bootstrap.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/ 57 KB
16 KB 34ms
34ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.min.js

Requested by

Host: supportcaseid3248136.vercel.app
URL: https://supportcaseid3248136.vercel.app/

Protocol

Security

QUIC, , AES_256_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://supportcaseid3248136.vercel.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 16 Dec 2023 16:22:36 GMT
x-content-type-options: nosniff
content-encoding: br
age: 222378
x-jsd-version: 4.3.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16459
x-served-by: cache-fra-eddf8230106-FRA, cache-mia-kmia1760098-MIA
x-jsd-version-type: version
etag: W/"e2d8-Z3j+088JWjGBQaMfRVyPRmOIW94"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

OPTIONS
H2 200 ip
ipapi.co/ 0
0 215ms
132ms Preflight
text/html 2606:4700:20::681a:92c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/ip

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::681a:92c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://supportcaseid3248136.vercel.app
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: accept, authorization, content-type, user-agent, x-csrftoken, x-requested-with
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://supportcaseid3248136.vercel.app
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 83684420fcf78da6-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 16 Dec 2023 16:22:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Mpi4u7ZUWtssc0C4VsCGmrrPyYYgfjNGYH3fJ19%2Bgi2mAL1E416k7JCoSMqQz8GeY1X8Ijsgm6UwDeOOZLp7zpZEL1I8Gds7tZBolnhH3xD6zM8%2BCZpv%2B6GeqA90JL9lOTx4yuv"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: origin
x-content-type-options: nosniff

GET
H2 200 ip Show response
ipapi.co/ 18 B
363 B 134ms
133ms XHR
text/plain 2606:4700:20::681a:92c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/ip

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::681a:92c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

233d4ebac2ff167b34cb41315a9ada6f664a267446cdcdb1afdd9343e88987fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Referer: https://supportcaseid3248136.vercel.app/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 16 Dec 2023 16:22:37 GMT
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Host, origin
allow: HEAD, POST, OPTIONS, GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://supportcaseid3248136.vercel.app
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXmjKtNrq02k8ap0wk0OnIIpx1oNx44ZEPjOUbVuev4RcNjUm9upjkPpPzR1CFFZVEYlGcpiFqVbdivL2V3tVfxXyDNRtiy3x7MJiY7pcJYfSdfr0SrQf1NNDsobV8hinnDYs9Ax"}],"group":"cf-nel","max_age":604800}
x-frame-options: DENY
cf-ray: 83684421ce348da6-MIA
content-length: 18

POST modun_post.php
1646415.com/ 0
0

GET
H2 200 json Show response
ipinfo.io// 252 B
553 B 150ms
74ms XHR
application/json 34.117.186.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ipinfo.io//json?

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.186.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

192.186.117.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

f81399db37547510add5ddb11fe46980dda009b056546cc1cd165f46a6facd45

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://supportcaseid3248136.vercel.app/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 16:22:36 GMT
via: 1.1 google
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: istio-envoy
strict-transport-security: max-age=2592000; includeSubDomains
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 252
x-xss-protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 1646415.com
URL: https://1646415.com/modun_post.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://supportcaseid3248136.vercel.app/ Message: Access to XMLHttpRequest at 'https://1646415.com/modun_post.php' from origin 'https://supportcaseid3248136.vercel.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://1646415.com/modun_post.php Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1646415.com
cdn.jsdelivr.net
code.jquery.com
i.imgur.com
ipapi.co
ipinfo.io
shorten.world
supportcaseid3248136.vercel.app
1646415.com
199.232.36.193
2606:4700:20::681a:92c
2606:4700:3032::ac43:c1a0
2606:4700:3037::6815:21ea
2a04:4e42:400::649
2a04:4e42:600::485
34.117.186.192
76.76.21.164
096988abc603ffc3519d70d6dcb0475bb60b72f2e490c804f03fbf111074deab
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
233d4ebac2ff167b34cb41315a9ada6f664a267446cdcdb1afdd9343e88987fc
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
726be1e116ab2ab6670d94751d0568c157a75f4e625989793fa8e9b77800caa0
a537688c22d355d93d8b6fd4aab8bbb7924c5fb0ee1338b69ab1dfc4016d6dd2
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
ce34283bd05839391d539ea0a34060231d15eadc1d07a4f8c4d23c4b227ca71e
f81399db37547510add5ddb11fe46980dda009b056546cc1cd165f46a6facd45
f85ae19942302afb33ddc15deb32e501c38ae71a83645fbdf96321b1443d4c55
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

supportcaseid3248136.vercel.app Open in urlscan Pro 76.76.21.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

63 %IPv6

8 Domains

8 Subdomains

7 IPs

1 Countries

161 kBTransfer

438 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

supportcaseid3248136.vercel.app Open in urlscan Pro
76.76.21.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

7
IPs

1
Countries

161 kB
Transfer

438 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!