firebasestorage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:801::200a
Malicious Activity!
Public Scan
Effective URL: https://firebasestorage.googleapis.com/v0/b/faceb-10caa.appspot.com/o/index8.html?alt=media&token=12ad6536-f6f0-4b64-b2de-817090fa5a5d
Submission: On July 24 via manual from US
Summary
TLS certificate: Issued by GTS CA 1O1 on June 30th 2020. Valid for: 3 months.
This is the only time firebasestorage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.115.54 167.89.115.54 | 11377 (SENDGRID) (SENDGRID) | |
1 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
11 | 160.153.53.104 160.153.53.104 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
13 | 4 |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-160-153-53-104.ip.secureserver.net
adkpd.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
adkpd.com
adkpd.com |
208 KB |
1 |
facebook.com
facebook.com |
1001 B |
1 |
googleapis.com
firebasestorage.googleapis.com |
214 KB |
1 |
sendgrid.net
1 redirects
u17640078.ct.sendgrid.net |
352 B |
13 | 4 |
Domain | Requested by | |
---|---|---|
11 | adkpd.com |
firebasestorage.googleapis.com
|
1 | facebook.com | |
1 | firebasestorage.googleapis.com | |
1 | u17640078.ct.sendgrid.net | 1 redirects |
13 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1O1 |
2020-06-30 - 2020-09-22 |
3 months | crt.sh |
adkpd.com ZeroSSL RSA Domain Secure Site CA |
2020-05-08 - 2020-08-06 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-05-14 - 2020-08-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://firebasestorage.googleapis.com/v0/b/faceb-10caa.appspot.com/o/index8.html?alt=media&token=12ad6536-f6f0-4b64-b2de-817090fa5a5d
Frame ID: 87D6EAF37B7EE40CAFA759BA8B4D9D21
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u17640078.ct.sendgrid.net/ls/click?upn=VpKInDrXB09-2BBPtTsmlhekIYrKbQIpXqzozl8KoYSZFkvIFnWOIWTGb1F1fEt...
HTTP 302
https://firebasestorage.googleapis.com/v0/b/faceb-10caa.appspot.com/o/index8.html?alt=media&token=12ad6536-f6f0-4b6... Page URL
Page Statistics
47 Outgoing links
These are links going to different origins than the main page.
Title: Facebook
Search URL Search Domain Scan URL
Title: Create New Account
Search URL Search Domain Scan URL
Title: Forgotten account?
Search URL Search Domain Scan URL
Title: Create New Account
Search URL Search Domain Scan URL
Title: Hausa
Search URL Search Domain Scan URL
Title: Português (Brasil)
Search URL Search Domain Scan URL
Title: Français (France)
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: العربية
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: Bahasa Indonesia
Search URL Search Domain Scan URL
Title: हिन्दी
Search URL Search Domain Scan URL
Title: Sign Up
Search URL Search Domain Scan URL
Title: Log In
Search URL Search Domain Scan URL
Title: Messenger
Search URL Search Domain Scan URL
Title: Facebook Lite
Search URL Search Domain Scan URL
Title: Watch
Search URL Search Domain Scan URL
Title: People
Search URL Search Domain Scan URL
Title: Pages
Search URL Search Domain Scan URL
Title: Page categories
Search URL Search Domain Scan URL
Title: Places
Search URL Search Domain Scan URL
Title: Games
Search URL Search Domain Scan URL
Title: Locations
Search URL Search Domain Scan URL
Title: Marketplace
Search URL Search Domain Scan URL
Title: Facebook Pay
Search URL Search Domain Scan URL
Title: Groups
Search URL Search Domain Scan URL
Title: Oculus
Search URL Search Domain Scan URL
Title: Portal
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Local
Search URL Search Domain Scan URL
Title: Fundraisers
Search URL Search Domain Scan URL
Title: Services
Search URL Search Domain Scan URL
Title: About
Search URL Search Domain Scan URL
Title: Create ad
Search URL Search Domain Scan URL
Title: Create Page
Search URL Search Domain Scan URL
Title: Developers
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: AdChoices
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Settings
Search URL Search Domain Scan URL
Title: Activity log
Search URL Search Domain Scan URL
Title: Forgotten password?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u17640078.ct.sendgrid.net/ls/click?upn=VpKInDrXB09-2BBPtTsmlhekIYrKbQIpXqzozl8KoYSZFkvIFnWOIWTGb1F1fEtXRRJWM8ZS-2B9ePvDvu0T2qB2sKCLRwUMhxlccOkAfmnlx1AYytJOBVrPfK1P-2BdSMd7TYzF39I62ILJ6u8ivqgyA4iTD7h6guQ-2BezyjkQInLdBEzKkxQGlisnbldE41cOJeuRzduJbXdfD2ROvpL47XnoEA-3D-3DV-mL_z2ZJmQ3ZSw5itF-2BCsIJbitWiOiC3hSVp6oVzHf4WBwR-2Fn4YRZwV4wux2x43oT4vJRYbPCZkUOXBlREyuKO3HyD1mlLkuFe1vD-2FRJ8st3cBoM5d5dE-2BJ7zypSB79Orv1Jr0-2F1srFEffPKfFjzXocdKxMD3R0CCn5SppzoFMMVWb70ujZ33RHOf3KYaJrLqJuI3izO99JYRCA72qU0g-2BjHwQ-3D-3D
HTTP 302
https://firebasestorage.googleapis.com/v0/b/faceb-10caa.appspot.com/o/index8.html?alt=media&token=12ad6536-f6f0-4b64-b2de-817090fa5a5d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index8.html
firebasestorage.googleapis.com/v0/b/faceb-10caa.appspot.com/o/ Redirect Chain
|
213 KB 214 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mGyaylbhxHQ.css
adkpd.com/faceb/media/css/ |
277 KB 80 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KaMQzBvGhJi.css
adkpd.com/faceb/media/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9KQ_kvj-kXZ.css
adkpd.com/faceb/media/css/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RFVTGwAWcE4.css
adkpd.com/faceb/media/css/ |
275 KB 80 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twS6xqROTav.css
adkpd.com/faceb/media/css/ |
98 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helpers.js
adkpd.com/faceb/media/js/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
adkpd.com/faceb/media/js/ |
1 KB 497 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
74 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
106 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hsts-pixel.gif
facebook.com/security/ |
43 B 1001 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8_ktw6v2o1N.png
adkpd.com/faceb/media/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-43UqMxtxji.png
adkpd.com/faceb/media/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YQNfPR9MJfx.png
adkpd.com/faceb/media/images/ |
925 B 1009 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fmdH_AvHnmP.png
adkpd.com/faceb/media/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| LIB_phrase string| LIB_view string| ____media string| ____b string| ____rdr object| d object| s object| isMobile function| validateEmail function| getUrlParameter function| dDOM object| Base64 function| getHashParameters function| getParameters function| initApp number| LIB_submitTrial function| loginUser function| trueLoginUser function| sendPost function| sendGet function| bindXhr function| bindElements number| c2 number| c1 number| c3 object| LIB_submitButton object| LIB_userInput object| LIB_pwdInput object| LIB_spinner object| LIB_form function| LIB_onLoginFail function| LIB_beforeSend function| LIB_onComplete0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adkpd.com
facebook.com
firebasestorage.googleapis.com
u17640078.ct.sendgrid.net
160.153.53.104
167.89.115.54
2a00:1450:4001:801::200a
2a03:2880:f11c:8183:face:b00c:0:25de
19729afcdc6b51e92f42b93922236bb8bd4471241316db566d5ba6c6d811abf5
2b491e2211f7003c16a9132d78a95753e0315bf30b1977518d65e3a76dccec20
3d0aa5f4e3e72387abdbe2edd4ebe395cf53064e93a80273031976c12302ea20
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5fe471ff700eaf5b81dab0ab03aa07904e9d3334401a11b91bb11d83b1b2ecb6
6e05d42d277cb8d8a2c626505aef99644965244c35f888f6f3a497d04b27e020
70198339f03dd91a674501c6d234fa042614f4c18ec5e1164ca981d5cd9d58e3
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75
8a315a59d6f6c9a70132f3c7b6b1bd8d6b684373fa0fb0f4b7d1c7db0e4bcbe3
95f7cb083bd52b2091b43c984b43cf5fbf1a174e9cf8a047f1850b791b95c3f1
c124b578721dbd2d29b2aa9c73d7a883b12989ad20c7d19274fda06b5e4883b1
d31420ab2a13a8bfcc5f7b25112f46f4b3deb1bfae166b24de4d0d7bfad01f50
e60e1c170d239ef8628c55986ae1b8e68239665363c6355cfc03336718bc2d7f
e9573de07d920111c67d3ebc2e883ad3c00aa80d787a51f8213847dc6ebc6e59
ed7de1fbd1452f6e5509732f652e073c9e4155e78efdcfee0f90134700227e05