cancel627674-binance-com.firebaseapp.com Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

URL: https://cancel627674-binance-com.firebaseapp.com/
Submission: On April 09 via api from US — Scanned from DE

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 10 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is cancel627674-binance-com.firebaseapp.com.
TLS certificate: Issued by GTS CA 1D4 on January 31st 2022. Valid for: 3 months.
This is the only time cancel627674-binance-com.firebaseapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Binance (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
4 2620:0:890::100 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 108.157.4.118 16509 (AMAZON-02)
1 18.66.139.102 16509 (AMAZON-02)
1 13.227.92.78 16509 (AMAZON-02)
10 7
Apex Domain
Subdomains
Transfer
4 firebaseapp.com
cancel627674-binance-com.firebaseapp.com
124 KB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 621
script.hotjar.com — Cisco Umbrella Rank: 818
vars.hotjar.com — Cisco Umbrella Rank: 999
66 KB
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 897
11 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 436
8 KB
0 binance.com Failed
accounts.binance.com Failed
10 5
Domain Requested by
4 cancel627674-binance-com.firebaseapp.com cancel627674-binance-com.firebaseapp.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com cancel627674-binance-com.firebaseapp.com
1 unpkg.com cancel627674-binance-com.firebaseapp.com
1 cdn.jsdelivr.net cancel627674-binance-com.firebaseapp.com
0 accounts.binance.com Failed cancel627674-binance-com.firebaseapp.com
10 7

This site contains no links.

Subject Issuer Validity Valid
firebaseapp.com
GTS CA 1D4
2022-01-31 -
2022-05-01
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-03 -
2022-07-02
a year crt.sh
*.hotjar.com
Amazon
2021-11-25 -
2022-12-23
a year crt.sh

This page contains 2 frames:

Primary Page: https://cancel627674-binance-com.firebaseapp.com/
Frame ID: DAF0FB67CDE319EEF5E99BCE11389F26
Requests: 9 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: FF0BC42222C745373041FB5D4BE340DA
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Log In | Binance

Detected technologies

Overall confidence: 100%
Detected patterns
  • fingerprint(\d)?(?:\.min)?\.js
  • /fingerprintjs@(\d)

