accounts.pub.gloginsuite.xyz

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 40.117.97.30, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is accounts.pub.gloginsuite.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 26th 2020. Valid for: 3 months.

This is the only time accounts.pub.gloginsuite.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 6	40.117.97.30 40.117.97.30		8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2

6 40.117.97.30 (Washington, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

accounts.pub.gloginsuite.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssl.pub.gloginsuite.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gloginsuite.xyz 1 redirects accounts.pub.gloginsuite.xyz ssl.pub.gloginsuite.xyz fonts.pub.gloginsuite.xyz Failed	76 KB
7	1

	Domain	Requested by
4	ssl.pub.gloginsuite.xyz	accounts.pub.gloginsuite.xyz
2	accounts.pub.gloginsuite.xyz	1 redirects
0	fonts.pub.gloginsuite.xyz Failed	accounts.pub.gloginsuite.xyz
7	3

This site contains links to these domains. Also see Links.

Domain
www.pub.gloginsuite.xyz

Subject Issuer	Validity	Valid
pub.gloginsuite.xyz Let's Encrypt Authority X3	`2020-01-26` - `2020-04-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
Frame ID: 4D0FBBA45D9CE92D7A2BDEC825925AAC
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://accounts.pub.gloginsuite.xyz/ HTTP 302
https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&f... Page URL

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

OpenGSE (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

75 kB
Transfer

72 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pub.gloginsuite.xyz/intl/en/about
Title: About Google

Search URL Search Domain Scan URL

URL: http://www.pub.gloginsuite.xyz/support/accounts?hl=en
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://accounts.pub.gloginsuite.xyz/ HTTP 302
https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request ServiceLogin Show response accounts.pub.gloginsuite.xyz/ Redirect Chain https://accounts.pub.gloginsuite.xyz/ https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F	65 KB 66 KB	400ms 202ms	Document text/html	40.117.97.30 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 40.117.97.30 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software GSE / Resource Hash `b9aa8f2b91746140f3d741d4f4ea7b30706b66fb333fef74907e9da90d886a06` Request headers Host accounts.pub.gloginsuite.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Sec-Fetch-User ?1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Sec-Fetch-Mode navigate Accept-Encoding gzip, deflate, br Cookie GAPS=1:9L-37ejklLn8nFSIZbw6hYY27Ke1vA:nLmLdZ0G63WxFcz6 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Sec-Fetch-User ?1 Response headers Alt-Svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 Cache-Control no-cache, no-store, max-age=0, must-revalidate Connection close Content-Type text/html; charset=UTF-8 Date Sun, 26 Jan 2020 17:44:09 GMT Expires Mon, 01 Jan 1990 00:00:00 GMT Pragma no-cache Server GSE Transfer-Encoding chunked User-Agent Mozilla/5.0 (iPad; CPU OS 9_3_5 like Mac OS X) AppleWebKit/603.1.46 (KHTML, like Gecko) Mobile/13G36 X-Auto-Login realm=com.google&args=continue%3Dhttps%253A%252F%252Faccounts.google.com%252F Redirect headers Alt-Svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 Cache-Control private, max-age=0 Connection close Content-Type text/html; charset=UTF-8 Date Sun, 26 Jan 2020 17:44:09 GMT Expires Sun, 26 Jan 2020 17:44:09 GMT Location https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Server GSE Set-Cookie GAPS=1:9L-37ejklLn8nFSIZbw6hYY27Ke1vA:nLmLdZ0G63WxFcz6; Path=/; HttpOnly Transfer-Encoding chunked User-Agent Mozilla/5.0 (iPad; CPU OS 9_3_5 like Mac OS X) AppleWebKit/603.1.46 (KHTML, like Gecko) Mobile/13G36
GET H/1.1	200 OK	avatar_2x.png ssl.pub.gloginsuite.xyz/accounts/ui/	626 B 1 KB	398ms 99ms	Image image/png	40.117.97.30 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pub.gloginsuite.xyz/accounts/ui/avatar_2x.png Requested by Host: accounts.pub.gloginsuite.xyz URL: https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 40.117.97.30 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software sffe / Resource Hash `cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0` Request headers Referer https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Thu, 12 Dec 2019 06:29:56 GMT Last-Modified Thu, 03 Oct 2019 10:15:00 GMT Server sffe Age 3928453 User-Agent Mozilla/5.0 (iPad; CPU OS 9_3_5 like Mac OS X) AppleWebKit/603.1.46 (KHTML, like Gecko) Mobile/13G36 Transfer-Encoding chunked Content-Type image/png Cache-Control public, max-age=31536000 Connection close Accept-Ranges bytes Alt-Svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 Expires Fri, 11 Dec 2020 06:29:56 GMT
GET H/1.1	200 OK	googlelogo_color_112x36dp.png ssl.pub.gloginsuite.xyz/images/branding/googlelogo/1x/	2 KB 3 KB	396ms 101ms	Image image/png	40.117.97.30 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pub.gloginsuite.xyz/images/branding/googlelogo/1x/googlelogo_color_112x36dp.png Requested by Host: accounts.pub.gloginsuite.xyz URL: https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 40.117.97.30 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software sffe / Resource Hash `9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d` Request headers Referer https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Sat, 18 Jan 2020 00:28:04 GMT Last-Modified Tue, 22 Oct 2019 18:15:00 GMT Server sffe Age 753365 User-Agent Mozilla/5.0 (iPad; CPU OS 9_3_5 like Mac OS X) AppleWebKit/603.1.46 (KHTML, like Gecko) Mobile/13G36 Vary Origin Content-Type image/png Cache-Control public, max-age=31536000 Transfer-Encoding chunked Connection close Accept-Ranges bytes Alt-Svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 Expires Sun, 17 Jan 2021 00:28:04 GMT
GET		mem5YaGs126MiZpBA-UN_r8OUuhvKKSTjw.woff fonts.pub.gloginsuite.xyz/s/opensans/v15/	0 0

