urlscan.io logo urlscan.io
SecurityTrails logo

fdlogng.web.app Open in urlscan Pro
199.36.158.100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://fdlogng.web.app/
Effective URL: https://fdlogng.web.app/
Submission: On October 26 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is fdlogng.web.app.
TLS certificate: Issued by GTS CA 1D4 on September 20th 2021. Valid for: 3 months.
This is the only time fdlogng.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
5 199.36.158.100 54113 (FASTLY)
1 92.53.68.202 49505 (SELECTEL)
6 2
Apex Domain
Subdomains		 Transfer
5 web.app
fdlogng.web.app
73 KB
1 selcdn.ru
575409.selcdn.ru
6 2
Domain Requested by
5 fdlogng.web.app fdlogng.web.app
1 575409.selcdn.ru fdlogng.web.app
6 2

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1D4		 2021-09-20 -
2021-12-19		 3 months crt.sh
*.selcdn.ru
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2020-11-26 -
2021-12-27		 a year crt.sh

This page contains 2 frames:

Primary Page: https://fdlogng.web.app/
Frame ID: 95D74349D2E5E37CAF0D828C6D967204
Requests: 5 HTTP requests in this frame

Frame: https://fdlogng.web.app/new%20index_files/saved_resource.html
Frame ID: 9DFC653F344A2F0C77409B88B3396639
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Session expired!

Page URL History Show full URLs

  1. http://fdlogng.web.app/ HTTP 307
    https://fdlogng.web.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

73 kB
Transfer

301 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://fdlogng.web.app/ HTTP 307
    https://fdlogng.web.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
fdlogng.web.app/
Redirect Chain
  • http://fdlogng.web.app/
  • https://fdlogng.web.app/
6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fdlogng.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
92679330b376e93d102555748db627d332c0972710d8b569d5baa4db5368f3b7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
fdlogng.web.app
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
max-age=3600
content-encoding
br
content-type
text/html; charset=utf-8
etag
"b3a33a32d3cc1463cda74878f85f9ff684e87b30c604d8f1e804f75832de3aa7-br"
last-modified
Tue, 26 Oct 2021 06:27:45 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
accept-ranges
bytes
date
Tue, 26 Oct 2021 13:31:14 GMT
x-served-by
cache-hhn4059-HHN
x-cache
HIT
x-cache-hits
1
x-timer
S1635255074.029440,VS0,VE1
vary
x-fh-requested-host, accept-encoding
content-length
2072

Redirect headers

Location
https://fdlogng.web.app/
Non-Authoritative-Reason
HSTS
newupdate.html
575409.selcdn.ru/absupdate/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://575409.selcdn.ru/absupdate/newupdate.html
Requested by
Host: fdlogng.web.app
URL: https://fdlogng.web.app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
92.53.68.202 , Russian Federation, ASN49505 (SELECTEL, RU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fdlogng.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
access-control-expose-headers
X-Backend-Timestamp, Etag, Last-Modified, X-Object-Manifest, X-Timestamp
jquery-3.2.1.min.js.download
fdlogng.web.app/new%20index_files/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fdlogng.web.app/new%20index_files/jquery-3.2.1.min.js.download
Requested by
Host: fdlogng.web.app
URL: https://fdlogng.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:path
/new%20index_files/jquery-3.2.1.min.js.download
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
fdlogng.web.app
referer
https://fdlogng.web.app/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://fdlogng.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 26 Oct 2021 06:27:45 GMT
x-timer
S1635255074.056453,VS0,VE1
etag
"09231442d1eafa80e54d577dfa00cdac851d26b23f9baeffc6f6cceb99c52fd9-br"
x-served-by
cache-hhn4059-HHN
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
cache-control
max-age=3600
date
Tue, 26 Oct 2021 13:31:14 GMT
accept-ranges
bytes
content-length
27235
x-cache-hits
1
jquery.min.js
fdlogng.web.app/new%20index_files/ 		161 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fdlogng.web.app/new%20index_files/jquery.min.js
Requested by
Host: fdlogng.web.app
URL: https://fdlogng.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c60903db63ed835201bfd1f5c77d867aac3488d89a7fcac012ad9006d13ba154
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:path
/new%20index_files/jquery.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
fdlogng.web.app
referer
https://fdlogng.web.app/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://fdlogng.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 26 Oct 2021 06:27:45 GMT
x-timer
S1635255074.056972,VS0,VE1
etag
"1b8aec0e38b65238104d3534c8c72eccb6472e4bcf131656f939f0eda7713eaf-br"
x-served-by
cache-hhn4059-HHN
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
date
Tue, 26 Oct 2021 13:31:14 GMT
accept-ranges
bytes
content-length
32770
x-cache-hits
1
bootstrap.min.js.download
fdlogng.web.app/new%20index_files/ 		50 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fdlogng.web.app/new%20index_files/bootstrap.min.js.download
Requested by
Host: fdlogng.web.app
URL: https://fdlogng.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:path
/new%20index_files/bootstrap.min.js.download
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
fdlogng.web.app
referer
https://fdlogng.web.app/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://fdlogng.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 26 Oct 2021 06:27:45 GMT
x-timer
S1635255074.057119,VS0,VE1
etag
"5c01cc40d31101651d9c2d14e90ab9a50fc31f4c81ad14b33c91bffa31262d93-br"
x-served-by
cache-hhn4059-HHN
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
cache-control
max-age=3600
date
Tue, 26 Oct 2021 13:31:14 GMT
accept-ranges
bytes
content-length
12258
x-cache-hits
1
saved_resource.html
fdlogng.web.app/new%20index_files/ Frame 9DFC 		149 B
185 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fdlogng.web.app/new%20index_files/saved_resource.html
Requested by
Host: fdlogng.web.app
URL: https://fdlogng.web.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

:method
GET
:authority
fdlogng.web.app
:scheme
https
:path
/new%20index_files/saved_resource.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://fdlogng.web.app/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fdlogng.web.app/

Response headers

cache-control
max-age=3600
content-encoding
br
content-type
text/html; charset=utf-8
etag
"be74bed9c1fa36a52d62772b55bd4471a16c35d542a1db743a1548e289f13ef0-br"
last-modified
Tue, 26 Oct 2021 06:27:45 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
accept-ranges
bytes
date
Tue, 26 Oct 2021 13:31:14 GMT
x-served-by
cache-hhn4059-HHN
x-cache
HIT
x-cache-hits
1
x-timer
S1635255074.057735,VS0,VE1
vary
x-fh-requested-host, accept-encoding
content-length
75

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery string| p2 object| _0x4f93 function| _0x21cf function| _0x476c66 object| bootstrap

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://575409.selcdn.ru/absupdate/newupdate.html
Message:
Failed to load resource: the server responded with a status of 410 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload