sf3tyfv.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://shiny.link/iJeBjP
Effective URL:
https://sf3tyfv.web.app/
Submission: On September 17 via manual (September 17th 2023, 2:11:36 pm UTC) from IN — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is sf3tyfv.web.app.
TLS certificate: Issued by GTS CA 1D4 on September 11th 2023. Valid for: 3 months.

This is the only time sf3tyfv.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: State Bank of India (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.142.115.75 45.142.115.75	44486 (SYNLINQ s...) (SYNLINQ synlinq.de)
17	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	3

1 45.142.115.75 (Germany) 1 redirects

ASN44486 (SYNLINQ synlinq.de, DE)
PTR: shrtco.de

shiny.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

sf3tyfv.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

s3.fire9s.store	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	web.app sf3tyfv.web.app	179 KB
2	fire9s.store s3.fire9s.store	870 B
1	shiny.link 1 redirects shiny.link	249 B
19	3

	Domain	Requested by
17	sf3tyfv.web.app	sf3tyfv.web.app
2	s3.fire9s.store	sf3tyfv.web.app
1	shiny.link	1 redirects
19	3

This site contains no links.

Subject Issuer	Validity	Valid
web.app GTS CA 1D4	`2023-09-11` - `2023-12-10`	3 months	crt.sh
fire9s.store GTS CA 1P5	`2023-08-29` - `2023-11-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sf3tyfv.web.app/
Frame ID: 69531012A12AC94B72E873549E3873BF
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wellcome

Page URL History Show full URLs

https://shiny.link/iJeBjP HTTP 301
https://sf3tyfv.web.app/ Page URL

Page Statistics

19
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

180 kB
Transfer

464 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://shiny.link/iJeBjP HTTP 301
https://sf3tyfv.web.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sf3tyfv.web.app/
Redirect Chain

https://shiny.link/iJeBjP
https://sf3tyfv.web.app/

2 KB
1 KB

205ms
80ms

Document
text/html

2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9b70844c6c1dd7a195fae9c572e6c6c2c2cf42acda7d3874019c27d31612bd8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 725
content-type: text/html; charset=utf-8
date: Sun, 17 Sep 2023 14:11:31 GMT
etag: "6d55f8977708b490a1a84dea25ee6d4cdef27efe5a66f4d9776684993b8ebae3-br"
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-ams21066-AMS
x-timer: S1694959892.826885,VS0,VE39

Redirect headers

alt-svc: h3=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 17 Sep 2023 14:11:31 GMT
location: https://sf3tyfv.web.app
permissions-policy: ;
referrer-policy: no-referrer-when-downgrade
server: shrtcode-v2
status: 301 Moved Permanently
x-content-type-options: nosniff
x-frame-options: DENY
x-robots-tag: noindex

GET
H2 200 90e6928e1aedc4df.css
sf3tyfv.web.app/_next/static/css/ 5 KB
2 KB 130ms
130ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/css/90e6928e1aedc4df.css

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d46732ce62769d8c6772b44ee37094f52846381ffa1f7c543a5c6a9380b2b3e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.911866,VS0,VE43
etag: "99190e5205331d84102892f7a5e4ba5705a609d3833df001ec8be7279a0bd0f3-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1460
x-cache-hits: 0

GET
H2 200 webpack-fd9fb29a92855ab4.js Show response
sf3tyfv.web.app/_next/static/chunks/ 2 KB
875 B 71ms
71ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/webpack-fd9fb29a92855ab4.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d05b9b43ac8657604d4146899f3cfab91acb42df7a71a23eb36904e060c4db43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.911850,VS0,VE30
etag: "67ab16307d8d050babcd7179959d3544279985da681ed4c89983eaefead1f4e8-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 738
x-cache-hits: 0

GET
H2 200 framework-fe99aa755573eedd.js Show response
sf3tyfv.web.app/_next/static/chunks/ 138 KB
39 KB 76ms
75ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/framework-fe99aa755573eedd.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3a6914a479d39bb153b085db380a34922cc5af9aa760efa097b4aace9772809f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.913373,VS0,VE35
etag: "6ecfc555104431dc24ef2fe1cef941ff887d92bec217dcb146c513b8647a8b5c-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 39394
x-cache-hits: 0

