urlscan.io logo urlscan.io
SecurityTrails logo

storage.googleapis.com Open in urlscan Pro
172.217.16.176  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/2Lu0ZFK
Effective URL: https://storage.googleapis.com/adobe-593161134/Document_Cloud.html
Submission: On May 31 via manual from IE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 2 HTTP transactions. The main IP is 172.217.16.176, located in Mountain View, United States and belongs to GOOGLE - Google LLC, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by Google Internet Authority G3 on May 15th 2018. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 395224 (BITLY-AS)
1 1 104.24.116.92 13335 (CLOUDFLAR...)
1 104.28.21.98 13335 (CLOUDFLAR...)
1 172.217.16.176 15169 (GOOGLE)
2 3
Apex Domain
Subdomains		 Transfer
1 googleapis.com
storage.googleapis.com
345 KB
1 topurl.bid
a.topurl.bid
1022 B
1 clickurl.bid
clickurl.bid
1 KB
1 bit.ly
bit.ly
418 B
2 4
Domain Requested by
1 storage.googleapis.com a.topurl.bid
1 a.topurl.bid
1 clickurl.bid 1 redirects
1 bit.ly 1 redirects
2 4

This site contains no links.

Subject Issuer Validity Valid
sni218941.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-05-29 -
2018-12-05		 6 months crt.sh
*.storage.googleapis.com
Google Internet Authority G3		 2018-05-15 -
2018-08-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://storage.googleapis.com/adobe-593161134/Document_Cloud.html
Frame ID: DC957A3326FF007690DE511C51277CF7
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bit.ly/2Lu0ZFK HTTP 301
    http://clickurl.bid/IwFmM HTTP 301
    https://a.topurl.bid/hwjlql.html Page URL
  2. https://storage.googleapis.com/adobe-593161134/Document_Cloud.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

346 kB
Transfer

573 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/2Lu0ZFK HTTP 301
    http://clickurl.bid/IwFmM HTTP 301
    https://a.topurl.bid/hwjlql.html Page URL
  2. https://storage.googleapis.com/adobe-593161134/Document_Cloud.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bit.ly/2Lu0ZFK HTTP 301
  • http://clickurl.bid/IwFmM HTTP 301
  • https://a.topurl.bid/hwjlql.html

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
hwjlql.html
a.topurl.bid/
Redirect Chain
  • https://bit.ly/2Lu0ZFK
  • http://clickurl.bid/IwFmM
  • https://a.topurl.bid/hwjlql.html
1 KB
1022 B 		Document
General
Check archive.org
Download Go to
Full URL
https://a.topurl.bid/hwjlql.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.28.21.98 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9176150796e5c177429b4716a8f22a2d8c72d821dd5e42bf8a0289bfe8bec0b

Request headers

:method
GET
:authority
a.topurl.bid
:scheme
https
:path
/hwjlql.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
DC957A3326FF007690DE511C51277CF7

Response headers

status
200
date
Thu, 31 May 2018 09:19:04 GMT
content-type
text/html
set-cookie
__cfduid=dee8e24e0a59299e1971764a89bab41e71527758344; expires=Fri, 31-May-19 09:19:04 GMT; path=/; domain=.topurl.bid; HttpOnly
last-modified
Fri, 25 May 2018 22:33:56 GMT
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
42385b53c93b6463-FRA
content-encoding
gzip

