storage.googleapis.com Open in urlscan Pro
2607:f8b0:4006:816::2010 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://protect-us.mimecast.com/s/Eqg7Co2PO2fZZVyRI1mWeG?domain=linkprotect.cudasvc.com
Effective URL:
https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email=
Submission: On March 14 via manual (March 14th 2022, 11:38:47 am UTC) from IN — Scanned from US

Summary HTTP 74 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 7 domains to perform 74 HTTP transactions. The main IP is 2607:f8b0:4006:816::2010, located in Queens, United States and belongs to GOOGLE, US. The main domain is storage.googleapis.com. The Cisco Umbrella rank of the primary domain is 425.
TLS certificate: Issued by GTS CA 1C3 on February 17th 2022. Valid for: 3 months.

This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 2	205.139.111.113 205.139.111.113	30031 (MIMECAST-) (MIMECAST-)
1 1	34.232.11.0 34.232.11.0	14618 (AMAZON-AES) (AMAZON-AES)
1 1	20.118.48.0 20.118.48.0	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2607:f8b0:400... 2607:f8b0:4006:816::2010	15169 (GOOGLE) (GOOGLE)
29	20.40.202.35 20.40.202.35	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.14.25.244 52.14.25.244	16509 (AMAZON-02) (AMAZON-02)
1 2	52.85.151.98 52.85.151.98	16509 (AMAZON-02) (AMAZON-02)
74	5

2 205.139.111.113 (United States) 2 redirects

ASN30031 (MIMECAST-, US)
PTR: us-api.mimecast.com

protect-us.mimecast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.232.11.0 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-11-0.compute-1.amazonaws.com

linkprotect.cudasvc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.118.48.0 (Des Moines, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

lexus360.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:816::2010 (Queens, United States)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 20.40.202.35 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

moneylogss.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.14.25.244 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-14-25-244.us-east-2.compute.amazonaws.com

daybag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.151.98 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-98.iad89.r.cloudfront.net

logo.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	azurewebsites.net 1 redirects lexus360.azurewebsites.net moneylogss.azurewebsites.net	312 KB
2	clearbit.com 1 redirects logo.clearbit.com — Cisco Umbrella Rank: 24264	8 KB
2	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 425	14 KB
2	mimecast.com 2 redirects protect-us.mimecast.com — Cisco Umbrella Rank: 8294	2 KB
1	daybag.com daybag.com
1	cudasvc.com 1 redirects linkprotect.cudasvc.com — Cisco Umbrella Rank: 8854	672 B
0	googletagmanager.com Failed www.googletagmanager.com Failed
74	7

	Domain	Requested by
29	moneylogss.azurewebsites.net	storage.googleapis.com moneylogss.azurewebsites.net
2	logo.clearbit.com	1 redirects storage.googleapis.com
2	storage.googleapis.com	storage.googleapis.com
2	protect-us.mimecast.com	2 redirects
1	daybag.com	storage.googleapis.com
1	lexus360.azurewebsites.net	1 redirects
1	linkprotect.cudasvc.com	1 redirects
0	www.googletagmanager.com Failed	moneylogss.azurewebsites.net
74	8

This site contains no links.

Subject Issuer	Validity	Valid
*.storage.googleapis.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.azurewebsites.net Microsoft RSA TLS CA 02	`2021-07-07` - `2022-07-07`	a year	crt.sh
daybag.com R3	`2022-02-17` - `2022-05-18`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email=
Frame ID: 19E125D6BFE50A46D95BB48CD824A91F
Requests: 12 HTTP requests in this frame

Frame: https://daybag.com/
Frame ID: 06E0CDD125A5252DAA75B26C9916BEE0
Requests: 61 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Webmail Portal Access

