helpcenter-businesscheckpoint.com Open in urlscan Pro
139.99.140.97 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Submission: On December 25 via api (December 25th 2023, 2:16:21 pm UTC) from US — Scanned from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 139.99.140.97, located in Sydney, Australia and belongs to OVH, FR. The main domain is helpcenter-businesscheckpoint.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on December 24th 2023. Valid for: 3 months.

This is the only time helpcenter-businesscheckpoint.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
7	139.99.140.97 139.99.140.97	16276 (OVH) (OVH)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	2a03:2880:f00... 2a03:2880:f003:c0e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
9	3

7 139.99.140.97 (Sydney, Australia)

ASN16276 (OVH, FR)
PTR: ip97.ip-139-99-140.net

helpcenter-businesscheckpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	helpcenter-businesscheckpoint.com helpcenter-businesscheckpoint.com	2 MB
1	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 953	12 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	30 KB
9	3

	Domain	Requested by
7	helpcenter-businesscheckpoint.com	helpcenter-businesscheckpoint.com
1	static.xx.fbcdn.net	helpcenter-businesscheckpoint.com
1	code.jquery.com	helpcenter-businesscheckpoint.com
9	3

This site contains no links.

Subject Issuer	Validity	Valid
helpcenter-businesscheckpoint.com ZeroSSL RSA Domain Secure Site CA	`2023-12-24` - `2024-03-23`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-03` - `2024-01-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Frame ID: 6F36821F4EB409D975201DFF843FF788
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Facebook

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

2099 kB
Transfer

2556 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/ 16 KB
17 KB 1853ms
614ms Document
text/html 139.99.140.97
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 139.99.140.97 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip97.ip-139-99-140.net
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 9d1fc35e8987bed5cdd721cc482f38c8b77c7e3cb49a90fd9b624b45795330e0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: private
Content-Length: 16651
Content-Type: text/html; charset=utf-8
Date: Mon, 25 Dec 2023 14:16:14 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.2
X-Powered-By: ASP.NET

GET
H/1.1 200
OK business.css
helpcenter-businesscheckpoint.com/Content/MyContent/css/ 404 KB
88 KB 310ms
308ms Stylesheet
text/css 139.99.140.97
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://helpcenter-businesscheckpoint.com/Content/MyContent/css/business.css
Requested by: Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 139.99.140.97 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip97.ip-139-99-140.net
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c55ef802e58239959206ae903bde236fe28c3739a5e2dc7332374140f91100a1

Request headers

Referer: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Origin: https://helpcenter-businesscheckpoint.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 25 Dec 2023 14:16:15 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Dec 2023 19:17:10 GMT
Server: Microsoft-IIS/8.5
ETag: "0bf31f8f82dda1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 90048

GET
H/1.1 200
OK jquery-3.6.0.min.js Show response
helpcenter-businesscheckpoint.com/Scripts/ 87 KB
31 KB 619ms
618ms Script
application/javascript 139.99.140.97
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://helpcenter-businesscheckpoint.com/Scripts/jquery-3.6.0.min.js
Requested by: Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 139.99.140.97 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip97.ip-139-99-140.net
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 25 Dec 2023 14:16:15 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Aug 2022 16:44:16 GMT
Server: Microsoft-IIS/8.5
ETag: "0303d43facd81:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 30982

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 93ms
26ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://helpcenter-businesscheckpoint.com/
Origin: https://helpcenter-businesscheckpoint.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 14:16:15 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2911158
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-mia-kmia1760051-MIA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1703513775.332687,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 22, 257585

GET
H/1.1 200
OK jquery.signalR-2.4.1.min.js Show response
helpcenter-businesscheckpoint.com/Scripts/ 40 KB
13 KB 1238ms
624ms Script
application/javascript 139.99.140.97
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://helpcenter-businesscheckpoint.com/Scripts/jquery.signalR-2.4.1.min.js
Requested by: Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 139.99.140.97 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip97.ip-139-99-140.net
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e24db42328a71b57e81eb3d183c3af5945f1d0c0acf5f0605709d15ec0984717

Request headers

accept-language: en-US,en;q=0.9
Referer: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 25 Dec 2023 14:16:15 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Dec 2023 15:32:21 GMT
Server: Microsoft-IIS/8.5
ETag: "80304c3b472cda1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 12544

