cancel627674-binance-com.firebaseapp.com Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cancel627674-binance-com.firebaseapp.com/	4 KB 2 KB	44ms 7ms	Document text/html	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cancel627674-binance-com.firebaseapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e591c341a0690655a2411e9efc47f547451b9c74aa7bfe0bd2d8fdb8d39c523b Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control max-age=3600 content-encoding br content-length 1433 content-type text/html; charset=utf-8 date Sat, 09 Apr 2022 11:17:21 GMT etag "6b86028fd273db7baf42191aca95c3cecb2bfc91d57947c29e9adb4fad9d0e9a-br" fastly-original-body-size 1433 last-modified Thu, 07 Apr 2022 04:17:58 GMT strict-transport-security max-age=31556926; includeSubDomains; preload vary x-fh-requested-host, accept-encoding x-cache HIT x-cache-hits 1 x-served-by cache-hhn4081-HHN x-timer S1649503042.963002,VS0,VE1
GET H2	200	main.4da2dad3.js Show response cancel627674-binance-com.firebaseapp.com/static/js/	525 KB 115 KB	34ms 33ms	Script text/javascript	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cancel627674-binance-com.firebaseapp.com/static/js/main.4da2dad3.js Requested by Host: cancel627674-binance-com.firebaseapp.com URL: https://cancel627674-binance-com.firebaseapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 445ac349b04936d1b38cb3f966f50ac5e00e8cdca3312f6fca82e96d81ea9eb5 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://cancel627674-binance-com.firebaseapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br last-modified Thu, 07 Apr 2022 04:17:58 GMT fastly-original-body-size 118043 x-timer S1649503042.003950,VS0,VE12 etag "9ec66eab718e1e8778bbc284522ca3a92759c0b0274af5ecf6d6259fc12f613e-br" x-served-by cache-hhn4081-HHN vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/javascript; charset=utf-8 cache-control max-age=3600 date Sat, 09 Apr 2022 11:17:22 GMT accept-ranges bytes content-length 118043 x-cache-hits 1
GET H2	200	main.683ecea1.css cancel627674-binance-com.firebaseapp.com/static/css/	14 KB 4 KB	33ms 32ms	Stylesheet text/css	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cancel627674-binance-com.firebaseapp.com/static/css/main.683ecea1.css Requested by Host: cancel627674-binance-com.firebaseapp.com URL: https://cancel627674-binance-com.firebaseapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ed0422b0545ce69d22f2f101c3b50904e68738ab943b300b02f59aecea1a5755 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://cancel627674-binance-com.firebaseapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br last-modified Thu, 07 Apr 2022 04:17:58 GMT fastly-original-body-size 3624 x-timer S1649503042.004033,VS0,VE12 etag "a99d61f8e2bd2e5d67cafcb08224d0dc91d315adec9d8e9a0881f92c4687fc4c-br" x-served-by cache-hhn4081-HHN vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/css; charset=utf-8 cache-control max-age=3600 date Sat, 09 Apr 2022 11:17:22 GMT accept-ranges bytes content-length 3624 x-cache-hits 1
GET H2	200	ua-parser.min.js Show response cdn.jsdelivr.net/npm/ua-parser-js@1.0.2/src/	15 KB 8 KB	57ms 25ms	Script application/javascript	2606:4700::6810:5614 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.2/src/ua-parser.min.js Requested by Host: cancel627674-binance-com.firebaseapp.com URL: https://cancel627674-binance-com.firebaseapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff87a70cce117c9d020b7e3351ca9c612ebdec17337ba5c5064e18f4bc69f0f0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://cancel627674-binance-com.firebaseapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 11:17:22 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1646414 x-jsd-version 1.0.2 x-cache HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19163-FRA timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"3d61-H1nqYf1F8NqmgBtbpr1f4LW3M38" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6p%2Faivtepir3%2BZxYHfjR7nG1jWt%2Fp2Awybt0rtAoRAvaibMh6jI9%2B3Nb25v7VMNouzCvgBV9TKaBgj2Z9diYpdmhHhvsxjEbYjn5t%2Fmu62Q%2BQRJ27f5Jlrwpmx4IxANuIR%2BRkRBedSwy6sLN1Jo%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 6f92d5fcafb99b8f-FRA
GET H2	200	fingerprint2.min.js Show response unpkg.com/@fingerprintjs/fingerprintjs@2.1.5/dist/	30 KB 11 KB	58ms 26ms	Script application/javascript	2606:4700::6810:7baf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/@fingerprintjs/fingerprintjs@2.1.5/dist/fingerprint2.min.js Requested by Host: cancel627674-binance-com.firebaseapp.com URL: https://cancel627674-binance-com.firebaseapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b0efe3481b4a288a839d2593e51113b8e402c4ada44b812d7527efb077dbd4d4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://cancel627674-binance-com.firebaseapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 11:17:22 GMT via 1.1 fly.io x-content-type-options nosniff cf-cache-status HIT age 309968 fly-request-id 01FZXS3YHT8A4EVSG9GFSCHBF8-fra content-encoding br vary Accept-Encoding last-modified Fri, 02 Apr 2021 11:27:20 GMT server cloudflare etag W/"781f-D0DhqroA/UehU3ptbnQBYBvRc+I" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 6f92d5fcad039193-FRA
