URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Submission: On April 03 via automatic, source openphish

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 35.203.187.215, located in Mountain View, United States and belongs to GOOGLE, US. The main domain is kfbiggy.ml.
This is the only time kfbiggy.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

IP Address AS Autonomous System
4 35.203.187.215 15169 (GOOGLE)
7 212.24.106.177 62282 (RACKRAY U...)
1 45.60.103.34 19551 (INCAPSULA)
12 4
Apex Domain
Subdomains
Transfer
7 duckdns.org
campuslife.duckdns.org
196 KB
4 kfbiggy.ml
kfbiggy.ml
38 KB
1 sans.edu
isc.sans.edu
24 KB
12 3
Domain Requested by
7 campuslife.duckdns.org kfbiggy.ml
4 kfbiggy.ml kfbiggy.ml
1 isc.sans.edu kfbiggy.ml
12 3

This site contains no links.

Subject Issuer Validity Valid
incapsula.com
GlobalSign CloudSSL CA - SHA256 - G3
2020-03-28 -
2021-03-29
a year crt.sh

This page contains 1 frames:

Primary Page: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Frame ID: 1FEB539FB312CBD18A6856A5C254ECAD
Requests: 13 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

8 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

258 kB
Transfer

322 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/
20 KB
20 KB
Document
General
Full URL
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
35.203.187.215 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
215.187.203.35.bc.googleusercontent.com
Software
Apache /
Resource Hash
3d979218878ff20978ce5a8bf86c9c04c32ef6fad979e6e0f5e4963cf6c0e52f

Request headers

Host
kfbiggy.ml
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:42 GMT
Server
Apache
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
truncated
/
4 KB
0
Stylesheet
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
55f7c313596e3dd498c6a095af8301060491b5aded868f729f655d5b0f3d416f

Request headers

Referer
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/css
SpryValidationTextField.css
campuslife.duckdns.org/pdf/
3 KB
1 KB
Stylesheet
General
Full URL
http://campuslife.duckdns.org/pdf/SpryValidationTextField.css
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
212.24.106.177 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
otq.l.hostens.cloud
Software
Apache /
Resource Hash
7d47cbf9aa74969bc84393dbfc6245f9d7ba2ceb5edee1b28636ff38c75f695b

Request headers

Referer
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:22 GMT
Content-Encoding
gzip
Last-Modified
Sun, 02 Sep 2018 15:00:36 GMT
Server
Apache
ETag
"bfe-574e4afe5ed00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1076
style.css
campuslife.duckdns.org/pdf/
4 KB
1 KB
Stylesheet
General
Full URL
http://campuslife.duckdns.org/pdf/style.css
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
212.24.106.177 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
otq.l.hostens.cloud
Software
Apache /
Resource Hash
a4b4bcf914972866a7b57b6439e5ca6896b0eb9d755a09def78c01c7ea63eabe

Request headers

Referer
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:22 GMT
Content-Encoding
gzip
Last-Modified
Sun, 02 Sep 2018 14:58:32 GMT
Server
Apache
ETag
"10d5-574e4a881d600-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1139
SpryValidationTextField.js
campuslife.duckdns.org/pdf/
73 KB
17 KB
Script
General
Full URL
http://campuslife.duckdns.org/pdf/SpryValidationTextField.js
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
212.24.106.177 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
otq.l.hostens.cloud
Software
Apache /
Resource Hash
7555b2cd6c16af7c07bf8f2fc42f98019f2ddd877c3a798e1f65caf689e448b2

Request headers

Referer
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:22 GMT
Content-Encoding
gzip
Last-Modified
Sun, 02 Sep 2018 14:58:10 GMT
Server
Apache
ETag
"125b0-574e4a7322480-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
17004
blurred.jpg
isc.sans.edu/diaryimages/images/
24 KB
24 KB
Image
General
Full URL
https://isc.sans.edu/diaryimages/images/blurred.jpg
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.103.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
01f108803383b949820c95cb28ed6d96c3fe953fbbd7273e924ac558ef4c2c5e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains

Request headers

Referer
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:24:42 GMT
last-modified
Mon, 19 Mar 2018 22:31:52 GMT
x-cdn
Incapsula
etag
"66d7-567cb86414d77"
strict-transport-security
max-age=31556926; includeSubDomains
content-type
image/jpeg
status
200
x-iinfo
8-9905017-0 0CNN RT(1585916682870 0) q(0 -1 -1 0) r(0 -1)
cache-control
max-age=52667, public
content-length
24164
expires
Sat, 04 Apr 2020 03:02:29 GMT
Acrobat_Reader.fw.png
kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/
5 KB
5 KB
Image
General
Full URL
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/Acrobat_Reader.fw.png
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
35.203.187.215 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
215.187.203.35.bc.googleusercontent.com
Software
Apache /
Resource Hash
81fdd33885618a0c4d8078b16976ab63748c6061a19c88ab83e544a90f736689