GET
H2 200 main-a307755b2b1681d8.js Show response
sf3tyfv.web.app/_next/static/chunks/ 103 KB
27 KB 116ms
114ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/main-a307755b2b1681d8.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

87cf31bd36cd73061f07492c8a01f8c7d4723f0d6a8b11a14127267024d6d2f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.913909,VS0,VE36
etag: "cda679e2e9bbf15f4c591c36781e55f2e9993f9b2d58744ad484221ca9195e48-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 27323
x-cache-hits: 0

GET
H2 200 _app-620102ba3a9296b8.js Show response
sf3tyfv.web.app/_next/static/chunks/pages/ 916 B
546 B 128ms
127ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/pages/_app-620102ba3a9296b8.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4bb744d9a4825212206284a1f696244359c0bfd408742b85b76b90d69ab8ccdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.914541,VS0,VE38
etag: "d55a03d4cd0d3038092d8c878dd7fb34f38209b8f2f1407deedcd71dbae0c3ab-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 433
x-cache-hits: 0

GET
H2 200 345-cee1cc72e673cadd.js Show response
sf3tyfv.web.app/_next/static/chunks/ 11 KB
4 KB 73ms
72ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/345-cee1cc72e673cadd.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4ab3fd859be793021e8a2f84e7efad528c47462bfad6729fe1e3464f4f643af4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.914515,VS0,VE30
etag: "f9c955874ed3be66c3d9a62f20564f72a6d323a1ac67107c508689954259dfba-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3943
x-cache-hits: 0

GET
H2 200 876-93d2ccaaf497cf46.js Show response
sf3tyfv.web.app/_next/static/chunks/ 23 KB
6 KB 127ms
126ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/876-93d2ccaaf497cf46.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f5a83c66901cc94cf18c9183a0c9ed0065ce0ea42ee66f261af2fbd9bfc0407d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.914500,VS0,VE38
etag: "f46ae9ce1793a5cb06a2d919671b2807610c0de0f18ffed4b6737cd92a662351-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6533
x-cache-hits: 0

GET
H2 200 index-2e55702da247e37a.js Show response
sf3tyfv.web.app/_next/static/chunks/pages/ 15 KB
4 KB 128ms
128ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/pages/index-2e55702da247e37a.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e21f16014f59266a6bb3c8cb7c8b007f21f260b2caacf21b68be2476fd73cfdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.914478,VS0,VE77
etag: "0aa2f55d369a896df2529f86606006748c7d8cfd2a0627f692db1968c52e6792-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4071
x-cache-hits: 0

GET
H2 200 _buildManifest.js Show response
sf3tyfv.web.app/_next/static/il13xSWn74sjES-PG14pz/ 1 KB
801 B 153ms
153ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/il13xSWn74sjES-PG14pz/_buildManifest.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7ecd69ad7650c27cdeda1fc3f44d4086fab8d605d8dd9aee139241fbcd95b04f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:32 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.914453,VS0,VE111
etag: "999b70b5085e4ba573094a419dd03821616cc0b9d460ddfdd1447a71e0bb94d6-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 471
x-cache-hits: 0

GET
H2 200 _ssgManifest.js Show response
sf3tyfv.web.app/_next/static/il13xSWn74sjES-PG14pz/ 77 B
175 B 70ms
70ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/il13xSWn74sjES-PG14pz/_ssgManifest.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21066-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
date: Sun, 17 Sep 2023 14:11:31 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.914346,VS0,VE29
etag: "f73bbe5888d285cbab0ee19990a0d9db0b352fa3dfd30959d64a2bc66422d35c"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 61
x-cache-hits: 0

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 status Show response
s3.fire9s.store/ 15 B
527 B 177ms
64ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s3.fire9s.store/status?site=sf3tyfv.web.app

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/_next/static/chunks/pages/index-2e55702da247e37a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b

