protectedaccessform.com Open in urlscan Pro
35.227.202.168 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669
Effective URL:
https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
Submission: On August 19 via manual (August 19th 2024, 1:46:54 pm UTC) from FR — Scanned from FR

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 11 HTTP transactions. The main IP is 35.227.202.168, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is protectedaccessform.com.
TLS certificate: Issued by WR3 on July 28th 2024. Valid for: 3 months.

This is the only time protectedaccessform.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:827::201b	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:600... 2a04:4e42:600::729	54113 (FASTLY) (FASTLY)
1 8	35.227.202.168 35.227.202.168	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	142.250.185.228 142.250.185.228	15169 (GOOGLE) (GOOGLE)
11	5

1 2a00:1450:4001:827::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::729 (United States)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.227.202.168 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 168.202.227.35.bc.googleusercontent.com

simulation.mantra.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
protectedaccessform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	protectedaccessform.com protectedaccessform.com	147 KB
2	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 492 ajax.googleapis.com — Cisco Umbrella Rank: 641	33 KB
1	google.com www.google.com — Cisco Umbrella Rank: 10	1 KB
1	mantra.ms 1 redirects simulation.mantra.ms	1 KB
1	sentry-cdn.com browser.sentry-cdn.com — Cisco Umbrella Rank: 6607	26 KB
11	5

	Domain	Requested by
7	protectedaccessform.com	storage.googleapis.com protectedaccessform.com
1	www.google.com
1	ajax.googleapis.com	protectedaccessform.com
1	simulation.mantra.ms	1 redirects
1	browser.sentry-cdn.com	storage.googleapis.com
1	storage.googleapis.com
11	6

This site contains no links.

Subject Issuer	Validity	Valid
storage.googleapis.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q2	`2024-06-04` - `2025-07-06`	a year	crt.sh
protectedaccessform.com WR3	`2024-07-28` - `2024-10-26`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
Frame ID: D869B3630CC7BDF0DC16ED43F3F9824D
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Connexion : comptes Google

Page URL History Show full URLs

https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669 Page URL
https://simulation.mantra.ms/api/click?email_id=1976092355522460669 HTTP 302
https://protectedaccessform.com/api/user/login?email_id=1976092355522460669 Page URL

Detected technologies

Sentry (Issue Trackers) Expand

Overall confidence: 100%
Detected patterns

browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

207 kB
Transfer

488 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669 Page URL
https://simulation.mantra.ms/api/click?email_id=1976092355522460669 HTTP 302
https://protectedaccessform.com/api/user/login?email_id=1976092355522460669 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 a.html Show response
storage.googleapis.com/mailer-deamon-22904920398/ 1 KB
2 KB 168ms
89ms Document
text/html 2a00:1450:4001:827::201b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 66dadf178b286332fe4b4a282eb5fa8259762a7c735578209ff4a8f68a1c77ad

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-length: 1331
content-type: text/html
date: Mon, 19 Aug 2024 13:46:47 GMT
etag: "756fc0bce9acad7e59b5af70767c5d76"
expires: Mon, 19 Aug 2024 14:46:47 GMT
last-modified: Tue, 25 Apr 2023 12:35:26 GMT
server: UploadServer
x-goog-generation: 1682426126067945
x-goog-hash: crc32c=jJwRpQ== md5=dW/AvOmsrX5Zta9wdnxddg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1331
x-guploader-uploadid: AHxI1nNncgKHG8KA5ILCMqB7EFPPdp_Upybe1hfmlE7jKJ8__0_sa4T3MOvCqWpRgCafoT8QVVe1-m67gg

GET
H2 200 bundle.tracing.min.js Show response
browser.sentry-cdn.com/7.33.0/ 77 KB
26 KB 75ms
22ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/7.33.0/bundle.tracing.min.js

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

c4f5574d57dca10a86b24e52cefd3e1f0283ad9b10832a4d289dcdfac7bf6bc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://storage.googleapis.com/
Origin: https://storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 19 Aug 2024 13:46:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 24 Jan 2023 16:22:18 GMT
server: Fastly
age: 1137898
etag: "683f7b1b879fb3429dac62cd367b7581"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 25921
expires: Wed, 21 Aug 2024 15:57:01 GMT

GET
H2

200

Primary Request login Show response
protectedaccessform.com/api/user/
Redirect Chain

https://simulation.mantra.ms/api/click?email_id=1976092355522460669
https://protectedaccessform.com/api/user/login?email_id=1976092355522460669

8 KB
4 KB

761ms
674ms

Document
text/html

35.227.202.168
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://protectedaccessform.com/api/user/login?email_id=1976092355522460669

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.202.168 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

168.202.227.35.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

d3f121cf9a9471b406a08d23ceeb0924dd77eff09fee94de6e72d1286a2f41a7

Security Headers

Name	Value
Content-Security-Policy	style-src-elem 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/; font-src 'self' https://static.alan.com https://fonts.gstatic.com https://login.salesforce.com https://cdnjs.cloudflare.com/; script-src-elem 'self' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://storage.googleapis.com/mantrams-staging-historical-analysis/ https://storage.googleapis.com/mantrams-historical-analysis/; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://app.1password.com https://static.alan.com https://cpfs-cdn.atlassian.com https://aid-frontend.prod.atl-paas.net https://id-frontend.prod-east.frontend.public.atl-paas.net https://github.com https://github.githubassets.com https://gitlab.com https://www.google.com https://idex.oxacloud.oxalys.fr https://logincdn.msauth.net https://login.salesforce.com https://a.slack-edge.com data:; default-src 'self'
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://storage.googleapis.com/mailer-deamon-22904920398/a.html?email_id=1976092355522460669
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 2900
content-security-policy: style-src-elem 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/; font-src 'self' https://static.alan.com https://fonts.gstatic.com https://login.salesforce.com https://cdnjs.cloudflare.com/; script-src-elem 'self' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://storage.googleapis.com/mantrams-staging-historical-analysis/ https://storage.googleapis.com/mantrams-historical-analysis/; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://app.1password.com https://static.alan.com https://cpfs-cdn.atlassian.com https://aid-frontend.prod.atl-paas.net https://id-frontend.prod-east.frontend.public.atl-paas.net https://github.com https://github.githubassets.com https://gitlab.com https://www.google.com https://idex.oxacloud.oxalys.fr https://logincdn.msauth.net https://login.salesforce.com https://a.slack-edge.com data:; default-src 'self'
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Mon, 19 Aug 2024 13:46:49 GMT
referrer-policy: same-origin
server: Google Frontend
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding Origin
via: 1.1 google
x-cloud-trace-context: e10b7a4069211009cf712866aa2f6725
x-content-type-options: nosniff
x-frame-options: DENY

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-security-policy: style-src-elem 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/; font-src 'self' https://static.alan.com https://fonts.gstatic.com https://login.salesforce.com https://cdnjs.cloudflare.com/; script-src-elem 'self' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://storage.googleapis.com/mantrams-staging-historical-analysis/ https://storage.googleapis.com/mantrams-historical-analysis/; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://app.1password.com https://static.alan.com https://cpfs-cdn.atlassian.com https://aid-frontend.prod.atl-paas.net https://id-frontend.prod-east.frontend.public.atl-paas.net https://github.com https://github.githubassets.com https://gitlab.com https://www.google.com https://idex.oxacloud.oxalys.fr https://logincdn.msauth.net https://login.salesforce.com https://a.slack-edge.com data:; default-src 'self'
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Mon, 19 Aug 2024 13:46:48 GMT
location: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
referrer-policy: same-origin
server: Google Frontend
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Origin
via: 1.1 google
x-cloud-trace-context: 81e997cc09e190085a39f50728ae466c
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 style.css
protectedaccessform.com/static/api/login_pages/google_2024/css/ 25 KB
6 KB 76ms
74ms Stylesheet
text/css 35.227.202.168
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://protectedaccessform.com/static/api/login_pages/google_2024/css/style.css
Requested by: Host: protectedaccessform.com
URL: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.202.168 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 168.202.227.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: a296fdb7e1c0aca16b9b3006a903c2273c7383ec5efe99b5dd9a4bc1677abe80

Request headers

Referer: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Aug 2024 13:46:49 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
etag: "8kFNbg"
content-type: text/css
x-cloud-trace-context: 3eb29c23823f44d14d21d96c11c23433
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 219ms
32ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: protectedaccessform.com
URL: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 14:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Aug 2025 14:48:31 GMT

GET
H2 200 submit_20211001.js Show response
protectedaccessform.com/static/api/login_pages/ 960 B
589 B 68ms
68ms Script
text/javascript 35.227.202.168
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://protectedaccessform.com/static/api/login_pages/submit_20211001.js
Requested by: Host: protectedaccessform.com
URL: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.202.168 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 168.202.227.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: e533015011def019a6b857a59de32d6c24c111b5f7c5403e2edc50454dcabde4

Request headers

Referer: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Aug 2024 13:46:49 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
etag: "8kFNbg"
content-type: text/javascript
x-cloud-trace-context: 3eb29c23823f44d14d21d96c11c23433
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 script.js Show response
protectedaccessform.com/static/api/login_pages/google_2024/js/ 5 KB
1 KB 66ms
66ms Script
text/javascript 35.227.202.168
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://protectedaccessform.com/static/api/login_pages/google_2024/js/script.js
Requested by: Host: protectedaccessform.com
URL: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.202.168 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 168.202.227.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 95f87b8c5e9a299df1dd3db209dc55d6cbcfdf97e03d4fae2d1980069d9ad3a5

Request headers

Referer: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Aug 2024 13:46:49 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
etag: "8kFNbg"
content-type: text/javascript
x-cloud-trace-context: 3eb29c23823f44d14d21d96c11c23433
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 PlusJakartaSans-Medium.ttf
protectedaccessform.com/static/api/login_pages/google_2024/fonts/ 93 KB
46 KB 85ms
85ms Font
font/ttf 35.227.202.168
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://protectedaccessform.com/static/api/login_pages/google_2024/fonts/PlusJakartaSans-Medium.ttf
Requested by: Host: protectedaccessform.com
URL: https://protectedaccessform.com/static/api/login_pages/google_2024/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.202.168 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 168.202.227.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: d6854d4b18ea4c43c24a55a123214ee5678628575262e11e4c67fc6440de0aed

Request headers

Referer: https://protectedaccessform.com/static/api/login_pages/google_2024/css/style.css
Origin: https://protectedaccessform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Aug 2024 13:46:49 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
etag: "8kFNbg"
content-type: font/ttf
x-cloud-trace-context: 52c876992493ad01ced6a48beb16d7ae
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 PlusJakartaSans-Regular.ttf
protectedaccessform.com/static/api/login_pages/google_2024/fonts/ 93 KB
45 KB 75ms
74ms Font
font/ttf 35.227.202.168
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://protectedaccessform.com/static/api/login_pages/google_2024/fonts/PlusJakartaSans-Regular.ttf
Requested by: Host: protectedaccessform.com
URL: https://protectedaccessform.com/static/api/login_pages/google_2024/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.202.168 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 168.202.227.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: f7e7cebd26ac8ad800783dbc41e661dbe14ee8bc58e53c532995b13274276933

Request headers

Referer: https://protectedaccessform.com/static/api/login_pages/google_2024/css/style.css
Origin: https://protectedaccessform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Aug 2024 13:46:49 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
etag: "8kFNbg"
content-type: font/ttf
x-cloud-trace-context: 52c876992493ad01ced6a48beb16d7ae
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 PlusJakartaSans-SemiBold.ttf
protectedaccessform.com/static/api/login_pages/google_2024/fonts/ 93 KB
45 KB 60ms
59ms Font
font/ttf 35.227.202.168
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://protectedaccessform.com/static/api/login_pages/google_2024/fonts/PlusJakartaSans-SemiBold.ttf
Requested by: Host: protectedaccessform.com
URL: https://protectedaccessform.com/static/api/login_pages/google_2024/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.202.168 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 168.202.227.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: d32adf41ddb8daea9497872e111def126d2d76f9ec67999e9d6c5739d6759761

Request headers

Referer: https://protectedaccessform.com/static/api/login_pages/google_2024/css/style.css
Origin: https://protectedaccessform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Aug 2024 13:46:49 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
etag: "8kFNbg"
content-type: font/ttf
x-cloud-trace-context: 4c01b3c2a2c324e8ce8c91aae00a9b8f
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 favicon.ico
www.google.com/ 5 KB
1 KB 99ms
33ms Other
image/x-icon 142.250.185.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f4.1e100.net

Software

sffe /

Resource Hash

6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 19 Aug 2024 11:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6977
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1494
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/x-icon
cache-control: public, max-age=691200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 27 Aug 2024 11:50:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://protectedaccessform.com/api/user/login?email_id=1976092355522460669 Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
browser.sentry-cdn.com
protectedaccessform.com
simulation.mantra.ms
storage.googleapis.com
www.google.com
142.250.185.228
2a00:1450:4001:827::201b
2a00:1450:4001:828::200a
2a04:4e42:600::729
35.227.202.168
66dadf178b286332fe4b4a282eb5fa8259762a7c735578209ff4a8f68a1c77ad
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
95f87b8c5e9a299df1dd3db209dc55d6cbcfdf97e03d4fae2d1980069d9ad3a5
a296fdb7e1c0aca16b9b3006a903c2273c7383ec5efe99b5dd9a4bc1677abe80
c4f5574d57dca10a86b24e52cefd3e1f0283ad9b10832a4d289dcdfac7bf6bc2
d32adf41ddb8daea9497872e111def126d2d76f9ec67999e9d6c5739d6759761
d3f121cf9a9471b406a08d23ceeb0924dd77eff09fee94de6e72d1286a2f41a7
d6854d4b18ea4c43c24a55a123214ee5678628575262e11e4c67fc6440de0aed
e533015011def019a6b857a59de32d6c24c111b5f7c5403e2edc50454dcabde4
f7e7cebd26ac8ad800783dbc41e661dbe14ee8bc58e53c532995b13274276933
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

protectedaccessform.com Open in urlscan Pro 35.227.202.168 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

60 %IPv6

5 Domains

6 Subdomains

5 IPs

2 Countries

207 kBTransfer

488 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

protectedaccessform.com Open in urlscan Pro
35.227.202.168 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

207 kB
Transfer

488 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!