storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:812::2010 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bit.ly/2KKK2Jx
Effective URL:
https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html
Submission: On July 11 via manual (July 11th 2018, 9:06:49 pm UTC) from US

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2a00:1450:4001:812::2010, located in Ireland and belongs to GOOGLE - Google LLC, US. The main domain is storage.googleapis.com.
TLS certificate: Issued by Google Internet Authority G3 on June 19th 2018. Valid for: 2 months.

This is the only time storage.googleapis.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DocuSign (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	395224 (BITLY-AS) (BITLY-AS - Bitly Inc)
1 1	206.189.125.60 206.189.125.60	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1	2400:cb00:204... 2400:cb00:2048:1::681b:a72b	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
15	2a00:1450:400... 2a00:1450:4001:812::2010	15169 (GOOGLE) (GOOGLE - Google LLC)
16	2

1 67.199.248.10 (United States) 1 redirects

ASN395224 (BITLY-AS - Bitly Inc, US)

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.189.125.60 (New York, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: ubuntu-linkshorten-jomstat.bid

llcurl.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::681b:a72b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.timeurl.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:812::2010 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	googleapis.com storage.googleapis.com	196 KB
1	timeurl.bid a.timeurl.bid	1 KB
1	llcurl.bid 1 redirects llcurl.bid	994 B
1	bit.ly 1 redirects bit.ly	344 B
16	4

	Domain	Requested by
15	storage.googleapis.com	a.timeurl.bid storage.googleapis.com
1	a.timeurl.bid
1	llcurl.bid	1 redirects
1	bit.ly	1 redirects
16	4

This site contains no links.

Subject Issuer	Validity	Valid
sni207399.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-07-10` - `2019-01-16`	6 months	crt.sh
*.storage.googleapis.com Google Internet Authority G3	`2018-06-19` - `2018-08-28`	2 months	crt.sh

This page contains 1 frames:

Primary Page: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html
Frame ID: 2ABEEF2F8A07C9EF0CF099CDF144EB4A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://bit.ly/2KKK2Jx HTTP 301
http://llcurl.bid/O5Qqd HTTP 301
https://a.timeurl.bid/qdfvwj.html Page URL
https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

197 kB
Transfer

195 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bit.ly/2KKK2Jx HTTP 301
http://llcurl.bid/O5Qqd HTTP 301
https://a.timeurl.bid/qdfvwj.html Page URL
https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://bit.ly/2KKK2Jx HTTP 301
http://llcurl.bid/O5Qqd HTTP 301
https://a.timeurl.bid/qdfvwj.html

