secured-dot-p7q8y6t5.uc.r.appspot.com Open in urlscan Pro
2a00:1450:4001:821::2014 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://secured-dot-p7q8y6t5.uc.r.appspot.com/
Effective URL:
https://secured-dot-p7q8y6t5.uc.r.appspot.com/
Submission: On May 23 via api (May 23rd 2020, 6:26:11 am UTC) from BE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 2a00:1450:4001:821::2014, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is secured-dot-p7q8y6t5.uc.r.appspot.com.
TLS certificate: Issued by GTS CA 1O1 on May 5th 2020. Valid for: 3 months.

This is the only time secured-dot-p7q8y6t5.uc.r.appspot.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AOL (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 15	2a00:1450:400... 2a00:1450:4001:821::2014		15169 (GOOGLE) (GOOGLE)
14	1

15 2a00:1450:4001:821::2014 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

secured-dot-p7q8y6t5.uc.r.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	appspot.com 1 redirects secured-dot-p7q8y6t5.uc.r.appspot.com	63 KB
14	1

	Domain	Requested by
15	secured-dot-p7q8y6t5.uc.r.appspot.com	1 redirects secured-dot-p7q8y6t5.uc.r.appspot.com
14	1

This site contains no links.

Subject Issuer	Validity	Valid
*.appspot.com GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secured-dot-p7q8y6t5.uc.r.appspot.com/
Frame ID: E90E0020349B0CE9788CD9562D85DB54
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://secured-dot-p7q8y6t5.uc.r.appspot.com/ HTTP 302
https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Page URL

Detected technologies

Google App Engine (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /Google Frontend/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

63 kB
Transfer

148 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://secured-dot-p7q8y6t5.uc.r.appspot.com/ HTTP 302
https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response secured-dot-p7q8y6t5.uc.r.appspot.com/ Redirect Chain http://secured-dot-p7q8y6t5.uc.r.appspot.com/ https://secured-dot-p7q8y6t5.uc.r.appspot.com/	9 KB 4 KB	143ms 123ms	Document text/html	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `28da90187f67a86c92f77f09dbd602dd6c236765ad2fea72e3f6c1acae107865` Request headers :method GET :authority secured-dot-p7q8y6t5.uc.r.appspot.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 content-type text/html content-encoding gzip x-cloud-trace-context 31ed4b3be3fb0d5041a20d6aacdcbd94 vary Accept-Encoding date Sat, 23 May 2020 06:25:50 GMT server Google Frontend cache-control private content-length 3455 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Redirect headers Location https://secured-dot-p7q8y6t5.uc.r.appspot.com/ X-Cloud-Trace-Context 01a9f5edf22865fa0ed89b7d97d1c03a Date Sat, 23 May 2020 06:25:50 GMT Content-Type text/html Server Google Frontend Content-Length 0
GET H2	200	jquery-1.4.2.min.js Show response secured-dot-p7q8y6t5.uc.r.appspot.com/js/	70 KB 28 KB	168ms 165ms	Script application/javascript	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/jquery-1.4.2.min.js Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type application/javascript status 200 x-cloud-trace-context 31ed4b3be3fb0d5041a20d6aacdcbd94 cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	snslanding.js Show response secured-dot-p7q8y6t5.uc.r.appspot.com/js/	2 KB 841 B	164ms 163ms	Script application/javascript	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/snslanding.js Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `ddae6d3eb90e6652daa591e4363bc52d269c1e100643c97a376611b7adbc9367` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type application/javascript status 200 x-cloud-trace-context 7cbe72b077173cfcb03e1fb14b8ac908 cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	snslanding.css secured-dot-p7q8y6t5.uc.r.appspot.com/js/	5 KB 2 KB	158ms 156ms	Stylesheet text/css	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/snslanding.css Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `30659174b5dbc38f53e455dbfe7ec71d73f07ec44dac3c0aaf1c99b4d5c8da0f` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type text/css status 200 x-cloud-trace-context 31ed4b3be3fb0d5041a20d6aacdcbd94 cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	hdr_err.css secured-dot-p7q8y6t5.uc.r.appspot.com/js/	676 B 431 B	161ms 159ms	Stylesheet text/css	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/hdr_err.css Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `b6fbd0e1845aebb3bf513537eb3d8dae360ea4b5d2e225ab22679da9bb75292c` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type text/css status 200 x-cloud-trace-context 3e99ecc9006093fd3f4ce0007227a4fb cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	css secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/	9 KB 3 KB	128ms 126ms	Stylesheet text/html	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/css?family=Open+Sans:300italic,300 Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `28da90187f67a86c92f77f09dbd602dd6c236765ad2fea72e3f6c1acae107865` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend vary Accept-Encoding content-type text/html status 200 x-cloud-trace-context 721bcae8ec8ddadf57c3524b6d9d5103 cache-control private alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3455
GET H2	200	11-mybenefits-sns.css secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/	3 KB 907 B	128ms 127ms	Stylesheet text/css	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/11-mybenefits-sns.css Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `5c429d4f6c293e746723c621969d0af720ef5b1b3f05447efe45eee1c4b591e7` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type text/css status 200 x-cloud-trace-context 3e99ecc9006093fd3f4ce0007227a4fb cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	lpUiStyles.css secured-dot-p7q8y6t5.uc.r.appspot.com/js/	12 KB 3 KB	177ms 176ms	Stylesheet text/css	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/lpUiStyles.css Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `1a97e13035b779835312549e4b3f9c913b00ffc0e0eacdd39d4cd1f60dc885db` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type text/css status 200 x-cloud-trace-context 53835704e1b3184b3bc5942539a9e486 cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	error.gif secured-dot-p7q8y6t5.uc.r.appspot.com/js/	1021 B 1 KB	146ms 145ms	Image image/gif	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/error.gif Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `07981e5b5f4c84246a00de0212f7f4af17cae9e45c4bdf357ced2cad8a1bbc32` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT server Google Frontend etag "niyZvw" content-type image/gif status 200 x-cloud-trace-context e01be79bf27682b61bfc7de5e66b11e3 cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	lpUi.js Show response secured-dot-p7q8y6t5.uc.r.appspot.com/js/	19 KB 6 KB	211ms 211ms	Script application/javascript	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/lpUi.js Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `cf87ecf582ede0b10d28a3980e6ac156315274b7fed846a9eeee0c572498f89a` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type application/javascript status 200 x-cloud-trace-context e01be79bf27682b61bfc7de5e66b11e3 cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	lp-aol-head-lg.png secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/	7 KB 7 KB	203ms 202ms	Image image/png	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/lp-aol-head-lg.png Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `754d851f37baf4b424f4d86d668755d7d2b042534f96b3de0b27e6ce3b095392` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT server Google Frontend etag "niyZvw" content-type image/png status 200 x-cloud-trace-context 9b00099c67f239aa545f1b21ad8826ae cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	AC_OETags.js Show response secured-dot-p7q8y6t5.uc.r.appspot.com/js/	4 KB 2 KB	215ms 214ms	Script application/javascript	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/AC_OETags.js Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `dcee5312b1a816445dcc424a72970ad633f4fdf67d35dd1e80beb3579f7b399f` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type application/javascript status 200 x-cloud-trace-context 721bcae8ec8ddadf57c3524b6d9d5103 cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	fs.js Show response secured-dot-p7q8y6t5.uc.r.appspot.com/js/	1 KB 760 B	190ms 190ms	Script application/javascript	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/fs.js Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `ca06cc86362548d949921dec1eb8c62696b3710d9654c81699b83e9060fe74b3` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT content-encoding gzip server Google Frontend etag "niyZvw" content-type application/javascript status 200 x-cloud-trace-context 3e99ecc9006093fd3f4ce0007227a4fb cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT
GET H2	200	mybenefits-new.png secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/	5 KB 5 KB	168ms 168ms	Image image/png	2a00:1450:4001:821::2014 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/mybenefits-new.png Requested by Host: secured-dot-p7q8y6t5.uc.r.appspot.com URL: https://secured-dot-p7q8y6t5.uc.r.appspot.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:821::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Frontend / Resource Hash `d488104f0bdb8ee82ed277bf7a4c87c940981b3ed3956aac1b45e41cd0ffd10a` Request headers Referer https://secured-dot-p7q8y6t5.uc.r.appspot.com/js/added/11-mybenefits-sns.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 23 May 2020 06:25:50 GMT server Google Frontend etag "niyZvw" content-type image/png status 200 x-cloud-trace-context 3e99ecc9006093fd3f4ce0007227a4fb cache-control public, max-age=5 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Sat, 23 May 2020 06:25:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online)

