accounts-google.caddy.workers.dev
Open in
urlscan Pro
2606:4700:3031::6815:564f
Malicious Activity!
Public Scan
Effective URL: https://accounts-google.caddy.workers.dev/
Submission: On April 12 via manual from NL — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on March 15th 2024. Valid for: 3 months.
This is the only time accounts-google.caddy.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3031::6815:564f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a00:1450:400... 2a00:1450:4001:82a::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::2003 | 15169 (GOOGLE) (GOOGLE) | |
9 | 142.250.185.227 142.250.185.227 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:811::200e | 15169 (GOOGLE) (GOOGLE) | |
5 | 2a00:1450:400... 2a00:1450:400c:c09::54 | 15169 (GOOGLE) (GOOGLE) | |
2 | 64.233.166.84 64.233.166.84 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.67.216.233 172.67.216.233 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 9 |
ASN13335 (CLOUDFLARENET, US)
accounts-google.caddy.workers.dev |
ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net
www.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
414 KB |
7 |
google.com
accounts.google.com — Cisco Umbrella Rank: 21 |
|
2 |
workers.dev
accounts-google.caddy.workers.dev |
109 KB |
1 |
youtube.com
accounts.youtube.com — Cisco Umbrella Rank: 338 |
|
26 | 4 |
Domain | Requested by | |
---|---|---|
13 | www.gstatic.com |
accounts-google.caddy.workers.dev
www.gstatic.com |
7 | accounts.google.com |
www.gstatic.com
accounts-google.caddy.workers.dev |
2 | accounts-google.caddy.workers.dev | |
1 | accounts.youtube.com |
www.gstatic.com
|
1 | fonts.gstatic.com |
accounts-google.caddy.workers.dev
|
26 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
support.google.com |
accounts.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
caddy.workers.dev GTS CA 1P5 |
2024-03-15 - 2024-06-13 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
accounts.google.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
This page contains 7 frames:
Primary Page:
https://accounts-google.caddy.workers.dev/
Frame ID: B1F35E0056FEC1EED4B79AB766E981D3
Requests: 19 HTTP requests in this frame
Frame:
https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-859558309×tamp=1712953360028
Frame ID: 669AFAC5AFFEB260582154F6FAC7FAE3
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: 9C622F0D04A1B640069A1E08F4B733F1
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: 1188FB5B7B5D55C409626C6F2D7F5710
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: BB66D71B1964A2F6AC6B80815FC59A69
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: BAC151C0974708534476427E0332B5EB
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: 85C39BE8824CF7B932500C6A3175B722
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Inloggen - Google AccountsPage URL History Show full URLs
-
http://accounts-google.caddy.workers.dev/
HTTP 307
https://accounts-google.caddy.workers.dev/ Page URL
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Meer informatie over het gebruik van de gastmodus
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Voorwaarden
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://accounts-google.caddy.workers.dev/
HTTP 307
https://accounts-google.caddy.workers.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
accounts-google.caddy.workers.dev/ Redirect Chain
|
629 KB 107 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=_b,_tp
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlG... |
214 KB 75 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
267 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
fonts.gstatic.com/s/googlesans/v58/ |
51 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=_b... |
38 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,zu7j8,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inN...
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=LE... |
759 KB 223 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
112 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=RqjULd
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
19 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=ZwDk9d,RMhBfe
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=bm51tf
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
1 KB 803 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=NTMZac,sOXFj,q0xTif,ZZ4WUe
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=iAskyc,ziXSP
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
2 KB 796 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
36px.svg
www.gstatic.com/images/branding/productlogos/googleg/v6/ |
749 B 433 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=iCBEqb,nKuFpb
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
2 KB 1002 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CheckConnection
accounts.youtube.com/accounts/ Frame 669A |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
batchexecute
accounts.google.com/v3/signin/_/AccountsSignInUi/data/ Frame |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
batchexecute
accounts.google.com/v3/signin/_/AccountsSignInUi/data/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bscframe
accounts.google.com/_/ Frame 9C62 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=wg1P6b
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
7 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bscframe
accounts.google.com/_/ Frame 1188 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bscframe
accounts.google.com/_/ Frame BB66 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bscframe
accounts.google.com/_/ Frame BAC1 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.nl.22CgotWpaic.es5.O/ck=boq-identity.AccountsSignInUi.6hm245gU7MA.L.B1.O/am=P8AiunEsAGLEeeADFAVCBgAAAAAAAAAArAFmBg/d=1/exm=Av... |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
accounts-google.caddy.workers.dev/ |
5 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bscframe
accounts.google.com/_/ Frame 85C3 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
browserinfo
accounts.google.com/v3/signin/_/AccountsSignInUi/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
browserinfo
accounts.google.com/v3/signin/_/AccountsSignInUi/ Frame |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- accounts.google.com
- URL
- https://accounts.google.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2F&f.sid=-3623170729851804931&bl=boq_identityfrontendauthuiserver_20240407.08_p0&hl=nl&_reqid=80561&rt=c
- Domain
- accounts.google.com
- URL
- https://accounts.google.com/v3/signin/_/AccountsSignInUi/browserinfo?f.sid=-3623170729851804931&bl=boq_identityfrontendauthuiserver_20240407.08_p0&hl=nl&_reqid=180561&rt=j
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| WIZ_global_data number| cc_latency_start_time function| onaft function| _isLazyImage string| cc_aid number| iml_start number| css_size object| cc_latency function| ccTick function| onJsLoad function| onCssLoad function| _isVisible function| _recordImlEl number| prt function| wiz_tick string| _F_cssRowKey string| _F_combinedSignature function| _DumpException object| BOQ_wizbind object| AF_initDataKeys object| AF_dataServiceRequests object| AF_initDataChunkQueue function| AF_initDataCallback undefined| AF_initDataInitializeCallback object| aft_counter function| initAft object| IJ_values object| _wjdd object| default_AccountsSignInUi object| _F_toggles boolean| BOQ_loadedInitialJS function| _F_installCss function| _B_err object| closure_lm_143635 function| wiz_progress function| _F_getIjData object| _mxNDff object| postmessage boolean| ly11Pc number| closure_uid_772354428 function| nativePrimaryActionHit function| nativeSecondaryActionHit function| onAccountAdd object| botguard2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
accounts-google.caddy.workers.dev/ | Name: __Host-GAPS Value: 1:qlu4N1rDoeH-Bydxbkfs9CCSZtR1lw:mX_9b9L4gLq2QbQL |
|
accounts-google.caddy.workers.dev/ | Name: OTZ Value: 7510823_48_52_123900_48_436380 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts-google.caddy.workers.dev
accounts.google.com
accounts.youtube.com
fonts.gstatic.com
www.gstatic.com
accounts.google.com
142.250.185.227
172.67.216.233
2606:4700:3031::6815:564f
2a00:1450:4001:811::200e
2a00:1450:4001:813::2003
2a00:1450:4001:82a::2003
2a00:1450:400c:c09::54
64.233.166.84
08aca01054a9949b8c75cef01a776c17f8ac9d4a33b5fdbfa2f8081c35316a47
1b9a91b506e1ed9b70b244b73e0351f2f9e84567ecc085de37651e02e4e1abba
1fc198ef124ce77af31c7583e029db0b949416d5c09025afe831a403dedc7405
20cb021e91f89632641d450f01af5a1c7f29aacf08846e8550f4a82fe4bb8d51
3703eddaad5f5f05875ff9c8e68a5419e4ef9e8e75b024cab97bc770d7654af1
37405cddb3edde52df786ee9bbae74149ff46d6ce23ac18cc6b672fb45f4ddd5
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
63c413b97f2ead1289b2dae4eb525b2f6756fcabb20fe40fd969ddeae23c3c0d
68ea00a387129caf0a1fbe9e9aceb193fa2059ed6f2f98d5b794f7c0fea0cddd
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
72920e78193f9241f83f926c82e0b31cfcf8d1c8a8968786b1ae0d2071ab516a
7ba244978c35093d84445d9b4e3735b0b4caa2cd9edb7cb19b17ec904da88017
a00f577d96cec84aa13189d0112bf07c411cceb4aa055857b0b59a88e26f964a
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
af5fd9b1a3d2ae1ae2ddada000c2970c8dcc0c431553e9dd6b492ca81423aab3
b43c751e50e5893a250ea6402dbcd2ec568574530fc1675e5dcb3d418dc107d9
e5773339e56dd15d8daab94ce6ed5d444d1ef0b61355e20854234605bb2e755b