storage.googleapis.com
Open in
urlscan Pro
142.250.186.112
Malicious Activity!
Public Scan
Effective URL: https://storage.googleapis.com/jwbdjbwjb.appspot.com/hjuikujyhgfvcjuyhtgfds.html
Submission: On October 22 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1C3 on October 4th 2021. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citizens Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 | 142.250.186.112 142.250.186.112 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.185.106 142.250.185.106 | 15169 (GOOGLE) (GOOGLE) | |
1 27 | 103.153.182.185 103.153.182.185 | 140947 (SNTHOSTIN...) (SNTHOSTINGS-AS-AP SnTHostings) | |
1 | 69.16.175.10 69.16.175.10 | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 104.16.18.94 104.16.18.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
33 | 6 |
ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f16.1e100.net
storage.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f10.1e100.net
ajax.googleapis.com |
ASN140947 (SNTHOSTINGS-AS-AP SnTHostings, IN)
PTR: 103.153.182.185.static.snthostings.com
myros342234so.ru |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com | |
stackpath.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
27 |
myros342234so.ru
1 redirects
myros342234so.ru |
138 KB |
3 |
googleapis.com
storage.googleapis.com ajax.googleapis.com |
64 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com |
29 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
7 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
1 |
bit.ly
1 redirects
bit.ly |
291 B |
33 | 6 |
Domain | Requested by | |
---|---|---|
27 | myros342234so.ru |
1 redirects
storage.googleapis.com
myros342234so.ru |
2 | ajax.googleapis.com |
storage.googleapis.com
myros342234so.ru |
1 | stackpath.bootstrapcdn.com |
myros342234so.ru
|
1 | maxcdn.bootstrapcdn.com |
myros342234so.ru
|
1 | cdnjs.cloudflare.com |
myros342234so.ru
|
1 | code.jquery.com |
myros342234so.ru
|
1 | storage.googleapis.com | |
1 | bit.ly | 1 redirects |
33 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
myros342234so.ru R3 |
2021-09-30 - 2021-12-29 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://storage.googleapis.com/jwbdjbwjb.appspot.com/hjuikujyhgfvcjuyhtgfds.html
Frame ID: EBB4312A05FB0741019B55497DCA332B
Requests: 2 HTTP requests in this frame
Frame:
https://myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/?Key=6b4adeac67c9a78e89707d560dc4daf4&rand=19lnboxLightespn_6b4adeac67c9a78e89707d560dc4daf4_N1FiNndyV3R1dERjVzlkT0ZN-&b8fdcd2ccda3313cd1f2ad91dfcd6016e960fee3f217bbca9dfe8cb085038051
Frame ID: 79B1647847D80A67C1BA5BA91A6620B5
Requests: 31 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/3BOZ0p0
HTTP 301
https://storage.googleapis.com/jwbdjbwjb.appspot.com/hjuikujyhgfvcjuyhtgfds.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
- jquery[.-]([\d.]*\d)[^/]*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3BOZ0p0
HTTP 301
https://storage.googleapis.com/jwbdjbwjb.appspot.com/hjuikujyhgfvcjuyhtgfds.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4?Key=6b4adeac67c9a78e89707d560dc4daf4&rand=19lnboxLightespn_6b4adeac67c9a78e89707d560dc4daf4_N1FiNndyV3R1dERjVzlkT0ZN-&b8fdcd2ccda3313cd1f2ad91dfcd6016e960fee3f217bbca9dfe8cb085038051 HTTP 301
- https://myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/?Key=6b4adeac67c9a78e89707d560dc4daf4&rand=19lnboxLightespn_6b4adeac67c9a78e89707d560dc4daf4_N1FiNndyV3R1dERjVzlkT0ZN-&b8fdcd2ccda3313cd1f2ad91dfcd6016e960fee3f217bbca9dfe8cb085038051
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
hjuikujyhgfvcjuyhtgfds.html
storage.googleapis.com/jwbdjbwjb.appspot.com/ Redirect Chain
|
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ |
91 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
myros342234so.ru/ghjyukmjhngbfvdc/ Frame 79B1 |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/ Frame 79B1 Redirect Chain
|
37 KB 38 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/ Frame 79B1 |
61 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flows.css
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/ Frame 79B1 |
8 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizensns.min.42588.css
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/ Frame 79B1 |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CTZ_Green-01.png
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
equal-housing.gif
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-follow-facebook.png
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
395 B 637 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-follow-twitter.png
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-follow-linkedin.png
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-follow-youtube.png
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elh.gif
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fdicFooter.gif
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/images/ Frame 79B1 |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ Frame 79B1 |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ Frame 79B1 |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ Frame 79B1 |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ Frame 79B1 |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ Frame 79B1 |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-secure.png
myros342234so.ru/efs/efs/grafx/ Frame 79B1 |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flows-tooltip.png
myros342234so.ru/efs/efs/grafx/ Frame 79B1 |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-button-white.png
myros342234so.ru/efs/efs/grafx/ Frame 79B1 |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-down-blue.png
myros342234so.ru/efs/efs/grafx/ Frame 79B1 |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-right-orange.png
myros342234so.ru/efs/efs/grafx/ Frame 79B1 |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_roman.woff
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_extrabold.woff
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_book.woff
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_bold.woff
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_roman.ttf
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_extrabold.ttf
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_book.ttf
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_bold.ttf
myros342234so.ru/ghjyukmjhngbfvdc/6b4adeac67c9a78e89707d560dc4daf4/css/font/ Frame 79B1 |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citizens Bank (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| calcHeight object| jQuery1102079938829122815941 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bit.ly/ | Name: _bit Value: l9m9sy-077b9a28b1e4e54795-00I |
13 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bit.ly
cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
myros342234so.ru
stackpath.bootstrapcdn.com
storage.googleapis.com
103.153.182.185
104.16.18.94
104.18.11.207
142.250.185.106
142.250.186.112
67.199.248.10
69.16.175.10
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
80a21256af0f906e9289c08c8b0d7ad99cfa05e1817729775eea640ce9219457
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8b63594d4fd145c85d8fe40657ef877b5e0271fe6111d9b78d52d29ca04ffaf7
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
e2456601d3bb81f044f2e7be15f426cd34f3ae315431d06befa3a1fd805d8abf
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
f11c6290b333e19c075de5a4f15a8f35212d123668ac51057ad9e8d29723c7e6
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b