urlquery - report: assenhard.web.app/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
assenhard.web.app (2)	0	2023-02-23 09:05:27	2023-05-15 07:23:14	824	1457	199.36.158.100
ocsp.pki.goog (1)	175	2018-07-01 08:43:07	2023-05-25 18:12:02	350	712	142.250.74.131
ruberembo.temp.swtest.ru (1)	0	No data	No data	483	0	0.0.0.0

Fully Qualifying Domain Name

Rank

First Seen

Last Seen

Sent bytes

Received bytes

Comment

assenhard.web.app (2)

2023-02-23 09:05:27

2023-05-15 07:23:14

824

1457

199.36.158.100

ocsp.pki.goog (1)

175

2018-07-01 08:43:07

2023-05-25 18:12:02

350

712

142.250.74.131

ruberembo.temp.swtest.ru (1)

No data

483

0.0.0.0

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-26 08:00:45 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:45 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)
2023-05-26 08:00:46 UTC	medium	Client IP	Internal IP	ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

Timestamp

Severity

Source IP

Destination IP

Alert

2023-05-26 08:00:45 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:45 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

2023-05-26 08:00:46 UTC

medium

Client IP

Internal IP

ET INFO Commonly Abused Domain Service Domain in DNS Lookup (temp .swtest .ru)

Scan Date	Severity	Indicator	Comment
2023-02-23	medium	assenhard.web.app/	Other
2023-02-23	medium	assenhard.web.app/	Other

Scan Date

Severity

Indicator

Comment

2023-02-23

medium

assenhard.web.app/

Other

2023-02-23

medium

assenhard.web.app/

Other

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	assenhard.web.app/	Phishing
2023-05-26	medium	assenhard.web.app/	Phishing
2023-05-26	medium	ruberembo.temp.swtest.ru/	Phishing

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

assenhard.web.app/

Phishing

2023-05-26

medium

assenhard.web.app/

Phishing

2023-05-26

medium

ruberembo.temp.swtest.ru/

Phishing

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	assenhard.web.app	Sinkholed
2023-05-26	medium	assenhard.web.app	Sinkholed

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

assenhard.web.app

Sinkholed

2023-05-26

medium

assenhard.web.app

Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-06-06 06:56:43 UTC	0 - 0 - 8	mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)	199.36.158.100
2023-06-06 06:36:06 UTC	0 - 0 - 4	metafb-qglu5n5.firebaseapp.com/	199.36.158.100
2023-06-06 06:35:42 UTC	0 - 2 - 9	appeal-status-review-100215899.firebaseapp.com/	199.36.158.100
2023-06-06 05:27:26 UTC	0 - 0 - 8	u953927-429.web.app/	199.36.158.100
2023-06-06 01:11:40 UTC	0 - 0 - 6	agencesgwn011.firebaseapp.com/	199.36.158.100

Date

UQ / IDS / BL

URL

2023-06-06 06:56:43 UTC

0 - 0 - 8

mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)

199.36.158.100

2023-06-06 06:36:06 UTC

0 - 0 - 4

metafb-qglu5n5.firebaseapp.com/

199.36.158.100

2023-06-06 06:35:42 UTC

0 - 2 - 9

appeal-status-review-100215899.firebaseapp.com/

199.36.158.100

2023-06-06 05:27:26 UTC

0 - 0 - 8

u953927-429.web.app/

199.36.158.100

2023-06-06 01:11:40 UTC

0 - 0 - 6

agencesgwn011.firebaseapp.com/

199.36.158.100

Date	UQ / IDS / BL	URL	IP
2023-06-06 07:11:12 UTC	0 - 0 - 4	apiservices.krxd.net/click_tracker/track?kx_e (...)	151.101.2.133
2023-06-06 06:56:43 UTC	0 - 0 - 8	mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)	199.36.158.100
2023-06-06 06:36:06 UTC	0 - 0 - 4	metafb-qglu5n5.firebaseapp.com/	199.36.158.100
2023-06-06 06:35:42 UTC	0 - 2 - 9	appeal-status-review-100215899.firebaseapp.com/	199.36.158.100
2023-06-06 06:21:05 UTC	0 - 0 - 0	facebook.github.io/react-native/movies.json	185.199.111.153

Date

UQ / IDS / BL

URL

2023-06-06 07:11:12 UTC

0 - 0 - 4

apiservices.krxd.net/click_tracker/track?kx_e (...)

151.101.2.133

2023-06-06 06:56:43 UTC

0 - 0 - 8

mailversionupgrade9.web.app/gboaefboiwajbiyvd (...)

