urlscan.io logo urlscan.io
SecurityTrails logo

firebasestorage.googleapis.com Open in urlscan Pro
2a00:1450:4001:803::200a  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://fishingrevolution.com/or
Effective URL: https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c2...
Submission: On May 13 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 13 HTTP transactions. The main IP is 2a00:1450:4001:803::200a, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is firebasestorage.googleapis.com.
TLS certificate: Issued by GTS CA 1O1 on April 13th 2021. Valid for: 3 months.
This is the only time firebasestorage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fidelity (Banking)

Domain & IP information

IP Address AS Autonomous System
2 2 199.38.243.4 394625 (WHITELABELIT)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 7 103.153.183.146 140947 (SNTHOSTIN...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
13 8
2    199.38.243.4 (United States)

ASN394625 (WHITELABELIT, US)
fishingrevolution.com
1    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
7    103.153.183.146 (Los Angeles, United States)

ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN)
PTR: 103.153.183.146.static.snthostings.com
arabsd234yntbgvfcsr.gb.net
1    2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Domain Requested by
7 arabsd234yntbgvfcsr.gb.net 1 redirects firebasestorage.googleapis.com
arabsd234yntbgvfcsr.gb.net
2 ajax.googleapis.com firebasestorage.googleapis.com
arabsd234yntbgvfcsr.gb.net
2 fishingrevolution.com 2 redirects
1 stackpath.bootstrapcdn.com arabsd234yntbgvfcsr.gb.net
1 maxcdn.bootstrapcdn.com arabsd234yntbgvfcsr.gb.net
1 cdnjs.cloudflare.com arabsd234yntbgvfcsr.gb.net
1 code.jquery.com arabsd234yntbgvfcsr.gb.net
1 firebasestorage.googleapis.com
13 8

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1O1		 2021-04-13 -
2021-07-06		 3 months crt.sh
arabsd234yntbgvfcsr.gb.net
R3		 2021-05-10 -
2021-08-08		 3 months crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh

This page contains 2 frames:

Primary Page: https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27
Frame ID: 10F6EE27ADD40F66D21270F325FECC27
Requests: 2 HTTP requests in this frame

Frame: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Frame ID: 9253C03EC1FA6F57BDA593B03553D25D
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://fishingrevolution.com/or HTTP 301
    https://fishingrevolution.com/or/ HTTP 302
    https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=medi... Page URL

Page Statistics

13
Requests

100 %
HTTPS

75 %
IPv6

6
Domains

8
Subdomains

8
IPs

3
Countries

296 kB
Transfer

537 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fishingrevolution.com/or HTTP 301
    https://fishingrevolution.com/or/ HTTP 302
    https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9 HTTP 301
  • https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request gfdchgfd%2Fkjhgbfvhbgfvdc.html
firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/
Redirect Chain
  • https://fishingrevolution.com/or
  • https://fishingrevolution.com/or/
  • https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
be43f3465b7f3f51268c1ad3ec11d89a43f29e61eb72e58762e00f73e8f77c99

Request headers

:method
GET
:authority
firebasestorage.googleapis.com
:scheme
https
:path
/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-guploader-uploadid
ABg5-UxCfMpdGLDaGE0yfLh40oRr0-g8Bqrfc71t6KLsh60_XhFrZ2jpcDqjG3s7RUfkAM-FgOWTboRKZvfuoUk-qg
expires
Thu, 13 May 2021 01:04:08 GMT
date
Thu, 13 May 2021 01:04:08 GMT
cache-control
private, max-age=0
last-modified
Mon, 10 May 2021 14:32:38 GMT
etag
"1afb60399d1dd5a1426f934b1dae19b0"
x-goog-generation
1620657158681607
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1480
x-goog-meta-firebasestoragedownloadtokens
f26f8121-9c24-4550-bffe-5b3e9ad2cb27
content-type
text/html
content-disposition
inline; filename*=utf-8''kjhgbfvhbgfvdc.html
x-goog-hash
crc32c=NEnSIQ== md5=GvtgOZ0d1aFCb5NLHa4ZsA==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
1480
server
UploadServer
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

