protectedaccessform.com
Open in
urlscan Pro
35.227.202.168
Malicious Activity!
Public Scan
Effective URL: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
Submission: On August 19 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by WR3 on July 28th 2024. Valid for: 3 months.
This is the only time protectedaccessform.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:1450:400... 2a00:1450:4001:827::201b | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a04:4e42:600... 2a04:4e42:600::729 | 54113 (FASTLY) (FASTLY) | |
1 8 | 35.227.202.168 35.227.202.168 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.185.228 142.250.185.228 | 15169 (GOOGLE) (GOOGLE) | |
11 | 5 |
ASN15169 (GOOGLE, US)
storage.googleapis.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 168.202.227.35.bc.googleusercontent.com
simulation.mantra.ms | |
protectedaccessform.com |
ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f4.1e100.net
www.google.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
protectedaccessform.com
protectedaccessform.com |
147 KB |
2 |
googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 492 ajax.googleapis.com — Cisco Umbrella Rank: 641 |
33 KB |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 10 |
1 KB |
1 |
mantra.ms
1 redirects
simulation.mantra.ms |
1 KB |
1 |
sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 6607 |
26 KB |
11 | 5 |
Domain | Requested by | |
---|---|---|
7 | protectedaccessform.com |
storage.googleapis.com
protectedaccessform.com |
1 | www.google.com | |
1 | ajax.googleapis.com |
protectedaccessform.com
|
1 | simulation.mantra.ms | 1 redirects |
1 | browser.sentry-cdn.com |
storage.googleapis.com
|
1 | storage.googleapis.com | |
11 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
storage.googleapis.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q2 |
2024-06-04 - 2025-07-06 |
a year | crt.sh |
protectedaccessform.com WR3 |
2024-07-28 - 2024-10-26 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
*.google.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
Frame ID: D869B3630CC7BDF0DC16ED43F3F9824D
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Connexion : comptes GooglePage URL History Show full URLs
- https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669 Page URL
-
https://simulation.mantra.ms/api/click?email_id=1976092355522460669
HTTP 302
https://protectedaccessform.com/api/user/login?email_id=1976092355522460669 Page URL
Detected technologies
Sentry (Issue Trackers) ExpandDetected patterns
- browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669 Page URL
-
https://simulation.mantra.ms/api/click?email_id=1976092355522460669
HTTP 302
https://protectedaccessform.com/api/user/login?email_id=1976092355522460669 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
a.html
storage.googleapis.com/mailer-deamon-22904920398/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.tracing.min.js
browser.sentry-cdn.com/7.33.0/ |
77 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login
protectedaccessform.com/api/user/ Redirect Chain
|
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
protectedaccessform.com/static/api/login_pages/google_2024/css/ |
25 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
submit_20211001.js
protectedaccessform.com/static/api/login_pages/ |
960 B 589 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
protectedaccessform.com/static/api/login_pages/google_2024/js/ |
5 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
PlusJakartaSans-Medium.ttf
protectedaccessform.com/static/api/login_pages/google_2024/fonts/ |
93 KB 46 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
PlusJakartaSans-Regular.ttf
protectedaccessform.com/static/api/login_pages/google_2024/fonts/ |
93 KB 45 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
PlusJakartaSans-SemiBold.ttf
protectedaccessform.com/static/api/login_pages/google_2024/fonts/ |
93 KB 45 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
www.google.com/ |
5 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
browser.sentry-cdn.com
protectedaccessform.com
simulation.mantra.ms
storage.googleapis.com
www.google.com
142.250.185.228
2a00:1450:4001:827::201b
2a00:1450:4001:828::200a
2a04:4e42:600::729
35.227.202.168
66dadf178b286332fe4b4a282eb5fa8259762a7c735578209ff4a8f68a1c77ad
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
95f87b8c5e9a299df1dd3db209dc55d6cbcfdf97e03d4fae2d1980069d9ad3a5
a296fdb7e1c0aca16b9b3006a903c2273c7383ec5efe99b5dd9a4bc1677abe80
c4f5574d57dca10a86b24e52cefd3e1f0283ad9b10832a4d289dcdfac7bf6bc2
d32adf41ddb8daea9497872e111def126d2d76f9ec67999e9d6c5739d6759761
d3f121cf9a9471b406a08d23ceeb0924dd77eff09fee94de6e72d1286a2f41a7
d6854d4b18ea4c43c24a55a123214ee5678628575262e11e4c67fc6440de0aed
e533015011def019a6b857a59de32d6c24c111b5f7c5403e2edc50454dcabde4
f7e7cebd26ac8ad800783dbc41e661dbe14ee8bc58e53c532995b13274276933
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d