![](/screenshots/7988e05c-ce5d-4d3d-b042-5485c3b61a5a.png)
storage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:812::2010
Malicious Activity!
Public Scan
Effective URL: https://storage.googleapis.com/u0eufu9eu9w9u.appspot.com/7297.html
Submission: On February 15 via manual from IN
Summary
TLS certificate: Issued by GTS CA 1O1 on January 19th 2021. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Huntington Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 35.201.120.147 35.201.120.147 | 15169 (GOOGLE) (GOOGLE) | |
5 | 2a04:4e42:1b:... 2a04:4e42:1b::621 | 54113 (FASTLY) (FASTLY) | |
10 | 2a00:1450:400... 2a00:1450:4001:812::2010 | 15169 (GOOGLE) (GOOGLE) | |
1 3 | 103.153.182.185 103.153.182.185 | 140947 (SNTHOSTIN...) (SNTHOSTINGS-AS-AP SnTHostings) | |
20 | 4 |
ASN15169 (GOOGLE, US)
PTR: 147.120.201.35.bc.googleusercontent.com
manknowdyself.michealkerkman.repl.co |
ASN15169 (GOOGLE, US)
storage.googleapis.com |
ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN)
PTR: 103.153.182.185.static.snthostings.com
bnbgcwwbiz.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
googleapis.com
storage.googleapis.com |
2 MB |
5 |
jsdelivr.net
cdn.jsdelivr.net |
47 KB |
4 |
repl.co
1 redirects
manknowdyself.michealkerkman.repl.co |
8 KB |
3 |
bnbgcwwbiz.ru
1 redirects
bnbgcwwbiz.ru |
6 KB |
20 | 4 |
Domain | Requested by | |
---|---|---|
10 | storage.googleapis.com |
manknowdyself.michealkerkman.repl.co
bnbgcwwbiz.ru |
5 | cdn.jsdelivr.net |
manknowdyself.michealkerkman.repl.co
|
4 | manknowdyself.michealkerkman.repl.co |
1 redirects
manknowdyself.michealkerkman.repl.co
|
3 | bnbgcwwbiz.ru |
1 redirects
storage.googleapis.com
bnbgcwwbiz.ru |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
michealkerkman.repl.co R3 |
2021-02-13 - 2021-05-14 |
3 months | crt.sh |
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2020-10-26 - 2021-04-17 |
6 months | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2021-01-19 - 2021-04-13 |
3 months | crt.sh |
webdisk.bnbgcwwbiz.ru R3 |
2021-01-26 - 2021-04-26 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://storage.googleapis.com/u0eufu9eu9w9u.appspot.com/7297.html
Frame ID: 4E12BB437DFFB0FBBD4F4170824461D0
Requests: 2 HTTP requests in this frame
Frame:
https://manknowdyself.michealkerkman.repl.co/__logs
Frame ID: 65E2F725B6DDF18FB8296B6B1F3B0693
Requests: 7 HTTP requests in this frame
Frame:
https://bnbgcwwbiz.ru/cnjsandsajkncjkds/QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1/?Key=QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1&rand=13InboxLightaspxn_QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1_RTJudFZoRkpKRnBFSXgx-&bfa29f3e5639393fd2523fb5dbb58f779ebfa95326fccdd87dc38e85a362f8d7
Frame ID: 08A7C50B092C3FBC33E6F4591333E980
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/7988e05c-ce5d-4d3d-b042-5485c3b61a5a.png)
Page URL History Show full URLs
- https://manknowdyself.michealkerkman.repl.co/ Page URL
-
https://manknowdyself.michealkerkman.repl.co/
HTTP 302
https://storage.googleapis.com/u0eufu9eu9w9u.appspot.com/7297.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://manknowdyself.michealkerkman.repl.co/ Page URL
-
https://manknowdyself.michealkerkman.repl.co/
HTTP 302
https://storage.googleapis.com/u0eufu9eu9w9u.appspot.com/7297.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://bnbgcwwbiz.ru/cnjsandsajkncjkds/QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1?Key=QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1&rand=13InboxLightaspxn_QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1_RTJudFZoRkpKRnBFSXgx-&bfa29f3e5639393fd2523fb5dbb58f779ebfa95326fccdd87dc38e85a362f8d7 HTTP 301
- https://bnbgcwwbiz.ru/cnjsandsajkncjkds/QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1/?Key=QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1&rand=13InboxLightaspxn_QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1_RTJudFZoRkpKRnBFSXgx-&bfa29f3e5639393fd2523fb5dbb58f779ebfa95326fccdd87dc38e85a362f8d7
