urlscan.io logo urlscan.io
SecurityTrails logo

storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:81a::2010  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://courl101.bid/hpsmj
Effective URL: https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html
Submission: On September 04 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 2a00:1450:4001:81a::2010, located in Ireland and belongs to GOOGLE - Google LLC, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by Google Internet Authority G3 on August 14th 2018. Valid for: 2 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 206.189.125.60 14061 (DIGITALOC...)
1 178.128.66.219 14061 (DIGITALOC...)
2 2a00:1450:400... 15169 (GOOGLE)
3 3
Apex Domain
Subdomains		 Transfer
2 googleapis.com
storage.googleapis.com
188 KB
1 officeurl.bid
a.officeurl.bid
1 KB
1 courl101.bid
courl101.bid
996 B
3 3
Domain Requested by
2 storage.googleapis.com a.officeurl.bid
storage.googleapis.com
1 a.officeurl.bid
1 courl101.bid 1 redirects
3 3

This site contains no links.

Subject Issuer Validity Valid
a.officeurl.bid
Let's Encrypt Authority X3		 2018-08-16 -
2018-11-14		 3 months crt.sh
*.storage.googleapis.com
Google Internet Authority G3		 2018-08-14 -
2018-10-23		 2 months crt.sh

This page contains 1 frames:

Primary Page: https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html
Frame ID: 042E1A5ED6FC2E596B35B8738DA08354
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://courl101.bid/hpsmj HTTP 301
    https://a.officeurl.bid/uiudgn.html Page URL
  2. https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

189 kB
Transfer

265 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://courl101.bid/hpsmj HTTP 301
    https://a.officeurl.bid/uiudgn.html Page URL
  2. https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://courl101.bid/hpsmj HTTP 301
  • https://a.officeurl.bid/uiudgn.html

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
uiudgn.html
a.officeurl.bid/
Redirect Chain
  • http://courl101.bid/hpsmj
  • https://a.officeurl.bid/uiudgn.html
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.officeurl.bid/uiudgn.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.128.66.219 , Greece, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
vps.officeurl.bid
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
630e0b0c0e9bd444fc35f415aefd07cad2fad4ae4732728c8937c90ee4608b69
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Host
a.officeurl.bid
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
042E1A5ED6FC2E596B35B8738DA08354

Response headers

Date
Tue, 04 Sep 2018 17:19:17 GMT
Server
Apache/2.4.7 (Ubuntu)
Strict-Transport-Security
max-age=63072000; includeSubdomains
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
Last-Modified
Fri, 31 Aug 2018 17:05:33 GMT
ETag
"542-574be331fe0c5-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
717
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html

Redirect headers

Date
Tue, 04 Sep 2018 17:19:10 GMT
Server
Apache/2.4.18 (Ubuntu)
Cache-Control
no-cache
Location
https://a.officeurl.bid/uiudgn.html
Set-Cookie
XSRF-TOKEN=eyJpdiI6InZQQ3FlR0tCNjVCZU85dTFzVWl1T1E9PSIsInZhbHVlIjoiR3NrRjdyWFZDNmlTR3doWUF3S3hzMDBJd3BtdGRFMUpyUk5qekFVXC9VSTB2MFYxZzJGWEFIN2RwWnlNaWpDRkt0d3pkQjNzM2FreFlKRUVyOFV1NmZRPT0iLCJtYWMiOiI1ZTcyNmU3ODUyNGE4M2Q4NzFkYjQ5ODYwOWFlMGI4NWI1NzlhMGRiOGY0Njc1NDg1MmY2ZTNkMDE3MzE2MzhjIn0%3D; expires=Tue, 04-Sep-2018 19:19:10 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6ImVsSVJyTHJmWWdtN25JV2FzNWYxbHc9PSIsInZhbHVlIjoibjFLZzJxSzBxcVp0cWhiOTRLUFdOdDloN1kxREVQZjBqR3ZkXC9zWjl2Qlkrb2lhcjBEU0JtQUNpeEZcL3o5MzNoRVVXOWpxQnlLWVJ2ZUFpZ0dFUHFqdz09IiwibWFjIjoiNWRhZGZhMWNkMDAwYzdkMDE0NzdmNjA2NTcyODU3YTg4N2ViMThlMTllNDU4YzcwMmQzODMzOTAwYmQxYjFkNCJ9; expires=Tue, 04-Sep-2018 19:19:10 GMT; Max-Age=7200; path=/; HttpOnly
Content-Length
384
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request Signin.html
storage.googleapis.com/ducosign-penciller-732836582/ 		124 KB
124 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html
Requested by
Host: a.officeurl.bid
URL: https://a.officeurl.bid/uiudgn.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
07e12051dfdae45139c472afc66f226ffc86fc49a5333f7d25d23af945ed09ee

Request headers

:method
GET
:authority
storage.googleapis.com
:scheme
https
:path
/ducosign-penciller-732836582/Signin.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://a.officeurl.bid/uiudgn.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
042E1A5ED6FC2E596B35B8738DA08354
Referer
https://a.officeurl.bid/uiudgn.html

Response headers

status
200
x-guploader-uploadid
AEnB2UqwCRGMLnlGlmFSAm96iv2q92WbOs7Hj3iJnjiNJrgIkzlzgzLvf4roKBAI9KERyMlXA-I21KOVTSkzp6HM3c8sdkk6Hg
expires
Tue, 04 Sep 2018 18:19:11 GMT
date
Tue, 04 Sep 2018 17:19:11 GMT
cache-control
public, max-age=3600
last-modified
Fri, 31 Aug 2018 17:05:27 GMT
etag
"3cbb05f48e64c6c76a03f8d8c49a13f8"
x-goog-generation
1535735127792812
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
126658
content-type
text/html
x-goog-hash
crc32c=1Bb9/A== md5=PLsF9I5kxsdqA/jYxJoT+A==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
126658
server
UploadServer
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ee3cec3c33913424b8a94f2ba811277a4aaf0a8476d61653769c5d953ddeecbd

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
Signin.html
storage.googleapis.com/ducosign-penciller-732836582/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/ducosign-penciller-732836582/Signin.html
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
storage.googleapis.com
referer
https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html
:scheme
https
:method
GET
Referer
https://storage.googleapis.com/ducosign-penciller-732836582/Signin.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 04 Sep 2018 17:19:11 GMT
age
1
x-guploader-uploadid
AEnB2UqwCRGMLnlGlmFSAm96iv2q92WbOs7Hj3iJnjiNJrgIkzlzgzLvf4roKBAI9KERyMlXA-I21KOVTSkzp6HM3c8sdkk6Hg
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
126658
last-modified
Fri, 31 Aug 2018 17:05:27 GMT
server
UploadServer
etag
"3cbb05f48e64c6c76a03f8d8c49a13f8"
x-goog-hash
crc32c=1Bb9/A== md5=PLsF9I5kxsdqA/jYxJoT+A==
x-goog-generation
1535735127792812
cache-control
public, max-age=3600
x-goog-stored-content-length
126658
accept-ranges
bytes
content-type
text/html
expires
Tue, 04 Sep 2018 18:19:11 GMT
truncated
/ 		36 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
251afbeef95e34cc00c9f6d95714cfe10ba846998e7173811c840282ea8e97de

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		158 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5d97f53304358270782fb098eef9091bfbd9c82af65955504c1803cfa601c2e4

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		34 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c88cb294974ac5b7d2852e606f6ece1dfcaf8934809590af3f244eed7a63246

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MaskedPassword function| validateusername function| validate

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY