urlscan.io logo urlscan.io
SecurityTrails logo

storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:821::2010  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/2w7fKs2
Effective URL: https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
Submission: On August 24 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 6 HTTP transactions. The main IP is 2a00:1450:4001:821::2010, located in Ireland and belongs to GOOGLE - Google LLC, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by Google Internet Authority G3 on August 7th 2018. Valid for: 2 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 395224 (BITLY-AS)
1 1 206.189.125.60 14061 (DIGITALOC...)
1 178.128.66.219 14061 (DIGITALOC...)
5 2a00:1450:400... 15169 (GOOGLE)
6 2
Apex Domain
Subdomains		 Transfer
5 googleapis.com
storage.googleapis.com
489 KB
1 officeurl.bid
a.officeurl.bid
1 KB
1 boburl.us
boburl.us
995 B
1 bit.ly
bit.ly
415 B
6 4
Domain Requested by
5 storage.googleapis.com a.officeurl.bid
storage.googleapis.com
1 a.officeurl.bid
1 boburl.us 1 redirects
1 bit.ly 1 redirects
6 4

This site contains no links.

Subject Issuer Validity Valid
a.officeurl.bid
Let's Encrypt Authority X3		 2018-08-16 -
2018-11-14		 3 months crt.sh
*.storage.googleapis.com
Google Internet Authority G3		 2018-08-07 -
2018-10-16		 2 months crt.sh

This page contains 1 frames:

Primary Page: https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
Frame ID: D26E210C3EFA2F5EC0280B7ED3338946
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bit.ly/2w7fKs2 HTTP 301
    http://boburl.us/gHXDS HTTP 301
    https://a.officeurl.bid/znuag.html Page URL
  2. https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

6
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

491 kB
Transfer

489 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/2w7fKs2 HTTP 301
    http://boburl.us/gHXDS HTTP 301
    https://a.officeurl.bid/znuag.html Page URL
  2. https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bit.ly/2w7fKs2 HTTP 301
  • http://boburl.us/gHXDS HTTP 301
  • https://a.officeurl.bid/znuag.html

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
znuag.html
a.officeurl.bid/
Redirect Chain
  • https://bit.ly/2w7fKs2
  • http://boburl.us/gHXDS
  • https://a.officeurl.bid/znuag.html
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.officeurl.bid/znuag.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.128.66.219 , Greece, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
vps.officeurl.bid
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
210e3b75423866b6d6b8a3d1597a54de98d6e2b56934376b07a56f5264e72a12
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Host
a.officeurl.bid
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D26E210C3EFA2F5EC0280B7ED3338946

Response headers

Date
Fri, 24 Aug 2018 12:10:30 GMT
Server
Apache/2.4.7 (Ubuntu)
Strict-Transport-Security
max-age=63072000; includeSubdomains
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
Last-Modified
Thu, 23 Aug 2018 03:01:53 GMT
ETag
"557-574117b369fa5-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
719
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Fri, 24 Aug 2018 12:10:27 GMT
Server
Apache/2.4.18 (Ubuntu)
Cache-Control
no-cache
Location
https://a.officeurl.bid/znuag.html
Set-Cookie
XSRF-TOKEN=eyJpdiI6ImpIMFg4enpJVmZ0dGRIdVVKS2xxVGc9PSIsInZhbHVlIjoiMjFRR1pLS2l4ZFEzTDZ6UTllVVpVZXp4SklMNHU5ODFcL3BtMXlrY2dMZHRTVDJZeW9nbW9pb2MrUmJlRFNLXC9yZDBTdHpWN1dEcTNtck9rekR0RWcrdz09IiwibWFjIjoiYTEzODRhMGM2MmQxZmZmMjA5ZTE1YWUyYmVlNzYzOThjZDRjMDIxMmEwZDMyODUxNzQzZTA3YmY2YWYyMjlmYyJ9; expires=Fri, 24-Aug-2018 14:10:27 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6ImVpWUZ3UHBac3daZ0c4c3lwTmNvVHc9PSIsInZhbHVlIjoibEN2VFQram5NTGRTdElRRFdxU1ZSY0srSFN0SjFPK3lhTDBcL1pGc2NGemFzUXArallDOThOV1pQMlNTdStFN0N2NVVsMDlaVTBUR0VnVVRXdmhRSVhnPT0iLCJtYWMiOiI5MGJhMDIzNWQ3ZWVjMTVlMTYxMjhjZjIwYWZiZGZiZGZjOWQ4YTBjMDA0MTA2Mzg3NDQyMTYyMGFiZDFjYmM4In0%3D; expires=Fri, 24-Aug-2018 14:10:27 GMT; Max-Age=7200; path=/; HttpOnly
Content-Length
380
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request excel-login-1.html
storage.googleapis.com/excel-anagogically-368618728/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
Requested by
Host: a.officeurl.bid
URL: https://a.officeurl.bid/znuag.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
09def5ba522142d8703e64b9405068e169aed857f8ba2b2f4ab04140f09328bb

Request headers

:method
GET
:authority
storage.googleapis.com
:scheme
https
:path
/excel-anagogically-368618728/excel-login-1.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://a.officeurl.bid/znuag.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D26E210C3EFA2F5EC0280B7ED3338946
Referer
https://a.officeurl.bid/znuag.html