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	qdfvwj.html Show response a.timeurl.bid/ Redirect Chain http://bit.ly/2KKK2Jx http://llcurl.bid/O5Qqd https://a.timeurl.bid/qdfvwj.html	1 KB 1 KB	111ms 56ms	Document text/html	2400:cb00:2048:1::681b:a72b Cloudflare
General Check archive.org Show headers Download Go to Full URL https://a.timeurl.bid/qdfvwj.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2400:cb00:2048:1::681b:a72b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `bc98aa68f72a31cb078c7d29082879969090368fdececd1920a63be9d5b82d77` Request headers :method GET :authority a.timeurl.bid :scheme https :path /qdfvwj.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 2ABEEF2F8A07C9EF0CF099CDF144EB4A Response headers status 200 date Wed, 11 Jul 2018 21:06:38 GMT content-type text/html set-cookie __cfduid=dd0fad258c4b27a440e2d69f2ac7812a81531343198; expires=Thu, 11-Jul-19 21:06:38 GMT; path=/; domain=.timeurl.bid; HttpOnly last-modified Wed, 04 Jul 2018 00:39:52 GMT vary Accept-Encoding expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 438e3c3129b563c7-FRA content-encoding gzip Redirect headers Date Wed, 11 Jul 2018 21:06:38 GMT Server Apache/2.4.18 (Ubuntu) Cache-Control no-cache Location https://a.timeurl.bid/qdfvwj.html Set-Cookie XSRF-TOKEN=eyJpdiI6Imw1b2NPTjFocVwvaXVwVWE2SUQwclpBPT0iLCJ2YWx1ZSI6ImdCMUJIWnA5bXp2VUtRTVY4SWE5anVCZmNRdHU3YlVXNjRoYkFiMUxObEdVcGtNdFc4KzhXeGVzQnorSGlwakQwUGJFVFp2K3NTWmFySWVjbzdZMUp3PT0iLCJtYWMiOiJmZWU2NGE1YmU0MThmOTkyZTM1NzQwYjMyYjJkZTUzOTQ0MTVmNDAxODQ4YzJjYjdhM2E2YTY0MzExOGIxOGY0In0%3D; expires=Wed, 11-Jul-2018 23:06:38 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6ImRWUFZwTitBb0VcL3BkMmRPdTJKeW93PT0iLCJ2YWx1ZSI6IkVreXNNb0hJRStMTWRyQUZENEdWdEh3aWhidkl0NU42Q2VYZ1wvdU5OSXVJWUdpZWM5RmtzMklhbGlVc1RRaXVhaUVqR29talFNTFd5WHdjSTlLOG5idz09IiwibWFjIjoiNGRmYmMzYjZiNWMzNzJiMjMxYzI2YWYyYjI2MGY0ZjljMTdjZGM0YzFhZjE4NjRjNjUwMjNiMzdiZjkyN2VlYSJ9; expires=Wed, 11-Jul-2018 23:06:38 GMT; Max-Age=7200; path=/; HttpOnly Content-Length 376 Connection close Content-Type text/html; charset=UTF-8
GET H2	200	Primary Request index.html Show response storage.googleapis.com/ducosign-glimpsed-139534571/	17 KB 18 KB	305ms 284ms	Document text/html	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Requested by Host: a.timeurl.bid URL: https://a.timeurl.bid/qdfvwj.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `1f472249189259c8db46994e5dcd3aa01213dad921d0c362759c355d93914a1a` Request headers :method GET :authority storage.googleapis.com :scheme https :path /ducosign-glimpsed-139534571/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 referer https://a.timeurl.bid/qdfvwj.html accept-encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 2ABEEF2F8A07C9EF0CF099CDF144EB4A Referer https://a.timeurl.bid/qdfvwj.html Response headers status 200 x-guploader-uploadid AEnB2Uq6w6eWp85gD4mXdSLRmsaN8GpGPZaaQVeB0-p8DzcL65_IE8s7WFwBT7_OXoxfdhWSx8InQzTtuuiBw8dCcsjv9PxtSg expires Wed, 11 Jul 2018 22:06:40 GMT date Wed, 11 Jul 2018 21:06:40 GMT cache-control public, max-age=3600 last-modified Wed, 04 Jul 2018 00:39:51 GMT etag "ff0c3920325193b8aaa5da74eb6535f2" x-goog-generation 1530664791464788 x-goog-metageneration 1 x-goog-stored-content-encoding identity x-goog-stored-content-length 17883 content-type text/html x-goog-hash crc32c=KbYyFg== md5=/ww5IDJRk7iqpdp062U18g== x-goog-storage-class STANDARD accept-ranges bytes content-length 17883 server UploadServer alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35"
GET H2	200	bootstrap.css storage.googleapis.com/docusign_files/	98 KB 98 KB	11ms 9ms	Stylesheet text/css	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/bootstrap.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `0cb03017a11386396db52913bb4b377f9cbf7b052325e9b15f20d2d78c29b69b` Request headers :path /docusign_files/bootstrap.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:34 GMT age 2646 x-guploader-uploadid AEnB2Urv_qO19lKWCsEjW2YcBo8zi9qrBjiOsXCzVO_tXGdI9C07CSoAs5deRICgAI9_wXWpILLIiZfH6Kdw5TwlO4-2KK8B1A x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 99967 last-modified Fri, 29 Sep 2017 22:16:03 GMT server UploadServer etag "282654c5ee87b36cbae19c44a5d64e00" x-goog-hash crc32c=Vfgvow== md5=KCZUxe6Hs2y64ZxEpdZOAA== x-goog-generation 1506723363644053 cache-control public, max-age=3600 x-goog-stored-content-length 99967 accept-ranges bytes content-type text/css expires Wed, 11 Jul 2018 21:22:34 GMT