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secured-dot-p7q8y6t5.uc.r.appspot.com/	1969-12-31 23:59:59	Name: Value: testcookie

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secured-dot-p7q8y6t5.uc.r.appspot.com
2a00:1450:4001:821::2014
07981e5b5f4c84246a00de0212f7f4af17cae9e45c4bdf357ced2cad8a1bbc32
1a97e13035b779835312549e4b3f9c913b00ffc0e0eacdd39d4cd1f60dc885db
28da90187f67a86c92f77f09dbd602dd6c236765ad2fea72e3f6c1acae107865
30659174b5dbc38f53e455dbfe7ec71d73f07ec44dac3c0aaf1c99b4d5c8da0f
5c429d4f6c293e746723c621969d0af720ef5b1b3f05447efe45eee1c4b591e7
754d851f37baf4b424f4d86d668755d7d2b042534f96b3de0b27e6ce3b095392
b6fbd0e1845aebb3bf513537eb3d8dae360ea4b5d2e225ab22679da9bb75292c
ca06cc86362548d949921dec1eb8c62696b3710d9654c81699b83e9060fe74b3
cf87ecf582ede0b10d28a3980e6ac156315274b7fed846a9eeee0c572498f89a
d488104f0bdb8ee82ed277bf7a4c87c940981b3ed3956aac1b45e41cd0ffd10a
dcee5312b1a816445dcc424a72970ad633f4fdf67d35dd1e80beb3579f7b399f
ddae6d3eb90e6652daa591e4363bc52d269c1e100643c97a376611b7adbc9367
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59

secured-dot-p7q8y6t5.uc.r.appspot.com Open in urlscan Pro 2a00:1450:4001:821::2014 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

63 kBTransfer

148 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

106 JavaScript Global Variables

1 Cookies

Indicators

secured-dot-p7q8y6t5.uc.r.appspot.com Open in urlscan Pro
2a00:1450:4001:821::2014 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

63 kB
Transfer

148 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!