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

7
IPs

1
Countries

209 kB
Transfer

838 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cancel627674-binance-com.firebaseapp.com/
4 KB
2 KB
Document
General
Full URL
https://cancel627674-binance-com.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e591c341a0690655a2411e9efc47f547451b9c74aa7bfe0bd2d8fdb8d39c523b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=3600
content-encoding
br
content-length
1433
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 11:17:21 GMT
etag
"6b86028fd273db7baf42191aca95c3cecb2bfc91d57947c29e9adb4fad9d0e9a-br"
fastly-original-body-size
1433
last-modified
Thu, 07 Apr 2022 04:17:58 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
1
x-served-by
cache-hhn4081-HHN
x-timer
S1649503042.963002,VS0,VE1
main.4da2dad3.js
cancel627674-binance-com.firebaseapp.com/static/js/
525 KB
115 KB
Script
General
Full URL
https://cancel627674-binance-com.firebaseapp.com/static/js/main.4da2dad3.js
Requested by
Host: cancel627674-binance-com.firebaseapp.com
URL: https://cancel627674-binance-com.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
445ac349b04936d1b38cb3f966f50ac5e00e8cdca3312f6fca82e96d81ea9eb5
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cancel627674-binance-com.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Thu, 07 Apr 2022 04:17:58 GMT
fastly-original-body-size
118043
x-timer
S1649503042.003950,VS0,VE12
etag
"9ec66eab718e1e8778bbc284522ca3a92759c0b0274af5ecf6d6259fc12f613e-br"
x-served-by
cache-hhn4081-HHN
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
date
Sat, 09 Apr 2022 11:17:22 GMT
accept-ranges
bytes
content-length
118043
x-cache-hits
1
main.683ecea1.css
cancel627674-binance-com.firebaseapp.com/static/css/
14 KB
4 KB
Stylesheet
General
Full URL
https://cancel627674-binance-com.firebaseapp.com/static/css/main.683ecea1.css
Requested by
Host: cancel627674-binance-com.firebaseapp.com
URL: https://cancel627674-binance-com.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ed0422b0545ce69d22f2f101c3b50904e68738ab943b300b02f59aecea1a5755
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cancel627674-binance-com.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Thu, 07 Apr 2022 04:17:58 GMT
fastly-original-body-size
3624
x-timer
S1649503042.004033,VS0,VE12
etag
"a99d61f8e2bd2e5d67cafcb08224d0dc91d315adec9d8e9a0881f92c4687fc4c-br"
x-served-by
cache-hhn4081-HHN
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
date
Sat, 09 Apr 2022 11:17:22 GMT
accept-ranges
bytes
content-length
3624
x-cache-hits
1
ua-parser.min.js
cdn.jsdelivr.net/npm/ua-parser-js@1.0.2/src/
15 KB
8 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.2/src/ua-parser.min.js
Requested by
Host: cancel627674-binance-com.firebaseapp.com
URL: https://cancel627674-binance-com.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff87a70cce117c9d020b7e3351ca9c612ebdec17337ba5c5064e18f4bc69f0f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cancel627674-binance-com.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 11:17:22 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1646414
x-jsd-version
1.0.2
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19163-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"3d61-H1nqYf1F8NqmgBtbpr1f4LW3M38"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6p%2Faivtepir3%2BZxYHfjR7nG1jWt%2Fp2Awybt0rtAoRAvaibMh6jI9%2B3Nb25v7VMNouzCvgBV9TKaBgj2Z9diYpdmhHhvsxjEbYjn5t%2Fmu62Q%2BQRJ27f5Jlrwpmx4IxANuIR%2BRkRBedSwy6sLN1Jo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6f92d5fcafb99b8f-FRA
fingerprint2.min.js
unpkg.com/@fingerprintjs/fingerprintjs@2.1.5/dist/
30 KB
11 KB
Script
General
Full URL
https://unpkg.com/@fingerprintjs/fingerprintjs@2.1.5/dist/fingerprint2.min.js
Requested by
Host: cancel627674-binance-com.firebaseapp.com
URL: https://cancel627674-binance-com.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0efe3481b4a288a839d2593e51113b8e402c4ada44b812d7527efb077dbd4d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cancel627674-binance-com.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 11:17:22 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
309968
fly-request-id
01FZXS3YHT8A4EVSG9GFSCHBF8-fra
content-encoding
br
vary
Accept-Encoding
last-modified
Fri, 02 Apr 2021 11:27:20 GMT
server
cloudflare
etag
W/"781f-D0DhqroA/UehU3ptbnQBYBvRc+I"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6f92d5fcad039193-FRA
hotjar-2826284.js
static.hotjar.com/c/
5 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2826284.js?sv=6
Requested by
Host: cancel627674-binance-com.firebaseapp.com
URL: https://cancel627674-binance-com.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-118.dus51.r.cloudfront.net
Software
/
Resource Hash
4950f813065cdd287e7f66c116eb4ab5b663a76a1953e64cf081af98d715d91a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cancel627674-binance-com.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 11:17:16 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
age
10
etag
W/369ffb8c70cf157961038a9cd6804c89
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
ABo5Pb3tLtWqfSjgA8GTGRopdlj2OkXWMnwx_mbsP4GbULQlkPAveA==
via
1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
ic_error.c7047c4d587986f3fe40d783fc86168a.svg
cancel627674-binance-com.firebaseapp.com/static/media/
7 KB
3 KB
Image
General
Full URL
https://cancel627674-binance-com.firebaseapp.com/static/media/ic_error.c7047c4d587986f3fe40d783fc86168a.svg
Requested by
Host: cancel627674-binance-com.firebaseapp.com
URL: https://cancel627674-binance-com.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0b5ce3d285339cb1a3ec37aa596bd62c3d20fab721f1cac721c0c0c6ea8636f8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cancel627674-binance-com.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Thu, 07 Apr 2022 04:17:58 GMT
x-timer
S1649503042.195673,VS0,VE1
etag
"f854602a05bf86cd3fb3d218e1935ddf6d8fe1e7d7dcc71bd64e0ba90a561524-br"
x-served-by
cache-hhn4081-HHN
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=3600
date
Sat, 09 Apr 2022 11:17:22 GMT
accept-ranges
bytes
content-length
2626
x-cache-hits
1
list
accounts.binance.com/bapi/accounts/v1/public/country/
0
0