Redirect headers

Date
Thu, 31 May 2018 09:19:04 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d7958baceb3f01f04a1c724bdff53bc101527758344; expires=Fri, 31-May-19 09:19:04 GMT; path=/; domain=.clickurl.bid; HttpOnly XSRF-TOKEN=eyJpdiI6IjBWbTB3Y2t1d1hvV2d6QXltQTRWNFE9PSIsInZhbHVlIjoiYmtrSzlvMHVRQm80dndxN25qZjNKVkRkQ2haTlI1SEZwYUE1aXhBK2pWaXJ2Mm5CbmV1M24wdmlrK0xmQWk0aXdMdzdyelI0YWkwN2x5Q0x5V3BGY2c9PSIsIm1hYyI6IjFkYWFmOWJmYTdlOWE0NjhhMWUwODNlYjhhNDY4YmQ3ZmRhMmVmNjQ4MjYyZDY0NDhmOWE5ZjI4OTg1YjA4ZjIifQ%3D%3D; expires=Thu, 31-May-2018 11:19:04 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6InBzekRnK3FvSTZZXC9UUFBPTkZqNzh3PT0iLCJ2YWx1ZSI6Ik9HUjl3d3kxbzdYSm56eFJXSUtpWEJ0c0lWVmYrWlwvd3VLd1NCaTkxb01qNXFJNWtaVzVcLzBsdXlMRjlCejZhXC9EU2lsUkFZT3JReXdVdXFwcXlkM0RBPT0iLCJtYWMiOiIyYjdlNjFkZGNhM2NkMzRiNTA3MzdkMWE4Mzk5MDRlYjIxOTkwYjhiYTIwOTQyZmU4N2E1ODA4MDY2ZmU5NGE2In0%3D; expires=Thu, 31-May-2018 11:19:04 GMT; Max-Age=7200; path=/; HttpOnly
Cache-Control
no-cache
Location
https://a.topurl.bid/hwjlql.html
Server
cloudflare
CF-RAY
42385b52147026c0-FRA
Primary Request Document_Cloud.html
storage.googleapis.com/adobe-593161134/ 		344 KB
345 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/adobe-593161134/Document_Cloud.html
Requested by
Host: a.topurl.bid
URL: https://a.topurl.bid/hwjlql.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.16.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f176.1e100.net
Software
UploadServer /
Resource Hash
e51779159164b6f7e534ad4b87f4170c2fea3c6a748bd1e070ccf2e6ab2bc317

Request headers

:method
GET
:authority
storage.googleapis.com
:scheme
https
:path
/adobe-593161134/Document_Cloud.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://a.topurl.bid/hwjlql.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
DC957A3326FF007690DE511C51277CF7
Referer
https://a.topurl.bid/hwjlql.html

Response headers

status
200
x-guploader-uploadid
AEnB2UqlXtmT8N0VPzuUt94R-2FlrQ62ERJP-y2ji2DvuiAjjpt9z38D3jtX_zqk-bQLHYh7W5T01iBUj0um4Q03hI4shSslmQ
expires
Thu, 31 May 2018 10:19:05 GMT
date
Thu, 31 May 2018 09:19:05 GMT
cache-control
public, max-age=3600
last-modified
Fri, 25 May 2018 22:33:53 GMT
etag
"803769d8826ff09e4a70da0f8f335e32"
x-goog-generation
1527287633959927
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
352532
content-type
text/html
x-goog-hash
crc32c=QEG9Rw== md5=gDdp2IJv8J5KcNoPjzNeMg==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
352532
server
UploadServer
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
truncated
/ 		12 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c89fa824b694e6499880c1aacc45c6dbc50f161d77edba77bc2ffd877b933176

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43a6217480956e15a7c26529f916db507747037f8770253078569aaf1bc7c793

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80a12bd6e01f6630f1198c342b8d89e763a74ae6bb4dd899bc7148e7d2e4ef2f

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5749e9aab6f67749b7a376e460b99e8f1458e5bb83648be150bb6b71a81370fb

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		58 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b43a6b17145d748a4d4d9798a3bbfb78c4b1615bfd4237ac5cbbe9b6c442af13

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		25 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04e25af6777a18b77141ebdf1f113264596e591f5ec2406b6128259a52560ec7

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		32 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c850da5dcbb38f0254b761d99b1408aac0c0dfdbe0be853bdade146f2dde43f6

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		77 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a25933a8e4f91b011840925850d28f005da155714aefa2797c95cdd426ef0de

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		311 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d4c98832c4ffaba79d4c2c273ef755ebfca5bf1ab53e39516c0ce140e77a143

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2da2a9b805e0532f535f3a14cf80260b88113890a9702d8d01af52b57a922a28

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MaskedPassword function| unhideBody

0 Cookies