drive-google-one.herokuapp.com
Open in
urlscan Pro
18.208.60.216
Malicious Activity!
Public Scan
Effective URL: http://drive-google-one.herokuapp.com/authentication?reload
Submission: On November 01 via automatic, source openphish — Scanned from DE
Summary
This is the only time drive-google-one.herokuapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 15 | 18.208.60.216 18.208.60.216 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 172.67.73.104 172.67.73.104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.250.185.99 142.250.185.99 | 15169 (GOOGLE) (GOOGLE) | |
4 | 142.250.186.131 142.250.186.131 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.185.206 142.250.185.206 | 15169 (GOOGLE) (GOOGLE) | |
19 | 6 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-60-216.compute-1.amazonaws.com
drive-google-one.herokuapp.com |
ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net
fonts.gstatic.com |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net
ssl.gstatic.com |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f14.1e100.net
accounts.youtube.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
herokuapp.com
5 redirects
drive-google-one.herokuapp.com |
8 MB |
6 |
gstatic.com
fonts.gstatic.com ssl.gstatic.com |
44 KB |
2 |
youtube.com
accounts.youtube.com |
|
1 |
learnpick.in
www.learnpick.in |
4 KB |
19 | 4 |
Domain | Requested by | |
---|---|---|
15 | drive-google-one.herokuapp.com |
5 redirects
drive-google-one.herokuapp.com
|
4 | ssl.gstatic.com | |
2 | accounts.youtube.com |
drive-google-one.herokuapp.com
|
2 | fonts.gstatic.com |
drive-google-one.herokuapp.com
|
1 | www.learnpick.in |
drive-google-one.herokuapp.com
|
19 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
support.google.com |
accounts.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-12 - 2022-06-11 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://drive-google-one.herokuapp.com/authentication?reload
Frame ID: 4E269BF898F7960BF97B2257DD9CA9BC
Requests: 20 HTTP requests in this frame
Frame:
https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1313915624×tamp=1635729153437
Frame ID: B10DE3AED3E65BF1132E2A7D1716C1A5
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Google DriveGmailPage URL History Show full URLs
-
http://drive-google-one.herokuapp.com/login
HTTP 302
http://drive-google-one.herokuapp.com/authentication Page URL
- http://drive-google-one.herokuapp.com/authentication?reload Page URL
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Help
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://drive-google-one.herokuapp.com/login
HTTP 302
http://drive-google-one.herokuapp.com/authentication Page URL
- http://drive-google-one.herokuapp.com/authentication?reload Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://drive-google-one.herokuapp.com/login HTTP 302
- http://drive-google-one.herokuapp.com/authentication
- http://drive-google-one.herokuapp.com/users HTTP 302
- http://drive-google-one.herokuapp.com/authentication
- http://drive-google-one.herokuapp.com/users HTTP 302
- http://drive-google-one.herokuapp.com/authentication
- http://drive-google-one.herokuapp.com/users HTTP 302
- http://drive-google-one.herokuapp.com/authentication
- http://drive-google-one.herokuapp.com/users HTTP 302
- http://drive-google-one.herokuapp.com/authentication
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
authentication
drive-google-one.herokuapp.com/ Redirect Chain
|
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.css
drive-google-one.herokuapp.com/assets/ |
0 269 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-d25752b9ab667418e852ef42e1f03f47bd57a7d382318572379f2740fd4b6c95.js
drive-google-one.herokuapp.com/assets/ |
77 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authentication
drive-google-one.herokuapp.com/ |
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.css
drive-google-one.herokuapp.com/assets/ |
0 269 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-d25752b9ab667418e852ef42e1f03f47bd57a7d382318572379f2740fd4b6c95.js
drive-google-one.herokuapp.com/assets/ |
77 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ffffff.jpg&text=S
www.learnpick.in/placeholdergenerator/300x300/7CC9C3/ |
4 KB 4 KB |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
356 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
267 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v14/ |
14 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v14/ |
14 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=SF3gsd,wI7Sfc,pB6Zqd,rHjpXd,o02Jie,sy9d,ssIgD,lCVo3d,GJkP8c,MB66Qc,DnoIKd,sy58,sy5e,YKZpNb,sy56,sy5c,sy5f,G1cEEc,sy5g,sy5i,sy5k,em35,BOi2Oc,sy6y,sy72,sy74,Ka7I6
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.d0NYMMBLwnI.O/am=BhiYDiSCAAAAAAAAAAABAAADC4cMYj5FcPsb/d=0/rs=ABkqax2Iog5XkwBFPNKsrynApnsv1WkctA/ |
32 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CheckConnection
accounts.youtube.com/accounts/ Frame B10D |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authentication
drive-google-one.herokuapp.com/ Redirect Chain
|
1 MB 1 MB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authentication
drive-google-one.herokuapp.com/ Redirect Chain
|
1 MB 1 MB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=YTxL4,QLpTOd,sy77,uhxrz
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.d0NYMMBLwnI.O/am=BhiYDiSCAAAAAAAAAAABAAADC4cMYj5FcPsb/d=0/rs=ABkqax2Iog5XkwBFPNKsrynApnsv1WkctA/ |
2 KB 993 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=sygf,otPmVb,rlNAl
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.d0NYMMBLwnI.O/am=BhiYDiSCAAAAAAAAAAABAAADC4cMYj5FcPsb/d=0/rs=ABkqax2Iog5XkwBFPNKsrynApnsv1WkctA/ |
2 KB 857 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authentication
drive-google-one.herokuapp.com/ Redirect Chain
|
1 MB 1 MB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=iab5K,a5DQI
ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.d0NYMMBLwnI.O/am=BhiYDiSCAAAAAAAAAAABAAADC4cMYj5FcPsb/d=0/rs=ABkqax2Iog5XkwBFPNKsrynApnsv1WkctA/ |
1 KB 466 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authentication
drive-google-one.herokuapp.com/ Redirect Chain
|
1 MB 1 MB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
cspreport
accounts.youtube.com/_/AccountsDomainCookiesCheckConnectionHttp/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| Rails boolean| _rails_loaded object| ActiveStorage object| Turbolinks object| ActionCable object| App function| myFunction function| empty object| WIZ_global_data object| botguard string| viewPathPrefix boolean| cssLoaded object| _G function| _F_getAverageFps object| postmessage function| _DumpException function| _B_err object| closure_lm_690272 function| setDgResult function| AF_initDataInitializeCallback function| AF_initDataCallback object| ID_wizbind function| wiz_progress object| AF_initDataKeys object| AF_dataServiceRequests object| AF_initDataChunkQueue function| onSmsReceived function| setSkUiEvent function| setFido2SkUiEvent number| closure_uid_459306647 function| onAccountAdd function| nativePrimaryActionHit function| nativeSecondaryActionHit1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
drive-google-one.herokuapp.com/ | Name: _demo_login_form_session Value: UWTypl%2FM8p53rY8Wgp6DhLE%2BzUmPFsLXjUsBjopI6KjBOzT4lwmejovY6OMAxBa1iaSkiL8UNDw2FWyb1HUh1aWHkfXV%2Fw7GhUBOXkltUBLZWqJyWglpea%2BkYeeke0DLr0oAiR4eMndOD0SGnQ0%3D--fp%2Bg8eAVx1M2oJnk--unpxtJNCAyjKerDRyI094w%3D%3D |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.youtube.com
drive-google-one.herokuapp.com
fonts.gstatic.com
ssl.gstatic.com
www.learnpick.in
142.250.185.206
142.250.185.99
142.250.186.131
172.67.73.104
18.208.60.216
1e1c37812116c45a81199ac9302cf3bb1fa9ef9199d9d8e7a0887dd526dc039a
29568e55886a3990ddad24a1286b3cc51b09b00fb76345c3caefa61b2502c7cc
4dd6c834ec189a932533ccee9cb8564d55da31224e1cfc51089b2d44d89b56eb
5097bd66f095ee25d501d2a93bbf54d80d9e1a3ce85e70f1d2ca8f528c8ca843
517854eeef5686d0516d9900da10f56e9e424a828955821b73f8943751e51a20
6356a17bf3001a597763d2ef2ce8c22dfebad4eab0e1d3f506ec7e5febcbc3d1
a1b162bd6ab785d5ea67cc69882fc9d8598798f4558cb22cc29415f9ed5b3dae
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9
c072f1b75ba1519f33407303a323859de258a78f3d24243b61e81b6063e9c06b
c0beae1c6931f109dfff16c19540c5390aa43b7e110c4aa7283d6cc114f6b36d
ca8a090651c62cbe8c24c6e99ce3c75a2aeac745159675da0f35a3249b2d4733
d25752b9ab667418e852ef42e1f03f47bd57a7d382318572379f2740fd4b6c95
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0e2a74393cb360d78b1756535b21eb51511efa4bccca2287b880e408e3d0ad0
f5ac55f77259019aff2cb596fa7c370482d7e7ee193b584339c5ca4c8d3f9eee