storage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:81c::2010
Malicious Activity!
Public Scan
Effective URL: https://storage.googleapis.com/akitchenless-624214918/login.html?fgjbk=mq9PrjMW2AL8wxpr&ahnqaz=4R3q5u2mzgrIfk93&tuc=oRchmPXApst...
Submission: On October 12 via manual from US
Summary
TLS certificate: Issued by GTS CA 1O1 on September 22nd 2020. Valid for: 3 months.
This is the only time storage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 37.157.6.242 37.157.6.242 | 198622 (ADFORM) (ADFORM) | |
3 | 2a00:1450:400... 2a00:1450:4001:81c::2010 | 15169 (GOOGLE) (GOOGLE) | |
6 | 2606:4700:303... 2606:4700:3030::ac43:d4a2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
10 | 3 |
ASN15169 (GOOGLE, US)
storage.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
moneysmtp.com
moneysmtp.com |
20 KB |
3 |
googleapis.com
storage.googleapis.com |
156 KB |
2 |
adform.net
2 redirects
track.adform.net |
867 B |
1 |
aspnetcdn.com
ajax.aspnetcdn.com |
30 KB |
10 | 4 |
Domain | Requested by | |
---|---|---|
6 | moneysmtp.com |
storage.googleapis.com
|
3 | storage.googleapis.com |
storage.googleapis.com
|
2 | track.adform.net | 2 redirects |
1 | ajax.aspnetcdn.com |
storage.googleapis.com
|
10 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
outdatedbrowser.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-09-06 - 2021-09-06 |
a year | crt.sh |
*.vo.msecnd.net Microsoft IT TLS CA 2 |
2020-03-18 - 2022-03-18 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://storage.googleapis.com/akitchenless-624214918/login.html?fgjbk=mq9PrjMW2AL8wxpr&ahnqaz=4R3q5u2mzgrIfk93&tuc=oRchmPXApstPMmiTsrjhiSkNs&teaojrtvq=dQ6W2PUnQvGih4Om94KSuRMnTjtg&uvotoaidsq=wIcT9kfg5gGa5DMw4KP&davy=cW1ozQIF4iG7leLA59lI&xbwmvpzfz=UglotFXH7YgkzjKTryjUpkm
Frame ID: E9CF57A89680275BBBF75E24DDA95F32
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://track.adform.net/C/?bn=35405429;cpdir=https://storage.googleapis.com/akitchenless-624214918/i...
HTTP 302
https://track.adform.net/C/?CC=1&bn=35405429;cpdir=https://storage.googleapis.com/akitchenless-624214... HTTP 302
https://storage.googleapis.com/akitchenless-624214918/index.html Page URL
- https://storage.googleapis.com/akitchenless-624214918/login.html?fgjbk=mq9PrjMW2AL8wxpr&ahnqaz=4R3q5u2mzgrI... Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Update my browser now
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://track.adform.net/C/?bn=35405429;cpdir=https://storage.googleapis.com/akitchenless-624214918/index.html
HTTP 302
https://track.adform.net/C/?CC=1&bn=35405429;cpdir=https://storage.googleapis.com/akitchenless-624214918/index.html HTTP 302
https://storage.googleapis.com/akitchenless-624214918/index.html Page URL
- https://storage.googleapis.com/akitchenless-624214918/login.html?fgjbk=mq9PrjMW2AL8wxpr&ahnqaz=4R3q5u2mzgrIfk93&tuc=oRchmPXApstPMmiTsrjhiSkNs&teaojrtvq=dQ6W2PUnQvGih4Om94KSuRMnTjtg&uvotoaidsq=wIcT9kfg5gGa5DMw4KP&davy=cW1ozQIF4iG7leLA59lI&xbwmvpzfz=UglotFXH7YgkzjKTryjUpkm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://track.adform.net/C/?bn=35405429;cpdir=https://storage.googleapis.com/akitchenless-624214918/index.html HTTP 302
- https://track.adform.net/C/?CC=1&bn=35405429;cpdir=https://storage.googleapis.com/akitchenless-624214918/index.html HTTP 302
- https://storage.googleapis.com/akitchenless-624214918/index.html
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.html
storage.googleapis.com/akitchenless-624214918/ Redirect Chain
|
75 KB 76 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.html
storage.googleapis.com/akitchenless-624214918/ |
80 KB 80 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1dba3111b0418d6d209e83024863b800nbr1572797879.css
moneysmtp.com/email-list/otlk/css/ |
2 KB 667 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ba5ecdd16c000176c18fb0f77113c442nbr1572797879.css
moneysmtp.com/email-list/otlk/css/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ii.png
moneysmtp.com/email-list/otlk/imgs/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i.png
moneysmtp.com/email-list/otlk/imgs/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa.png
moneysmtp.com/email-list/otlk/imgs/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owa2.png
moneysmtp.com/email-list/otlk/imgs/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
owa2.png
storage.googleapis.com/akitchenless-624214918/imgs/ |
223 B 223 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| _0x4523 function| _0x5ae6 object| Zlib function| $ function| jQuery function| randomInteger function| randomString function| getdomainpartofemail function| get_email_hash function| validateEmail function| geturlparameter function| get_rand_url_pars0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
moneysmtp.com
storage.googleapis.com
track.adform.net
152.199.19.160
2606:4700:3030::ac43:d4a2
2a00:1450:4001:81c::2010
37.157.6.242
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
19b6b846403036cfaba60ff18304d682b488ac134cff0df1edc9f598117f3487
457b9689e76732ca02867b4d96909874049ecb59439bed48832e343012bdb3b4
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717
98686e602b5f75bbceb801ca315617579ad9ffe9e2df66d49673ea35a7e1f343
b5ee834a843ce7ce07d494bdca0cebce2492d5ce7279002a6be088fc52e2f3a9
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
eab089b97d39b8bec02d3efe0b3a5333b43a62e1b9a8aebdb2bb27830449ce19