![](/screenshots/b810007b-2134-4049-bd8e-ab23c8b51165.png)
storage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:812::2010
Malicious Activity!
Public Scan
Effective URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html
Submission: On July 11 via manual from US
Summary
TLS certificate: Issued by Google Internet Authority G3 on June 19th 2018. Valid for: 2 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DocuSign (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
1 1 | 206.189.125.60 206.189.125.60 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::681b:a72b | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
15 | 2a00:1450:400... 2a00:1450:4001:812::2010 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
16 | 2 |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: ubuntu-linkshorten-jomstat.bid
llcurl.bid |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
a.timeurl.bid |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
googleapis.com
storage.googleapis.com |
196 KB |
1 |
timeurl.bid
a.timeurl.bid |
1 KB |
1 |
llcurl.bid
1 redirects
llcurl.bid |
994 B |
1 |
bit.ly
1 redirects
bit.ly |
344 B |
16 | 4 |
Domain | Requested by | |
---|---|---|
15 | storage.googleapis.com |
a.timeurl.bid
storage.googleapis.com |
1 | a.timeurl.bid | |
1 | llcurl.bid | 1 redirects |
1 | bit.ly | 1 redirects |
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni207399.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-07-10 - 2019-01-16 |
6 months | crt.sh |
*.storage.googleapis.com Google Internet Authority G3 |
2018-06-19 - 2018-08-28 |
2 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html
Frame ID: 2ABEEF2F8A07C9EF0CF099CDF144EB4A
Requests: 16 HTTP requests in this frame
Screenshot
![](/screenshots/b810007b-2134-4049-bd8e-ab23c8b51165.png)
Page URL History Show full URLs
-
http://bit.ly/2KKK2Jx
HTTP 301
http://llcurl.bid/O5Qqd HTTP 301
https://a.timeurl.bid/qdfvwj.html Page URL
- https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Page URL
Detected technologies
Detected patterns
- headers server /cloudflare/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bit.ly/2KKK2Jx
HTTP 301
http://llcurl.bid/O5Qqd HTTP 301
https://a.timeurl.bid/qdfvwj.html Page URL
- https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://bit.ly/2KKK2Jx HTTP 301
- http://llcurl.bid/O5Qqd HTTP 301
- https://a.timeurl.bid/qdfvwj.html
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
qdfvwj.html
a.timeurl.bid/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
storage.googleapis.com/ducosign-glimpsed-139534571/ |
17 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
storage.googleapis.com/docusign_files/ |
98 KB 98 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open_sans.html
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.css
storage.googleapis.com/docusign_files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_002.html
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.html
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
storage.googleapis.com/docusign_files/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.htm
storage.googleapis.com/docusign_files/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylesheet.css
storage.googleapis.com/docusign_files/ |
38 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
domain_privacy.html
storage.googleapis.com/docusign_files/ |
226 B 226 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seo_ebook.html
storage.googleapis.com/docusign_files/ |
221 B 221 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images.png
storage.googleapis.com/docusign_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aodc.png
storage.googleapis.com/docusign_files/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ofdc.png
storage.googleapis.com/docusign_files/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
storage.googleapis.com/docusign_files/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DocuSign (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| PAGE object| NVData string| thisTheme object| DEFAULT_BOX_ORDER number| optionselect_autogo string| homedir object| optionselect_list0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.timeurl.bid
bit.ly
llcurl.bid
storage.googleapis.com
206.189.125.60
2400:cb00:2048:1::681b:a72b
2a00:1450:4001:812::2010
67.199.248.10
0cb03017a11386396db52913bb4b377f9cbf7b052325e9b15f20d2d78c29b69b
1f472249189259c8db46994e5dcd3aa01213dad921d0c362759c355d93914a1a
220ee65dd93d1ba67c0be883717fd2e37b5fec1b13ddc147d259e44dc89a423e
424bd6c62d481e5b507562fb784aec7c1ea5fe4e5ce9e7c3d5d317fedc0bd4a2
67f340851c1de7b6aa091f222d0cdff3eef5a36def8d8829021c61412a1d7e83
77c73c4a9fdc2718ee8c0c918eff7c5ae0e6fef9bdb23aa38ef73e35b728dd92
9e754152a7033fd9f87c34e89c42aa2c8a15673ce348bcaf4d99739b80a338f4
a58b97fdde9b0740e51911a4cd572eef6cf836dd0a1eeada2d27e374dbbf2746
aa21d3c66d09d8d46fa18ab1c6bc7e0cc077713fe62f32dec1828bc9e79da79f
bc98aa68f72a31cb078c7d29082879969090368fdececd1920a63be9d5b82d77
f81009f970db0975bbb5309affd9123db985f6608a3053b83d745c3bd53af92b
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620