GET H2	200	hotjar-2826284.js Show response static.hotjar.com/c/	5 KB 2 KB	35ms 11ms	Script application/javascript	108.157.4.118 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-2826284.js?sv=6 Requested by Host: cancel627674-binance-com.firebaseapp.com URL: https://cancel627674-binance-com.firebaseapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.157.4.118 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-157-4-118.dus51.r.cloudfront.net Software / Resource Hash 4950f813065cdd287e7f66c116eb4ab5b663a76a1953e64cf081af98d715d91a Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://cancel627674-binance-com.firebaseapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Sat, 09 Apr 2022 11:17:16 GMT content-encoding br x-content-type-options nosniff cache-control max-age=60 age 10 etag W/369ffb8c70cf157961038a9cd6804c89 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cross-origin-resource-policy cross-origin x-amz-cf-pop DUS51-P2 x-amz-cf-id ABo5Pb3tLtWqfSjgA8GTGRopdlj2OkXWMnwx_mbsP4GbULQlkPAveA== via 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
GET H2	200	ic_error.c7047c4d587986f3fe40d783fc86168a.svg cancel627674-binance-com.firebaseapp.com/static/media/	7 KB 3 KB	7ms 7ms	Image image/svg+xml	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://cancel627674-binance-com.firebaseapp.com/static/media/ic_error.c7047c4d587986f3fe40d783fc86168a.svg Requested by Host: cancel627674-binance-com.firebaseapp.com URL: https://cancel627674-binance-com.firebaseapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0b5ce3d285339cb1a3ec37aa596bd62c3d20fab721f1cac721c0c0c6ea8636f8 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://cancel627674-binance-com.firebaseapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br last-modified Thu, 07 Apr 2022 04:17:58 GMT x-timer S1649503042.195673,VS0,VE1 etag "f854602a05bf86cd3fb3d218e1935ddf6d8fe1e7d7dcc71bd64e0ba90a561524-br" x-served-by cache-hhn4081-HHN vary x-fh-requested-host, accept-encoding x-cache HIT content-type image/svg+xml cache-control max-age=3600 date Sat, 09 Apr 2022 11:17:22 GMT accept-ranges bytes content-length 2626 x-cache-hits 1
GET		list accounts.binance.com/bapi/accounts/v1/public/country/	0 0
GET H2	200	modules.9beafb9ca96c2f868fe2.js Show response script.hotjar.com/	236 KB 62 KB	24ms 8ms	Script application/javascript	18.66.139.102 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-2826284.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.139.102 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-139-102.fra60.r.cloudfront.net Software / Resource Hash 95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://cancel627674-binance-com.firebaseapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Tue, 05 Apr 2022 16:20:06 GMT content-encoding br x-content-type-options nosniff age 327436 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 63051 access-control-allow-origin * last-modified Tue, 05 Apr 2022 16:20:05 GMT etag "74214ff5f7e679f43ba048194d7bf23c" vary Accept-Encoding content-type application/javascript via 1.1 ba67e20db38657ee5cb05d05b3da9d70.cloudfront.net (CloudFront) cache-control max-age=31536000 x-amz-cf-pop FRA60-P4 accept-ranges bytes x-robots-tag none x-amz-cf-id LSXTBBDixdIDCXGp8vGa4UH8bgTHQtsjQJKM0MIGm3SV1JSjimGp3w==
GET H2	200	box-acca23410e696f2ca3087d947271c3d0.html Show response vars.hotjar.com/ Frame FF0B	2 KB 1 KB	679ms 225ms	Document text/html	13.227.92.78 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-2826284.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.227.92.78 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-92-78.eze51.r.cloudfront.net Software / Resource Hash e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35 Request headers Referer https://cancel627674-binance-com.firebaseapp.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 5538315 cache-control max-age=31536000 content-encoding br content-length 1044 content-type text/html cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Fri, 04 Feb 2022 08:52:07 GMT etag "6f65fac4e8efe167ff5132c0c54c5729" last-modified Fri, 04 Feb 2022 08:51:39 GMT vary Accept-Encoding via 1.1 a76f7802383ed39980bd6be3c254b34c.cloudfront.net (CloudFront) x-amz-cf-id 6e8kEtFut0GrPQuP-cZKQjtI77ZvJg5EviahUYT3wo2TSFMiWCXm1w== x-amz-cf-pop EZE51-C1 x-cache Hit from cloudfront x-robots-tag none

