![](/screenshots/358cf03b-b69c-4629-aada-e4973663fffb.png)
sharefilesxp.work.gd
Open in
urlscan Pro
139.59.17.23
Malicious Activity!
Public Scan
Submission: On March 14 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 12th 2023. Valid for: 3 months.
This is the only time sharefilesxp.work.gd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 139.59.17.23 139.59.17.23 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 142.251.42.202 142.251.42.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.65.229 151.101.65.229 | 54113 (FASTLY) (FASTLY) | |
1 | 104.21.73.63 104.21.73.63 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 13.35.49.29 13.35.49.29 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 20.74.48.56 20.74.48.56 | () () | |
2 | 103.102.166.240 103.102.166.240 | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 104.21.77.112 104.21.77.112 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 9 |
ASN15169 (GOOGLE, US)
PTR: nrt12s47-in-f10.1e100.net
fonts.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-49-29.nrt20.r.cloudfront.net
auth.services.adobe.com |
ASN14907 (WIKIMEDIA, US)
PTR: upload-lb.eqsin.wikimedia.org
upload.wikimedia.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
work.gd
sharefilesxp.work.gd |
2 MB |
2 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2283 |
78 KB |
2 |
adobe.com
auth.services.adobe.com — Cisco Umbrella Rank: 3773 |
151 KB |
1 |
logo.wine
download.logo.wine — Cisco Umbrella Rank: 273925 |
26 KB |
1 |
hellowork.com
f.hellowork.com |
21 KB |
1 |
cdn-services.com
ns.cdn-services.com |
885 B |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 337 |
777 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 194 |
1 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34 |
949 B |
19 | 9 |
Domain | Requested by | |
---|---|---|
9 | sharefilesxp.work.gd |
sharefilesxp.work.gd
|
2 | upload.wikimedia.org | |
2 | auth.services.adobe.com | |
1 | download.logo.wine | |
1 | f.hellowork.com | |
1 | ns.cdn-services.com |
sharefilesxp.work.gd
|
1 | cdn.jsdelivr.net |
sharefilesxp.work.gd
|
1 | cdnjs.cloudflare.com |
sharefilesxp.work.gd
|
1 | fonts.googleapis.com |
sharefilesxp.work.gd
|
19 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sharefilesxp.work.gd cPanel, Inc. Certification Authority |
2023-03-12 - 2023-06-10 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-20 - 2023-05-15 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4 |
2022-12-23 - 2024-01-24 |
a year | crt.sh |
auth.services.adobe.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-21 - 2024-03-23 |
a year | crt.sh |
*.hellowork.com Gandi Standard SSL CA 2 |
2022-04-04 - 2023-04-29 |
a year | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-10-27 - 2023-11-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sharefilesxp.work.gd/
Frame ID: F2AA691A3173B969A95C7F4F6B9CED32
Requests: 19 HTTP requests in this frame
Screenshot
![](/screenshots/358cf03b-b69c-4629-aada-e4973663fffb.png)
Page Title
Adobe IDDetected technologies
![](/vendor/wappa/icons/Vue.js.png)
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
sharefilesxp.work.gd/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 949 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.min.js
cdnjs.cloudflare.com/ajax/libs/adblock-detect/1.0.5/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.min.js
cdn.jsdelivr.net/npm/@adonisjs/framework@5.0.13/ |
430 B 777 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
init.js
sharefilesxp.work.gd/config/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.6303725c.js
sharefilesxp.work.gd/js/ |
973 KB 973 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.1e6f110f.js
sharefilesxp.work.gd/js/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.5b226abe.css
sharefilesxp.work.gd/css/ |
645 KB 646 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.72f6d2b2.css
sharefilesxp.work.gd/css/ |
979 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ip
ns.cdn-services.com/ |
319 B 885 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
29.7d47d7d1.js
sharefilesxp.work.gd/js/ |
714 B 968 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
322.b2763ed2.js
sharefilesxp.work.gd/js/ |
29 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MichaelSchauer.jpg
auth.services.adobe.com/img/canvas/ |
148 KB 149 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
materialdesignicons-webfont.e9db4005.woff2
sharefilesxp.work.gd/fonts/ |
318 KB 318 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adobe_logo_white.svg
auth.services.adobe.com/img/generic/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gmail-logo-1200x758.jpg
f.hellowork.com/blogdumoderateur/2019/03/ |
21 KB 21 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1200px-Microsoft_Office_logo_%282013%E2%80%932019%29.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Microsoft_Office_logo_%282013%E2%80%932019%29.svg/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1200px-Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/d/df/Microsoft_Office_Outlook_%282018%E2%80%93present%29.svg/ |
65 KB 66 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo!_Mail-Logo.wine.png
download.logo.wine/logo/Yahoo!_Mail/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| adblockDetect object| webpackChunkadobe boolean| __VUE__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.services.adobe.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
download.logo.wine
f.hellowork.com
fonts.googleapis.com
ns.cdn-services.com
sharefilesxp.work.gd
upload.wikimedia.org
103.102.166.240
104.17.24.14
104.21.73.63
104.21.77.112
13.35.49.29
139.59.17.23
142.251.42.202
151.101.65.229
20.74.48.56
04c46437c95332ff328ad49268aa482bce22625dd5b88c529a872b3e8f6bbb84
0e5c9c430c430273551c46e69d58bec076c4171a41f56ef0411e670a76651a7c
47cd4c2ee2dbb764a95f8eb5a59babfe140207871e27f0a6b9e44a9e89305004
4e7f73b48510402b5c1e5b3801fe84bdff544e55bad85af4df4c2407e307f698
505b412122ce40778f49ae20a7ec48cde61668e40aaa887a0bd366d3cb3aea15
5ae3faecd4c355015d6f3e22fe2ab0b99a8ed68b0be77f6fa315c4629e2f93d9
62175170675734d0960537439d450d22a569ecdc4b3ade979e61a2f22d4ba9d5
688b82121718b312f73c0ea37c08cb66b4d18423f51d5526795d08a5cef6ec59
6dcf40fd04d3387edc5d792b6c7d978af1ba834014f7028765f9342db989f6ee
73c3d8c3e9a8def4e24d51f455de5362ad7553e2f3e36d25ba54fb960d588817
758cad4afb3211839ab227311eac86811c7562993ae3bdd67f9099602c424276
77576f4c230c940d7e805d530487e5f7db2cc7fd35839d44269fa1a549d477e0
85a615f6750c0769f01cbfd6113f86feccd0cc8eea46a74ff9cb845b21f6de5e
85ad13f22cf2a01bb468b042727480e83c543750dbab2bd82017f39245ea7f52
956b947b5c61c21f1a87e4919a500bf6b2fc90763e7f643a7a113c449264cd48
9df2d660ffc601d375fc05a80c7ee885977e88e1acf20893a34e1645cd2e748d
b74cd9c45abbb2d5926beb554db944fd3f7045536c8acd15c42347c5f83f728f
d91c29bcf81c848135875cec80202a9a5c36fbe48e35483a143ce6a177275adc
da7fba3ca3e0b9cd42a9cd10c7c6ed16d2fdb938174116601cd3d51033c6f490