Security Headers

Name	Value
Content-Security-Policy	default-src '*'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sun, 17 Sep 2023 14:11:32 GMT
content-security-policy: default-src '*'
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X4dwWbHKG7MSS2KLNqyy3g%2FeOwWO6CI9%2F5fUxBZlTTPo7FTZvYFgkqIdIIoN5mGnhokhpCKXcDn9wJJQTLT0FQWnWSp6ATC7yR4p2Ox2FfxbALArvYwXbxn7fEHsx0zVPd4kxEOgvJG%2FYW9PLM0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cf-ray: 8081f05e38432c45-FRA
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400

GET
H3 200 sky.gif
sf3tyfv.web.app/ 85 KB
58 KB 84ms
84ms Image
image/gif 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sf3tyfv.web.app/sky.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6ba6ce4a4cade27c6efce4e76ee89ab347e8ce9902ae50334d5abe5495e7b2bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21027-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:32 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.091351,VS0,VE43
etag: "700f9d432dc2aca721b1647d8d6ebe7407fcaff4d9dfcde169bd3c9eea2d97b7-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: image/gif
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 59163
x-cache-hits: 0

GET
H3 200 614-642aec2d4c481b1f.js Show response
sf3tyfv.web.app/_next/static/chunks/ 52 KB
15 KB 294ms
293ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/614-642aec2d4c481b1f.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/_next/static/chunks/main-a307755b2b1681d8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6ad4273aab9c2fb9260bfd6b6b8deefd8ff972b38a7683cbcf7c66c0cc873912

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21027-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:32 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.472648,VS0,VE252
etag: "cc0bcc8990c74f4cd533b171cf1ea9a0c8a7f32fd0c37b0f31ee3b414afd669e-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14657
x-cache-hits: 0

GET
H3 200 f1-d3cdfa1464f3902e.js Show response
sf3tyfv.web.app/_next/static/chunks/pages/ 9 KB
3 KB 335ms
335ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sf3tyfv.web.app/_next/static/chunks/pages/f1-d3cdfa1464f3902e.js

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/_next/static/chunks/main-a307755b2b1681d8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1d4955e374618365790bb99e96affe317bf49fdd12eb41bda2daaaf275087625

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21027-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:32 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959892.472786,VS0,VE294
etag: "c79eb64f0528062412a29e7c889f600e062a5cc3334d3e936296ec7ac257ef55-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3095
x-cache-hits: 0

GET
H2 200 csrf Show response
s3.fire9s.store/ 18 B
343 B 60ms
59ms Fetch
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://s3.fire9s.store/csrf

Requested by

Host: sf3tyfv.web.app
URL: https://sf3tyfv.web.app/_next/static/chunks/pages/f1-d3cdfa1464f3902e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

feb6aa4b5da28839c9dfc1db8de2c1428069101ee5cd3d65ac46e3fa84d4228d

Security Headers

Name	Value
Content-Security-Policy	default-src: *'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date: Sun, 17 Sep 2023 14:11:32 GMT
content-security-policy: default-src: *'
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVEoUvegx5wVg3qTGLyW9xZmbDW6MayvH2CEiAvYltD5zdNI3ZiPQDp2oKgBup5qMOc25oRYx7MfgtpAwkDByFd5DZMTVhRMfkqTUiXLykR8%2FUD5aTr8E%2FLbmjYUxL8pgy6qZn2PTmH7s%2F1BYHI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8081f0622d6b2c45-FRA
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bdc421a8c6f25b3a0a912095fd35e72c56155e92d76e50b80c251f21d957119

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5528c6feebcfce9f80b04128dc1cbf49d203568ad9be73dd7abeb44647c6f7e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7da635e5ce6863fd052ad41ec5656a0c5690960defe45155d4f8d05aeb098755

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 web.png
sf3tyfv.web.app/ 8 KB
8 KB 296ms
295ms Image
image/png 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sf3tyfv.web.app/web.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bd8347b90c0ac628afcdd67ec867a713db4ba7f1fec8569d2641820f8793f3e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/f1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21027-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sun, 17 Sep 2023 14:11:33 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959893.834670,VS0,VE255
etag: "7cb13ad92ea56159c00f9bbe567ef418b06e6fef94ac50852b212f695de6540e"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: image/png
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8353
x-cache-hits: 0

