urlscan.io logo urlscan.io
SecurityTrails logo

underwaterx.ml Open in urlscan Pro
142.93.14.211  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Submission: On August 08 via manual from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 6 HTTP transactions. The main IP is 142.93.14.211, located in North York, Canada and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is underwaterx.ml.
This is the only time underwaterx.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 142.93.14.211 14061 (DIGITALOC...)
3 6 2620:100:6022... 19679 (DROPBOX)
1 104.196.165.36 15169 (GOOGLE)
1 157.7.107.203 7506 (INTERQ GM...)
6 5
1    142.93.14.211 (North York, Canada)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
underwaterx.ml
6    2620:100:6022:6::a27d:4206 (United States)

ASN19679 (DROPBOX - Dropbox, Inc., US)
dl.dropbox.com
dl.dropboxusercontent.com
1    104.196.165.36 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 36.165.196.104.bc.googleusercontent.com
www.datalogics.com
1    157.7.107.203 (Tokyo, Japan)

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: 157-7-107-203.virt.lolipop.jp
www.kanko-kumejima.com
Domain Requested by
3 dl.dropboxusercontent.com underwaterx.ml
3 dl.dropbox.com 3 redirects
1 www.kanko-kumejima.com underwaterx.ml
1 www.datalogics.com underwaterx.ml
1 underwaterx.ml
6 5

This site contains no links.

Subject Issuer Validity Valid
*.dl.dropboxusercontent.com
DigiCert SHA2 High Assurance Server CA		 2017-03-06 -
2020-03-10		 3 years crt.sh
*.datalogics.com
COMODO RSA Domain Validation Secure Server CA		 2016-03-01 -
2019-05-31		 3 years crt.sh

This page contains 1 frames:

Primary Page: http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Frame ID: CFE8B6B407DB239C923160651722C448
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i

Page Statistics

6
Requests

67 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

307 kB
Transfer

492 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://dl.dropbox.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0 HTTP 307
  • https://dl.dropbox.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0 HTTP 302
  • https://dl.dropboxusercontent.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0
Request Chain 1
  • http://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 307
  • https://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 302
  • https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
Request Chain 4
  • http://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 307
  • https://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0 HTTP 302
  • https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Proposal-Notice.pdf.htm
underwaterx.ml/balo/ 		253 KB
253 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Protocol
HTTP/1.1
Server
142.93.14.211 North York, Canada, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
f49162ca067de72567c0592a5e8d8b035046b7b8f491d7f2dfb72c4f61ff46bb

Request headers

Host
underwaterx.ml
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
CFE8B6B407DB239C923160651722C448

Response headers

Date
Wed, 08 Aug 2018 15:11:55 GMT
Server
Apache
Last-Modified
Thu, 02 Aug 2018 19:29:15 GMT
Accept-Ranges
bytes
Content-Length
258836
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
jquery.min.js
dl.dropboxusercontent.com/s/1s5m6chy2qaa7kf/
Redirect Chain
  • http://dl.dropbox.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0
  • https://dl.dropbox.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0
  • https://dl.dropboxusercontent.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0
Requested by
Host: underwaterx.ml
URL: http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:100:6022:6::a27d:4206 , United States, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type
text/html

Redirect headers

pragma
no-cache
date
Wed, 08 Aug 2018 15:11:55 GMT
server
nginx
status
302
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/1s5m6chy2qaa7kf/jquery.min.js?dl=0
cache-control
no-cache
content-security-policy
sandbox
strict-transport-security
max-age=15552000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex
x-dropbox-request-id
647c71830119d9de5af0b5c111328a66
blur.js
dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/
Redirect Chain
  • http://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0
  • https://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0
  • https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
Requested by
Host: underwaterx.ml
URL: http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:100:6022:6::a27d:4206 , United States, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type
text/html

Redirect headers

pragma
no-cache
date
Wed, 08 Aug 2018 15:11:55 GMT
server
nginx
status
302
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
cache-control
no-cache
content-security-policy
sandbox
strict-transport-security
max-age=15552000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex
x-dropbox-request-id
cd1b02081d2a137b0218ad28cbdba2e9
Adobe_Systems_logo_and_wordmark.svg_-300x300.png
www.datalogics.com/wp-content/uploads/2016/01/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.datalogics.com/wp-content/uploads/2016/01/Adobe_Systems_logo_and_wordmark.svg_-300x300.png
Requested by
Host: underwaterx.ml
URL: http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.196.165.36 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
36.165.196.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
7212fb9c7bb2f1ec2d4fb30f327736673b663bf99a4e1358498757b63c3e84e9

Request headers

Referer
http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-type
static/known
date
Wed, 08 Aug 2018 15:11:56 GMT
last-modified
Thu, 29 Sep 2016 17:48:36 GMT
server
nginx
status
200
etag
"57ed53f4-22e8"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
content-length
8936
icon_pdf_w.png
www.kanko-kumejima.com/wp-content/uploads/ 		46 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.kanko-kumejima.com/wp-content/uploads/icon_pdf_w.png
Requested by
Host: underwaterx.ml
URL: http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Protocol
HTTP/1.1
Server
157.7.107.203 Tokyo, Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
157-7-107-203.virt.lolipop.jp
Software
Apache /
Resource Hash
139ee408ae17e198ba610a453c75535560d1b697217060620b8ef3695d96248f

Request headers

Referer
http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 08 Aug 2018 15:11:57 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Sep 2015 00:04:52 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
45601
blur.js
dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/
Redirect Chain
  • http://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0
  • https://dl.dropbox.com/s/pb3r1y65stfc0k4/blur.js?dl=0
  • https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
Requested by
Host: underwaterx.ml
URL: http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:100:6022:6::a27d:4206 , United States, ASN19679 (DROPBOX - Dropbox, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://underwaterx.ml/balo/Proposal-Notice.pdf.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type
text/html

Redirect headers

pragma
no-cache
date
Wed, 08 Aug 2018 15:11:56 GMT
server
nginx
status
302
content-type
text/html; charset=utf-8
location
https://dl.dropboxusercontent.com/s/pb3r1y65stfc0k4/blur.js?dl=0
cache-control
no-cache
content-security-policy
sandbox
strict-transport-security
max-age=15552000; includeSubDomains
x-robots-tag
noindex, nofollow, noimageindex
x-dropbox-request-id
eacf569203569581df39df8f3e0c71cc
truncated
/ 		185 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de5759935c7920693eaa85aa5497d6340accc27c428f23a02300c4a8a03dcd57

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm

0 Cookies