GET H2	403	open_sans.html storage.googleapis.com/docusign_files/	0 0	413ms 411ms	Stylesheet application/xml	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/open_sans.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash Request headers :path /docusign_files/open_sans.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 21:06:40 GMT server UploadServer x-guploader-uploadid AEnB2Uplw-yLrLO7gGCBCb5tO54GoWt1-tjEChAwOd4OnwqNmdhRFNS8pS6wq7eCa7SKfK2e_-Ye6cCmBMOLxuwcf1_xkA0ecw content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 221 expires Wed, 11 Jul 2018 21:06:40 GMT
GET H2	200	base.css storage.googleapis.com/docusign_files/	4 KB 4 KB	22ms 20ms	Stylesheet text/css	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/base.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `424bd6c62d481e5b507562fb784aec7c1ea5fe4e5ce9e7c3d5d317fedc0bd4a2` Request headers :path /docusign_files/base.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:34 GMT age 2646 x-guploader-uploadid AEnB2Ur17wbl6PT-c2vxtoBRZxuduF3zllqpj7A2K9_D4mPY-GJIA26MhD7SLXs7e1DTREnMIJy9JsiFnoto4n49OAFHjYzJ6w x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 4009 last-modified Fri, 29 Sep 2017 22:16:03 GMT server UploadServer etag "dd9359f44dcbf7b9f31bdde136e52bca" x-goog-hash crc32c=1Xoe1A== md5=3ZNZ9E3L97nzG93hNuUryg== x-goog-generation 1506723363569645 cache-control public, max-age=3600 x-goog-stored-content-length 4009 accept-ranges bytes content-type text/css expires Wed, 11 Jul 2018 21:22:34 GMT
GET H2	403	css_002.html storage.googleapis.com/docusign_files/	0 0	413ms 411ms	Stylesheet application/xml	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/css_002.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash Request headers :path /docusign_files/css_002.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 21:06:40 GMT server UploadServer x-guploader-uploadid AEnB2UqNyLxzIFeOTum5qLkZ7tjKgRL5kUYalhNDLtF8VMsFM15gRgi9pKVmsow7PCkG1lLMIOAlk-f89rPlIhOR_1fs-8vO3g content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 219 expires Wed, 11 Jul 2018 21:06:40 GMT
GET H2	403	css.html storage.googleapis.com/docusign_files/	0 0	413ms 412ms	Stylesheet application/xml	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/css.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash Request headers :path /docusign_files/css.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 21:06:40 GMT server UploadServer x-guploader-uploadid AEnB2UpEAbysF2an8WwNQTWHOm2dV3Ny_vKx3anuE__FZ9UoRPlXZ5covXiWCMTMAFgWgCI7fplOjeo-ZsT9KbxUbT7ActsdYQ content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 215 expires Wed, 11 Jul 2018 21:06:40 GMT
GET H2	200	index.css storage.googleapis.com/docusign_files/	3 KB 3 KB	21ms 20ms	Stylesheet text/css	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/index.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `9e754152a7033fd9f87c34e89c42aa2c8a15673ce348bcaf4d99739b80a338f4` Request headers :path /docusign_files/index.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:34 GMT age 2646 x-guploader-uploadid AEnB2UqzihKxOk7v9aybQrUo6YhvYkNmtoJxXFHDzl9ZjUAPGkh-vrKZlP3A7QMjKErXcSRK0bpnKoSWiujo-LnEepOp2nFKyg x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 3112 last-modified Fri, 29 Sep 2017 22:16:06 GMT server UploadServer etag "d594ebc0f6b1c27a44b26e15e7cb0949" x-goog-hash crc32c=ysIK4w== md5=1ZTrwPaxwnpEsm4V58sJSQ== x-goog-generation 1506723366999572 cache-control public, max-age=3600 x-goog-stored-content-length 3112 accept-ranges bytes content-type text/css expires Wed, 11 Jul 2018 21:22:34 GMT
GET H2	403	css.htm storage.googleapis.com/docusign_files/	0 0	411ms 410ms	Stylesheet application/xml	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/css.htm Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash Request headers :path /docusign_files/css.htm pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 21:06:40 GMT server UploadServer x-guploader-uploadid AEnB2Uquu0bSmC0UOF40GWwWFwTKnI-p55wAL-anofxmw9YqUFFBTUFRJgZg8-L216lQXfuWZKGCLlkq7ZWBLr2HHuOnf48Nmg content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 214 expires Wed, 11 Jul 2018 21:06:40 GMT
