storage.googleapis.com Open in urlscan Pro
172.217.18.176 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://a.bitdo.bid/qjbvjh.html
Effective URL:
https://storage.googleapis.com/ducosign-notornis-189183502/index.html
Submission: On June 14 via automatic, source phishtank (June 14th 2018, 10:16:45 pm UTC)

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 172.217.18.176, located in Mountain View, United States and belongs to GOOGLE - Google LLC, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by Google Internet Authority G3 on May 23rd 2018. Valid for: 3 months.

This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	104.31.65.192 104.31.65.192	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
15	172.217.18.176 172.217.18.176	15169 (GOOGLE) (GOOGLE - Google LLC)
16	2

1 104.31.65.192 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.bitdo.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.217.18.176 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f16.1e100.net

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	googleapis.com storage.googleapis.com	196 KB
1	bitdo.bid a.bitdo.bid	1 KB
16	2

	Domain	Requested by
15	storage.googleapis.com	a.bitdo.bid storage.googleapis.com
1	a.bitdo.bid
16	2

This site contains no links.

Subject Issuer	Validity	Valid
sni76750.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-06-14` - `2018-12-21`	6 months	crt.sh
*.storage.googleapis.com Google Internet Authority G3	`2018-05-23` - `2018-08-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://storage.googleapis.com/ducosign-notornis-189183502/index.html
Frame ID: A4A6388ED663F3249100CDF18B34D454
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://a.bitdo.bid/qjbvjh.html Page URL
https://storage.googleapis.com/ducosign-notornis-189183502/index.html Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

197 kB
Transfer

195 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://a.bitdo.bid/qjbvjh.html Page URL
https://storage.googleapis.com/ducosign-notornis-189183502/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	qjbvjh.html Show response a.bitdo.bid/	1 KB 1 KB	86ms 53ms	Document text/html	104.31.65.192 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://a.bitdo.bid/qjbvjh.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.31.65.192 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `8aeddb61eebb71e406bc826edf9faadeed2860b9234bced92ca898619df30a9d` Request headers :method GET :authority a.bitdo.bid :scheme https :path /qjbvjh.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id A4A6388ED663F3249100CDF18B34D454 Response headers status 200 date Thu, 14 Jun 2018 22:16:35 GMT content-type text/html set-cookie __cfduid=d32fc2e170e1a7195a45a4f6fdf4f89b01529014595; expires=Fri, 14-Jun-19 22:16:35 GMT; path=/; domain=.bitdo.bid; HttpOnly last-modified Wed, 13 Jun 2018 13:12:58 GMT vary Accept-Encoding expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 42b02984f986973e-FRA content-encoding gzip
GET H2	200	Primary Request index.html Show response storage.googleapis.com/ducosign-notornis-189183502/	17 KB 18 KB	350ms 337ms	Document text/html	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/ducosign-notornis-189183502/index.html Requested by Host: a.bitdo.bid URL: https://a.bitdo.bid/qjbvjh.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `1f472249189259c8db46994e5dcd3aa01213dad921d0c362759c355d93914a1a` Request headers :method GET :authority storage.googleapis.com :scheme https :path /ducosign-notornis-189183502/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 referer https://a.bitdo.bid/qjbvjh.html accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id A4A6388ED663F3249100CDF18B34D454 Referer https://a.bitdo.bid/qjbvjh.html Response headers status 200 x-guploader-uploadid AEnB2UovYQyAPmYINoEBrcvimmyDiy66KFyDJFTtVxacJGxkXJNAfCMRZfdqHBOVjF-qr3NMCCUz69Y51bwVH93T1gxQUE1EFA expires Thu, 14 Jun 2018 23:16:36 GMT date Thu, 14 Jun 2018 22:16:36 GMT cache-control public, max-age=3600 last-modified Wed, 13 Jun 2018 13:13:11 GMT etag "ff0c3920325193b8aaa5da74eb6535f2" x-goog-generation 1528895591673904 x-goog-metageneration 1 x-goog-stored-content-encoding identity x-goog-stored-content-length 17883 content-type text/html x-goog-hash crc32c=KbYyFg== md5=/ww5IDJRk7iqpdp062U18g== x-goog-storage-class STANDARD accept-ranges bytes content-length 17883 server UploadServer alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35"
GET H2	200	bootstrap.css storage.googleapis.com/docusign_files/	98 KB 98 KB	138ms 137ms	Stylesheet text/css	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/bootstrap.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `0cb03017a11386396db52913bb4b377f9cbf7b052325e9b15f20d2d78c29b69b` Request headers :path /docusign_files/bootstrap.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:36 GMT x-guploader-uploadid AEnB2UpGOkZ4UhiyTDKfuAbavlbBfpQGu9MfM9X98LrsyVPwJaWylBNAR9q6RG0DtWMmZskryKh9xN2E7pyOVOLTd5EC-n37Yw x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 99967 last-modified Fri, 29 Sep 2017 22:16:03 GMT server UploadServer etag "282654c5ee87b36cbae19c44a5d64e00" x-goog-hash crc32c=Vfgvow== md5=KCZUxe6Hs2y64ZxEpdZOAA== x-goog-generation 1506723363644053 cache-control public, max-age=3600 x-goog-stored-content-length 99967 accept-ranges bytes content-type text/css expires Thu, 14 Jun 2018 23:16:36 GMT
GET H2	403	open_sans.html storage.googleapis.com/docusign_files/	0 0	318ms 316ms	Stylesheet application/xml	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/open_sans.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash Request headers :path /docusign_files/open_sans.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT server UploadServer x-guploader-uploadid AEnB2UrxDuGuC0TymLdl4AqCIgePJFmGo2LIPucKgMq1vGWPMZ8-ynEiAdJhkNg6KrlB-5ZGT3wW_zYGbsRE0eIGX9NsEbRiYQ content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 221 expires Thu, 14 Jun 2018 22:16:37 GMT
GET H2	200	base.css storage.googleapis.com/docusign_files/	4 KB 4 KB	128ms 127ms	Stylesheet text/css	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/base.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `424bd6c62d481e5b507562fb784aec7c1ea5fe4e5ce9e7c3d5d317fedc0bd4a2` Request headers :path /docusign_files/base.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:36 GMT x-guploader-uploadid AEnB2Uow7dvnhjBsH0w8R-4DgjbM9rpCfDdGxP8mMRwWzP8KZu-X8Hbs0fkbEd0egDjbUKILOkjCRqsaBt9MCxzuMgsDl8eQVA x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 4009 last-modified Fri, 29 Sep 2017 22:16:03 GMT server UploadServer etag "dd9359f44dcbf7b9f31bdde136e52bca" x-goog-hash crc32c=1Xoe1A== md5=3ZNZ9E3L97nzG93hNuUryg== x-goog-generation 1506723363569645 cache-control public, max-age=3600 x-goog-stored-content-length 4009 accept-ranges bytes content-type text/css expires Thu, 14 Jun 2018 23:16:36 GMT
GET H2	403	css_002.html storage.googleapis.com/docusign_files/	0 0	313ms 312ms	Stylesheet application/xml	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/css_002.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash Request headers :path /docusign_files/css_002.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT server UploadServer x-guploader-uploadid AEnB2UrDbgY4pIQJnueHf5nUcGjkCF1aWZZCOA4nrQWsWvhb4SWFuiQ7wjra_YR-JN9esA1DG156HxkTJ1jKytVQ6HkLyCug0g content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 219 expires Thu, 14 Jun 2018 22:16:37 GMT
GET H2	403	css.html storage.googleapis.com/docusign_files/	0 0	352ms 351ms	Stylesheet application/xml	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/css.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash Request headers :path /docusign_files/css.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT server UploadServer x-guploader-uploadid AEnB2UoWRV-gJI-upTlRjNY5NGkOREvNSVqRx4s8p0qVbxY4GXRlvPaUW3mtn4XHaQhLDF5stcX2QJ7a4eNqCjv_JoTfSduxKg content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 215 expires Thu, 14 Jun 2018 22:16:37 GMT
GET H2	200	index.css storage.googleapis.com/docusign_files/	3 KB 3 KB	136ms 136ms	Stylesheet text/css	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/index.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `9e754152a7033fd9f87c34e89c42aa2c8a15673ce348bcaf4d99739b80a338f4` Request headers :path /docusign_files/index.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:36 GMT x-guploader-uploadid AEnB2Uqk6dgIGHBEzQGFBhPZJQhh5X2on78NXvvdQLpdt_WdZ9c9P0UCKEqAfo6ztdRXaahVPQBvGPD_ps5nYRiZDdbAaH9APQ x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 3112 last-modified Fri, 29 Sep 2017 22:16:06 GMT server UploadServer etag "d594ebc0f6b1c27a44b26e15e7cb0949" x-goog-hash crc32c=ysIK4w== md5=1ZTrwPaxwnpEsm4V58sJSQ== x-goog-generation 1506723366999572 cache-control public, max-age=3600 x-goog-stored-content-length 3112 accept-ranges bytes content-type text/css expires Thu, 14 Jun 2018 23:16:36 GMT
GET H2	403	css.htm storage.googleapis.com/docusign_files/	0 0	316ms 315ms	Stylesheet application/xml	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/css.htm Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash Request headers :path /docusign_files/css.htm pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT server UploadServer x-guploader-uploadid AEnB2UoEYwEgDEMf5HH2kAnc8BUR1n0v5UAgiv0TrAkYEGu8d2Ubm9sjFpYxCU2xPl6R9zD77TPAZDf9Y691u5lDcMyQaOG7Kw content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 214 expires Thu, 14 Jun 2018 22:16:37 GMT
GET H2	200	stylesheet.css storage.googleapis.com/docusign_files/	38 KB 39 KB	132ms 132ms	Stylesheet text/css	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/stylesheet.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `aa21d3c66d09d8d46fa18ab1c6bc7e0cc077713fe62f32dec1828bc9e79da79f` Request headers :path /docusign_files/stylesheet.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:36 GMT x-guploader-uploadid AEnB2Up1zREf_kk1b1hZ4nCFokn_3y6zjFQSj2KE5TpEDOm8X_yiplgTHAS8EEAnjVnk2Ec69UTbW3EW2Cu4qxCC1mz6bL7u-Q x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 39358 last-modified Fri, 29 Sep 2017 22:16:10 GMT server UploadServer etag "906e1f6ed1645a20abd7f56b349a8808" x-goog-hash crc32c=6QccBg== md5=kG4fbtFkWiCr1/VrNJqICA== x-goog-generation 1506723370858078 cache-control public, max-age=3600 x-goog-stored-content-length 39358 accept-ranges bytes content-type text/css expires Thu, 14 Jun 2018 23:16:36 GMT
GET H2	403	domain_privacy.html storage.googleapis.com/docusign_files/	226 B 226 B	321ms 320ms	Image application/xml	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/domain_privacy.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `a58b97fdde9b0740e51911a4cd572eef6cf836dd0a1eeada2d27e374dbbf2746` Request headers :path /docusign_files/domain_privacy.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT server UploadServer x-guploader-uploadid AEnB2UpacGTbdOGaNBp4oIcW88wvDnk3nxtJOWfAxyQha-NUdgVfq69dpHLxkK2fSQSHXU7ONc4LgcJrnObxb3INLG7BVfQ6_Q content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 226 expires Thu, 14 Jun 2018 22:16:37 GMT
GET H2	403	seo_ebook.html storage.googleapis.com/docusign_files/	221 B 221 B	317ms 317ms	Image application/xml	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/seo_ebook.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `220ee65dd93d1ba67c0be883717fd2e37b5fec1b13ddc147d259e44dc89a423e` Request headers :path /docusign_files/seo_ebook.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-notornis-189183502/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT server UploadServer x-guploader-uploadid AEnB2UrOymUi7dwsnAsTj_A3EFoa8cTgyt4yBhayGIFK84nT8T7-QmUjxX967SC35YdIZDKBdodrd2xlW4EMAVelnSjygiazsw content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 221 expires Thu, 14 Jun 2018 22:16:37 GMT
GET H2	200	images.png storage.googleapis.com/docusign_files/	3 KB 3 KB	126ms 125ms	Image image/png	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/images.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `67f340851c1de7b6aa091f222d0cdff3eef5a36def8d8829021c61412a1d7e83` Request headers :path /docusign_files/images.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT x-guploader-uploadid AEnB2UqszrYO99pjbSDbiX908HRuaGdpzWlg3g9KT5VCPWZ8oVZkKvsmnTUi8S-H4GFvHvgtBaZFQfOIh3R1icCiujIMVIZ9ZQ x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 2899 last-modified Fri, 29 Sep 2017 22:16:05 GMT server UploadServer etag "df3829fa7b84d9e92afc174363a61bee" x-goog-hash crc32c=oOpqoQ== md5=3zgp+nuE2ekq/BdDY6Yb7g== x-goog-generation 1506723365489244 cache-control public, max-age=3600 x-goog-stored-content-length 2899 accept-ranges bytes content-type image/png expires Thu, 14 Jun 2018 23:16:37 GMT
GET H2	200	aodc.png storage.googleapis.com/docusign_files/	15 KB 16 KB	129ms 128ms	Image image/png	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/aodc.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `f81009f970db0975bbb5309affd9123db985f6608a3053b83d745c3bd53af92b` Request headers :path /docusign_files/aodc.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT x-guploader-uploadid AEnB2Uo4xSla3ZVTgBy9P4tFjPNr3LhdOlCRUVqePp5XIr5SpPImAsAOu0AAl57bIDh5gD5uAHj2XOrrJMY3A0TvxtfTCT3urQ x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 15857 last-modified Fri, 29 Sep 2017 22:16:03 GMT server UploadServer etag "ef8a5981db9eb379977dd906bfbb7c88" x-goog-hash crc32c=wOuBhg== md5=74pZgdues3mXfdkGv7t8iA== x-goog-generation 1506723363550140 cache-control public, max-age=3600 x-goog-stored-content-length 15857 accept-ranges bytes content-type image/png expires Thu, 14 Jun 2018 23:16:37 GMT
GET H2	200	ofdc.png storage.googleapis.com/docusign_files/	7 KB 7 KB	126ms 126ms	Image image/png	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/ofdc.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `77c73c4a9fdc2718ee8c0c918eff7c5ae0e6fef9bdb23aa38ef73e35b728dd92` Request headers :path /docusign_files/ofdc.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT x-guploader-uploadid AEnB2UrJLzqV-UCgNuA1RzYcHKFoC-jGDGLOHucpePwntV-KLmy8G6gf7QOE2daShzc_ALvGLvuw2HQmktRbHliQBt485gIySQ x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 6905 last-modified Fri, 29 Sep 2017 22:16:08 GMT server UploadServer etag "9f68017947e9ec02850b97115add63a6" x-goog-hash crc32c=gOgynA== md5=n2gBeUfp7AKFC5cRWt1jpg== x-goog-generation 1506723368111866 cache-control public, max-age=3600 x-goog-stored-content-length 6905 accept-ranges bytes content-type image/png expires Thu, 14 Jun 2018 23:16:37 GMT
GET H2	200	logo.png storage.googleapis.com/docusign_files/	7 KB 8 KB	127ms 126ms	Image image/png	172.217.18.176 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/logo.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 172.217.18.176 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra15s29-in-f16.1e100.net Software UploadServer / Resource Hash `fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620` Request headers :path /docusign_files/logo.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Thu, 14 Jun 2018 22:16:37 GMT x-guploader-uploadid AEnB2UreZtDHHlF1KuNfbPsOqMhHVbErqxlgdN9UfaDqWAL1rBjEnE48NBV_fglinPNHWdjRA9YvaLL7XVd5Dw4napQ1nHHOwA x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 7635 last-modified Fri, 29 Sep 2017 22:16:06 GMT server UploadServer etag "1059986618539574ca4fa0bcfd699006" x-goog-hash crc32c=v4V5LQ== md5=EFmYZhhTlXTKT6C8/WmQBg== x-goog-generation 1506723366996892 cache-control public, max-age=3600 x-goog-stored-content-length 7635 accept-ranges bytes content-type image/png expires Thu, 14 Jun 2018 23:16:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.bitdo.bid
storage.googleapis.com
104.31.65.192
172.217.18.176
0cb03017a11386396db52913bb4b377f9cbf7b052325e9b15f20d2d78c29b69b
1f472249189259c8db46994e5dcd3aa01213dad921d0c362759c355d93914a1a
220ee65dd93d1ba67c0be883717fd2e37b5fec1b13ddc147d259e44dc89a423e
424bd6c62d481e5b507562fb784aec7c1ea5fe4e5ce9e7c3d5d317fedc0bd4a2
67f340851c1de7b6aa091f222d0cdff3eef5a36def8d8829021c61412a1d7e83
77c73c4a9fdc2718ee8c0c918eff7c5ae0e6fef9bdb23aa38ef73e35b728dd92
8aeddb61eebb71e406bc826edf9faadeed2860b9234bced92ca898619df30a9d
9e754152a7033fd9f87c34e89c42aa2c8a15673ce348bcaf4d99739b80a338f4
a58b97fdde9b0740e51911a4cd572eef6cf836dd0a1eeada2d27e374dbbf2746
aa21d3c66d09d8d46fa18ab1c6bc7e0cc077713fe62f32dec1828bc9e79da79f
f81009f970db0975bbb5309affd9123db985f6608a3053b83d745c3bd53af92b
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620

storage.googleapis.com Open in urlscan Pro 172.217.18.176 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

197 kBTransfer

195 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

storage.googleapis.com Open in urlscan Pro
172.217.18.176 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

197 kB
Transfer

195 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!