storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:808::2010 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://storage.googleapis.com/aexcel-garden-519223751/index.html
Submission: On June 19 via manual (June 19th 2020, 3:13:45 pm UTC) from US

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2a00:1450:4001:808::2010, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by GTS CA 1O1 on May 26th 2020. Valid for: 3 months.

This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:808::2010	15169 (GOOGLE) (GOOGLE)
9	2606:4700:303... 2606:4700:3031::6812:36c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE)
15	5

1 2a00:1450:4001:808::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3031::6812:36c4 (United States)

ASN13335 (CLOUDFLARENET, US)

rosmtp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	rosmtp.com rosmtp.com	218 KB
3	gstatic.com fonts.gstatic.com	27 KB
2	googleapis.com storage.googleapis.com fonts.googleapis.com	11 KB
1	aspnetcdn.com ajax.aspnetcdn.com	30 KB
15	4

	Domain	Requested by
9	rosmtp.com	storage.googleapis.com
3	fonts.gstatic.com	storage.googleapis.com
1	fonts.googleapis.com	storage.googleapis.com
1	ajax.aspnetcdn.com	storage.googleapis.com
1	storage.googleapis.com
15	5

This site contains no links.

Subject Issuer	Validity	Valid
*.storage.googleapis.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-05-08` - `2020-10-09`	5 months	crt.sh
*.vo.msecnd.net Microsoft IT TLS CA 2	`2020-03-18` - `2022-03-18`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://storage.googleapis.com/aexcel-garden-519223751/index.html
Frame ID: 3A8BDE4DCA941E63F1FF6F5CF11F10EE
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

15
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

286 kB
Transfer

353 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.html Show response
storage.googleapis.com/aexcel-garden-519223751/ 10 KB
10 KB 27ms
7ms Document
text/html 2a00:1450:4001:808::2010
GOOGLE

General

storage.googleapis.com Open in urlscan Pro 2a00:1450:4001:808::2010 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

80 %IPv6

4 Domains

5 Subdomains

5 IPs

2 Countries

286 kBTransfer

353 kBSize

0 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:808::2010 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

286 kB
Transfer

353 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!