199.36.158.100

2023-06-06 06:36:06 UTC

0 - 0 - 4

metafb-qglu5n5.firebaseapp.com/

199.36.158.100

2023-06-06 06:35:42 UTC

0 - 2 - 9

appeal-status-review-100215899.firebaseapp.com/

199.36.158.100

2023-06-06 06:21:05 UTC

0 - 0 - 0

facebook.github.io/react-native/movies.json

185.199.111.153

Date	UQ / IDS / BL	URL	IP
2023-05-26 08:01:03 UTC	0 - 20 - 7	assenhard.web.app/	199.36.158.100

Date

UQ / IDS / BL

URL

2023-05-26 08:01:03 UTC

0 - 20 - 7

assenhard.web.app/

199.36.158.100

Date	UQ / IDS / BL	URL	IP
2023-06-06 06:57:08 UTC	0 - 0 - 1	billardoo.blogspot.ru/search/label/billard	172.217.21.161
2023-06-06 06:27:28 UTC	0 - 4 - 1	whfvc.mikik.cc/34546de4235m342356	194.50.153.18
2023-06-06 04:59:37 UTC	0 - 0 - 1	dl6.files2get.com/software/soft2/wersje/mail- (...)	217.144.201.38
2023-06-06 04:57:35 UTC	0 - 0 - 1	dl6.files2get.com/software/soft2/wersje/mail- (...)	217.144.201.38
2023-06-06 04:49:25 UTC	0 - 0 - 1	dl6.files2get.com/software/soft2/wersje/chrom (...)	217.144.201.38

Date

UQ / IDS / BL

URL

2023-06-06 06:57:08 UTC

0 - 0 - 1

billardoo.blogspot.ru/search/label/billard

172.217.21.161

2023-06-06 06:27:28 UTC

0 - 4 - 1

whfvc.mikik.cc/34546de4235m342356

194.50.153.18

2023-06-06 04:59:37 UTC

0 - 0 - 1

dl6.files2get.com/software/soft2/wersje/mail- (...)

217.144.201.38

2023-06-06 04:57:35 UTC

0 - 0 - 1

dl6.files2get.com/software/soft2/wersje/mail- (...)

217.144.201.38

2023-06-06 04:49:25 UTC

0 - 0 - 1

dl6.files2get.com/software/soft2/wersje/chrom (...)

217.144.201.38

HTTP Transactions (4)

Request	Response
GET / HTTP/1.1 Host: assenhard.web.app User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	199.36.158.100 HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: max-age=3600 content-encoding: br etag: "f52e8f151b06d7f2241588e5f08f2abce87125602a7659c9118c094123a9e84c-br" last-modified: Mon, 04 Jan 2021 17:09:04 GMT strict-transport-security: max-age=31556926; includeSubDomains; preload accept-ranges: bytes date: Fri, 26 May 2023 08:00:45 GMT x-served-by: cache-bma1641-BMA x-cache: MISS x-cache-hits: 0 x-timer: S1685088046.673191,VS0,VE212 vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 108 X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators Size: 108 Md5: 6d3ef5fdb56d1f246654d5fe446b296c Sha1: 3fdbc2d6f381613ff96b9c7e1036041e43ae36ac Sha256: 6f1f559cf617435f14ced4d7fb9de8263afe299d8b92fb9b92670e2ebf5a0ff1 Blocklists: - phishtank: Other - fortinet: Phishing - quad9: Sinkholed
POST /s/gts1d4int/wrllXI_-LL8 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	142.250.74.131 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 26 May 2023 08:00:46 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 565043679872a7d0de71382b0781a40c Sha1: 6dffa954788da27932a0ddb78157c7b45a6f09b2 Sha256: ff9bd56aefc1f064e5c774544d1c1a89f9f55c01d2fc14957085da241d0f3db3
GET / HTTP/1.1 Host: assenhard.web.app User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	199.36.158.100 HTTP/2 200 OK content-type: text/html; charset=utf-8 cache-control: max-age=3600 content-encoding: br etag: "f52e8f151b06d7f2241588e5f08f2abce87125602a7659c9118c094123a9e84c-br" last-modified: Mon, 04 Jan 2021 17:09:04 GMT strict-transport-security: max-age=31556926; includeSubDomains; preload accept-ranges: bytes date: Fri, 26 May 2023 08:00:48 GMT x-served-by: cache-bma1621-BMA x-cache: HIT x-cache-hits: 1 x-timer: S1685088049.660549,VS0,VE1 vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 108 X-Firefox-Spdy: h2 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators Size: 108 Md5: 6d3ef5fdb56d1f246654d5fe446b296c Sha1: 3fdbc2d6f381613ff96b9c7e1036041e43ae36ac Sha256: 6f1f559cf617435f14ced4d7fb9de8263afe299d8b92fb9b92670e2ebf5a0ff1 Blocklists: - phishtank: Other - fortinet: Phishing - quad9: Sinkholed
GET / HTTP/1.1 Host: ruberembo.temp.swtest.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	Blocklists: - fortinet: Phishing

URL	assenhard.web.app/
IP	199.36.158.100 (United States)
ASN	#54113 FASTLY
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 08:01:03 UTC
Status	Loading report..
IDS alerts	20
Blocklist alert	7
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (3)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.36.158.100

Last 5 reports on ASN: FASTLY

Last 1 reports on domain: assenhard.web.app

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (4)

Overview

Domain Summary (3)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.36.158.100

Last 5 reports on ASN: FASTLY

Last 1 reports on domain: assenhard.web.app

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (4)

Network Intrusion Detection Systems