GET H2	200	stylesheet.css storage.googleapis.com/docusign_files/	38 KB 39 KB	17ms 17ms	Stylesheet text/css	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/docusign_files/stylesheet.css Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `aa21d3c66d09d8d46fa18ab1c6bc7e0cc077713fe62f32dec1828bc9e79da79f` Request headers :path /docusign_files/stylesheet.css pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:34 GMT age 2646 x-guploader-uploadid AEnB2Upx4j1pMnWPpYL_ui3FT-0CtypPtie2Ol7K9pBJXAvCKtiIk8BMwecoZQqQ7x74My0_uwNhRqrLryplE6xqzZS2uxVIFw x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 39358 last-modified Fri, 29 Sep 2017 22:16:10 GMT server UploadServer etag "906e1f6ed1645a20abd7f56b349a8808" x-goog-hash crc32c=6QccBg== md5=kG4fbtFkWiCr1/VrNJqICA== x-goog-generation 1506723370858078 cache-control public, max-age=3600 x-goog-stored-content-length 39358 accept-ranges bytes content-type text/css expires Wed, 11 Jul 2018 21:22:34 GMT
GET H2	403	domain_privacy.html storage.googleapis.com/docusign_files/	226 B 226 B	413ms 412ms	Image application/xml	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/domain_privacy.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `a58b97fdde9b0740e51911a4cd572eef6cf836dd0a1eeada2d27e374dbbf2746` Request headers :path /docusign_files/domain_privacy.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 21:06:40 GMT server UploadServer x-guploader-uploadid AEnB2UolMIN6cc3B0Rs4-X3mSIBZx8bXAom3kIxJnWkco_r7EPEXNzvUcVSlAJ3Yw4myLI6RWHC61HkT89tU_7wS2RHvpUtO4Q content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 226 expires Wed, 11 Jul 2018 21:06:40 GMT
GET H2	403	seo_ebook.html storage.googleapis.com/docusign_files/	221 B 221 B	411ms 410ms	Image application/xml	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/seo_ebook.html Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `220ee65dd93d1ba67c0be883717fd2e37b5fec1b13ddc147d259e44dc89a423e` Request headers :path /docusign_files/seo_ebook.html pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html :scheme https :method GET Referer https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 21:06:40 GMT server UploadServer x-guploader-uploadid AEnB2Ur29EdT5U3KCXkJVd-zuRmTkkq0GemMu7cXCIvtj9umFfg7wARYPBwZRSHdAG4qQNc2R-Zu9V4P6U2HAenLV1OoXB0CEA content-type application/xml; charset=UTF-8 status 403 cache-control private, max-age=0 alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 221 expires Wed, 11 Jul 2018 21:06:40 GMT
GET H2	200	images.png storage.googleapis.com/docusign_files/	3 KB 3 KB	11ms 10ms	Image image/png	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/images.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `67f340851c1de7b6aa091f222d0cdff3eef5a36def8d8829021c61412a1d7e83` Request headers :path /docusign_files/images.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:35 GMT age 2645 x-guploader-uploadid AEnB2UpbYXK6Aizq7MCG_lvjeMEDJYUdvHvCs9sx-3RCGmx_dH_o0hsdL2nxttwhcQkRlyfrAaErKbaLPs5m-vUYPm-pTOTWZQ x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 2899 last-modified Fri, 29 Sep 2017 22:16:05 GMT server UploadServer etag "df3829fa7b84d9e92afc174363a61bee" x-goog-hash crc32c=oOpqoQ== md5=3zgp+nuE2ekq/BdDY6Yb7g== x-goog-generation 1506723365489244 cache-control public, max-age=3600 x-goog-stored-content-length 2899 accept-ranges bytes content-type image/png expires Wed, 11 Jul 2018 21:22:35 GMT
GET H2	200	aodc.png storage.googleapis.com/docusign_files/	15 KB 16 KB	10ms 10ms	Image image/png	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/aodc.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `f81009f970db0975bbb5309affd9123db985f6608a3053b83d745c3bd53af92b` Request headers :path /docusign_files/aodc.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:35 GMT age 2645 x-guploader-uploadid AEnB2UoVEAiWIdRRaMc7rN7pCYPwVuZP1CRb3p0dg17c-lXL8I3Sz4wu0S_DrJ35Z1niHFxmnX5_9rFllRUhcLjSBIc69vWXLg x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 15857 last-modified Fri, 29 Sep 2017 22:16:03 GMT server UploadServer etag "ef8a5981db9eb379977dd906bfbb7c88" x-goog-hash crc32c=wOuBhg== md5=74pZgdues3mXfdkGv7t8iA== x-goog-generation 1506723363550140 cache-control public, max-age=3600 x-goog-stored-content-length 15857 accept-ranges bytes content-type image/png expires Wed, 11 Jul 2018 21:22:35 GMT
