sssoos-webserver-sso-appdomian.web.app Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response sssoos-webserver-sso-appdomian.web.app/	700 KB 403 KB	813ms 263ms	Document text/html	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://sssoos-webserver-sso-appdomian.web.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 8c3c84adf2f3e306bb710e6414497b04ff28f904d4b58b3a88f6d8c25fab059b Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers cache-control max-age=3600 content-encoding br content-type text/html; charset=utf-8 etag "b4138ff1a745a21878f3a236490450f3d7de94f119d442036c13afaf93042e76-br" last-modified Sat, 26 Mar 2022 21:23:03 GMT strict-transport-security max-age=31556926; includeSubDomains; preload fastly-original-body-size 411758 accept-ranges bytes date Tue, 29 Mar 2022 04:50:07 GMT x-served-by cache-icn1450060-ICN x-cache HIT x-cache-hits 1 x-timer S1648529407.238914,VS0,VE2 vary x-fh-requested-host, accept-encoding content-length 411758
GET H2	404	main.css sssoos-webserver-sso-appdomian.web.app/	0 0	802ms 802ms	Stylesheet text/html	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://sssoos-webserver-sso-appdomian.web.app/main.css Requested by Host: sssoos-webserver-sso-appdomian.web.app URL: https://sssoos-webserver-sso-appdomian.web.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://sssoos-webserver-sso-appdomian.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip last-modified Sat, 26 Mar 2022 21:23:03 GMT fastly-original-body-size 853 x-timer S1648529408.520710,VS0,VE245 etag "daa499dd96d8229e73235345702ba32f0793f0c8e5c0d30e40e37a5872be57aa" x-served-by cache-icn1450060-ICN vary x-fh-requested-host, accept-encoding x-cache MISS content-type text/html; charset=utf-8 cache-control max-age=3600 date Tue, 29 Mar 2022 04:50:07 GMT accept-ranges bytes content-length 853 x-cache-hits 0
GET H2	404	ionicons.css sssoos-webserver-sso-appdomian.web.app/	0 0	293ms 292ms	Stylesheet text/html	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://sssoos-webserver-sso-appdomian.web.app/ionicons.css Requested by Host: sssoos-webserver-sso-appdomian.web.app URL: https://sssoos-webserver-sso-appdomian.web.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://sssoos-webserver-sso-appdomian.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip last-modified Sat, 26 Mar 2022 21:23:03 GMT x-timer S1648529408.520752,VS0,VE1 etag "daa499dd96d8229e73235345702ba32f0793f0c8e5c0d30e40e37a5872be57aa" x-served-by cache-icn1450060-ICN vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/html; charset=utf-8 cache-control max-age=3600 date Tue, 29 Mar 2022 04:50:07 GMT accept-ranges bytes content-length 853 x-cache-hits 1
GET DATA	200 OK	truncated /	80 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 05eb745176d79ec27d52d544582483fc4d0f6378c7ed2060be24dfc4e8990668 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	200	outlook-logo-7117D18788-seeklogo.com.png seeklogo.com/images/O/	11 KB 12 KB	57ms 31ms	Image image/png	2606:4700:3030::6815:5d6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://seeklogo.com/images/O/outlook-logo-7117D18788-seeklogo.com.png Requested by Host: sssoos-webserver-sso-appdomian.web.app URL: https://sssoos-webserver-sso-appdomian.web.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5d6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7af489f35dc25750aa2e286cad80b0a827c0844f916f8b6dc75ee02be5fef50e Request headers Accept-Language de-DE,de;q=0.9 Referer https://sssoos-webserver-sso-appdomian.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers date Tue, 29 Mar 2022 04:50:07 GMT cf-cache-status MISS last-modified Wed, 07 Jun 2017 12:18:12 GMT server cloudflare etag "05aa22188dfd21:0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtje2DFiN2e2HwCXTitLCb%2FR%2FRnWYpdbHE7x6mpQKqqdOyOouyD%2FBxj1X3eck14uLtz0rUFwOny4AiD3MUyn0smJGus7FYcCTis2LKtcz410t%2Fmzow0jWv5MjAvfMOWbd50pC6akAPWWsoo%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6f35fb9e4ed19bd0-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 11475
