firebasestorage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:806::200a
Malicious Activity!
Public Scan
Effective URL: https://firebasestorage.googleapis.com/v0/b/softpapa-180f4.appspot.com/o/azurex.html?alt=media&token=afcb3576-e9a7-4b8b-a65b-12eef6fba13b
Submission: On June 10 via manual from US
Summary
TLS certificate: Issued by GTS CA 1O1 on May 26th 2020. Valid for: 3 months.
This is the only time firebasestorage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 34.199.103.112 34.199.103.112 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 1 | 204.11.58.33 204.11.58.33 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 54.148.84.95 54.148.84.95 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 47.253.30.239 47.253.30.239 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
1 | 40.126.1.145 40.126.1.145 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
11 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-103-112.compute-1.amazonaws.com
click.icptrack.com |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: bh-47.webhostbox.net
ayurgem.com |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
www.sitepoint.com |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
loppa.oss-us-east-1.aliyuncs.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
aliyuncs.com
loppa.oss-us-east-1.aliyuncs.com |
596 KB |
2 |
googleapis.com
firebasestorage.googleapis.com |
28 KB |
1 |
microsoftonline.com
login.microsoftonline.com |
|
1 |
sitepoint.com
www.sitepoint.com |
|
1 |
ayurgem.com
1 redirects
ayurgem.com |
237 B |
1 |
icptrack.com
1 redirects
click.icptrack.com |
369 B |
0 |
jquery.com
Failed
code.jquery.com Failed |
|
11 | 7 |
Domain | Requested by | |
---|---|---|
6 | loppa.oss-us-east-1.aliyuncs.com |
firebasestorage.googleapis.com
|
2 | firebasestorage.googleapis.com |
firebasestorage.googleapis.com
|
1 | login.microsoftonline.com |
firebasestorage.googleapis.com
|
1 | www.sitepoint.com |
firebasestorage.googleapis.com
|
1 | ayurgem.com | 1 redirects |
1 | click.icptrack.com | 1 redirects |
0 | code.jquery.com Failed |
firebasestorage.googleapis.com
|
11 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1O1 |
2020-05-26 - 2020-08-18 |
3 months | crt.sh |
www.sitepoint.com Let's Encrypt Authority X3 |
2020-04-15 - 2020-07-14 |
3 months | crt.sh |
*.oss-us-east-1.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G2 |
2020-02-26 - 2021-02-26 |
a year | crt.sh |
stamp2.login.microsoftonline.com Microsoft IT TLS CA 1 |
2020-05-11 - 2022-05-11 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://firebasestorage.googleapis.com/v0/b/softpapa-180f4.appspot.com/o/azurex.html?alt=media&token=afcb3576-e9a7-4b8b-a65b-12eef6fba13b
Frame ID: EDC33B396DC46DC62231D38B238F05FB
Requests: 10 HTTP requests in this frame
Frame:
https://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392
Frame ID: B5E2916D9BC5BDA10093518078295F7C
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://click.icptrack.com/icp/relay.php?r=1047711306&msgid=2176809&act=0559&c=409443&destination=https...
HTTP 302
https://ayurgem.com/cms/vendor/phpunit/phpunit/src/Util/GG/redd.php/49/municipal.it.support31mun... HTTP 302
https://firebasestorage.googleapis.com/v0/b/softpapa-180f4.appspot.com/o/azurex.html?alt=media&token=afcb3576-e9a7-... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://click.icptrack.com/icp/relay.php?r=1047711306&msgid=2176809&act=0559&c=409443&destination=https://ayurgem.com/cms/vendor/phpunit/phpunit/src/Util/GG/redd.php/49/municipal.it.support31municipal.it.supportmunicipal.it.support31municipal.it.support&p2=WK-NA_NA_COI-1&p3=OEM_New_BAU
HTTP 302
https://ayurgem.com/cms/vendor/phpunit/phpunit/src/Util/GG/redd.php/49/municipal.it.support31municipal.it.supportmunicipal.it.support31municipal.it.support HTTP 302
https://firebasestorage.googleapis.com/v0/b/softpapa-180f4.appspot.com/o/azurex.html?alt=media&token=afcb3576-e9a7-4b8b-a65b-12eef6fba13b Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
azurex.html
firebasestorage.googleapis.com/v0/b/softpapa-180f4.appspot.com/o/ Redirect Chain
|
27 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9eb2773f83989d0.png
loppa.oss-us-east-1.aliyuncs.com/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c9eea375dd16c77.png
loppa.oss-us-east-1.aliyuncs.com/ |
574 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
54b6d9334161a54.png
loppa.oss-us-east-1.aliyuncs.com/ |
753 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1c6fb36aef197d5.png
loppa.oss-us-east-1.aliyuncs.com/ |
518 B 979 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-1.9.1.min.js
code.jquery.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
logout.srf
login.microsoftonline.com/ Frame B5E2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
small.jpg
firebasestorage.googleapis.com/v0/b/softpapa-180f4.appspot.com/o/images/ |
84 B 84 B |
Image
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
760fe41056b0b16.jpg
loppa.oss-us-east-1.aliyuncs.com/ |
566 KB 566 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_a4824bcf5d413f078bdd6abd3e6e5bf4.png
loppa.oss-us-east-1.aliyuncs.com/ |
536 B 997 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- code.jquery.com
- URL
- https://code.jquery.com/jquery-1.9.1.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ayurgem.com
click.icptrack.com
code.jquery.com
firebasestorage.googleapis.com
login.microsoftonline.com
loppa.oss-us-east-1.aliyuncs.com
www.sitepoint.com
code.jquery.com
204.11.58.33
2a00:1450:4001:806::200a
34.199.103.112
40.126.1.145
47.253.30.239
54.148.84.95
3328548bcb03a94996313cb4d9b1b014b1a85cd5e6519c7fd0b9446b78e69208
7764c38d71f5ee52d39f237f08b4e82b4715c73bfa0afbaee30a60b0dfd058ca
85e2ac81e461ab1ade344e29a40a6b92b83e8b231e092003dd52042c007e28bb
9dd5e031a96cb31830ef2fb13009f70f2001f7204e8e96faf0999821e7dd67eb
a4f96749ca496fb3852f011fbc770c565f99b70db563e621d58215ffe4fb1159
ae26f49ff7bf15b8b644a08f0c7bd268e6782173f9cf1507e8427f3dc957f338
c97d1d203e88bb6e827e3df7f611a2950e1d9b5ee6acd996f337561524389c34
fe29844e164f7495067d0f6704e7dee9cfbbd2a4cd02933393af633e03ad241c