Response headers

status
200
x-guploader-uploadid
AEnB2Ur6ja4Q8OWEMWfTzoWsgNS-7v3u6ytMTYNHry2JVcTR_u14ZZCa_8WltdsPHXro097IWj52uBftU91U8-2J8ap0DcMjLw
expires
Fri, 24 Aug 2018 13:10:29 GMT
date
Fri, 24 Aug 2018 12:10:29 GMT
cache-control
public, max-age=3600
last-modified
Thu, 23 Aug 2018 03:01:50 GMT
etag
"66c1e01b6fad76d50e9661ae38e05921"
x-goog-generation
1534993310687792
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
2619
content-type
text/html
x-goog-hash
crc32c=Y7ZdRg== md5=ZsHgG2+tdtUOlmGuOOBZIQ==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
2619
server
UploadServer
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
e1.png
storage.googleapis.com/excel-page-items/images/ 		173 KB
173 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/excel-page-items/images/e1.png
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
fbcee5dfea91e44c2b8eb9b131fdab1c1cb0476c51f7913c999f62636fd8d8ad

Request headers

:path
/excel-page-items/images/e1.png
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
storage.googleapis.com
referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
:scheme
https
:method
GET
Referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 12:10:29 GMT
x-guploader-uploadid
AEnB2UoVrq_SkiDX8Szgccm8uLIMT99VGHSdQ-Cnm4BRem3A0u8RP7gKUY44lt1_1ip2D3SkkGOZPISHSP--Lfj04fFox0rWNw
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
176681
last-modified
Sat, 02 Jun 2018 23:29:55 GMT
server
UploadServer
etag
"18d5ebd978fbc3476d1dbf2569ab92c2"
x-goog-hash
crc32c=fCW5/w== md5=GNXr2Xj7w0dtHb8laauSwg==
x-goog-generation
1527982195161660
cache-control
public, max-age=3600
x-goog-stored-content-length
176681
accept-ranges
bytes
content-type
image/png
expires
Fri, 24 Aug 2018 13:10:29 GMT
e3.png
storage.googleapis.com/excel-page-items/images/ 		166 KB
167 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/excel-page-items/images/e3.png
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
0f3977d802138e9b0ea76c44e0515bd1a45a7a0fb74691c1e820eb880b311973

Request headers

:path
/excel-page-items/images/e3.png
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
storage.googleapis.com
referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
:scheme
https
:method
GET
Referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 12:10:29 GMT
x-guploader-uploadid
AEnB2UrKZZFe7kdd2WZduz2kOmzHPcjSeMtFXMXE7NvsfBt5fT33lU_BNnDeFfxzB9gMoeV89Id8bb-IB2Hk0kT12CGsvQhV4A
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
170468
last-modified
Sat, 02 Jun 2018 23:29:58 GMT
server
UploadServer
etag
"fd6f6eb14565a95bfb18e8ea972e90a0"
x-goog-hash
crc32c=YgZ/aw== md5=/W9usUVlqVv7GOjqly6QoA==
x-goog-generation
1527982198950087
cache-control
public, max-age=3600
x-goog-stored-content-length
170468
accept-ranges
bytes
content-type
image/png
expires
Fri, 24 Aug 2018 13:10:29 GMT
e2.png
storage.googleapis.com/excel-page-items/images/ 		145 KB
146 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/excel-page-items/images/e2.png
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e2f3d9a3bdfe3c28782c18ac7559eabfa8b0be4a07709653eded13f9ed8de2eb

Request headers

:path
/excel-page-items/images/e2.png
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
storage.googleapis.com
referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
:scheme
https
:method
GET
Referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 12:10:29 GMT
x-guploader-uploadid
AEnB2Uov5cTYPjmSdpf62dvdhdCHAZG_2W79nJXGANeQ1e2mtfH5NFbHBs_SC51Y0mI9fnGJwjGsJNJ8IFWo5V9MnuLYZ89sjg
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
148794
last-modified
Sat, 02 Jun 2018 23:29:55 GMT
server
UploadServer
etag
"8fb0e9ae38aeb023d6c5dbaef785c768"
x-goog-hash
crc32c=7MwFoA== md5=j7DprjiusCPWxduu94XHaA==
x-goog-generation
1527982195655647
cache-control
public, max-age=3600
x-goog-stored-content-length
148794
accept-ranges
bytes
content-type
image/png
expires
Fri, 24 Aug 2018 13:10:29 GMT
btn.png
storage.googleapis.com/excel-page-items/images/ 		792 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/excel-page-items/images/btn.png
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
eface1e765d5861e8b074d3006c1c4fe4e7549e0f74cf958c32e92e453ef3828

Request headers

:path
/excel-page-items/images/btn.png
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
storage.googleapis.com
referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
:scheme
https
:method
GET
Referer
https://storage.googleapis.com/excel-anagogically-368618728/excel-login-1.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 12:10:29 GMT
x-guploader-uploadid
AEnB2UqWVqLrgThyNI0o0j99xJX2PuiQHXylimdwPtkueaQTlaVmRIae2HO8_j3eNcquAAtdGHBeKjHsOPe1dnkppH6asH6P_Q
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
792
last-modified
Sat, 02 Jun 2018 23:29:50 GMT
server
UploadServer
etag
"8d546278823242afab0bf25ce489c50b"
x-goog-hash
crc32c=/U5jmQ== md5=jVRieIIyQq+rC/Jc5InFCw==
x-goog-generation
1527982190443002
cache-control
public, max-age=3600
x-goog-stored-content-length
792
accept-ranges
bytes
content-type
image/png
expires
Fri, 24 Aug 2018 13:10:29 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY