firebasestorage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:825::200a
Malicious Activity!
Public Scan
Effective URL: https://firebasestorage.googleapis.com/v0/b/spotify-3f00f.appspot.com/o/2wTf3masosf%20fa%20df830r%20fad.html?alt=media&token=0fb4d280-8...
Submission: On March 27 via manual from DO
Summary
TLS certificate: Issued by GTS CA 1O1 on March 3rd 2020. Valid for: 3 months.
This is the only time firebasestorage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:1450:400... 2a00:1450:4001:825::200a | 15169 (GOOGLE) (GOOGLE) | |
1 5 | 199.188.201.223 199.188.201.223 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 2 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST) | |
2 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
7 | 4 |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
ASN22612 (NAMECHEAP-NET, US)
PTR: business58-4.web-hosting.com
one.appspackformoblies.website |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
appspackformoblies.website
1 redirects
one.appspackformoblies.website |
496 KB |
4 |
amung.us
2 redirects
whos.amung.us widgets.amung.us |
4 KB |
1 |
googleapis.com
firebasestorage.googleapis.com |
876 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | one.appspackformoblies.website |
1 redirects
firebasestorage.googleapis.com
one.appspackformoblies.website |
2 | widgets.amung.us | |
2 | whos.amung.us | 2 redirects |
1 | firebasestorage.googleapis.com | |
7 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
one.appspackformoblies.website Sectigo RSA Domain Validation Secure Server CA |
2019-12-18 - 2020-12-17 |
a year | crt.sh |
whos.amung.us GeoTrust EV RSA CA 2018 |
2018-03-09 - 2020-05-25 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://firebasestorage.googleapis.com/v0/b/spotify-3f00f.appspot.com/o/2wTf3masosf%20fa%20df830r%20fad.html?alt=media&token=0fb4d280-8f74-4683-88df-632eba8b2e44
Frame ID: 1281607AD500046410FFBBF0955984E0
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://one.appspackformoblies.website/auto/api/location HTTP 301
- https://one.appspackformoblies.website/auto/api/location/
- https://whos.amung.us/widget/newabcdario HTTP 307
- https://widgets.amung.us/classic/00/57.png
- https://whos.amung.us/widget/abcdario2k20 HTTP 307
- https://widgets.amung.us/classic/00/56.png
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
2wTf3masosf%20fa%20df830r%20fad.html
firebasestorage.googleapis.com/v0/b/spotify-3f00f.appspot.com/o/ |
158 B 876 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
one.appspackformoblies.website/auto/api/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0PQ839vO2XQ.css
one.appspackformoblies.website/auto/api/landings/m.facebook/files/ |
682 KB 487 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5-cAgKNU9ON.css
one.appspackformoblies.website/auto/api/landings/m.facebook/files/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
one.appspackformoblies.website/auto/api/location/ Redirect Chain
|
1 KB 620 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
57.png
widgets.amung.us/classic/00/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
56.png
widgets.amung.us/classic/00/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
51 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt object| to_object string| a function| checking function| creatingInput function| searchingForms0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
firebasestorage.googleapis.com
one.appspackformoblies.website
whos.amung.us
widgets.amung.us
185.225.208.133
199.188.201.223
2a00:1450:4001:825::200a
67.202.94.94
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
1d674229b69d2f90ea2530f29f9d49d6ca50d39aa50c2b2275f94f6df40f3cc2
28b7b590c7acf1089c3f7b4ddf67302f938ef3fccf36ff72af44c778a7601a6c
543bc3e40c4bacb439a883a01f124339341cf8f1ef0be84e06745bd28a798b5f
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f
7341ec3217aa734fc16a82310a7c83ee693943e5380fa7289b967d7598f49dbc
9e96483075e80b1da11bb3fcc7a2252be73bbe575474b6db0b7d04edd6a338a5
a7520098d4520f233fc1d1db93474cadb8204122baf1bef54598a43c7f59054c
c0124680377030216680cbbfa9d94c935426e26d4e4e78dbb43d900742f51272