www.google.securecloudforce.com
Open in
urlscan Pro
103.52.168.102
Malicious Activity!
Public Scan
URL:
https://www.google.securecloudforce.com/
Submission: On September 14 via automatic, source certstream-suspicious — Scanned from DE
Submission: On September 14 via automatic, source certstream-suspicious — Scanned from DE
Summary
This website contacted 4 IPs
in 2 countries
across 3 domains to perform 12 HTTP transactions.
The main IP is 103.52.168.102, located in
Australia and
belongs to NETWORKDYNAMICS-PTY-LTD-AS-AP Network Dynamics Pty Ltd, AU.
The main domain is www.google.securecloudforce.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 14th 2021. Valid for: 3 months.
This is the only time www.google.securecloudforce.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 14th 2021. Valid for: 3 months.
This is the only time www.google.securecloudforce.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 6 | 103.52.168.102 103.52.168.102 | 135543 (NETWORKDY...) (NETWORKDYNAMICS-PTY-LTD-AS-AP Network Dynamics Pty Ltd) | |
| 1 | 2a00:1450:400... 2a00:1450:4007:809::200a | 15169 (GOOGLE) (GOOGLE) | |
| 3 | 2a00:1450:400... 2a00:1450:4007:817::200a | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 2a00:1450:400... 2a00:1450:4007:819::2003 | () () | |
| 12 | 4 |
6
103.52.168.102
(Australia)
ASN135543 (NETWORKDYNAMICS-PTY-LTD-AS-AP Network Dynamics Pty Ltd, AU)
PTR: server-1002.hostingcloud.com.au
ASN135543 (NETWORKDYNAMICS-PTY-LTD-AS-AP Network Dynamics Pty Ltd, AU)
PTR: server-1002.hostingcloud.com.au
| www.google.securecloudforce.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
securecloudforce.com
www.google.securecloudforce.com |
3 KB |
| 4 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
33 KB |
| 2 |
gstatic.com
fonts.gstatic.com |
28 KB |
| 12 | 3 |
| Domain | Requested by | |
|---|---|---|
| 6 | www.google.securecloudforce.com |
www.google.securecloudforce.com
ajax.googleapis.com |
| 3 | fonts.googleapis.com |
www.google.securecloudforce.com
|
| 2 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | ajax.googleapis.com |
www.google.securecloudforce.com
|
| 12 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| support.google.com |
| policies.google.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| google.securecloudforce.com cPanel, Inc. Certification Authority |
2021-09-14 - 2021-12-13 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2021-08-23 - 2021-11-15 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2021-08-23 - 2021-11-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.google.securecloudforce.com/
Frame ID: 506C47A93E3AAEF7B6951881B71BAEE1
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Google AccountDetected technologies
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
URL: https://support.google.com/chrome/answer/6130773?hl=en
Title: Learn More
Title: Learn More
Search URL Search Domain Scan URL
URL: https://support.google.com/accounts?hl=en-GB#topic=3382296
Title: Help
Title: Help
Search URL Search Domain Scan URL
URL: https://policies.google.com/privacy?gl=AU&hl=en-GB
Title: Privacy
Title: Privacy
Search URL Search Domain Scan URL
URL: https://policies.google.com/terms?gl=AU&hl=en-GB
Title: Terms
Title: Terms
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.google.securecloudforce.com/ |
4 KB 996 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
2 KB 1022 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
2 KB 675 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
735 B 456 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
getScreenType.js
www.google.securecloudforce.com/js/ |
179 B 158 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
stylesheet-global.css
www.google.securecloudforce.com/css/ |
47 B 83 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
setIndexStylesheet.js
www.google.securecloudforce.com/js/ |
297 B 177 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
setOtherStylesheet.js
www.google.securecloudforce.com/js/ |
299 B 178 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
stylesheet-large.css
www.google.securecloudforce.com/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
c4mw1n92AsfhuCq6tVsaoIx1CHIi4kToNorqShNPVo0.woff2
fonts.gstatic.com/s/kumbhsans/v6/ |
12 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| getScreenType string| screenType function| setIndexStylesheet function| setOtherStylesheet0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
www.google.securecloudforce.com
103.52.168.102
2a00:1450:4007:809::200a
2a00:1450:4007:817::200a
2a00:1450:4007:819::2003
2d230eef95f25e27d29c6dde7b29d27f294d5945d40a809d68a91b3abfedc15f
31e3718c78efc295a9c470acedba1ddd18951d4e38b688b1dbefe884092dc146
4f50a84a8a004ba532c5dfa7205fcbaf946755c22e906603b0eec7cef731d456
5ed01ae938b1779d74b5cbc2a55c779ccd1b7ad7ac9db7aadf8413d7cf63b67c
64ca58417fa9726bfbf28f7f71e3f1c69be4ba3aecd87d1b13f6c9b429c76518
6e04f3716af5922dcfa435b246e6889a0af54214822457a9150ce0b27517df17
6f079a1b47fa39dc6d051d9072a6559435bec16975d6b174aff5c4ef681896be
99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61
a26d8fc44963ae9b8b5ad4ef59f935da5ecdc478b0095965c76a851b75efae36
b1c6988110243319be29bc937bcfb7227c1a0e7a7180b8b4e76a2ae923f9b327
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d