Date
Thu, 13 May 2021 01:04:07 GMT
Server
Apache
Location
https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27
Content-Length
0
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 		91 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
Requested by
Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://firebasestorage.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 12 May 2021 18:19:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24289
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32954
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 12 May 2022 18:19:19 GMT
Cookie set /
arabsd234yntbgvfcsr.gb.net/qwsa/ Frame 9253 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://arabsd234yntbgvfcsr.gb.net/qwsa/?zxcvcergtrf=yhbgfvdjrke3fea
Requested by
Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/mnbvhjnhgbfvdcsvd.appspot.com/o/gfdchgfd%2Fkjhgbfvhbgfvdc.html?alt=media&token=f26f8121-9c24-4550-bffe-5b3e9ad2cb27
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.146 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.146.static.snthostings.com
Software
Apache /
Resource Hash
319bc36bf504e7fd92e66d5d89912f87c73bffe4afa525a61ba8b58f3255afc5

Request headers

Host
arabsd234yntbgvfcsr.gb.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://firebasestorage.googleapis.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://firebasestorage.googleapis.com/

Response headers

Date
Thu, 13 May 2021 01:04:09 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=828714da50aec8f5e0b132e7115f9bc0; path=/
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
/
arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/ Frame 9253
Redirect Chain
  • https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d2...
  • https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d...
13 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/?zxcvcergtrf=yhbgfvdjrke3fea
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.146 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.146.static.snthostings.com
Software
Apache /
Resource Hash
765868f06a0159d6341c2b3e89d21bb78ee0c9a17dd876e9da024f3baad93aec

Request headers

Host
arabsd234yntbgvfcsr.gb.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://arabsd234yntbgvfcsr.gb.net/qwsa/?zxcvcergtrf=yhbgfvdjrke3fea
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://arabsd234yntbgvfcsr.gb.net/qwsa/?zxcvcergtrf=yhbgfvdjrke3fea

Response headers

Date
Thu, 13 May 2021 01:04:10 GMT
Server
Apache
Last-Modified
Thu, 13 May 2021 01:04:09 GMT
Accept-Ranges
bytes
Content-Length
12926
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Thu, 13 May 2021 01:04:09 GMT
Server
Apache
Location
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Content-Length
472
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
bootstrap.3.2.css
arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/css/ Frame 9253 		130 KB
130 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/css/bootstrap.3.2.css
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.146 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.146.static.snthostings.com
Software
Apache /
Resource Hash
17314cb009a74ca9d1ecd658311d25e8c26f14cebe0f743091507d1eb229765a

Request headers

Referer
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 13 May 2021 01:04:10 GMT
Last-Modified
Thu, 13 May 2021 01:04:09 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
132646
retailResponsive.css
arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/css/ Frame 9253 		26 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/css/retailResponsive.css
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.146 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.146.static.snthostings.com
Software
Apache /
Resource Hash
fde30c32b1ab9a35726e67dc3bfe42dae47b073fa81bbd31740a643140da984c

Request headers

Referer
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 13 May 2021 01:04:10 GMT
Last-Modified
Thu, 13 May 2021 01:04:09 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
26953
fidelity_logo.png
arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/images/ Frame 9253 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/images/fidelity_logo.png
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.146 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.146.static.snthostings.com
Software
Apache /
Resource Hash
2a1c09732cb11b016693c838b9797d112b5969e8207c79c23c8d39f00eb6a2f0

Request headers

Referer
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 13 May 2021 01:04:10 GMT
Last-Modified
Thu, 13 May 2021 01:04:09 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1671
logo_gray_trans.gif
arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/images/ Frame 9253 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/images/logo_gray_trans.gif
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.153.183.146 Los Angeles, United States, ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN),
Reverse DNS
103.153.183.146.static.snthostings.com
Software
Apache /
Resource Hash
5d8e46e32462b3344646da8e0c7388ac17ca1a00c9d4d7b47332c557b14403e1

