storage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:81f::2010
Malicious Activity!
Public Scan
Submission: On January 24 via manual from IE
Summary
TLS certificate: Issued by GTS CA 1O1 on January 7th 2020. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 2a00:1450:400... 2a00:1450:4001:81f::2010 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff18 | 201011 (NETZBETRI...) (NETZBETRIEB-GMBH) | |
3 | 2a02:26f0:10c... 2a02:26f0:10c:384::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:196::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
19 | 4 |
ASN15169 (GOOGLE, US)
storage.googleapis.com |
ASN201011 (NETZBETRIEB-GMBH, DE)
img-prod-cms-rt-microsoft-com.akamaized.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
googleapis.com
storage.googleapis.com |
691 KB |
3 |
s-microsoft.com
c.s-microsoft.com |
92 KB |
1 |
microsoft.com
www.microsoft.com |
26 KB |
1 |
akamaized.net
img-prod-cms-rt-microsoft-com.akamaized.net |
4 KB |
19 | 4 |
Domain | Requested by | |
---|---|---|
14 | storage.googleapis.com |
storage.googleapis.com
|
3 | c.s-microsoft.com |
storage.googleapis.com
|
1 | www.microsoft.com |
storage.googleapis.com
|
1 | img-prod-cms-rt-microsoft-com.akamaized.net |
storage.googleapis.com
|
19 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
store.office.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com GTS CA 1O1 |
2020-01-07 - 2020-03-31 |
3 months | crt.sh |
a248.e.akamai.net DigiCert Secure Site ECC CA-1 |
2019-08-13 - 2020-08-12 |
a year | crt.sh |
www.microsoft.com Microsoft IT TLS CA 5 |
2019-10-21 - 2021-10-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://storage.googleapis.com/aoffice365-pyrosmalite-443417722/index.html
Frame ID: 119178A79EEB6F4732F9DC424B27F430
Requests: 19 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: English (United States)
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
storage.googleapis.com/aoffice365-pyrosmalite-443417722/ |
38 KB 39 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
storage.googleapis.com/aoffice365-pyrosmalite-443417722/css/ |
268 KB 268 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
storage.googleapis.com/aoffice365-pyrosmalite-443417722/js/ |
86 KB 86 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
responsive.js
storage.googleapis.com/aoffice365-pyrosmalite-443417722/js/ |
125 KB 126 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.jpg
storage.googleapis.com/aoffice365-pyrosmalite-443417722/images/ |
50 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gmail.png
storage.googleapis.com/aoffice365-pyrosmalite-443417722/images/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol.png
storage.googleapis.com/aoffice365-pyrosmalite-443417722/images/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
outlook.png
storage.googleapis.com/aoffice365-pyrosmalite-443417722/images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
office.png
storage.googleapis.com/aoffice365-pyrosmalite-443417722/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo.png
storage.googleapis.com/aoffice365-pyrosmalite-443417722/images/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
other.png
storage.googleapis.com/aoffice365-pyrosmalite-443417722/images/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
33 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mwfmdl2-v3.48.woff
www.microsoft.com/mwf/_h/v3.48/mwf.app/fonts/ |
26 KB 26 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui_light.woff2
storage.googleapis.com/versionless/webfonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/ |
29 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui_light.woff
storage.googleapis.com/versionless/webfonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui_light.ttf
storage.googleapis.com/versionless/webfonts/ |
0 0 |
Font
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| get_extra_data object| msCommonShell0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.s-microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
storage.googleapis.com
www.microsoft.com
2a00:1450:4001:81f::2010
2a01:4a0:1338:28::c38a:ff18
2a02:26f0:10c:384::356e
2a02:26f0:6c00:196::356e
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
2c8fd92e7fc91909f5c662cf7300a075f54d3aca755efb6e613c1480b59795c0
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
56a6a953c17fe304d2f0cd1b1c7105ecfe21b1701d2066b8a9e07286dc0026e8
6aef0dbdff9451e51404bf4af25c6e26938604817f545639e983a022050b78d0
7ee44fa06df7b64ffccbb44eda316c39b0d9aaf31d0e03918a66e0975ecf84f9
804da9bf2367258e2a08eb02db98271b122af20353cf78c6141768233cf3a9ee
a67c09f426883e24555b0fae1b19863c94ee88be1d07bd7a4055998ecadf7966
a8d7a5fcbb469f532608730bfe0e78bf7b2be59fcb8ea9c460ec78d0f1237c8d
ab27309667d5992b803b62016e03fbbfdae71fd826eb71d32252ae9225d07984
adc17bd4b3316aa74c71cb00ae4af1cdc11f2a67d7ae3e6a2d2ea395b3ece87e
d6d6319b07f87864e271e8136b13d5fe6e230cc263f4b75a3468edf27d6fa9d7
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
f09319522510a4fe4295b47414a63ef35781025c7b4cc27523cf6809b096f455