![](/screenshots/1b1e86c8-3c86-4d85-930c-1c2d0776ac9c.png)
underwaterx.ml
Open in
urlscan Pro
142.93.14.211
Malicious Activity!
Public Scan
Submission: On August 08 via manual from CA
Summary
This is the only time underwaterx.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 142.93.14.211 142.93.14.211 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
3 6 | 2620:100:6022... 2620:100:6022:6::a27d:4206 | 19679 (DROPBOX) (DROPBOX - Dropbox) | |
1 | 104.196.165.36 104.196.165.36 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 157.7.107.203 157.7.107.203 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
6 | 5 |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
underwaterx.ml |
ASN19679 (DROPBOX - Dropbox, Inc., US)
dl.dropbox.com | |
dl.dropboxusercontent.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: 36.165.196.104.bc.googleusercontent.com
www.datalogics.com |
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: 157-7-107-203.virt.lolipop.jp
www.kanko-kumejima.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
dropboxusercontent.com
dl.dropboxusercontent.com |
|
3 |
dropbox.com
3 redirects
dl.dropbox.com |
873 B |
1 |
kanko-kumejima.com
www.kanko-kumejima.com |
45 KB |
1 |
datalogics.com
www.datalogics.com |
9 KB |
1 |
underwaterx.ml
underwaterx.ml |
253 KB |
6 | 5 |
Domain | Requested by | |
---|---|---|
3 | dl.dropboxusercontent.com |
underwaterx.ml
|
3 | dl.dropbox.com | 3 redirects |
1 | www.kanko-kumejima.com |
underwaterx.ml
|
1 | www.datalogics.com |
underwaterx.ml
|
1 | underwaterx.ml | |
6 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.dl.dropboxusercontent.com DigiCert SHA2 High Assurance Server CA |
2017-03-06 - 2020-03-10 |
3 years | crt.sh |
*.datalogics.com COMODO RSA Domain Validation Secure Server CA |
2016-03-01 - 2019-05-31 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Frame ID: CFE8B6B407DB239C923160651722C448
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://dl.dropbox.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0 HTTP 307
- https://dl.dropbox.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0 HTTP 302
- https://dl.dropboxusercontent.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0
- http://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 307
- https://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 302
- https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
- http://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 307
- https://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 302
- https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Proposal-Notice.pdf.htm
underwaterx.ml/balo/ |
253 KB 253 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
dl.dropboxusercontent.com/s/1s5m6chy2qaa7kf/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
blur.js
dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
Adobe_Systems_logo_and_wordmark.svg_-300x300.png
www.datalogics.com/wp-content/uploads/2016/01/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_pdf_w.png
www.kanko-kumejima.com/wp-content/uploads/ |
46 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
blur.js
dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
185 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| validateForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dl.dropbox.com
dl.dropboxusercontent.com
underwaterx.ml
www.datalogics.com
www.kanko-kumejima.com
104.196.165.36
142.93.14.211
157.7.107.203
2620:100:6022:6::a27d:4206
139ee408ae17e198ba610a453c75535560d1b697217060620b8ef3695d96248f
7212fb9c7bb2f1ec2d4fb30f327736673b663bf99a4e1358498757b63c3e84e9
de5759935c7920693eaa85aa5497d6340accc27c428f23a02300c4a8a03dcd57
f49162ca067de72567c0592a5e8d8b035046b7b8f491d7f2dfb72c4f61ff46bb