GET H2	200	favicon-8f211ea639.ico res.cdn.office.net/officehub/images/content/images/	8 KB 2 KB	79ms 8ms	Image application/octet-stream	2a02:26f0:6c00:2a7::753 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://res.cdn.office.net/officehub/images/content/images/favicon-8f211ea639.ico Requested by Host: sssoos-webserver-sso-appdomian.web.app URL: https://sssoos-webserver-sso-appdomian.web.app/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:2a7::753 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash e588bde3eb80b349b069bcbb10520e49f9aa6f38001ce651f396269de3499549 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://sssoos-webserver-sso-appdomian.web.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers date Tue, 29 Mar 2022 04:50:07 GMT content-encoding gzip last-modified Wed, 01 Sep 2021 01:23:20 GMT vary Accept-Encoding content-type text/plain access-control-allow-origin * x-ms-request-id a04637f9-301e-0007-2fe1-3093f4000000 access-control-expose-headers date cache-control max-age=630720000 strict-transport-security max-age=31536000; includeSubDomains timing-allow-origin * content-length 2157
GET DATA	200 OK	truncated /	350 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 73257fb51b4e9c849a46820ae181173030b1a15d1c5a597f5840e353b438b33a Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	535 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 270ce3b89f3c614388bc9a4c5436545ade6c956b3293d26119ad845151a4671d Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	643 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 66c75014faca4eda0db16522016d196153ae3fc9d6777b3a3749c204809ada77 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	206	background.mp4 firebasestorage.googleapis.com/v0/b/sharefiles-51cb8.appspot.com/o/	1 MB 1 MB	1028ms 988ms	Media video/mp4	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/sharefiles-51cb8.appspot.com/o/background.mp4?alt=media&token=472d01bb-5eba-4651-aa96-26bc687fae1b Requested by Host: sssoos-webserver-sso-appdomian.web.app URL: https://sssoos-webserver-sso-appdomian.web.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash 405cd7a882bc711b34ba0dd875e8adcd7c1b099e38b250d7359cf6efda7c3b25 Request headers Referer https://sssoos-webserver-sso-appdomian.web.app/ Accept-Encoding identity;q=1, *;q=0 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Range bytes=0- Response headers date Tue, 29 Mar 2022 04:50:09 GMT x-guploader-uploadid ADPycduaXMQqyeXtwswyIT2DifmO-KM6i4aGDMYLDJ_dDvzSBjQ89R3f4WEZxZOC8PQmkRifxNV9O1Mza-4olGiVsyIOA52dsg x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename*=utf-8''background.mp4 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Content-Length 1426982 Content-Range bytes 0-1426981/1426982 last-modified Thu, 17 Mar 2022 01:55:08 GMT server UploadServer etag "8229e709ffae8efcfd6a7a19821d1411" x-goog-hash crc32c=7y8UDg==, md5=ginnCf+ujvz9anoZgh0UEQ== x-goog-generation 1647482108822210 cache-control private, max-age=0 x-goog-stored-content-length 1426982 x-goog-meta-firebasestoragedownloadtokens 472d01bb-5eba-4651-aa96-26bc687fae1b accept-ranges bytes content-type video/mp4 expires Tue, 29 Mar 2022 04:50:09 GMT
GET DATA	200 OK	truncated /	16 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 39dac3fb49bc3d00e09f472afc2b4865805529f95bdd59349027bb5accfcb57b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 69781a00446d6c91465b82421046286d44ee79ddb4149175dfdbd62056efcfaf Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer) Dropbox (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| loader function| incrementCount function| getCount function| checkCount function| submitForm function| removeClass function| addClass function| openModal function| postAjax

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sssoos-webserver-sso-appdomian.web.app/ionicons.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sssoos-webserver-sso-appdomian.web.app/main.css Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

firebasestorage.googleapis.com
res.cdn.office.net
seeklogo.com
sssoos-webserver-sso-appdomian.web.app
2606:4700:3030::6815:5d6
2620:0:890::100
2a00:1450:4001:80f::200a
2a02:26f0:6c00:2a7::753
05eb745176d79ec27d52d544582483fc4d0f6378c7ed2060be24dfc4e8990668
270ce3b89f3c614388bc9a4c5436545ade6c956b3293d26119ad845151a4671d
39dac3fb49bc3d00e09f472afc2b4865805529f95bdd59349027bb5accfcb57b
405cd7a882bc711b34ba0dd875e8adcd7c1b099e38b250d7359cf6efda7c3b25
66c75014faca4eda0db16522016d196153ae3fc9d6777b3a3749c204809ada77
69781a00446d6c91465b82421046286d44ee79ddb4149175dfdbd62056efcfaf
73257fb51b4e9c849a46820ae181173030b1a15d1c5a597f5840e353b438b33a
7af489f35dc25750aa2e286cad80b0a827c0844f916f8b6dc75ee02be5fef50e
8c3c84adf2f3e306bb710e6414497b04ff28f904d4b58b3a88f6d8c25fab059b
e588bde3eb80b349b069bcbb10520e49f9aa6f38001ce651f396269de3499549