notification-from-ae-group.firebaseapp.com
Open in
urlscan Pro
199.36.158.100
Malicious Activity!
Public Scan
Submission: On July 19 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by GTS CA 1D4 on July 10th 2023. Valid for: 3 months.
This is the only time notification-from-ae-group.firebaseapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Emirates Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
1 10 | 77.75.48.73 77.75.48.73 | 42707 (EQUEST-AS) (EQUEST-AS) | |
1 | 151.101.1.229 151.101.1.229 | 54113 (FASTLY) (FASTLY) | |
1 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.196.106 142.250.196.106 | 15169 (GOOGLE) (GOOGLE) | |
17 | 6 |
ASN42707 (EQUEST-AS, NL)
PTR: server1.online-retailer.nl
residentieel.online |
ASN15169 (GOOGLE, US)
PTR: nrt12s35-in-f10.1e100.net
fonts.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
residentieel.online
1 redirects
residentieel.online |
198 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88 |
1 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2767 |
7 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 368 |
9 KB |
1 |
firebaseapp.com
notification-from-ae-group.firebaseapp.com |
996 B |
0 |
gstatic.com
Failed
fonts.gstatic.com Failed |
|
17 | 6 |
Domain | Requested by | |
---|---|---|
10 | residentieel.online |
1 redirects
notification-from-ae-group.firebaseapp.com
residentieel.online |
1 | fonts.googleapis.com |
residentieel.online
|
1 | stackpath.bootstrapcdn.com |
residentieel.online
stackpath.bootstrapcdn.com |
1 | cdn.jsdelivr.net |
residentieel.online
|
1 | notification-from-ae-group.firebaseapp.com | |
0 | fonts.gstatic.com Failed |
fonts.googleapis.com
|
17 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1D4 |
2023-07-10 - 2023-10-08 |
3 months | crt.sh |
ftp.residentieel.online R3 |
2023-06-29 - 2023-09-27 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://notification-from-ae-group.firebaseapp.com/
Frame ID: 3E92E27184B51EB95146CCB36295F6DA
Requests: 1 HTTP requests in this frame
Frame:
https://residentieel.online/-/wp/post/
Frame ID: C14440976D912AE8A4BA1E989EFD95F7
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Change Delivery AddressDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://residentieel.online/r/-/ HTTP 302
- https://residentieel.online/-/wp/post/
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
notification-from-ae-group.firebaseapp.com/ |
973 B 996 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
residentieel.online/-/wp/post/ Frame C144 Redirect Chain
|
11 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ Frame C144 |
64 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ Frame C144 |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
residentieel.online/-/wp/post/css/ Frame C144 |
188 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boom.css
residentieel.online/-/wp/post/css/ Frame C144 |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Emarats.png
residentieel.online/-/wp/post/image/ Frame C144 |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
one_fot.png
residentieel.online/-/wp/post/image/ Frame C144 |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
two_fot.png
residentieel.online/-/wp/post/image/ Frame C144 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
residentieel.online/-/wp/post/js/ Frame C144 |
94 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
residentieel.online/-/wp/post/js/ Frame C144 |
29 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ Frame C144 |
9 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.jpg
residentieel.online/-/wp/post/image/ Frame C144 |
87 KB 87 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ Frame C144 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v15/ Frame C144 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v15/ Frame C144 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v15/ Frame C144 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- stackpath.bootstrapcdn.com
- URL
- https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
- Domain
- fonts.gstatic.com
- URL
- https://fonts.gstatic.com/s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2
- Domain
- fonts.gstatic.com
- URL
- https://fonts.gstatic.com/s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
- Domain
- fonts.gstatic.com
- URL
- https://fonts.gstatic.com/s/titilliumweb/v15/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Emirates Post (Transportation)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend string| h object| a object| j function| m object| k number| g number| f string| c string| b function| n0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
notification-from-ae-group.firebaseapp.com
residentieel.online
stackpath.bootstrapcdn.com
fonts.gstatic.com
stackpath.bootstrapcdn.com
104.18.10.207
142.250.196.106
151.101.1.229
199.36.158.100
77.75.48.73
0354435da8e67c110aefc3c6a1d736aade10073e0a83a9fe8101dff78365a505
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334
17387bd69df120b4c3308535376487c20ddd06201c5556a3a9c73995791e0451
2e6c37dce49aa29359da9f8213274dd675646341fb974561dcd467ad50d65beb
397d70284ad1e8011d8d92599961d169fd668b261251d071409883731b47bab3
3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef
3d4a93e70c0eb5d51de3b299e02e30535d25d28cc9dcf94d55c96ee68e5eb357
54ebe1cfd007f0f18e87c8b4ade278766ec32c5e2240463a32a5c9228d17a786
6181e505aec2ab5374b38e8c07a01df498883f2f10ca3677007ef9a554d2a215
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8cc26f4531eebbed3ee9f5f62b49005abf0993c1fb7af68fc4b948dee73eb7da
acc0310e90ebd8e08982a24361bd64e1794780909b4494f592bd1c0cc8523a75
bb727a55633dc2e6dbf713eb1f156a1813144d38fb46dc26098bfd295f0d20fe