GET H2	200	ofdc.png storage.googleapis.com/docusign_files/	7 KB 7 KB	10ms 10ms	Image image/png	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/ofdc.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `77c73c4a9fdc2718ee8c0c918eff7c5ae0e6fef9bdb23aa38ef73e35b728dd92` Request headers :path /docusign_files/ofdc.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:35 GMT age 2645 x-guploader-uploadid AEnB2Uoz7nOASstjQm38JBJusTyUaTycj7xpKi8naoAFSY19MRlQObxGHuxG4TjYeLpDivVKruKgfwqERoEycoqyVkyqCYk0RQ x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 6905 last-modified Fri, 29 Sep 2017 22:16:08 GMT server UploadServer etag "9f68017947e9ec02850b97115add63a6" x-goog-hash crc32c=gOgynA== md5=n2gBeUfp7AKFC5cRWt1jpg== x-goog-generation 1506723368111866 cache-control public, max-age=3600 x-goog-stored-content-length 6905 accept-ranges bytes content-type image/png expires Wed, 11 Jul 2018 21:22:35 GMT
GET H2	200	logo.png storage.googleapis.com/docusign_files/	7 KB 8 KB	9ms 9ms	Image image/png	2a00:1450:4001:812::2010 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://storage.googleapis.com/docusign_files/logo.png Requested by Host: storage.googleapis.com URL: https://storage.googleapis.com/ducosign-glimpsed-139534571/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:812::2010 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software UploadServer / Resource Hash `fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620` Request headers :path /docusign_files/logo.png pragma no-cache accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority storage.googleapis.com referer https://storage.googleapis.com/docusign_files/stylesheet.css :scheme https :method GET Referer https://storage.googleapis.com/docusign_files/stylesheet.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 11 Jul 2018 20:22:35 GMT age 2645 x-guploader-uploadid AEnB2UqByEAzZ6cmTpNdI8p4t5vkVUL9ytemrTxvypUFm44_G1PNwBJnzZgOCY8cwW6SPgC_12C1Z6PdRJOoh18C0TjDzT-IyA x-goog-storage-class MULTI_REGIONAL status 200 x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc quic=":443"; ma=2592000; v="43,42,41,39,35" content-length 7635 last-modified Fri, 29 Sep 2017 22:16:06 GMT server UploadServer etag "1059986618539574ca4fa0bcfd699006" x-goog-hash crc32c=v4V5LQ== md5=EFmYZhhTlXTKT6C8/WmQBg== x-goog-generation 1506723366996892 cache-control public, max-age=3600 x-goog-stored-content-length 7635 accept-ranges bytes content-type image/png expires Wed, 11 Jul 2018 21:22:35 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DocuSign (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.timeurl.bid
bit.ly
llcurl.bid
storage.googleapis.com
206.189.125.60
2400:cb00:2048:1::681b:a72b
2a00:1450:4001:812::2010
67.199.248.10
0cb03017a11386396db52913bb4b377f9cbf7b052325e9b15f20d2d78c29b69b
1f472249189259c8db46994e5dcd3aa01213dad921d0c362759c355d93914a1a
220ee65dd93d1ba67c0be883717fd2e37b5fec1b13ddc147d259e44dc89a423e
424bd6c62d481e5b507562fb784aec7c1ea5fe4e5ce9e7c3d5d317fedc0bd4a2
67f340851c1de7b6aa091f222d0cdff3eef5a36def8d8829021c61412a1d7e83
77c73c4a9fdc2718ee8c0c918eff7c5ae0e6fef9bdb23aa38ef73e35b728dd92
9e754152a7033fd9f87c34e89c42aa2c8a15673ce348bcaf4d99739b80a338f4
a58b97fdde9b0740e51911a4cd572eef6cf836dd0a1eeada2d27e374dbbf2746
aa21d3c66d09d8d46fa18ab1c6bc7e0cc077713fe62f32dec1828bc9e79da79f
bc98aa68f72a31cb078c7d29082879969090368fdececd1920a63be9d5b82d77
f81009f970db0975bbb5309affd9123db985f6608a3053b83d745c3bd53af92b
fa2776137cbda7fb85aaa56be710f14e5d3d18e231756cfbe283a2938e7d6620

storage.googleapis.com Open in urlscan Pro 2a00:1450:4001:812::2010 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

197 kBTransfer

195 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

storage.googleapis.com Open in urlscan Pro
2a00:1450:4001:812::2010 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

197 kB
Transfer

195 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!