URL: https://jamesadam.tk/app/nsw/data/index.php
Submission: On July 11 via manual from CA

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 15 HTTP transactions.
The main IP is 198.54.120.245, located in Los Angeles, United States and belongs to NAMECHEAP-NET - Namecheap, Inc., US. The main domain is jamesadam.tk.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 11th 2019. Valid for: a year.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 100/100) Show Details

  • urlscan - Score: 100
    phishing
    Phishing against Adobe (Consumer) Excel / PDF download (Online)
  • googlesafebrowsing - Score: 100 (1 resources matched) -
    social_engineering

Domain & IP information

IP Address AS Autonomous System
4 198.54.120.245 22612 (NAMECHEAP...)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 52.85.181.128 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
15 7
Domain
Subdomains
Transfer
6 translate.googleapis.com
98 KB
4 jamesadam.tk
97 KB
2 gstatic.com
3 KB
2 google.com
1 KB
1 adobelogin.com
4 KB
15 5
Domain Requested by
6 translate.googleapis.com translate.google.com
translate.googleapis.com
jamesadam.tk
4 jamesadam.tk jamesadam.tk
2 www.gstatic.com translate.googleapis.com
jamesadam.tk
1 www.google.com jamesadam.tk
1 static.adobelogin.com jamesadam.tk
1 translate.google.com jamesadam.tk
15 6

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
jamesadam.tk
Sectigo RSA Domain Validation Secure Server CA
2019-07-11 -
2020-07-10
a year
*.google.com
Google Internet Authority G3
2019-06-18 -
2019-09-10
3 months
*.googleapis.com
Google Internet Authority G3
2019-06-18 -
2019-09-10
3 months
ims-na1.adobelogin.com
DigiCert SHA2 Secure Server CA
2018-08-30 -
2020-08-28
2 years
www.google.com
Google Internet Authority G3
2019-06-18 -
2019-09-10
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
index.php
/app/nsw/data
859 B
541 B
Document
General
Full URL
https://jamesadam.tk/app/nsw/data/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.54.120.245 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
premium77-2.web-hosting.com
Software
Apache / PHP/7.2.19
Resource Hash
712626fd5a4b83d597b07898063dac93281d036065697a1ad41447f4afe220dd

Request headers

:method
GET
:authority
jamesadam.tk
:scheme
https
:path
/app/nsw/data/index.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Thu, 11 Jul 2019 21:18:45 GMT
server
Apache
x-powered-by
PHP/7.2.19
vary
Accept-Encoding
content-encoding
gzip
content-length
382
content-type
text/html; charset=UTF-8
UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
/app/nsw/data
169 KB
97 KB
Document
General
Full URL
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.54.120.245 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
premium77-2.web-hosting.com
Software
Apache /
Resource Hash
2e6a7cbdf81482833f2e1778d3d8bbaddc83da09ef4ab397997c91147a539be1

Request headers

:method
GET
:authority
jamesadam.tk
:scheme
https
:path
/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://jamesadam.tk/app/nsw/data/index.php
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://jamesadam.tk/app/nsw/data/index.php

Response headers

status
200
date
Thu, 11 Jul 2019 21:18:45 GMT
server
Apache
last-modified
Wed, 24 May 2017 18:40:06 GMT
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
element.js?cb=googleTranslateElementInit
translate.google.com/translate_a
2 KB
1004 B
Script
General
Full URL
https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
HTTP server (unknown) /
Resource Hash
4e0cdb14ce141d0469be51d23885f3ff4c854f6c5704f76178680a435d06d1ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jul 2019 21:18:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
HTTP server (unknown)
content-language
en
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
727
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
translateelement.css
translate.googleapis.com/translate_static/css
18 KB
4 KB
Stylesheet
General
Full URL
https://translate.googleapis.com/translate_static/css/translateelement.css
Requested by
Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 11 Jul 2019 20:50:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 07 May 2019 20:15:00 GMT
server
sffe
age
1667
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
3619
x-xss-protection
0
expires
Thu, 11 Jul 2019 21:50:58 GMT
main.js
translate.googleapis.com/translate_static/js/element
3 KB
2 KB
Script
General
Full URL
https://translate.googleapis.com/translate_static/js/element/main.js
Requested by
Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
86f3495600283e9deefe4e44e80ee7b4ddc8de48f76a339ce1bed042487b0452
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 11 Jul 2019 21:18:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 08 May 2019 20:45:00 GMT
server
sffe
age
13
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1527
x-xss-protection
0
expires
Thu, 11 Jul 2019 22:18:32 GMT
element_main.js
translate.googleapis.com/element/TE_20190506_00/e/js/element
239 KB
86 KB
Script
General
Full URL
https://translate.googleapis.com/element/TE_20190506_00/e/js/element/element_main.js
Requested by
Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
89c11d8b34714ec4fd59a8521ad438be75fe0ef29133c72384379ebe344794f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 11 Jul 2019 19:51:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5242
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
88234
x-xss-protection
0
last-modified
Mon, 06 May 2019 09:48:06 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 10 Jul 2020 19:51:23 GMT
045110ca15262c13aa37af60dbb4b51a.png
static.adobelogin.com/clients/adobe_document_cloud
4 KB
4 KB
Image
General
Full URL
https://static.adobelogin.com/clients/adobe_document_cloud/045110ca15262c13aa37af60dbb4b51a.png
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.181.128 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-181-128.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8d21d3e842557ae561c62bc19a0145c9b480028fedbc9e4fe941cebafb916131

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
null
via
1.1 528e50fb19578ca598eb8f9e2157ef09.cloudfront.net (CloudFront)
last-modified
Fri, 13 Mar 2015 23:25:18 GMT
server
AmazonS3
age
1070
etag
"1454dcbe98fb5de47f4a165d4ef14306"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=3600
date
Thu, 11 Jul 2019 21:01:00 GMT
x-amz-cf-pop
FRA50
accept-ranges
bytes
content-length
3776
x-amz-cf-id
IUNLyW3CMY6qB4Izss74_bPygRcWkvbcPFQqnJhM2RqLQYStJtvLJQ==
data:truncated
data:truncated
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2929cf3f163034015f18e06bcf082ecc0c8aa45d6e02a351f773a8034c8d3e6e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
data:truncated
data:truncated
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d0bfe28809b4a92a8a586e58459896fd8ecbab93fb0bda5cd94fc57eeb273227

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
data:truncated
data:truncated
73 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
data:truncated
data:truncated
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cf47dd71a230a784e848996d3d034626c87342322b5d1cac5a2984862b66d44f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
et-line.woff
/app/nsw/data/fonts
0
0
Font
General
Full URL
https://jamesadam.tk/app/nsw/data/fonts/et-line.woff
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.54.120.245 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
premium77-2.web-hosting.com
Software
Apache /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Origin
https://jamesadam.tk

Response headers

status
404
date
Thu, 11 Jul 2019 21:18:46 GMT
server
Apache
content-length
348
content-type
text/html; charset=iso-8859-1
data:truncated
data:truncated
10 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a34f64f7b7249e5ca89075393abc19402fd66ea388eba9058e05bec774e36870

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
data:truncated
data:truncated
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bac3e4d8497f82631fffa341b395bdaee2284a3452032e646280e5c9f9c353a4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
data:truncated
data:truncated
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d007cebeda9390317ce4ae9d86b8c157a6e4d3af303713c2e546e9efc4ff80fc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
data:truncated
data:truncated
8 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7035e805c9c04700ebdc6b57140e0235a7ace4056e17a47829f3aacb1af143a5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
et-line.ttf
/app/nsw/data/fonts
0
0
Font
General
Full URL
https://jamesadam.tk/app/nsw/data/fonts/et-line.ttf
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.54.120.245 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
premium77-2.web-hosting.com
Software
Apache /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Origin
https://jamesadam.tk

