cancel627674-binance-com.firebaseapp.com
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Submission: On April 09 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1D4 on January 31st 2022. Valid for: 3 months.
This is the only time cancel627674-binance-com.firebaseapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Binance (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:7baf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 108.157.4.118 108.157.4.118 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.66.139.102 18.66.139.102 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.227.92.78 13.227.92.78 | 16509 (AMAZON-02) (AMAZON-02) | |
10 | 7 |
ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-118.dus51.r.cloudfront.net
static.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-102.fra60.r.cloudfront.net
script.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-227-92-78.eze51.r.cloudfront.net
vars.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
firebaseapp.com
cancel627674-binance-com.firebaseapp.com |
124 KB |
3 |
hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 621 script.hotjar.com — Cisco Umbrella Rank: 818 vars.hotjar.com — Cisco Umbrella Rank: 999 |
66 KB |
1 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 897 |
11 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 436 |
8 KB |
0 |
binance.com
Failed
accounts.binance.com Failed |
|
10 | 5 |
Domain | Requested by | |
---|---|---|
4 | cancel627674-binance-com.firebaseapp.com |
cancel627674-binance-com.firebaseapp.com
|
1 | vars.hotjar.com |
static.hotjar.com
|
1 | script.hotjar.com |
static.hotjar.com
|
1 | static.hotjar.com |
cancel627674-binance-com.firebaseapp.com
|
1 | unpkg.com |
cancel627674-binance-com.firebaseapp.com
|
1 | cdn.jsdelivr.net |
cancel627674-binance-com.firebaseapp.com
|
0 | accounts.binance.com Failed |
cancel627674-binance-com.firebaseapp.com
|
10 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1D4 |
2022-01-31 - 2022-05-01 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-03 - 2022-07-02 |
a year | crt.sh |
*.hotjar.com Amazon |
2021-11-25 - 2022-12-23 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://cancel627674-binance-com.firebaseapp.com/
Frame ID: DAF0FB67CDE319EEF5E99BCE11389F26
Requests: 9 HTTP requests in this frame
Frame:
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: FF0BC42222C745373041FB5D4BE340DA
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Log In | BinanceDetected technologies
FingerprintJS (JavaScript libraries) ExpandDetected patterns
- fingerprint(\d)?(?:\.min)?\.js
- /fingerprintjs@(\d)
Hotjar (Analytics) Expand
Detected patterns
- //static\.hotjar\.com/
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
cancel627674-binance-com.firebaseapp.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.4da2dad3.js
cancel627674-binance-com.firebaseapp.com/static/js/ |
525 KB 115 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.683ecea1.css
cancel627674-binance-com.firebaseapp.com/static/css/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ua-parser.min.js
cdn.jsdelivr.net/npm/ua-parser-js@1.0.2/src/ |
15 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fingerprint2.min.js
unpkg.com/@fingerprintjs/fingerprintjs@2.1.5/dist/ |
30 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-2826284.js
static.hotjar.com/c/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ic_error.c7047c4d587986f3fe40d783fc86168a.svg
cancel627674-binance-com.firebaseapp.com/static/media/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
list
accounts.binance.com/bapi/accounts/v1/public/country/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.9beafb9ca96c2f868fe2.js
script.hotjar.com/ |
236 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame FF0B |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- accounts.binance.com
- URL
- https://accounts.binance.com/bapi/accounts/v1/public/country/list
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Binance (Crypto Exchange)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| hj object| _hjSettings function| UAParser function| genFng function| loadedContent function| Fingerprint2 object| webpackChunkbinance object| regeneratorRuntime object| FontAwesomeConfig object| ___FONT_AWESOME___ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| o object| a number| e number| t5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.cancel627674-binance-com.firebaseapp.com/ | Name: _hjSessionUser_2826284 Value: eyJpZCI6IjNkMzA4NDkyLTYzNWUtNWQwNi1iMGRiLTExMmFjMjJjODg5MiIsImNyZWF0ZWQiOjE2NDk1MDMwNDE3MTIsImV4aXN0aW5nIjpmYWxzZX0= |
|
.cancel627674-binance-com.firebaseapp.com/ | Name: _hjFirstSeen Value: 1 |
|
cancel627674-binance-com.firebaseapp.com/ | Name: _hjIncludedInSessionSample Value: 0 |
|
.cancel627674-binance-com.firebaseapp.com/ | Name: _hjSession_2826284 Value: eyJpZCI6IjQzYmQxN2Q4LTJmZTktNDg5Yy1hZGQ3LTQwYzBhYmJkMTVmZiIsImNyZWF0ZWQiOjE2NDk1MDMwNDI0NTIsImluU2FtcGxlIjpmYWxzZX0= |
|
.cancel627674-binance-com.firebaseapp.com/ | Name: _hjAbsoluteSessionInProgress Value: 0 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.binance.com
cancel627674-binance-com.firebaseapp.com
cdn.jsdelivr.net
script.hotjar.com
static.hotjar.com
unpkg.com
vars.hotjar.com
accounts.binance.com
108.157.4.118
13.227.92.78
18.66.139.102
2606:4700::6810:5614
2606:4700::6810:7baf
2620:0:890::100
0b5ce3d285339cb1a3ec37aa596bd62c3d20fab721f1cac721c0c0c6ea8636f8
445ac349b04936d1b38cb3f966f50ac5e00e8cdca3312f6fca82e96d81ea9eb5
4950f813065cdd287e7f66c116eb4ab5b663a76a1953e64cf081af98d715d91a
95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1
b0efe3481b4a288a839d2593e51113b8e402c4ada44b812d7527efb077dbd4d4
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e591c341a0690655a2411e9efc47f547451b9c74aa7bfe0bd2d8fdb8d39c523b
ed0422b0545ce69d22f2f101c3b50904e68738ab943b300b02f59aecea1a5755
ff87a70cce117c9d020b7e3351ca9c612ebdec17337ba5c5064e18f4bc69f0f0