modules.9beafb9ca96c2f868fe2.js
script.hotjar.com/
236 KB
62 KB
Script
General
Full URL
https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2826284.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-102.fra60.r.cloudfront.net
Software
/
Resource Hash
95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cancel627674-binance-com.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 16:20:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
327436
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63051
access-control-allow-origin
*
last-modified
Tue, 05 Apr 2022 16:20:05 GMT
etag
"74214ff5f7e679f43ba048194d7bf23c"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 ba67e20db38657ee5cb05d05b3da9d70.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
LSXTBBDixdIDCXGp8vGa4UH8bgTHQtsjQJKM0MIGm3SV1JSjimGp3w==
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame FF0B
2 KB
1 KB
Document
General
Full URL
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2826284.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.227.92.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-227-92-78.eze51.r.cloudfront.net
Software
/
Resource Hash
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Referer
https://cancel627674-binance-com.firebaseapp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
5538315
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 04 Feb 2022 08:52:07 GMT
etag
"6f65fac4e8efe167ff5132c0c54c5729"
last-modified
Fri, 04 Feb 2022 08:51:39 GMT
vary
Accept-Encoding
via
1.1 a76f7802383ed39980bd6be3c254b34c.cloudfront.net (CloudFront)
x-amz-cf-id
6e8kEtFut0GrPQuP-cZKQjtI77ZvJg5EviahUYT3wo2TSFMiWCXm1w==
x-amz-cf-pop
EZE51-C1
x-cache
Hit from cloudfront
x-robots-tag
none

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
accounts.binance.com
URL
https://accounts.binance.com/bapi/accounts/v1/public/country/list

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Binance (Crypto Exchange)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| hj object| _hjSettings function| UAParser function| genFng function| loadedContent function| Fingerprint2 object| webpackChunkbinance object| regeneratorRuntime object| FontAwesomeConfig object| ___FONT_AWESOME___ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| o object| a number| e number| t

5 Cookies

Domain/Path Name / Value
.cancel627674-binance-com.firebaseapp.com/ Name: _hjSessionUser_2826284
Value: eyJpZCI6IjNkMzA4NDkyLTYzNWUtNWQwNi1iMGRiLTExMmFjMjJjODg5MiIsImNyZWF0ZWQiOjE2NDk1MDMwNDE3MTIsImV4aXN0aW5nIjpmYWxzZX0=
.cancel627674-binance-com.firebaseapp.com/ Name: _hjFirstSeen
Value: 1
cancel627674-binance-com.firebaseapp.com/ Name: _hjIncludedInSessionSample
Value: 0
.cancel627674-binance-com.firebaseapp.com/ Name: _hjSession_2826284
Value: eyJpZCI6IjQzYmQxN2Q4LTJmZTktNDg5Yy1hZGQ3LTQwYzBhYmJkMTVmZiIsImNyZWF0ZWQiOjE2NDk1MDMwNDI0NTIsImluU2FtcGxlIjpmYWxzZX0=
.cancel627674-binance-com.firebaseapp.com/ Name: _hjAbsoluteSessionInProgress
Value: 0

2 Console Messages

Source Level URL
Text
javascript error URL: https://cancel627674-binance-com.firebaseapp.com/
Message:
Access to XMLHttpRequest at 'https://accounts.binance.com/bapi/accounts/v1/public/country/list' from origin 'https://cancel627674-binance-com.firebaseapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://accounts.binance.com/bapi/accounts/v1/public/country/list
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload