firebasestorage.googleapis.com
Open in
urlscan Pro
2a00:1450:4001:829::200a
Malicious Activity!
Public Scan
Submission: On September 07 via automatic, source openphish
Summary
TLS certificate: Issued by GTS CA 1O1 on August 16th 2021. Valid for: 3 months.
This is the only time firebasestorage.googleapis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:303... 2606:4700:3037::6815:4e07 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:10:... 2606:4700:10::6816:92d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 108.167.134.13 108.167.134.13 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 145.239.131.60 145.239.131.60 | 16276 (OVH) (OVH) | |
16 | 8 |
ASN15169 (GOOGLE, US)
firebasestorage.googleapis.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: hgbk4-c1c2.hostgator.com
www.hgsitebuilder.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cloudflare.com
cdnjs.cloudflare.com |
182 KB |
3 |
fontawesome.com
use.fontawesome.com |
13 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
30 KB |
1 |
ibb.co
i.ibb.co |
1 MB |
1 |
jquery.com
code.jquery.com |
33 KB |
1 |
hgsitebuilder.com
www.hgsitebuilder.com |
176 KB |
1 |
iconfinder.com
cdn1.iconfinder.com |
214 KB |
1 |
googleapis.com
firebasestorage.googleapis.com |
9 KB |
16 | 8 |
Domain | Requested by | |
---|---|---|
6 | cdnjs.cloudflare.com |
firebasestorage.googleapis.com
cdnjs.cloudflare.com |
3 | use.fontawesome.com |
firebasestorage.googleapis.com
use.fontawesome.com |
2 | maxcdn.bootstrapcdn.com |
firebasestorage.googleapis.com
|
1 | i.ibb.co |
firebasestorage.googleapis.com
|
1 | code.jquery.com |
firebasestorage.googleapis.com
|
1 | www.hgsitebuilder.com |
firebasestorage.googleapis.com
|
1 | cdn1.iconfinder.com |
firebasestorage.googleapis.com
|
1 | firebasestorage.googleapis.com | |
16 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1O1 |
2021-08-16 - 2021-11-08 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
hgsitebuilder.com Sectigo RSA Domain Validation Secure Server CA |
2020-12-30 - 2022-01-30 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
ibb.co R3 |
2021-08-06 - 2021-11-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://firebasestorage.googleapis.com/v0/b/dfghj-85a57.appspot.com/o/dlh.shtm?token=78059310-3584-42f2-a031-1ff2d2fa93ce&lwxvgydjfu=&alt=media
Frame ID: E632B70A01474E4AF851155E25329FC3
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
loginLogin-DHLDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
- html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
dlh.shtm
firebasestorage.googleapis.com/v0/b/dfghj-85a57.appspot.com/o/ |
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3fa6ba2462.js
use.fontawesome.com/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DHL_Shipping.png
cdn1.iconfinder.com/data/icons/iconMac/512/ |
214 KB 214 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl.png
www.hgsitebuilder.com/files/writeable/uploads/hostgator641826/image/ |
175 KB 176 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.2.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ |
82 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrapvalidator.min.js
cdnjs.cloudflare.com/ajax/libs/bootstrap-validator/0.4.5/js/ |
55 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
3fa6ba2462.css
use.fontawesome.com/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
i.ibb.co/0C3Lrkp/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/fonts/ |
55 KB 56 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| hash undefined| theleft undefined| theright undefined| string1 undefined| mailformat object| FontAwesomeCdnConfig string| cssUrl function| $ function| jQuery undefined| dec0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn1.iconfinder.com
cdnjs.cloudflare.com
code.jquery.com
firebasestorage.googleapis.com
i.ibb.co
maxcdn.bootstrapcdn.com
use.fontawesome.com
www.hgsitebuilder.com
108.167.134.13
145.239.131.60
2001:4de0:ac18::1:a:2b
2606:4700:10::6816:92d
2606:4700:3037::6815:4e07
2606:4700::6810:135e
2606:4700::6812:bcf
2a00:1450:4001:829::200a
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
473842579288c04e865ecfa63ae67a45d6e9a0871c9cf2aea4db32637cf7bbb8
4ba4997b46862ba86edbd4e739cbe478bf9a1a1f2f4340c89df7edd8e0b04bb3
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
6afb314235a3f024031853ddf5de4ce5d9cea952cdbe002d274a2962dffe0962
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
a8c5cb039624fc9574b08f6beab86699ad9d4160c67e47ed21e8b851b0325214
a995c0545a5eddfa7bc9d8ad18a5f6145a4e39193efc48a416d57c445eddd6c0
ad019acf5d661b2fca6fc31282f0abef65d498de7b838bb5d681f11697f8d5c2
c67215cb72fca6e1912e29e0f2384c9899857d3c452f095588c1bdf937baf789
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
f32967682487269c4d7e91816fdf4f50e0f68f8c432db54120a359c723e587ef
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c