offlinestorageconsoleowe.web.app
Open in
urlscan Pro
151.101.1.195
Malicious Activity!
Public Scan
Effective URL: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
Submission Tags: falconsandbox
Submission: On October 30 via api from US
Summary
TLS certificate: Issued by GTS CA 1O1 on April 15th 2020. Valid for: a year.
This is the only time offlinestorageconsoleowe.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 50.31.236.5 50.31.236.5 | 23352 (SERVERCEN...) (SERVERCENTRAL) | |
1 | 2606:4700::68... 2606:4700::6812:1a72 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6812:17cf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:81f::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 2 | 2606:4700::68... 2606:4700::6810:7eaf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 51.210.112.129 51.210.112.129 | 16276 (OVH) (OVH) | |
3 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.1.195 151.101.1.195 | 54113 (FASTLY) (FASTLY) | |
1 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
1 | 2620:1ec:bdf::10 2620:1ec:bdf::10 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
17 | 11 |
ASN23352 (SERVERCENTRAL, US)
PTR: unknown.servercentral.net
recs.richrelevance.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
cloudflare.com
cdnjs.cloudflare.com |
41 KB |
2 |
unpkg.com
1 redirects
unpkg.com |
5 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
35 KB |
2 |
codesandbox.io
codesandbox.io |
8 KB |
1 |
msauth.net
aadcdn.msauth.net |
876 B |
1 |
msftauth.net
aadcdn.msftauth.net |
2 KB |
1 |
web.app
offlinestorageconsoleowe.web.app |
4 KB |
1 |
ibb.co
i.ibb.co |
29 KB |
1 |
googleapis.com
fonts.googleapis.com |
465 B |
1 |
csb.app
qqhj9.csb.app |
4 KB |
1 |
richrelevance.com
1 redirects
recs.richrelevance.com |
237 B |
0 |
jquery.com
Failed
code.jquery.com Failed |
|
17 | 12 |
Domain | Requested by | |
---|---|---|
3 | cdnjs.cloudflare.com |
qqhj9.csb.app
offlinestorageconsoleowe.web.app |
2 | unpkg.com |
1 redirects
qqhj9.csb.app
|
2 | stackpath.bootstrapcdn.com |
qqhj9.csb.app
offlinestorageconsoleowe.web.app |
2 | codesandbox.io |
qqhj9.csb.app
|
1 | aadcdn.msauth.net |
offlinestorageconsoleowe.web.app
|
1 | aadcdn.msftauth.net |
offlinestorageconsoleowe.web.app
|
1 | offlinestorageconsoleowe.web.app |
qqhj9.csb.app
|
1 | i.ibb.co |
qqhj9.csb.app
|
1 | fonts.googleapis.com |
qqhj9.csb.app
|
1 | qqhj9.csb.app | |
1 | recs.richrelevance.com | 1 redirects |
0 | code.jquery.com Failed |
qqhj9.csb.app
|
17 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-06-14 - 2021-06-14 |
a year | crt.sh |
codesandbox.io Cloudflare Inc ECC CA-3 |
2020-06-19 - 2021-06-19 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-10-06 - 2020-12-29 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2020-09-22 - 2021-10-12 |
a year | crt.sh |
ibb.co Let's Encrypt Authority X3 |
2020-10-02 - 2020-12-31 |
3 months | crt.sh |
web.app GTS CA 1O1 |
2020-04-15 - 2021-04-14 |
a year | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2020-07-09 - 2021-07-09 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2020-10-09 - 2021-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
Frame ID: CD3B4B3BF9B0DF759A50B093D78FC08B
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8f...
HTTP 301
https://qqhj9.csb.app/ Page URL
- https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8fdc53-72c1-4b4e-7e1b-cf5d12a2f649&pti=2&pa=find&hpi=0&stn=PersonalizedProductSearchAndBrowse&stid=184&rti=2&sgs&u&mvtId=-1&mvtTs=1598978594446&uguid=ea88dc53-72c1-4b4e-7e1b-cf5d12a2f649&channelId=WEB&s=0%3Abf427450-ea53-11ea-8e87-3f2fa233444b&pg=-1&page=621&query=stronda&lang=pt&searchConfigId=5b44b8a0947195000ef22caf&searchType=CATALOG&p=13361&ind=14881&ct=https%3A%2F%2Fqqhj9.csb.app&redirect=true
HTTP 301
https://qqhj9.csb.app/ Page URL
- https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8fdc53-72c1-4b4e-7e1b-cf5d12a2f649&pti=2&pa=find&hpi=0&stn=PersonalizedProductSearchAndBrowse&stid=184&rti=2&sgs&u&mvtId=-1&mvtTs=1598978594446&uguid=ea88dc53-72c1-4b4e-7e1b-cf5d12a2f649&channelId=WEB&s=0%3Abf427450-ea53-11ea-8e87-3f2fa233444b&pg=-1&page=621&query=stronda&lang=pt&searchConfigId=5b44b8a0947195000ef22caf&searchType=CATALOG&p=13361&ind=14881&ct=https%3A%2F%2Fqqhj9.csb.app&redirect=true HTTP 301
- https://qqhj9.csb.app/
- https://unpkg.com/axios/dist/axios.min.js HTTP 302
- https://unpkg.com/axios@0.21.0/dist/axios.min.js
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
qqhj9.csb.app/ Redirect Chain
|
18 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sse-hooks.js
codesandbox.io/public/sse-hooks/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ |
574 B 465 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ |
138 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-3.1.1.slim.min.js
code.jquery.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
unpkg.com/axios@0.21.0/dist/ Redirect Chain
|
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ms-outout.png
i.ibb.co/Fsfrfnq/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watermark-button.ccc763f75.js
codesandbox.io/static/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
offlinestorageconsoleowe.web.app/ |
20 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/ests/2.1/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
aadcdn.msauth.net/ests/2.1/content/images/ |
250 B 876 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ |
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- code.jquery.com
- URL
- https://code.jquery.com/jquery-3.1.1.slim.min.js
- Domain
- stackpath.bootstrapcdn.com
- URL
- https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
- Domain
- stackpath.bootstrapcdn.com
- URL
- https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msftauth.net
cdnjs.cloudflare.com
code.jquery.com
codesandbox.io
fonts.googleapis.com
i.ibb.co
offlinestorageconsoleowe.web.app
qqhj9.csb.app
recs.richrelevance.com
stackpath.bootstrapcdn.com
unpkg.com
code.jquery.com
stackpath.bootstrapcdn.com
151.101.1.195
152.199.23.37
2001:4de0:ac19::1:b:1a
2606:4700::6810:135e
2606:4700::6810:7eaf
2606:4700::6812:17cf
2606:4700::6812:1a72
2620:1ec:bdf::10
2a00:1450:4001:81f::200a
50.31.236.5
51.210.112.129
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
38f9f561f70487d5b6a701758924bec83934f7db588fea654ab092e84b1af4d0
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5c73ff2eb14e2ff375c3f01f89b398443e303bce67862b9ee9c38eaeeadf2bc1
66264684344fb4a14dfb2651512ea16be9e052622f64d97359aaa14b057f20da
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904
9999f542b354dd9e8439cc5cd2f07914fc57cb06b5bdc8f175a08f62fda91c5e
a13187861c1245d64ffde332a7eae352fc98ad2e7ecf9a84d1dccc7b9a1f859e
e8ee249ed5d03ec065f82aa1d24fc263c468f1e67ee4cc9552f016e1ee1a2aef
f43ed67b5dbe01a3b359d5af3077afe6543a88bc32088c322171335e09b39e76
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e