urlscan.io logo urlscan.io
SecurityTrails logo

now--get--verified.vercel.app Open in urlscan Pro
76.76.21.142  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://now--get--verified.vercel.app/help.html
Effective URL: https://now--get--verified.vercel.app/help.html
Submission: On August 28 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 76.76.21.142, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is now--get--verified.vercel.app.
TLS certificate: Issued by R11 on August 14th 2024. Valid for: 3 months.
This is the only time now--get--verified.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 76.76.21.142 16509 (AMAZON-02)
2 192.229.173.16 15133 (EDGECAST)
1 199.232.36.84 54113 (FASTLY)
5 3
Apex Domain
Subdomains		 Transfer
2 twimg.com
pbs.twimg.com — Cisco Umbrella Rank: 1131
51 KB
2 vercel.app
now--get--verified.vercel.app
3 KB
1 pinimg.com
i.pinimg.com — Cisco Umbrella Rank: 2625
38 KB
5 3
Domain Requested by
2 pbs.twimg.com now--get--verified.vercel.app
2 now--get--verified.vercel.app now--get--verified.vercel.app
1 i.pinimg.com now--get--verified.vercel.app
5 3

This site contains links to these domains. Also see Links.

Domain
cdn.glitch.global
Subject Issuer Validity Valid
*.vercel.app
R11		 2024-08-14 -
2024-11-12		 3 months crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-08 -
2025-07-07		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-08-05 -
2025-08-07		 a year crt.sh

This page contains 1 frames:

Primary Page: https://now--get--verified.vercel.app/help.html
Frame ID: 9902EFDDB07444B4F7544058714493A0
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Meta Verified | Get a verified blue tick

Page URL History Show full URLs

  1. http://now--get--verified.vercel.app/help.html HTTP 307
    https://now--get--verified.vercel.app/help.html Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

92 kB
Transfer

94 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://now--get--verified.vercel.app/help.html HTTP 307
    https://now--get--verified.vercel.app/help.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request help.html
now--get--verified.vercel.app/
Redirect Chain
  • http://now--get--verified.vercel.app/help.html
  • https://now--get--verified.vercel.app/help.html
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://now--get--verified.vercel.app/help.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
c12cfb40dc1bbecc69af2dd35d30a26d2af0897beb6fdc3fe391a29b15bc7c0f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
356638
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="help.html"
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 28 Aug 2024 23:26:33 GMT
etag
W/"7e8ce3dc624dfb141e852c26b214163b"
server
Vercel
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-vercel-cache
HIT
x-vercel-id
iad1::ssdcs-1724887593777-4c52ee778483

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://now--get--verified.vercel.app/help.html
Non-Authoritative-Reason
HSTS
design.css
now--get--verified.vercel.app/ 		2 KB
924 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://now--get--verified.vercel.app/design.css
Requested by
Host: now--get--verified.vercel.app
URL: https://now--get--verified.vercel.app/help.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
7dc0400f67ca6a9b4baf123de2b8ab2ea4870518b237ba8befbda6387e03ed43
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://now--get--verified.vercel.app/help.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 28 Aug 2024 23:26:33 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
iad1::c5cgf-1724887593890-a5b25cb340f9
age
1848806
etag
W/"06c212a4102bcd83efe47635100cebb9"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="design.css"
GNYVN91XoAAviIK
pbs.twimg.com/media/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/GNYVN91XoAAviIK?format=png&name=4096x4096
Requested by
Host: now--get--verified.vercel.app
URL: https://now--get--verified.vercel.app/help.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.173.16 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (chd/0716) /
Resource Hash
eb5c31c547e3469aee36bf61c7bb1783cd567c026d892007b2c179d906ad1cd8
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
https://now--get--verified.vercel.app/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 28 Aug 2024 23:26:34 GMT
strict-transport-security
max-age=631138519
x-content-type-options
nosniff
age
309609
x-cache
HIT
cache-tag
media,media/bucket/7,media/1789641231607242752
server-timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length
33169
x-response-time
24
surrogate-key
media media/bucket/7 media/1789641231607242752
last-modified
Sun, 12 May 2024 12:56:14 GMT
server
ECS (chd/0716)
x-tw-cdn
VZ, VZ, VZ
content-type
image/png
access-control-allow-origin
*
x-transaction-id
891b87a9e1ed49de
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
perf
7402827104
x-connection-hash
4cfce6e61f57243da984d12361b7e08f434ce91b38c7f990d1504764f403f6ff
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
979569a2dedd37573974ceebc05b4a4e.png
i.pinimg.com/originals/97/95/69/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.pinimg.com/originals/97/95/69/979569a2dedd37573974ceebc05b4a4e.png
Requested by
Host: now--get--verified.vercel.app
URL: https://now--get--verified.vercel.app/help.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.232.36.84 New York, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0141abddefa3eb01f495b0a24b07b3ce612a343ad28570f9c6d36509677363db

Request headers

Referer
https://now--get--verified.vercel.app/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 28 Aug 2024 23:26:34 GMT
x-cdn
fastly
etag
"60ebd61593507e23f969e083ad2894fa"
x-amz-server-side-encryption
AES256
vary
Origin
content-type
image/png
cache-control
max-age=31536000, immutable
x-amz-replication-status
COMPLETED
accept-ranges
bytes
alt-svc
h3=":443";ma=600
content-length
38965
GQB99gQaQAEUOZ7
pbs.twimg.com/media/ 		18 KB
18 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pbs.twimg.com/media/GQB99gQaQAEUOZ7?format=png&name=small
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.173.16 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (chd/0776) /
Resource Hash
9647379d6d09ec76465fa14284abfea86067761b1ec7457fe82c8867e9ce4024
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
https://now--get--verified.vercel.app/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 28 Aug 2024 23:26:35 GMT
strict-transport-security
max-age=631138519
x-content-type-options
nosniff
age
579960
x-cache
HIT
server-timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length
18650
x-response-time
8
surrogate-key
media media/bucket/3 media/1801578346532454401
last-modified
Fri, 14 Jun 2024 11:30:04 GMT
server
ECS (chd/0776)
x-tw-cdn
VZ, VZ, VZ
content-type
image/png
access-control-allow-origin
*
x-transaction-id
1ad8efa224a1cabf
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
perf
7402827104
x-connection-hash
7081c5c0bc4ebc15888052d6ac3c8dcb476fbe7b9873e9e78f6444fcfddc4c13
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload