storage.googleapis.com Open in urlscan Pro
172.217.21.240 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bit.ly/2jfXEgp
Effective URL:
https://storage.googleapis.com/pasteiton-home-231412/xasdfgqweqwexaxz/Document_Cloud.html
Submission: On May 03 via manual (May 3rd 2018, 1:08:00 pm UTC) from US

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 2 HTTP transactions. The main IP is 172.217.21.240, located in Mountain View, United States and belongs to GOOGLE - Google LLC, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by Google Internet Authority G3 on April 10th 2018. Valid for: 3 months.

This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	395224 (BITLY-AS) (BITLY-AS - Bitly Inc)
1 1	72.249.130.36 72.249.130.36	30496 (AS-TIERP-...) (AS-TIERP-30496 - TierPoint)
1	104.28.7.233 104.28.7.233	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.217.21.240 172.217.21.240	15169 (GOOGLE) (GOOGLE - Google LLC)
2	3

1 67.199.248.10 (United States) 1 redirects

ASN395224 (BITLY-AS - Bitly Inc, US)

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.249.130.36 (Saint Louis, United States) 1 redirects

ASN30496 (AS-TIERP-30496 - TierPoint, LLC, US)
PTR: dfw1.danifer.com

linktrack.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.28.7.233 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.meurl.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.240 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f16.1e100.net

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	googleapis.com storage.googleapis.com	345 KB
1	meurl.bid a.meurl.bid	1 KB
1	linktrack.info 1 redirects linktrack.info	708 B
1	bit.ly 1 redirects bit.ly	349 B
2	4

	Domain	Requested by
1	storage.googleapis.com
1	a.meurl.bid
1	linktrack.info	1 redirects
1	bit.ly	1 redirects
2	4

This site contains no links.

Subject Issuer	Validity	Valid
sni89829.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-04-30` - `2018-11-06`	6 months	crt.sh
*.storage.googleapis.com Google Internet Authority G3	`2018-04-10` - `2018-07-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://storage.googleapis.com/pasteiton-home-231412/xasdfgqweqwexaxz/Document_Cloud.html
Frame ID: 3B6CD077118C0303858D599B9C13E948
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in - Adobe Document Cloud

Page URL History Show full URLs

http://bit.ly/2jfXEgp HTTP 301
http://linktrack.info/eupmdq HTTP 302
https://a.meurl.bid/yompwy.html Page URL
https://storage.googleapis.com/pasteiton-home-231412/xasdfgqweqwexaxz/Document_Cloud.html Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

346 kB
Transfer

573 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bit.ly/2jfXEgp HTTP 301
http://linktrack.info/eupmdq HTTP 302
https://a.meurl.bid/yompwy.html Page URL
https://storage.googleapis.com/pasteiton-home-231412/xasdfgqweqwexaxz/Document_Cloud.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://bit.ly/2jfXEgp HTTP 301
http://linktrack.info/eupmdq HTTP 302
https://a.meurl.bid/yompwy.html

2 HTTP transactions
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	yompwy.html Show response a.meurl.bid/ Redirect Chain http://bit.ly/2jfXEgp http://linktrack.info/eupmdq https://a.meurl.bid/yompwy.html	1 KB 1 KB	272ms 190ms	Document text/html	104.28.7.233 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://a.meurl.bid/yompwy.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.28.7.233 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `0641d92aeba34be1b2a81bd680daf40bd92d3c952676eee8df12242d54bb00e3` Request headers :path /yompwy.html pragma no-cache accept-encoding gzip, deflate upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 cache-control no-cache :authority a.meurl.bid :scheme https :method GET User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Thu, 03 May 2018 13:07:50 GMT content-encoding gzip last-modified Sun, 29 Apr 2018 21:53:23 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 200 set-cookie __cfduid=d7f7a940db25e1c9eb6945c37eab9bb361525352870; expires=Fri, 03-May-19 13:07:50 GMT; path=/; domain=.meurl.bid; HttpOnly cf-ray 4152f3efee932c06-AMS Redirect headers Date Thu, 03 May 2018 13:07:50 GMT Server nginx X-Powered-By PHP/5.3.15-1~dotdeb.0 Transfer-Encoding chunked Content-Type text/html Location https://a.meurl.bid/yompwy.html Set-Cookie _lts=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ _ltec=eyJ0aW1lc3RhbXAiOjE1MjUzNTI4NzAsInJlbW90ZV9hZGRyIjoiMTQ4LjI1MS40NS4yNTQiLCJyZWZlcmVyIjoiIiwicmVxdWVzdF91cmkiOiJodHRwOlwvXC9saW5rdHJhY2suaW5mb1wvZXVwbWRxIiwicmVmZXJlbmNlIjpudWxsfQ%3D%3D; expires=Fri, 31-Aug-2018 13:07:50 GMT; path=/ _ltld=%7B%224669922%22%3A%7B%22time%22%3A1525352870%2C%22hist_id%22%3A563999349%7D%7D; expires=Sat, 02-Jun-2018 13:07:50 GMT; path=/ Connection close
GET H2	200	Primary Request Document_Cloud.html Show response storage.googleapis.com/pasteiton-home-231412/xasdfgqweqwexaxz/	344 KB 345 KB	438ms 438ms	Document text/html	172.217.21.240 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/pasteiton-home-231412/xasdfgqweqwexaxz/Document_Cloud.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.21.240 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra16s13-in-f16.1e100.net Software UploadServer / Resource Hash `e172acdff4d1d93c51ff7b08c1dff50cedca5002905b73f676b9782fb55526bf` Request headers :path /pasteiton-home-231412/xasdfgqweqwexaxz/Document_Cloud.html pragma no-cache accept-encoding gzip, deflate upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 cache-control no-cache :authority storage.googleapis.com referer https://a.meurl.bid/yompwy.html :scheme https :method GET Upgrade-Insecure-Requests 1 Referer https://a.meurl.bid/yompwy.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers date Thu, 03 May 2018 13:07:51 GMT x-guploader-uploadid AEnB2Uq478mj3zDOpVtHENEKBuqymBZcKcGltv0LUEdTIOnhAhtT2UDJyRPb-Vv54FHccwiijHwZ1Txx6xEpBYFSYhhCsjPpDA x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 352533 last-modified Sun, 29 Apr 2018 21:50:54 GMT server UploadServer etag "db5ec8d51813725f7897610be447fd18" x-goog-hash crc32c=4IS2BQ== md5=217I1RgTcl94l2EL5Ef9GA== x-goog-generation 1525038654645574 cache-control public, max-age=3600 x-goog-stored-content-length 352533 accept-ranges bytes content-type text/html expires Thu, 03 May 2018 14:07:51 GMT
GET DATA	200 OK	truncated /	12 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c89fa824b694e6499880c1aacc45c6dbc50f161d77edba77bc2ffd877b933176` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `43a6217480956e15a7c26529f916db507747037f8770253078569aaf1bc7c793` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `80a12bd6e01f6630f1198c342b8d89e763a74ae6bb4dd899bc7148e7d2e4ef2f` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	13 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5749e9aab6f67749b7a376e460b99e8f1458e5bb83648be150bb6b71a81370fb` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	58 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b43a6b17145d748a4d4d9798a3bbfb78c4b1615bfd4237ac5cbbe9b6c442af13` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	25 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `04e25af6777a18b77141ebdf1f113264596e591f5ec2406b6128259a52560ec7` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	32 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c850da5dcbb38f0254b761d99b1408aac0c0dfdbe0be853bdade146f2dde43f6` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	77 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4a25933a8e4f91b011840925850d28f005da155714aefa2797c95cdd426ef0de` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	311 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9d4c98832c4ffaba79d4c2c273ef755ebfca5bf1ab53e39516c0ce140e77a143` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2da2a9b805e0532f535f3a14cf80260b88113890a9702d8d01af52b57a922a28` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MaskedPassword function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.meurl.bid
bit.ly
linktrack.info
storage.googleapis.com
104.28.7.233
172.217.21.240
67.199.248.10
72.249.130.36
04e25af6777a18b77141ebdf1f113264596e591f5ec2406b6128259a52560ec7
0641d92aeba34be1b2a81bd680daf40bd92d3c952676eee8df12242d54bb00e3
2da2a9b805e0532f535f3a14cf80260b88113890a9702d8d01af52b57a922a28
43a6217480956e15a7c26529f916db507747037f8770253078569aaf1bc7c793
4a25933a8e4f91b011840925850d28f005da155714aefa2797c95cdd426ef0de
5749e9aab6f67749b7a376e460b99e8f1458e5bb83648be150bb6b71a81370fb
80a12bd6e01f6630f1198c342b8d89e763a74ae6bb4dd899bc7148e7d2e4ef2f
8ae79a4d18eea420af0fd562d43879b569bbd2c622da6deba79f6c202e385361
9d4c98832c4ffaba79d4c2c273ef755ebfca5bf1ab53e39516c0ce140e77a143
b43a6b17145d748a4d4d9798a3bbfb78c4b1615bfd4237ac5cbbe9b6c442af13
c850da5dcbb38f0254b761d99b1408aac0c0dfdbe0be853bdade146f2dde43f6
c89fa824b694e6499880c1aacc45c6dbc50f161d77edba77bc2ffd877b933176
e172acdff4d1d93c51ff7b08c1dff50cedca5002905b73f676b9782fb55526bf

storage.googleapis.com Open in urlscan Pro 172.217.21.240 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

1 Countries

346 kBTransfer

573 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

storage.googleapis.com Open in urlscan Pro
172.217.21.240 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

346 kB
Transfer

573 kB
Size

0
Cookies

2 HTTP transactions
11 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!