metasupport.work.gd
Open in
urlscan Pro
205.144.171.64
Malicious Activity!
Public Scan
Effective URL: https://metasupport.work.gd/start/community-standards-appeal/
Submission: On October 02 via api from US — Scanned from US
Summary
TLS certificate: Issued by SSL.com RSA SSL subCA on September 15th 2023. Valid for: 3 months.
This is the only time metasupport.work.gd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a02:4780:dea... 2a02:4780:dead:6136::1 | 204915 (AWEX) (AWEX) | |
1 | 2606:4700::68... 2606:4700::6811:a329 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 205.144.171.64 205.144.171.64 | 55778 (WEBWEB-HK...) (WEBWEB-HK International Trade Centre) | |
1 | 2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:80c::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.237.62.212 104.237.62.212 | 18450 (WEBNX) (WEBNX) | |
1 | 15.204.213.5 15.204.213.5 | 16276 (OVH) (OVH) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:80c::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
17 | 12 |
ASN204915 (AWEX, CY)
establishconnect-id12931l.000webhostapp.com |
ASN55778 (WEBWEB-HK International Trade Centre, HK)
PTR: 205-144-171-64.alchemy.net
metasupport.work.gd |
ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net |
ASN16276 (OVH, FR)
PTR: ns1019603.ip-15-204-213.us
ipwhois.app |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
work.gd
metasupport.work.gd |
8 KB |
2 |
gstatic.com
fonts.gstatic.com |
47 KB |
2 |
000webhostapp.com
establishconnect-id12931l.000webhostapp.com |
6 KB |
1 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 26415 |
655 B |
1 |
ipwhois.app
ipwhois.app — Cisco Umbrella Rank: 115433 |
953 B |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2769 |
222 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 113 |
925 B |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1683 |
14 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410 |
7 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1243 |
24 KB |
1 |
fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 822 |
2 KB |
1 |
000webhost.com
cdn.000webhost.com — Cisco Umbrella Rank: 690573 |
2 KB |
17 | 12 |
Domain | Requested by | |
---|---|---|
4 | metasupport.work.gd |
establishconnect-id12931l.000webhostapp.com
metasupport.work.gd |
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | establishconnect-id12931l.000webhostapp.com |
establishconnect-id12931l.000webhostapp.com
|
1 | api.telegram.org |
metasupport.work.gd
|
1 | ipwhois.app |
metasupport.work.gd
|
1 | api.ipify.org |
establishconnect-id12931l.000webhostapp.com
|
1 | fonts.googleapis.com |
metasupport.work.gd
|
1 | maxcdn.bootstrapcdn.com |
metasupport.work.gd
|
1 | cdnjs.cloudflare.com |
metasupport.work.gd
|
1 | code.jquery.com |
metasupport.work.gd
|
1 | static.xx.fbcdn.net |
metasupport.work.gd
|
1 | cdn.000webhost.com |
establishconnect-id12931l.000webhostapp.com
|
17 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.000webhostapp.com RapidSSL TLS RSA CA G1 |
2023-07-11 - 2024-08-10 |
a year | crt.sh |
*.000webhost.com Sectigo RSA Domain Validation Secure Server CA |
2023-01-10 - 2024-02-10 |
a year | crt.sh |
www.metasupport.work.gd SSL.com RSA SSL subCA |
2023-09-15 - 2023-12-14 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-07-11 - 2023-10-09 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-09-04 - 2023-11-27 |
3 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2023-02-07 - 2024-02-18 |
a year | crt.sh |
ipwhois.app GoGetSSL ECC DV CA |
2023-04-05 - 2024-04-05 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-09-04 - 2023-11-27 |
3 months | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-03-26 - 2024-04-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://metasupport.work.gd/start/community-standards-appeal/
Frame ID: CF6F593D0F45A919DD3744C138456CAA
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Facebook - log in or sign upPage URL History Show full URLs
- https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/ Page URL
- https://metasupport.work.gd/start/community-standards-appeal/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/ Page URL
- https://metasupport.work.gd/start/community-standards-appeal/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chuyentiepss.js
establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
metasupport.work.gd/start/community-standards-appeal/ |
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
metasupport.work.gd/start/community-standards-appeal/css/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4aAhOWlwaXf.svg
static.xx.fbcdn.net/rsrc.php/yI/r/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
send.js
metasupport.work.gd/start/community-standards-appeal/js/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ip.js
metasupport.work.gd/start/community-standards-appeal/js/ |
4 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
3 KB 925 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
22 B 222 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ipwhois.app/json/ |
681 B 953 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiEyp8kv8JHgFVrJJbecmNE.woff2
fonts.gstatic.com/s/poppins/v20/ |
39 KB 39 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sendMessage
api.telegram.org/bot6402640504:AAFHdCIEKIyYnlhZT1aDOzZucso_NQBBstQ/ |
408 B 655 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| _0x2117 function| sendPassword1 function| _0xc528 function| sendPassword2 function| _0x4717 function| validatePassword function| _0x3512cd function| _0x46a3 string| botToken string| chatId function| getIP function| _0x2e4d function| $ function| jQuery function| Popper object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
api.telegram.org
cdn.000webhost.com
cdnjs.cloudflare.com
code.jquery.com
establishconnect-id12931l.000webhostapp.com
fonts.googleapis.com
fonts.gstatic.com
ipwhois.app
maxcdn.bootstrapcdn.com
metasupport.work.gd
static.xx.fbcdn.net
104.237.62.212
15.204.213.5
2001:67c:4e8:f004::9
205.144.171.64
2606:4700::6811:190e
2606:4700::6811:a329
2606:4700::6812:bcf
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80c::200a
2a02:4780:dead:6136::1
2a03:2880:f012:8:face:b00c:0:1
2a04:4e42:400::649
0d6f8d206a6bd8b60a2048a3df206ac956a2f633786e4af1c02057f81758ad7a
112f1da1825da03d9a1c924f2a78bc32de658aa99cdf4c785ad64842593b52ec
119ca3795936c80b685a4cb3bd0df598336324b8fe3ac3972421fc4bc59fb918
1eb2c4ee104f4e01535d5e0dde731f45e2853368ae285dfdd500ddd1b5496606
30f3f3b376e1b2f21d04e79bacb8bfc970a17d787b9e5b05d5cc5f285a4e79f3
4134b973edf5e239456d6492ae5079c102f7f1defda47568b7e77828d1a3e0bd
478b3ab728aaa25a76c8cd8bb04addde92c43d72e643d0fdc455340b44c3f074
5cbd4a47e05f419e4642261c80e5d4ce758b36483b521866ff55f25e33bb21b2
6ef740727224204aa751d4dddfbbb3efebbc4e8bf7b776f21c9a76bb79716434
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a9b3f40d038b54d6bb07da790bcbcf823d326f78880817a345334946b2f6bab6
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f192229cae30aab580791ecf1bbf684d34dc33b14237723f8877ed265322db7f
f838ebffc61f0a53e965c1bf87b0d6a6c99997e0ac9350f388316b39a9859848