Page URL History Show full URLs

https://protect-us.mimecast.com/s/Eqg7Co2PO2fZZVyRI1mWeG?domain=linkprotect.cudasvc.com HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVW1v2zYQ_iuGgPST7fBVlIJ1m5M1W9oma5u2STAPAUWeLCV6q0jZdYr8952kdGm... HTTP 307
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flexus360.azurewebsites.net%2fad..php%23bcouch%40daybag.c... HTTP 302
https://lexus360.azurewebsites.net/ad..php HTTP 302
https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email= Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

74
Requests

43 %
HTTPS

14 %
IPv6

7
Domains

8
Subdomains

5
IPs

1
Countries

334 kB
Transfer

1410 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://protect-us.mimecast.com/s/Eqg7Co2PO2fZZVyRI1mWeG?domain=linkprotect.cudasvc.com HTTP 307
https://protect-us.mimecast.com/redirect/eNqtVW1v2zYQ_iuGgPST7fBVlIJ1m5M1W9oma5u2STAPAUWeLCV6q0jZdYr8952kdGm6BuiAwobB473w7rl7zp-C1jQ-2AsSXeirfL7Wud3qSvtMV7-mra6ui7zyUDYF-Lqam7oMpkFRm2CPToMWDOSN93kJKIdCMaZIyAkhqMOgbBpo77XJ8iqt8Y1Pyzu5hMq7ZbD3F96keQEnugQUl4HHF12ZO5fjY1AWy2C6DFym6aAVlCQgYx1BQnmaRLESMbFRynisdGIsN4oIA8lnLybDwU-zhNvURJE0wjIjgeBRxMqaVHEVcRkmHFhIBdEqMZwqNJSax9wQJVQMQ7zSyiGYsjRJozBVYahCmjLgiWIpUUloGTBJBuO2rv3pj04AYX67bUagSnBOr2C522JYxmbOd0kCdqw8v-mN4kjcTr8GOKntdp758itgeUqspCFPpGUpJalUgmEuQCMGSSqpTC1NrfkaWKFAqthoTmxihDEMUmqYEEYmOg0jCYoCSMplZHgqGFZJtOBEiohj0tQ-ADZMiU5EZJWQXKRgrJYhp4bqUNOYW_UtYH9MAl8C6-GjX-4iQsUDLOOY3v59i7Nvc5z6njBHFUpNboM9EeG8Jw7nnUi80kiO4ODd6UJGCxortNKDw0EG5vrdm5fjBQ443i2MQdGV2mUoAQ0tjS3DiTLMsjDG_DnmSiiIVBCrWSQSQlnvUtkWPXL_KEldl1yhxetOo4HPK5icQruGdnKW-yyDwk745HicIjeZTcaUJhWABTvx9aSFArSDyd2kTdK6nfyfJeFLf1x3FeITdM5DW8ZBj5L5Dzr9ArpfEIhu3uRf7Ifq8-i-_-LV6WR_SGXoEZQ6L8bp_t78Bj9bo2M1OD5iNLYcXN9lqagIBYspGdG_T_nfDB9_6j7Fxzr2nRmhUd6Moy_nlKs5Y3MajdzIaucHVX8AO0u2854uhd5CO68AdbdjX05qiws7ICRCOW_w-CAYXpZu1dcc_MQIY4TjYsIP4_N4X1LGF4v9SAgpFoffruXnPsI4Nh5pEdwF4Yz3QXgcor5rC9Rk3jdub7m73MUY101beyTX3HRWu7UZKt5Fw1_008Fwh-sdluK3gI-d4yGZ65uuhQ0kLvfg-hpRqe183mTNDtLI1J3JdnrmbBO96uM9MU-fTen0-RUUBxsCL87P1cXhTbfKXfXxaN-r56_W640si-OwOfz9j_LaH24uDi9Oku37oxfrcj8-2qTu1OmDV0X6ehOduJcfwrPz7Lebs-rsYqPZcbdPr87zM_7GFEfd6fHbxXT6xG-b-intB6lfA6tLM4PLzhF6SRW_XFv8nfHLe0pcjnD1enZ5R50Z9mqG_6yKxbGM-lirbmjQs-omWuV_pq9mH3ikddZa8SF7jXqDnnUJrRl7_ZBxsBrXzx3gs87N-yVotPMDe2__AW0VhiE HTTP 307
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flexus360.azurewebsites.net%2fad..php%23bcouch%40daybag.com&c=E,1,JjelCw0eKXX7YFzugisnxIBt7JPvvw5mlM6pFGHmktFwYFYNbyVIKvmB9IwfsSsaCPlfQw8NsLq6WXhDzWnWYwa2MuB1jXiW3RclIuSMTA,,&typo=1 HTTP 302
https://lexus360.azurewebsites.net/ad..php HTTP 302
https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://logo.clearbit.com/https://daybag.com HTTP 301
https://logo.clearbit.com/https:/daybag.com

74 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
storage.googleapis.com/wm-sec-up-2.appspot.com/
Redirect Chain

https://protect-us.mimecast.com/s/Eqg7Co2PO2fZZVyRI1mWeG?domain=linkprotect.cudasvc.com
https://protect-us.mimecast.com/redirect/eNqtVW1v2zYQ_iuGgPST7fBVlIJ1m5M1W9oma5u2STAPAUWeLCV6q0jZdYr8952kdGm6BuiAwobB473w7rl7zp-C1jQ-2AsSXeirfL7Wud3qSvtMV7-mra6ui7zyUDYF-Lqam7oMpkFRm2CPToMWDOSN93kJ...
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flexus360.azurewebsites.net%2fad..php%23bcouch%40daybag.com&c=E,1,JjelCw0eKXX7YFzugisnxIBt7JPvvw5mlM6pFGHmktFwYFYNbyVIKvmB9IwfsSsaCPlfQw8NsLq6WXhD...
https://lexus360.azurewebsites.net/ad..php
https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email=

13 KB
14 KB

102ms
78ms

Document
text/html

2607:f8b0:4006:816::2010
GOOGLE

General

			Domain/Path	Expires	Name / Value
			.moneylogss.azurewebsites.net/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 12faa5c7ae848d11750f15b48685d4473af652e05d1a4e035c45626fed2fd0c5
			storage.googleapis.com/	1970-01-20 01:34:18	Name: __session:0.23082090828306012: Value: https:

Source	Level	URL Text
network	error	URL: https://storage.googleapis.com/img/bg-image.jpg Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email=#bcouch@daybag.com Message: Access to script at 'https://moneylogss.azurewebsites.net/work/jenis_files/jquery-3.js' from origin 'https://storage.googleapis.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://moneylogss.azurewebsites.net/work/jenis_files/jquery-3.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email=#bcouch@daybag.com Message: Access to script at 'https://moneylogss.azurewebsites.net/work/jenis_files/popper.js' from origin 'https://storage.googleapis.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://moneylogss.azurewebsites.net/work/jenis_files/popper.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://storage.googleapis.com/wm-sec-up-2.appspot.com/index.html?email=#bcouch@daybag.com Message: Access to script at 'https://moneylogss.azurewebsites.net/work/jenis_files/bootstrap_002.js' from origin 'https://storage.googleapis.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://moneylogss.azurewebsites.net/work/jenis_files/bootstrap_002.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://moneylogss.azurewebsites.net/work/jenis_files/a_data/a Message: Failed to load resource: the server responded with a status of 404 (Not Found)
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://daybag.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

storage.googleapis.com Open in urlscan Pro 2607:f8b0:4006:816::2010 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

74 Requests

43 %HTTPS

14 %IPv6

7 Domains

8 Subdomains

5 IPs

1 Countries

334 kBTransfer

1410 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

storage.googleapis.com Open in urlscan Pro
2607:f8b0:4006:816::2010 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

43 %
HTTPS

14 %
IPv6

7
Domains

8
Subdomains

5
IPs

1
Countries

334 kB
Transfer

1410 kB
Size

2
Cookies

74 HTTP transactions
-1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!