GET		mem8YaGs126MiZpBA-UFVZ0df8pkAg.woff fonts.pub.gloginsuite.xyz/s/opensans/v15/	0 0

GET H/1.1	200 OK	universal_language_settings-21.png ssl.pub.gloginsuite.xyz/images/icons/ui/common/	199 B 808 B	329ms 100ms	Image image/png	40.117.97.30 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pub.gloginsuite.xyz/images/icons/ui/common/universal_language_settings-21.png Requested by Host: accounts.pub.gloginsuite.xyz URL: https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 40.117.97.30 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software sffe / Resource Hash `59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6` Request headers Referer https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Thu, 23 Jan 2020 03:57:45 GMT Last-Modified Thu, 03 Oct 2019 10:15:00 GMT Server sffe Age 308784 User-Agent Mozilla/5.0 (iPad; CPU OS 9_3_5 like Mac OS X) AppleWebKit/603.1.46 (KHTML, like Gecko) Mobile/13G36 Transfer-Encoding chunked Content-Type image/png Cache-Control public, max-age=31536000 Connection close Accept-Ranges bytes Alt-Svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 Expires Fri, 22 Jan 2021 03:57:45 GMT
GET H/1.1	200 OK	wlogostrip_230x17_1x.png ssl.pub.gloginsuite.xyz/accounts/ui/	4 KB 5 KB	318ms 100ms	Image image/png	40.117.97.30 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pub.gloginsuite.xyz/accounts/ui/wlogostrip_230x17_1x.png Requested by Host: accounts.pub.gloginsuite.xyz URL: https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 40.117.97.30 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software sffe / Resource Hash `05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c` Request headers Referer https://accounts.pub.gloginsuite.xyz/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 18 Dec 2019 03:32:02 GMT Last-Modified Thu, 03 Oct 2019 10:15:00 GMT Server sffe Age 3420727 User-Agent Mozilla/5.0 (iPad; CPU OS 9_3_5 like Mac OS X) AppleWebKit/603.1.46 (KHTML, like Gecko) Mobile/13G36 Transfer-Encoding chunked Content-Type image/png Cache-Control public, max-age=31536000 Connection close Accept-Ranges bytes Alt-Svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 Expires Thu, 17 Dec 2020 03:32:02 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.pub.gloginsuite.xyz
URL: https://fonts.pub.gloginsuite.xyz/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhvKKSTjw.woff

Domain: fonts.pub.gloginsuite.xyz
URL: https://fonts.pub.gloginsuite.xyz/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0df8pkAg.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			accounts.pub.gloginsuite.xyz/	1969-12-31 23:59:59	Name: GAPS Value: 1:9L-37ejklLn8nFSIZbw6hYY27Ke1vA:nLmLdZ0G63WxFcz6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.pub.gloginsuite.xyz
fonts.pub.gloginsuite.xyz
ssl.pub.gloginsuite.xyz
fonts.pub.gloginsuite.xyz
40.117.97.30
05cdc120325f04f53e3ec7dbba877500d94db5a47e38fb6a2cc96fa3d1d7664c
59404af2d92c53ad1ee9e21b252c07c77dcba810b248a79d6ae989b1ff63c7d6
9ecd5e18216a965021f794cc1fd255767f8437ce1dd6c6c2ff4ceea7ccc0073d
b9aa8f2b91746140f3d741d4f4ea7b30706b66fb333fef74907e9da90d886a06
cdcc6d6dcda827a694dce8bfa9a1ab41113b629ef1cc11f886866af9194c81d0

accounts.pub.gloginsuite.xyz Open in urlscan Pro 40.117.97.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

0 %IPv6

1 Domains

3 Subdomains

2 IPs

1 Countries

75 kBTransfer

72 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

1 Cookies

Indicators

accounts.pub.gloginsuite.xyz Open in urlscan Pro
40.117.97.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

75 kB
Transfer

72 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!