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

accounts.binance.com

URL

https://accounts.binance.com/bapi/accounts/v1/public/country/list

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Binance (Crypto Exchange)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| hj object| _hjSettings function| UAParser function| genFng function| loadedContent function| Fingerprint2 object| webpackChunkbinance object| regeneratorRuntime object| FontAwesomeConfig object| ___FONT_AWESOME___ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| o object| a number| e number| t

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.cancel627674-binance-com.firebaseapp.com/	1970-01-20 10:57:19	Name: _hjSessionUser_2826284 Value: eyJpZCI6IjNkMzA4NDkyLTYzNWUtNWQwNi1iMGRiLTExMmFjMjJjODg5MiIsImNyZWF0ZWQiOjE2NDk1MDMwNDE3MTIsImV4aXN0aW5nIjpmYWxzZX0=
			.cancel627674-binance-com.firebaseapp.com/	1970-01-20 02:11:44	Name: _hjFirstSeen Value: 1
			cancel627674-binance-com.firebaseapp.com/	1970-01-20 02:11:43	Name: _hjIncludedInSessionSample Value: 0
			.cancel627674-binance-com.firebaseapp.com/	1970-01-20 02:11:44	Name: _hjSession_2826284 Value: eyJpZCI6IjQzYmQxN2Q4LTJmZTktNDg5Yy1hZGQ3LTQwYzBhYmJkMTVmZiIsImNyZWF0ZWQiOjE2NDk1MDMwNDI0NTIsImluU2FtcGxlIjpmYWxzZX0=
			.cancel627674-binance-com.firebaseapp.com/	1970-01-20 02:11:44	Name: _hjAbsoluteSessionInProgress Value: 0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://cancel627674-binance-com.firebaseapp.com/ Message: Access to XMLHttpRequest at 'https://accounts.binance.com/bapi/accounts/v1/public/country/list' from origin 'https://cancel627674-binance-com.firebaseapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://accounts.binance.com/bapi/accounts/v1/public/country/list Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.binance.com
cancel627674-binance-com.firebaseapp.com
cdn.jsdelivr.net
script.hotjar.com
static.hotjar.com
unpkg.com
vars.hotjar.com
accounts.binance.com
108.157.4.118
13.227.92.78
18.66.139.102
2606:4700::6810:5614
2606:4700::6810:7baf
2620:0:890::100
0b5ce3d285339cb1a3ec37aa596bd62c3d20fab721f1cac721c0c0c6ea8636f8
445ac349b04936d1b38cb3f966f50ac5e00e8cdca3312f6fca82e96d81ea9eb5
4950f813065cdd287e7f66c116eb4ab5b663a76a1953e64cf081af98d715d91a
95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1
b0efe3481b4a288a839d2593e51113b8e402c4ada44b812d7527efb077dbd4d4
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e591c341a0690655a2411e9efc47f547451b9c74aa7bfe0bd2d8fdb8d39c523b
ed0422b0545ce69d22f2f101c3b50904e68738ab943b300b02f59aecea1a5755
ff87a70cce117c9d020b7e3351ca9c612ebdec17337ba5c5064e18f4bc69f0f0