urlquery - report: activitydocfresh.web.app/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
activitydocfresh.web.app (2)	0	2023-02-23 03:33:32	2023-05-26 10:00:22	838	1721	199.36.158.100
ocsp.pki.goog (1)	175	2018-07-01 08:43:07	2023-05-25 18:12:02	350	712	142.250.74.131
frmu.rejoinslegbonhi.top (1)	0	2023-01-28 23:33:42	2023-05-26 10:00:26	527	0	0.0.0.0

Fully Qualifying Domain Name

Rank

First Seen

Last Seen

Sent bytes

Received bytes

Comment

activitydocfresh.web.app (2)

2023-02-23 03:33:32

2023-05-26 10:00:22

838

1721

199.36.158.100

ocsp.pki.goog (1)

175

2018-07-01 08:43:07

2023-05-25 18:12:02

350

712

142.250.74.131

frmu.rejoinslegbonhi.top (1)

2023-01-28 23:33:42

2023-05-26 10:00:26

527

0.0.0.0

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-05-26 08:00:26 UTC	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-05-26 08:00:26 UTC	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Timestamp

Severity

Source IP

Destination IP

Alert

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET DNS Query to a *.top domain - Likely Hostile

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

2023-05-26 08:00:26 UTC

medium

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain

2023-05-26 08:00:26 UTC

low

Client IP

Internal IP

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Scan Date	Severity	Indicator	Comment
2023-02-23	medium	activitydocfresh.web.app/	Other
2023-02-23	medium	activitydocfresh.web.app/	Other

Scan Date

Severity

Indicator

Comment

2023-02-23

medium

activitydocfresh.web.app/

Other

2023-02-23

medium

activitydocfresh.web.app/

Other

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	activitydocfresh.web.app/	Phishing
2023-05-26	medium	activitydocfresh.web.app/	Phishing

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

activitydocfresh.web.app/

Phishing

2023-05-26

medium

activitydocfresh.web.app/

Phishing

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	activitydocfresh.web.app	Sinkholed
2023-05-26	medium	activitydocfresh.web.app	Sinkholed

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

activitydocfresh.web.app

Sinkholed

2023-05-26

medium

activitydocfresh.web.app

Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-06-06 06:56:43 UTC	0 - 0 - 8	mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)	199.36.158.100
2023-06-06 06:36:06 UTC	0 - 0 - 4	metafb-qglu5n5.firebaseapp.com/	199.36.158.100
2023-06-06 06:35:42 UTC	0 - 2 - 9	appeal-status-review-100215899.firebaseapp.com/	199.36.158.100
2023-06-06 05:27:26 UTC	0 - 0 - 8	u953927-429.web.app/	199.36.158.100
2023-06-06 01:11:40 UTC	0 - 0 - 6	agencesgwn011.firebaseapp.com/	199.36.158.100

Date

UQ / IDS / BL

URL

2023-06-06 06:56:43 UTC

0 - 0 - 8

mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)

199.36.158.100

2023-06-06 06:36:06 UTC

0 - 0 - 4

metafb-qglu5n5.firebaseapp.com/

199.36.158.100

2023-06-06 06:35:42 UTC

0 - 2 - 9

appeal-status-review-100215899.firebaseapp.com/

199.36.158.100

2023-06-06 05:27:26 UTC

0 - 0 - 8

u953927-429.web.app/

199.36.158.100

2023-06-06 01:11:40 UTC

0 - 0 - 6

agencesgwn011.firebaseapp.com/

199.36.158.100

Date	UQ / IDS / BL	URL	IP
2023-06-06 07:11:12 UTC	0 - 0 - 4	apiservices.krxd.net/click_tracker/track?kx_e (...)	151.101.2.133
2023-06-06 06:56:43 UTC	0 - 0 - 8	mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)	199.36.158.100
2023-06-06 06:36:06 UTC	0 - 0 - 4	metafb-qglu5n5.firebaseapp.com/	199.36.158.100
2023-06-06 06:35:42 UTC	0 - 2 - 9	appeal-status-review-100215899.firebaseapp.com/	199.36.158.100
2023-06-06 06:21:05 UTC	0 - 0 - 0	facebook.github.io/react-native/movies.json	185.199.111.153

Date

UQ / IDS / BL

URL

2023-06-06 07:11:12 UTC

0 - 0 - 4

apiservices.krxd.net/click_tracker/track?kx_e (...)

