secured-dot-p7q8y6t5.uc.r.appspot.com
Open in
urlscan Pro
2a00:1450:4001:821::2014
Malicious Activity!
Public Scan
Effective URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/
Submission: On May 23 via api from BE
Summary
TLS certificate: Issued by GTS CA 1O1 on May 5th 2020. Valid for: 3 months.
This is the only time secured-dot-p7q8y6t5.uc.r.appspot.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AOL (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 2a00:1450:400... 2a00:1450:4001:821::2014 | 15169 (GOOGLE) (GOOGLE) | |
14 | 1 |
ASN15169 (GOOGLE, US)
secured-dot-p7q8y6t5.uc.r.appspot.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
appspot.com
1 redirects
secured-dot-p7q8y6t5.uc.r.appspot.com |
63 KB |
14 | 1 |
Domain | Requested by | |
---|---|---|
15 | secured-dot-p7q8y6t5.uc.r.appspot.com |
1 redirects
secured-dot-p7q8y6t5.uc.r.appspot.com
|
14 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.appspot.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://secured-dot-p7q8y6t5.uc.r.appspot.com/
Frame ID: E90E0020349B0CE9788CD9562D85DB54
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://secured-dot-p7q8y6t5.uc.r.appspot.com/
HTTP 302
https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Page URL
Detected technologies
Google App Engine (Web Servers) ExpandDetected patterns
- headers server /Google Frontend/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://secured-dot-p7q8y6t5.uc.r.appspot.com/
HTTP 302
https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
secured-dot-p7q8y6t5.uc.r.appspot.com/ Redirect Chain
|
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.4.2.min.js
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
70 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
snslanding.js
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
2 KB 841 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
snslanding.css
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hdr_err.css
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
676 B 431 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/ |
9 KB 3 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11-mybenefits-sns.css
secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/ |
3 KB 907 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lpUiStyles.css
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error.gif
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
1021 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lpUi.js
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lp-aol-head-lg.png
secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AC_OETags.js
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs.js
secured-dot-p7q8y6t5.uc.r.appspot.com/js/ |
1 KB 760 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mybenefits-new.png
secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AOL (Online)106 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| snslp_aligntoelement function| cleanupchromejs function| isEmpty function| modifyCreateAccountLink boolean| cookieEnabled undefined| layer function| RetVal function| User function| LoginVal function| QtnIdVal function| prereqchecks function| setCookie function| trimString function| stripOffAOLDomains function| handleUrl function| xstooltip_findPosX function| xstooltip_findPosY function| clearLbl function| checkLbl function| clearPwdLbl function| checkPwdLbl function| selectRange function| includeJsFile function| AsqVal function| asqReset function| checkAsqChange function| valAsqCreate function| valAsqCreateNew function| valAsqChange function| valAsqAnswers function| snsCheckAsq function| validateAsq function| snsCheckSecurID function| validateSecureID function| snscheckregimagtext function| valRegImageText function| getObject function| playAudio function| refreshImage function| valOIDForm function| setOpenID function| populateUrl function| showBubbleText function| hideBubbleText function| AuthUtil function| Tab function| UI object| uiArr object| btnArr object| AOLAliasDivs function| getById function| getStyle function| isAOLAlias function| getAuthTabWidth function| getAuthTabFilePrefix function| showTab2 function| createTabList function| attachAuthEvents function| showTab function| showTabs function| showContent function| showAOLAliasTab function| showOidTabs function| showFirstTabs function| createTabList2 function| showTab2Set function| show2Tab function| showAOLAliasTab2 function| showTabsSet function| attachAuthEvents2 function| showTabSet function| checkOIDFormSubmission function| GetWidth function| GetHeight function| authPopupLogin function| validateTab object| lgnEl object| pwdEl string| si3Class boolean| noPh number| ie function| setFocus boolean| isIE boolean| isWin boolean| isOpera boolean| isSafari function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_FL_RunContent function| AC_GetArgs number| requiredMajorVersion number| requiredMinorVersion number| requiredRevision boolean| hasProductInstall boolean| hasRequestedVersion function| getFlashDPCookie function| getCookie function| thisMovie number| versionStr1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secured-dot-p7q8y6t5.uc.r.appspot.com/ | Name: Value: testcookie |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secured-dot-p7q8y6t5.uc.r.appspot.com
2a00:1450:4001:821::2014
07981e5b5f4c84246a00de0212f7f4af17cae9e45c4bdf357ced2cad8a1bbc32
1a97e13035b779835312549e4b3f9c913b00ffc0e0eacdd39d4cd1f60dc885db
28da90187f67a86c92f77f09dbd602dd6c236765ad2fea72e3f6c1acae107865
30659174b5dbc38f53e455dbfe7ec71d73f07ec44dac3c0aaf1c99b4d5c8da0f
5c429d4f6c293e746723c621969d0af720ef5b1b3f05447efe45eee1c4b591e7
754d851f37baf4b424f4d86d668755d7d2b042534f96b3de0b27e6ce3b095392
b6fbd0e1845aebb3bf513537eb3d8dae360ea4b5d2e225ab22679da9bb75292c
ca06cc86362548d949921dec1eb8c62696b3710d9654c81699b83e9060fe74b3
cf87ecf582ede0b10d28a3980e6ac156315274b7fed846a9eeee0c572498f89a
d488104f0bdb8ee82ed277bf7a4c87c940981b3ed3956aac1b45e41cd0ffd10a
dcee5312b1a816445dcc424a72970ad633f4fdf67d35dd1e80beb3579f7b399f
ddae6d3eb90e6652daa591e4363bc52d269c1e100643c97a376611b7adbc9367
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59