GET
H/1.1 200
OK BHANDAEIAEJ.js Show response
helpcenter-businesscheckpoint.com/Content/JS/ 4 KB
2 KB 931ms
312ms Script
application/javascript 139.99.140.97
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://helpcenter-businesscheckpoint.com/Content/JS/BHANDAEIAEJ.js
Requested by: Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 139.99.140.97 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip97.ip-139-99-140.net
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: a45c9dec5e349414d9e04d9fc77cc819f3c128b3d3f0041d9efa4e35f6e4f65f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 25 Dec 2023 14:16:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Dec 2023 16:41:05 GMT
Server: Microsoft-IIS/8.5
ETag: "80e6a154ac2eda1:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 2198

GET
H/1.1 200
OK H6-jLw-GehZ.png
helpcenter-businesscheckpoint.com/Images/ 2 MB
2 MB 308ms
307ms Image
image/png 139.99.140.97
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://helpcenter-businesscheckpoint.com/Images/H6-jLw-GehZ.png
Requested by: Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/Content/MyContent/css/business.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 139.99.140.97 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip97.ip-139-99-140.net
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 30e8989e668b872f4f05669bb53c42aa4ec4ee176cb6371e5d4eaa58e4f8ce0a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://helpcenter-businesscheckpoint.com/Content/MyContent/css/business.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 25 Dec 2023 14:16:16 GMT
Last-Modified: Wed, 13 Dec 2023 19:05:10 GMT
Server: Microsoft-IIS/8.5
ETag: "58174b4bf72dda1:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1949022

GET
H/1.1 200
OK HoDjikJOM6H.png
helpcenter-businesscheckpoint.com/Images/ 2 KB
3 KB 308ms
308ms Image
image/png 139.99.140.97
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://helpcenter-businesscheckpoint.com/Images/HoDjikJOM6H.png
Requested by: Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/Content/MyContent/css/business.css
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 139.99.140.97 Sydney, Australia, ASN16276 (OVH, FR),
Reverse DNS: ip97.ip-139-99-140.net
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: f7adbc7d0ec97175755568c45fd5f71127ebcd14137fa8388a6b27d64cfe3694

Request headers

accept-language: en-US,en;q=0.9
Referer: https://helpcenter-businesscheckpoint.com/Content/MyContent/css/business.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 25 Dec 2023 14:16:16 GMT
Last-Modified: Wed, 13 Dec 2023 19:00:09 GMT
Server: Microsoft-IIS/8.5
ETag: "b0b5898f62dda1:0"
X-Powered-By: ASP.NET
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 2464

GET
H2 200 XZbml4HvVEI.png
static.xx.fbcdn.net/rsrc.php/v3/yM/r/ 12 KB
12 KB 164ms
54ms Image
image/png 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yM/r/XZbml4HvVEI.png

Requested by

Host: helpcenter-businesscheckpoint.com
URL: https://helpcenter-businesscheckpoint.com/business/SAchFbHGdMDSCmb/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

388c16810f619c71c9644844425d888dc31c9f1d274fdaf4261b4e88e4a08dd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://helpcenter-businesscheckpoint.com/
Origin: https://helpcenter-businesscheckpoint.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
date: Mon, 25 Dec 2023 14:16:16 GMT
x-content-type-options: nosniff
content-md5: PQJgD2V1y7pY1nFQeaIuhA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11841
reporting-endpoints
x-fb-debug: 57oTNruHbOG3nvIToZ/3oDO5GIG3Zs+R4+aofj8vG3e/hKNtStz4CEjn1mFn3jlX7Xyxf/Xb1kz+vOKXyWwveA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 19 Dec 2024 07:25:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
helpcenter-businesscheckpoint.com
static.xx.fbcdn.net
139.99.140.97
2a03:2880:f003:c0e:face:b00c:0:3
2a04:4e42:400::649
30e8989e668b872f4f05669bb53c42aa4ec4ee176cb6371e5d4eaa58e4f8ce0a
388c16810f619c71c9644844425d888dc31c9f1d274fdaf4261b4e88e4a08dd8
9d1fc35e8987bed5cdd721cc482f38c8b77c7e3cb49a90fd9b624b45795330e0
a45c9dec5e349414d9e04d9fc77cc819f3c128b3d3f0041d9efa4e35f6e4f65f
c55ef802e58239959206ae903bde236fe28c3739a5e2dc7332374140f91100a1
e24db42328a71b57e81eb3d183c3af5945f1d0c0acf5f0605709d15ec0984717
f7adbc7d0ec97175755568c45fd5f71127ebcd14137fa8388a6b27d64cfe3694
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

helpcenter-businesscheckpoint.com Open in urlscan Pro 139.99.140.97 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

2099 kBTransfer

2556 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

helpcenter-businesscheckpoint.com Open in urlscan Pro
139.99.140.97 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

2099 kB
Transfer

2556 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!