https://storage.googleapis.com/compileropen/compiler.open
142.250.31.207 · Google LLC
Mountain View, United States
7802 days
200 · 107.5s
Valid· WR2, Google Trust Services, US
COMPLETED
Domain Intelligence: youtube.com
Scanned 2 times since Apr 29, 2026, 02:10 PM UTC
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
YouTube (storage.googleapis.com hosting a YouTube page)
Vendors
26/31
Status
partial
Registered-domain escalation
Submit youtube.com as the primary IOC, enriched with evidence from hostile subdomains like storage.googleapis.com.
No KB/IOK detections were recorded for this scan.
Technology · 7/19/2026
The page presents YouTube branding and appears to load YouTube assets, but the domain is storage.googleapis.com, which impersonates Google/YouTube branding. The final URL redirects to https://www.youtube.com/ and the page title is YouTube, with YouTube assets and scripts loaded. While impersonation indicators exist in domain intelligence, the final destination is the official YouTube domain; no clear credential phishing form is observed in the static HTML. The evidence suggests potential impersonation risk due to domain similarity signals, but the page ultimately redirects to the legitimate YouTube site rather than collecting credentials here.
Capture
Stages: 2
Canonical: Settled Render
Changed: No
Credential Signals
Forms: 1
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 159
Hosts: 14
Domains: 9
Suspicious Endpoints
hxxps://www[.]youtube[.]com/api/jnn/v1/GenerateIT
hxxps://www[.]youtube[.]com/results
The scan shows strong impersonation signals due to the domain impersonating Google/YouTube branding, with a final redirect to the official YouTube domain. This could be used to mislead users into thinking they are interacting with YouTube on storage.googleapis.com, a known hosting domain, and the presence of an accounts.google.com login iframe indicates a potential credential harvesting vector if displayed to users. However, there is no definitive credential capture form on the static HTML; the page ultimately loads legitimate YouTube assets and redirects to the genuine domain. Given the impersonation signals and the deliberate hosting on a Google-branded domain, this warrants cautious monitoring and potential blocking if a user-facing impersonation page is confirmed, but current evidence stops short of definitive abuse delivery on this host.
Monitor