Request headers

Referer
https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 13 May 2021 01:04:10 GMT
Last-Modified
Thu, 13 May 2021 01:04:09 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3876
jquery-3.2.1.slim.min.js
code.jquery.com/ Frame 9253 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Origin
https://arabsd234yntbgvfcsr.gb.net
Referer
https://arabsd234yntbgvfcsr.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 01:04:10 GMT
content-encoding
gzip
last-modified
Mon, 20 Mar 2017 19:01:15 GMT
server
nginx
etag
W/"58d026fb-10fdd"
vary
Accept-Encoding
x-hw
1620867850.dop211.fr8.t,1620867850.cds272.fr8.hn,1620867850.cds220.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
23856
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ Frame 9253 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
https://arabsd234yntbgvfcsr.gb.net
Referer
https://arabsd234yntbgvfcsr.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 01:04:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4420935
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6157
cf-request-id
0a04d9b7cc00002bc2f1169000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Avrt%2BLBJ7Yaw5vrfxmziieIcNkHwC5zsNY2ynAAuIvdsEKYgUau5TR2e6OOZ0TJJmgB91yn0S51Z9hFoBSL8gRzw5nP%2FEKsDjDhZfoNpk%2FlrpRVmy3D2Opp0xcjBlU%2BpDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
64e7f89fa81e2bc2-FRA
expires
Tue, 03 May 2022 01:04:10 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ Frame 9253 		48 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://arabsd234yntbgvfcsr.gb.net
Referer
https://arabsd234yntbgvfcsr.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 01:04:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
26239
cdn-cachedat
2021-05-12 19:40:29
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a04d9b7cc0000c2f992325000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
719e234f98349adee748db7448466397
cf-ray
64e7f89fa875c2f9-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ Frame 9253 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://arabsd234yntbgvfcsr.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 12 May 2021 21:13:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13815
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 12 May 2022 21:13:55 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ Frame 9253 		50 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: arabsd234yntbgvfcsr.gb.net
URL: https://arabsd234yntbgvfcsr.gb.net/qwsa/7145c11a8fe9dce2a57cd57809e2ab87/?Key=7145c11a8fe9dce2a57cd57809e2ab87&rand=19lnboxLightespn_7145c11a8fe9dce2a57cd57809e2ab87_eVBKanNEOUsxZHkzV2R0YzFV-&aac5d26965fc37e5fefebab45bdeeaf795cc22454235073f49423f68534f81d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://arabsd234yntbgvfcsr.gb.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 01:04:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 718
age
4420567
cdn-cachedat
2021-03-11 11:57:52
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0a04d9b7cc00004ece0f810000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
48f4598378fe1b699fcee6ac68d6cc25
cf-ray
64e7f89faaba4ece-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
truncated
/ Frame 9253 		90 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db1a93fdbe73a47896e343a3238c85fdc0c369a3cc2b49fdf3262292ef550fb2

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 9253 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01f4e8149dbee04b647282848b4bee36da2c46ef8698d3a159c2cc506826cb6e

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 9253 		559 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a911032f62a182b5d9d0a70063d6f5ca07b84a30a218acd5b26cc431c74e6627

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fidelity (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| calcHeight object| jQuery1102031122269048264783

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
arabsd234yntbgvfcsr.gb.net
cdnjs.cloudflare.com
code.jquery.com
firebasestorage.googleapis.com
fishingrevolution.com
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
103.153.183.146
199.38.243.4
2001:4de0:ac18::1:a:3b
2606:4700::6810:125e
2606:4700::6812:acf
2a00:1450:4001:803::200a
2a00:1450:4001:82b::200a
2a00:1450:4001:831::200a
01f4e8149dbee04b647282848b4bee36da2c46ef8698d3a159c2cc506826cb6e
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
17314cb009a74ca9d1ecd658311d25e8c26f14cebe0f743091507d1eb229765a
2a1c09732cb11b016693c838b9797d112b5969e8207c79c23c8d39f00eb6a2f0
319bc36bf504e7fd92e66d5d89912f87c73bffe4afa525a61ba8b58f3255afc5
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5d8e46e32462b3344646da8e0c7388ac17ca1a00c9d4d7b47332c557b14403e1
765868f06a0159d6341c2b3e89d21bb78ee0c9a17dd876e9da024f3baad93aec
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a911032f62a182b5d9d0a70063d6f5ca07b84a30a218acd5b26cc431c74e6627
be43f3465b7f3f51268c1ad3ec11d89a43f29e61eb72e58762e00f73e8f77c99
db1a93fdbe73a47896e343a3238c85fdc0c369a3cc2b49fdf3262292ef550fb2
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fde30c32b1ab9a35726e67dc3bfe42dae47b073fa81bbd31740a643140da984c