151.101.2.133

2023-06-06 06:56:43 UTC

0 - 0 - 8

mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)

199.36.158.100

2023-06-06 06:36:06 UTC

0 - 0 - 4

metafb-qglu5n5.firebaseapp.com/

199.36.158.100

2023-06-06 06:35:42 UTC

0 - 2 - 9

appeal-status-review-100215899.firebaseapp.com/

199.36.158.100

2023-06-06 06:21:05 UTC

0 - 0 - 0

facebook.github.io/react-native/movies.json

185.199.111.153

Date	UQ / IDS / BL	URL	IP
2023-05-26 08:00:43 UTC	0 - 23 - 6	activitydocfresh.web.app/	199.36.158.100

Date

UQ / IDS / BL

URL

2023-05-26 08:00:43 UTC

0 - 23 - 6

activitydocfresh.web.app/

199.36.158.100

Date	UQ / IDS / BL	URL	IP
2023-06-06 06:57:08 UTC	0 - 0 - 1	billardoo.blogspot.ru/search/label/billard	172.217.21.161
2023-06-06 06:27:28 UTC	0 - 4 - 1	whfvc.mikik.cc/34546de4235m342356	194.50.153.18
2023-06-06 04:59:37 UTC	0 - 0 - 1	dl6.files2get.com/software/soft2/wersje/mail- (...)	217.144.201.38
2023-06-06 04:57:35 UTC	0 - 0 - 1	dl6.files2get.com/software/soft2/wersje/mail- (...)	217.144.201.38
2023-06-06 04:49:25 UTC	0 - 0 - 1	dl6.files2get.com/software/soft2/wersje/chrom (...)	217.144.201.38

Date

UQ / IDS / BL

URL

2023-06-06 06:57:08 UTC

0 - 0 - 1

billardoo.blogspot.ru/search/label/billard

172.217.21.161

2023-06-06 06:27:28 UTC

0 - 4 - 1

whfvc.mikik.cc/34546de4235m342356

194.50.153.18

2023-06-06 04:59:37 UTC

0 - 0 - 1

dl6.files2get.com/software/soft2/wersje/mail- (...)

217.144.201.38

2023-06-06 04:57:35 UTC

0 - 0 - 1

dl6.files2get.com/software/soft2/wersje/mail- (...)

217.144.201.38

2023-06-06 04:49:25 UTC

0 - 0 - 1

dl6.files2get.com/software/soft2/wersje/chrom (...)

217.144.201.38

HTTP Transactions (4)

Request	Response
GET / HTTP/1.1 Host: activitydocfresh.web.app User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	199.36.158.100 HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: max-age=3600 content-encoding: br etag: "de0ea21863eb9fd8f3d142f149a81c55a26508f0955c3bfb9bf84a3a3f01ba01-br" last-modified: Mon, 30 Jan 2023 22:03:06 GMT strict-transport-security: max-age=31556926; includeSubDomains; preload accept-ranges: bytes date: Fri, 26 May 2023 08:00:26 GMT x-served-by: cache-bma1639-BMA x-cache: MISS x-cache-hits: 0 x-timer: S1685088026.243586,VS0,VE121 vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 240 X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text Size: 240 Md5: f860eef89b992e0f220ba7d8296d3586 Sha1: 4b0158c4190fc7b29edad3ec28de70203af0765c Sha256: cf895d79dab4ddf223226a5037903a5cedf247812840deb117c6f02d66aa8b7f Blocklists: - phishtank: Other - fortinet: Phishing - quad9: Sinkholed
POST /s/gts1d4int/wrllXI_-LL8 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 26 May 2023 08:00:26 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 565043679872a7d0de71382b0781a40c Sha1: 6dffa954788da27932a0ddb78157c7b45a6f09b2 Sha256: ff9bd56aefc1f064e5c774544d1c1a89f9f55c01d2fc14957085da241d0f3db3
GET / HTTP/1.1 Host: activitydocfresh.web.app User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	199.36.158.100 HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: max-age=3600 content-encoding: br etag: "de0ea21863eb9fd8f3d142f149a81c55a26508f0955c3bfb9bf84a3a3f01ba01-br" last-modified: Mon, 30 Jan 2023 22:03:06 GMT strict-transport-security: max-age=31556926; includeSubDomains; preload accept-ranges: bytes date: Fri, 26 May 2023 08:00:29 GMT x-served-by: cache-bma1669-BMA x-cache: HIT x-cache-hits: 1 x-timer: S1685088029.213527,VS0,VE1 vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 240 X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text Size: 240 Md5: f860eef89b992e0f220ba7d8296d3586 Sha1: 4b0158c4190fc7b29edad3ec28de70203af0765c Sha256: cf895d79dab4ddf223226a5037903a5cedf247812840deb117c6f02d66aa8b7f Blocklists: - phishtank: Other - fortinet: Phishing - quad9: Sinkholed
GET / HTTP/1.1 Host: frmu.rejoinslegbonhi.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://activitydocfresh.web.app/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache

URL	activitydocfresh.web.app/
IP	199.36.158.100 (United States)
ASN	#54113 FASTLY
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 08:00:43 UTC
Status	Loading report..
IDS alerts	23
Blocklist alert	6
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (3)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.36.158.100

Last 5 reports on ASN: FASTLY

Last 1 reports on domain: activitydocfresh.web.app

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (4)

Overview

Domain Summary (3)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.36.158.100

Last 5 reports on ASN: FASTLY

Last 1 reports on domain: activitydocfresh.web.app

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (4)

Network Intrusion Detection Systems