GET
H3 200 cc.png
sf3tyfv.web.app/ 7 KB
7 KB 277ms
277ms Image
image/png 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sf3tyfv.web.app/cc.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e60578a35a4b9348e953b44c435e9e10dc5000a2adf7f68ab52639cae543dd05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/f1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21027-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Sun, 17 Sep 2023 14:11:33 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959893.834888,VS0,VE236
etag: "01c44cfbafb98f2292e40ef0d0ad5d5ff54d5f9967bc33bf39122284b9d3f741"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: image/png
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7135
x-cache-hits: 0

GET
H3 200 kala.png
sf3tyfv.web.app/ 2 KB
2 KB 316ms
316ms Image
image/png 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sf3tyfv.web.app/kala.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

760a664e0922ab884ad6e8c095f431091f41fff218bb494d99045ae493d62e3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sf3tyfv.web.app/f1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

x-served-by: cache-ams21027-AMS
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Sun, 17 Sep 2023 14:11:33 GMT
last-modified: Fri, 15 Sep 2023 23:58:03 GMT
x-timer: S1694959893.834898,VS0,VE275
etag: "bef53a326d7a6ea260906325af3d13ad55a70f6402351874aba2537084dc30e5-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: image/png
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1829
x-cache-hits: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: State Bank of India (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s3.fire9s.store
sf3tyfv.web.app
shiny.link
2620:0:890::100
2a06:98c1:3120::3
45.142.115.75
1d4955e374618365790bb99e96affe317bf49fdd12eb41bda2daaaf275087625
3a6914a479d39bb153b085db380a34922cc5af9aa760efa097b4aace9772809f
4ab3fd859be793021e8a2f84e7efad528c47462bfad6729fe1e3464f4f643af4
4bb744d9a4825212206284a1f696244359c0bfd408742b85b76b90d69ab8ccdc
6ad4273aab9c2fb9260bfd6b6b8deefd8ff972b38a7683cbcf7c66c0cc873912
6ba6ce4a4cade27c6efce4e76ee89ab347e8ce9902ae50334d5abe5495e7b2bf
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
760a664e0922ab884ad6e8c095f431091f41fff218bb494d99045ae493d62e3e
7da635e5ce6863fd052ad41ec5656a0c5690960defe45155d4f8d05aeb098755
7ecd69ad7650c27cdeda1fc3f44d4086fab8d605d8dd9aee139241fbcd95b04f
87cf31bd36cd73061f07492c8a01f8c7d4723f0d6a8b11a14127267024d6d2f2
9b70844c6c1dd7a195fae9c572e6c6c2c2cf42acda7d3874019c27d31612bd8f
9bdc421a8c6f25b3a0a912095fd35e72c56155e92d76e50b80c251f21d957119
bd8347b90c0ac628afcdd67ec867a713db4ba7f1fec8569d2641820f8793f3e7
c5528c6feebcfce9f80b04128dc1cbf49d203568ad9be73dd7abeb44647c6f7e
d05b9b43ac8657604d4146899f3cfab91acb42df7a71a23eb36904e060c4db43
d46732ce62769d8c6772b44ee37094f52846381ffa1f7c543a5c6a9380b2b3e6
e21f16014f59266a6bb3c8cb7c8b007f21f260b2caacf21b68be2476fd73cfdf
e60578a35a4b9348e953b44c435e9e10dc5000a2adf7f68ab52639cae543dd05
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5a83c66901cc94cf18c9183a0c9ed0065ce0ea42ee66f261af2fbd9bfc0407d
feb6aa4b5da28839c9dfc1db8de2c1428069101ee5cd3d65ac46e3fa84d4228d

sf3tyfv.web.app Open in urlscan Pro 2620:0:890::100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

19 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

180 kBTransfer

464 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

sf3tyfv.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

180 kB
Transfer

464 kB
Size

0
Cookies

19 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!