mtcqqtatbs.web.app Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

URL: https://mtcqqtatbs.web.app/a.html
Submission: On July 27 via api from JP — Scanned from JP

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is mtcqqtatbs.web.app.
TLS certificate: Issued by GTS CA 1D4 on July 10th 2023. Valid for: 3 months.
This is the only time mtcqqtatbs.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

IP Address AS Autonomous System
9 2620:0:890::100 54113 (FASTLY)
1 45.95.170.184 211619 (MAXKO)
10 2
Apex Domain
Subdomains
Transfer
9 web.app
mtcqqtatbs.web.app
129 KB
1 staviametech.store
staviametech.store
145 B
10 2
Domain Requested by
9 mtcqqtatbs.web.app mtcqqtatbs.web.app
1 staviametech.store mtcqqtatbs.web.app
10 2

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1D4
2023-07-10 -
2023-10-08
3 months crt.sh
staviametech.store
R3
2023-07-02 -
2023-09-30
3 months crt.sh

This page contains 1 frames:

Primary Page: https://mtcqqtatbs.web.app/a.html
Frame ID: 076BE15AD55F3D3B453397800AF12A55
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

View Document

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

129 kB
Transfer

429 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request a.html
mtcqqtatbs.web.app/
2 KB
902 B
Document
General
Full URL
https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f1537f39f5f3d137f9ba2d2328eabf1a58d0d38a8d30dc4dbdd921210e73eb87
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
533
content-type
text/html; charset=utf-8
date
Thu, 27 Jul 2023 02:33:32 GMT
etag
"e232040ce02b706b6d7bdf97de2d6c96296134f3f0ac71cacb7966415af1306b-br"
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
1
x-served-by
cache-nrt-rjtf7700079-NRT
x-timer
S1690425212.024669,VS0,VE1
bootstrap.min.css
mtcqqtatbs.web.app/
190 KB
20 KB
Stylesheet
General
Full URL
https://mtcqqtatbs.web.app/bootstrap.min.css
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
02e7ae1136f1173ec1994994ce0a3a35b53803efd0e0dc764dbbd84395801355
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/a.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700079-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425212.031584,VS0,VE1
etag
"7c4ccef6f74a0d817ab15dc5fab2e614e4d9be3e2885761b29f2cc8a2162a938-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
20058
x-cache-hits
1
styles.css
mtcqqtatbs.web.app/
50 B
159 B
Stylesheet
General
Full URL
https://mtcqqtatbs.web.app/styles.css
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9b1ad3739e41d7b97140db97575cb95a9c3dca958f7bd4c133e28e6245c28de2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/a.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700079-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425212.031803,VS0,VE1
etag
"a899761fea05f135cc460f3768e5b255d05869b4d3d6188ab758ada5980a948c"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
50
x-cache-hits
1
custom.css
mtcqqtatbs.web.app/
604 B
394 B
Stylesheet
General
Full URL
https://mtcqqtatbs.web.app/custom.css
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
707fe5fe7c40e090b2e213f7b9729b416801495c002f8a99bcd21bedf410667c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/a.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700079-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425212.031788,VS0,VE1
etag
"0e11d0a392486520354371c2c049e4c3dbab0b0cb66fce8439733a1cfa9f173d-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
264
x-cache-hits
1
logo.jpg
mtcqqtatbs.web.app/
30 KB
24 KB
Image
General
Full URL
https://mtcqqtatbs.web.app/logo.jpg
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
26c62dbdf527b8dcbf378ea62f129cbbba3b244730687909ba21ecd729c9d2e6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/a.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700079-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425212.033113,VS0,VE1
etag
"c6cccf2e7b29c45f77702033b5f9c31d4b3ce79059b1ecb02080750d0bfc18e9-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
image/jpeg
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
24591
x-cache-hits
1
jquery.min.js
mtcqqtatbs.web.app/
87 KB
27 KB
Script
General
Full URL
https://mtcqqtatbs.web.app/jquery.min.js
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/a.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700079-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425212.032479,VS0,VE1
etag
"f4a93cf3834c5f3bbbab2ba619425fb1415050a847f5bc12cd6b0bab5e68074e-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
27968
x-cache-hits
1
bootstrap.min.js
mtcqqtatbs.web.app/
79 KB
20 KB
Script
General
Full URL
https://mtcqqtatbs.web.app/bootstrap.min.js
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7cc684bcd9c27eb2034a433e85efbce40d66aabd28bec095b37bc025f65fe13d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/a.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700079-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425212.032667,VS0,VE1
etag
"1d738c8f27041a5e1897168c42d96644e5c8fc334b9dd3cf7184749197da261c-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
20771
x-cache-hits
1
script.js
mtcqqtatbs.web.app/
6 KB
2 KB
Script
General
Full URL
https://mtcqqtatbs.web.app/script.js
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/a.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bece4ea7727db259ab498818ed613a814966e463495955d816801397e7b5a6a1
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/a.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700079-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425212.032659,VS0,VE1
etag
"aa1936803ce0f32381c8d50d0fbf37a1cdeb42164bc5cd94f9295d376d18e5cd-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1764
x-cache-hits
1
/
staviametech.store/
0
145 B
XHR
General
Full URL
https://staviametech.store/
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.95.170.184 Sisak, Croatia, ASN211619 (MAXKO, HR),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*/*
Referer
https://mtcqqtatbs.web.app/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 02:33:32 GMT
last-modified
Wed, 28 Oct 2020 10:38:56 GMT
server
nginx
etag
"0-5b2b8c5371000"
content-type
text/html
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
bg.png
mtcqqtatbs.web.app/
33 KB
34 KB
Image
General
Full URL
https://mtcqqtatbs.web.app/bg.png
Requested by
Host: mtcqqtatbs.web.app
URL: https://mtcqqtatbs.web.app/custom.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cc38eba77d7c3b5ddece1c5c36b5c2985b3f3e31e208f5a77d4714b131fd85a4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://mtcqqtatbs.web.app/custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-served-by
cache-nrt-rjtf7700034-NRT
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Thu, 27 Jul 2023 02:33:33 GMT
last-modified
Sun, 02 Jul 2023 19:04:04 GMT
x-timer
S1690425213.975668,VS0,VE257
etag
"a1b2b2434bdd721a4e4fd294c96ab5a7cdc75e79e6429250885eb8d325697522-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
34084
x-cache-hits
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery number| uidEvent object| bootstrap function| userfocus function| antibot function| stopHtmlRender function| isBase64

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload