storage.googleapis.com
Open in
urlscan Pro
172.217.16.176
Malicious Activity!
Public Scan
Effective URL: https://storage.googleapis.com/adobe-593161134/Document_Cloud.html
Submission: On May 31 via manual from IE
Summary
TLS certificate: Issued by Google Internet Authority G3 on May 15th 2018. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
1 1 | 104.24.116.92 104.24.116.92 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 104.28.21.98 104.28.21.98 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 172.217.16.176 172.217.16.176 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
clickurl.bid |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
a.topurl.bid |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f176.1e100.net
storage.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
googleapis.com
storage.googleapis.com |
345 KB |
1 |
topurl.bid
a.topurl.bid |
1022 B |
1 |
clickurl.bid
1 redirects
clickurl.bid |
1 KB |
1 |
bit.ly
1 redirects
bit.ly |
418 B |
2 | 4 |
Domain | Requested by | |
---|---|---|
1 | storage.googleapis.com |
a.topurl.bid
|
1 | a.topurl.bid | |
1 | clickurl.bid | 1 redirects |
1 | bit.ly | 1 redirects |
2 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni218941.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-05-29 - 2018-12-05 |
6 months | crt.sh |
*.storage.googleapis.com Google Internet Authority G3 |
2018-05-15 - 2018-08-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://storage.googleapis.com/adobe-593161134/Document_Cloud.html
Frame ID: DC957A3326FF007690DE511C51277CF7
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/2Lu0ZFK
HTTP 301
http://clickurl.bid/IwFmM HTTP 301
https://a.topurl.bid/hwjlql.html Page URL
- https://storage.googleapis.com/adobe-593161134/Document_Cloud.html Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/2Lu0ZFK
HTTP 301
http://clickurl.bid/IwFmM HTTP 301
https://a.topurl.bid/hwjlql.html Page URL
- https://storage.googleapis.com/adobe-593161134/Document_Cloud.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bit.ly/2Lu0ZFK HTTP 301
- http://clickurl.bid/IwFmM HTTP 301
- https://a.topurl.bid/hwjlql.html
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
hwjlql.html
a.topurl.bid/ Redirect Chain
|
1 KB 1022 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Document_Cloud.html
storage.googleapis.com/adobe-593161134/ |
344 KB 345 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
58 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
32 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
77 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
311 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| MaskedPassword function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.topurl.bid
bit.ly
clickurl.bid
storage.googleapis.com
104.24.116.92
104.28.21.98
172.217.16.176
67.199.248.11
04e25af6777a18b77141ebdf1f113264596e591f5ec2406b6128259a52560ec7
2da2a9b805e0532f535f3a14cf80260b88113890a9702d8d01af52b57a922a28
43a6217480956e15a7c26529f916db507747037f8770253078569aaf1bc7c793
4a25933a8e4f91b011840925850d28f005da155714aefa2797c95cdd426ef0de
5749e9aab6f67749b7a376e460b99e8f1458e5bb83648be150bb6b71a81370fb
80a12bd6e01f6630f1198c342b8d89e763a74ae6bb4dd899bc7148e7d2e4ef2f
8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361
9d4c98832c4ffaba79d4c2c273ef755ebfca5bf1ab53e39516c0ce140e77a143
a9176150796e5c177429b4716a8f22a2d8c72d821dd5e42bf8a0289bfe8bec0b
b43a6b17145d748a4d4d9798a3bbfb78c4b1615bfd4237ac5cbbe9b6c442af13
c850da5dcbb38f0254b761d99b1408aac0c0dfdbe0be853bdade146f2dde43f6
c89fa824b694e6499880c1aacc45c6dbc50f161d77edba77bc2ffd877b933176
e51779159164b6f7e534ad4b87f4170c2fea3c6a748bd1e070ccf2e6ab2bc317