Response headers

status
404
date
Thu, 11 Jul 2019 21:18:46 GMT
server
Apache
content-length
347
content-type
text/html; charset=iso-8859-1
l?client=te&alpha=true&hl=en&cb=_callbacks____0jxz6ct9h
translate.googleapis.com/translate_a
3 KB
1 KB
Script
General
Full URL
https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=_callbacks____0jxz6ct9h
Requested by
Host: translate.googleapis.com
URL: https://translate.googleapis.com/element/TE_20190506_00/e/js/element/element_main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
f2c9bedadcc4c3428f5e0c52cdc30d4bc69f837a35b585507da37be2a0382aa5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-pt2c0NQB4Fk6jB55llAbEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', script-src 'nonce-pt2c0NQB4Fk6jB55llAbEw' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com;report-uri /_/TranslateApiHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'report-sample' 'nonce-pt2c0NQB4Fk6jB55llAbEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', script-src 'nonce-pt2c0NQB4Fk6jB55llAbEw' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com;report-uri /_/TranslateApiHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
date
Thu, 11 Jul 2019 21:18:46 GMT
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
status
200
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
translate_24dp.png
www.gstatic.com/images/branding/product/2x
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/images/branding/product/2x/translate_24dp.png
Requested by
Host: translate.googleapis.com
URL: https://translate.googleapis.com/element/TE_20190506_00/e/js/element/element_main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://translate.googleapis.com/translate_static/css/translateelement.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 09 Jul 2019 06:58:04 GMT
x-content-type-options
nosniff
last-modified
Thu, 21 Apr 2016 03:17:22 GMT
server
sffe
age
224442
vary
Origin
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1847
x-xss-protection
0
expires
Wed, 08 Jul 2020 06:58:04 GMT
translateelement.css
translate.googleapis.com/translate_static/css
18 KB
4 KB
Stylesheet
General
Full URL
https://translate.googleapis.com/translate_static/css/translateelement.css
Requested by
Host: translate.googleapis.com
URL: https://translate.googleapis.com/element/TE_20190506_00/e/js/element/element_main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 11 Jul 2019 21:02:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 07 May 2019 20:15:00 GMT
server
sffe
age
1002
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
3619
x-xss-protection
0
expires
Thu, 11 Jul 2019 22:02:04 GMT
translate_24dp.png
www.gstatic.com/images/branding/product/1x
825 B
917 B
Image
General
Full URL
https://www.gstatic.com/images/branding/product/1x/translate_24dp.png
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 29 Jun 2019 17:06:13 GMT
x-content-type-options
nosniff
last-modified
Thu, 21 Apr 2016 03:17:22 GMT
server
sffe
age
1051953
vary
Origin
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
825
x-xss-protection
0
expires
Sun, 28 Jun 2020 17:06:13 GMT
Verified cleardot.gif
www.google.com/images
43 B
183 B
Image
General
Full URL
https://www.google.com/images/cleardot.gif
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Verified resource
extjs/3.4.1-1/resources/images/default/s.gif at cdnjs.com, project extjs
extjs/3.4.1-1/resources/images/gray/s.gif at cdnjs.com, project extjs
extjs/3.4.1-1/resources/images/yourtheme/s.gif at cdnjs.com, project extjs
extjs/3.4.1-1/resources/images/vista/s.gif at cdnjs.com, project extjs
extjs/4.2.1/resources/ext-theme-gray/images/tree/s.gif at cdnjs.com, project extjs
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jul 2019 21:18:46 GMT
x-content-type-options
nosniff
last-modified
Thu, 08 Dec 2016 01:00:57 GMT
server
sffe
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
43
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
te_ctrl3.gif
translate.googleapis.com/translate_static/img
1 KB
1 KB
Image
General
Full URL
https://translate.googleapis.com/translate_static/img/te_ctrl3.gif
Requested by
Host: jamesadam.tk
URL: https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
d228d0256370863119c043f1e5ca8f3930f6999bd9f250434b6d8935f45dc171
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://jamesadam.tk/app/nsw/data/UntitledNotebook1.html?run=login_cmd&statuts=f17ca2c829680ada2fec9fc87bc5f60678e51a4abfb3d2ea63e2034d039f4a70
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 02 Jun 2019 21:43:36 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Aug 2017 20:15:00 GMT
server
sffe
age
3368110
content-type
image/gif
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1412
x-xss-protection
0
expires
Mon, 01 Jun 2020 21:43:36 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan - Score: 100

Categories:
phishing

Tags:
phishing

Phishing against: Adobe (Consumer) Excel / PDF download (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| googleTranslateElementInit object| google function| popupwnd number| lastpass_iter undefined| lastpass_f object| closure_lm_186814

0 Cookies

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

jamesadam.tk
static.adobelogin.com
translate.google.com
translate.googleapis.com
www.google.com
www.gstatic.com


198.54.120.245
2a00:1450:4001:806::200e
2a00:1450:4001:815::2004
2a00:1450:4001:81f::2003
2a00:1450:4001:825::200a
52.85.181.128

1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
2929cf3f163034015f18e06bcf082ecc0c8aa45d6e02a351f773a8034c8d3e6e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e6a7cbdf81482833f2e1778d3d8bbaddc83da09ef4ab397997c91147a539be1
4e0cdb14ce141d0469be51d23885f3ff4c854f6c5704f76178680a435d06d1ca
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
7035e805c9c04700ebdc6b57140e0235a7ace4056e17a47829f3aacb1af143a5
712626fd5a4b83d597b07898063dac93281d036065697a1ad41447f4afe220dd
86f3495600283e9deefe4e44e80ee7b4ddc8de48f76a339ce1bed042487b0452
89c11d8b34714ec4fd59a8521ad438be75fe0ef29133c72384379ebe344794f8
8d21d3e842557ae561c62bc19a0145c9b480028fedbc9e4fe941cebafb916131
99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d
a34f64f7b7249e5ca89075393abc19402fd66ea388eba9058e05bec774e36870
bac3e4d8497f82631fffa341b395bdaee2284a3452032e646280e5c9f9c353a4
bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf
cf47dd71a230a784e848996d3d034626c87342322b5d1cac5a2984862b66d44f
d007cebeda9390317ce4ae9d86b8c157a6e4d3af303713c2e546e9efc4ff80fc
d0bfe28809b4a92a8a586e58459896fd8ecbab93fb0bda5cd94fc57eeb273227
d228d0256370863119c043f1e5ca8f3930f6999bd9f250434b6d8935f45dc171
f2c9bedadcc4c3428f5e0c52cdc30d4bc69f837a35b585507da37be2a0382aa5