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
manknowdyself.michealkerkman.repl.co/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__logs
manknowdyself.michealkerkman.repl.co/ Frame 65E2 |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xterm.min.js
cdn.jsdelivr.net/npm/xterm@3.8.0/dist/ Frame 65E2 |
185 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fullscreen.min.js
cdn.jsdelivr.net/npm/xterm@3.8.0/dist/addons/fullscreen/ Frame 65E2 |
1 KB 911 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fit.js
cdn.jsdelivr.net/npm/xterm@3.8.0/dist/addons/fit/ Frame 65E2 |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xterm.min.css
cdn.jsdelivr.net/npm/xterm@3.8.0/dist/ Frame 65E2 |
2 KB 881 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fullscreen.min.css
cdn.jsdelivr.net/npm/xterm@3.8.0/dist/addons/fullscreen/ Frame 65E2 |
452 B 674 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__tail
manknowdyself.michealkerkman.repl.co/ Frame 65E2 |
1 KB 0 |
EventSource
text/event-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
7297.html
storage.googleapis.com/u0eufu9eu9w9u.appspot.com/ Redirect Chain
|
172 B 834 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
![]() bnbgcwwbiz.ru/cnjsandsajkncjkds/ Frame 08A7 |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
bnbgcwwbiz.ru/cnjsandsajkncjkds/QXNpYQ==15-02-202112-43-40am3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aRTJudFZoRkpKRnBFSXgxVUVzPQ==UGFraXN0YW4=VUVzPQ==E2ntVhFJJFpEIx1/ Frame 08A7 Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h1.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h2.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
394 KB 395 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h3.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
877 KB 878 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h4.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
419 KB 420 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h5.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
455 KB 455 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h6.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
142 KB 142 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h7.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
60 KB 60 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
h8.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
ht.png
storage.googleapis.com/thgfdf45re-dssf34refvdss-21w.appspot.com/ Frame 08A7 |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Huntington Bank (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bnbgcwwbiz.ru
cdn.jsdelivr.net
manknowdyself.michealkerkman.repl.co
storage.googleapis.com
103.153.182.185
2a00:1450:4001:812::2010
2a04:4e42:1b::621
35.201.120.147
008430856f9f3f38730c4dc131867384ae261a50c8c68d505435a39e587c3e3f
1ebb29892d935ebd1a214bb9f237e1b14c612c42eb56d61a562f40b71fd8c1c2
347dce85bafd14cb5b43f022d619102eb8ca1133fa5c9a5f7e556c441ce02074
349f38b9944a6e3a2d8f58601cdc1d12eaa425782b71ac9cc3b44c447c19e257
3add1cdd7d7bad5b086da9d3909d4e1dcbdf4d2502cd14476a1d5146bbcb2dae
62df13e60872c12f89a4a1fe024d89ba9fb113e0b930cce634f462846177dc8d
784639ecef04c54b2d5fc380491f488b9b992339fe27adf4602a8dd833d10c66
802e3f2a8f41f83e36823fa1e5027b207e2f91df0b7cb3697d9dfd698cfede45
837c491d1dc849a7098927a4f3736665d6df3f7243e834e8bff2ba7002430b57
8711bdbb6f2200a58dccf2e4fad0c0da365761fc6e831dd3855e5c6939cd22b9
95ed6b9b9ba02e134d885a5a13f1d46d0da383663f7b6d09da7e2db82e890155
a491b4e2136101d4e5d999a9c2227f468acfc1a39180a1f6697f1699ddecd6b6
abe355d5fb1f57227135cdb15520ac25c0f33b10f604648652e22c90e5c60087
ba1a8ebaefce29ebd91d2d76b5ca9b7817fe9e56ae0bb655822706a80ba7193b
bb996b868c78620dac414ec65e988b45bc7f9e141a5d0eaff807db5b16440353
caee65e098a91c6685f91fe7cb226af7e6c34bb7fe0b465014c374e1b65a87cd
e4613707259f1afc7162126415e2fc6f83697ea7d04bc98fa8e01ecd71a7504f
e542e25defaf17ee3af6e54031d074e7384eab0f85fd7b9b5e301cb3041ea2fd