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:42 GMT
Last-Modified
Mon, 24 Feb 2020 15:26:05 GMT
Server
Apache
ETag
"a3c6b-8271-59f53fd65bd86"
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
33393
pdf-logo.png
kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/
1012 B
1012 B
Image
General
Full URL
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/pdf-logo.png
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
35.203.187.215 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
215.187.203.35.bc.googleusercontent.com
Software
Apache /
Resource Hash
5b877499c99c232be7f205ec1e45693deb791145becbe33d2639ca45634be6de

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:43 GMT
Last-Modified
Mon, 24 Feb 2020 15:26:05 GMT
Server
Apache
ETag
"a3c6b-8271-59f53fd65bd86"
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
33393
secure.png
campuslife.duckdns.org/pdf/
55 KB
55 KB
Image
General
Full URL
http://campuslife.duckdns.org/pdf/secure.png
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
212.24.106.177 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
otq.l.hostens.cloud
Software
Apache /
Resource Hash
eb99a9a3fc4349ffa77cefbd09d46ac646d3d9645569a2abd0e9f084df127dd1

Request headers

Referer
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:22 GMT
Last-Modified
Sun, 02 Sep 2018 14:57:29 GMT
Server
Apache
ETag
"dbe7-574e4a4c08840"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
56295
Acrobat_Reader.fw.png
campuslife.duckdns.org/pdf/
60 KB
60 KB
Image
General
Full URL
http://campuslife.duckdns.org/pdf/Acrobat_Reader.fw.png
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
212.24.106.177 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
otq.l.hostens.cloud
Software
Apache /
Resource Hash
e9d799f426b22004c33e534cf0a63f1236f1a3c18a941e899ddcfabdddf8c846

Request headers

Referer
http://campuslife.duckdns.org/pdf/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:22 GMT
Last-Modified
Sun, 02 Sep 2018 15:00:11 GMT
Server
Apache
ETag
"ee5e-574e4ae6874c0"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
61022
pdf-logo.png
campuslife.duckdns.org/pdf/
39 KB
39 KB
Image
General
Full URL
http://campuslife.duckdns.org/pdf/pdf-logo.png
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
212.24.106.177 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
otq.l.hostens.cloud
Software
Apache /
Resource Hash
58761cde7886c796f27c9283c903e296a7de07de05ed447b49ea198feea884ff

Request headers

Referer
http://campuslife.duckdns.org/pdf/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:22 GMT
Last-Modified
Sun, 02 Sep 2018 14:59:35 GMT
Server
Apache
ETag
"9b25-574e4ac4323c0"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
39717
bg_form.png
kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/images/
13 KB
13 KB
Image
General
Full URL
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/images/bg_form.png
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
35.203.187.215 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
215.187.203.35.bc.googleusercontent.com
Software
Apache /
Resource Hash
fd0fdfaef43e8a99478aa2f2e70bacf5df4ae32ee5f7be8942007aebf3f59025

Request headers

Referer
http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:43 GMT
Last-Modified
Mon, 24 Feb 2020 15:26:05 GMT
Server
Apache
ETag
"a3c6b-8271-59f53fd65bd86"
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
33393
adobe_logo_new_1.jpg
campuslife.duckdns.org/pdf/
22 KB
22 KB
Image
General
Full URL
http://campuslife.duckdns.org/pdf/adobe_logo_new_1.jpg
Requested by
Host: kfbiggy.ml
URL: http://kfbiggy.ml/_errorpages/meatvan/connect/apache/sheepwreck/?email=nobody@mycraftmail.com
Protocol
HTTP/1.1
Server
212.24.106.177 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT),
Reverse DNS
otq.l.hostens.cloud
Software
Apache /
Resource Hash
6007bf95a0410574c4801866e0cea412af057cd9314315560badca389eb198be

Request headers

Referer
http://campuslife.duckdns.org/pdf/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:24:22 GMT
Last-Modified
Sun, 02 Sep 2018 14:58:59 GMT
Server
Apache
ETag
"56aa-574e4aa1dd2c0"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
22186

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| MM_goToURL object| Spry function| validateForm object| sprytextfield1 object| sprytextfield2

0 Cookies