storage.googleapis.com
Open in
urlscan Pro
172.217.18.176
Malicious Activity!
Public Scan
Effective URL: https://storage.googleapis.com/ducosign-notornis-189183502/index.html
Submission: On June 14 via automatic, source phishtank
Summary
TLS certificate: Issued by Google Internet Authority G3 on May 23rd 2018. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.31.65.192 104.31.65.192 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
15 | 172.217.18.176 172.217.18.176 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
16 | 2 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
a.bitdo.bid |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f16.1e100.net
storage.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
googleapis.com
storage.googleapis.com |
196 KB |
1 |
bitdo.bid
a.bitdo.bid |
1 KB |
16 | 2 |
Domain | Requested by | |
---|---|---|
15 | storage.googleapis.com |
a.bitdo.bid
storage.googleapis.com |
1 | a.bitdo.bid | |
16 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni76750.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-06-14 - 2018-12-21 |
6 months | crt.sh |
*.storage.googleapis.com Google Internet Authority G3 |
2018-05-23 - 2018-08-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://storage.googleapis.com/ducosign-notornis-189183502/index.html
Frame ID: A4A6388ED663F3249100CDF18B34D454
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://a.bitdo.bid/qjbvjh.html Page URL
- https://storage.googleapis.com/ducosign-notornis-189183502/index.html Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://a.bitdo.bid/qjbvjh.html Page URL
- https://storage.googleapis.com/ducosign-notornis-189183502/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
qjbvjh.html
a.bitdo.bid/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
storage.googleapis.com/ducosign-notornis-189183502/ |
17 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
storage.googleapis.com/docusign_files/ |
98 KB 98 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open_sans.html
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.css
storage.googleapis.com/docusign_files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_002.html
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.html
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
storage.googleapis.com/docusign_files/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.htm
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylesheet.css
storage.googleapis.com/docusign_files/ |
38 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
domain_privacy.html
storage.googleapis.com/docusign_files/ |
226 B 226 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seo_ebook.html
storage.googleapis.com/docusign_files/ |
221 B 221 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images.png
storage.googleapis.com/docusign_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aodc.png
storage.googleapis.com/docusign_files/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ofdc.png
storage.googleapis.com/docusign_files/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
storage.googleapis.com/docusign_files/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| PAGE object| NVData string| thisTheme object| DEFAULT_BOX_ORDER number| optionselect_autogo string| homedir object| optionselect_list0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.bitdo.bid
storage.googleapis.com
104.31.65.192
172.217.18.176
0cb03017a11386396db52913bb4b377f9cbf7b052325e9b15f20d2d78c29b69b
1f472249189259c8db46994e5dcd3aa01213dad921d0c362759c355d93914a1a
220ee65dd93d1ba67c0be883717fd2e37b5fec1b13ddc147d259e44dc89a423e
424bd6c62d481e5b507562fb784aec7c1ea5fe4e5ce9e7c3d5d317fedc0bd4a2
67f340851c1de7b6aa091f222d0cdff3eef5a36def8d8829021c61412a1d7e83
77c73c4a9fdc2718ee8c0c918eff7c5ae0e6fef9bdb23aa38ef73e35b728dd92
8aeddb61eebb71e406bc826edf9faadeed2860b9234bced92ca898619df30a9d
9e754152a7033fd9f87c34e89c42aa2c8a15673ce348bcaf4d99739b80a338f4
a58b97fdde9b0740e51911a4cd572eef6cf836dd0a1eeada2d27e374dbbf2746
aa21d3c66d09d8d46fa18ab1c6bc7e0cc077713fe62f32dec1828bc9e79da79f
f81009f970db0975bbb5309affd9123db985f6608a3053b83d745c3bd53af92b
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620