docfiles.tk
Open in
urlscan Pro
192.64.117.83
Malicious Activity!
Public Scan
Effective URL: https://docfiles.tk/Adobe/Adobe%c3%82%c2%ae%20PDF%20Reader%c3%82%c2%ae%20Xl.html
Submission: On August 22 via manual from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 6th 2019. Valid for: a year.
This is the only time docfiles.tk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.118.35 167.89.118.35 | 11377 (SENDGRID) (SENDGRID - SendGrid) | |
8 | 192.64.117.83 192.64.117.83 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
2 | 206.72.196.155 206.72.196.155 | 19318 (IS-AS-1) (IS-AS-1 - Interserver) | |
12 | 3 |
ASN11377 (SENDGRID - SendGrid, Inc., US)
PTR: o16789118x35.outbound-mail.sendgrid.net
u11815246.ct.sendgrid.net |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium21-3.web-hosting.com
docfiles.tk |
ASN19318 (IS-AS-1 - Interserver, Inc, US)
PTR: server.skeero.com
www.astrojenwil.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
docfiles.tk
docfiles.tk |
250 KB |
2 |
astrojenwil.com
www.astrojenwil.com |
|
1 |
sendgrid.net
1 redirects
u11815246.ct.sendgrid.net |
291 B |
0 |
googleapis.com
Failed
fonts.googleapis.com Failed |
|
12 | 4 |
Domain | Requested by | |
---|---|---|
8 | docfiles.tk |
docfiles.tk
|
2 | www.astrojenwil.com |
docfiles.tk
|
1 | u11815246.ct.sendgrid.net | 1 redirects |
0 | fonts.googleapis.com Failed |
docfiles.tk
|
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
docfiles.tk Sectigo RSA Domain Validation Secure Server CA |
2019-08-06 - 2020-08-05 |
a year | crt.sh |
astrojenwil.com cPanel, Inc. Certification Authority |
2019-07-27 - 2019-10-25 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://docfiles.tk/Adobe/Adobe%c3%82%c2%ae%20PDF%20Reader%c3%82%c2%ae%20Xl.html
Frame ID: F806BA7C84E5C75A02CCBF942A31165F
Requests: 1 HTTP requests in this frame
Frame:
https://docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/saved_resource.html
Frame ID: C3ADF195F4D5A6811AF9E0C460897F5D
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u11815246.ct.sendgrid.net/wf/click?upn=Bo1gXASwgydOf0-2B8rXXFYQuy-2FU-2BJ1ieXcqjsoS5upIqnwUcxtN6hm35CZ...
HTTP 302
https://docfiles.tk/Adobe/Adobe%c3%82%c2%ae%20PDF%20Reader%c3%82%c2%ae%20Xl.html Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u11815246.ct.sendgrid.net/wf/click?upn=Bo1gXASwgydOf0-2B8rXXFYQuy-2FU-2BJ1ieXcqjsoS5upIqnwUcxtN6hm35CZGEmemsqVRCmK5QC-2B7C8imimN1n2Z6laVkc5fKF3IrcMNV8oxjbLy-2FScGBcTIxFwFsYaprrS_BD5-2BO3C-2FrYb-2FA6vO1-2BLqKh9wH-2BzcsUJ33m3tbExf8C6H-2FhQVQPrJ6PMkmVpTz7dPyakV91b2SvSgiaoD8curP7IfF-2F-2BJluPUnz6ge648iRBgKKLnWzskS03ueltNNS-2FNL9v4fNLTRXxbcnH9fm9UJH-2Biw3mrfrzKuVLMfljTtNKv7I-2F2AeVsdlcSOf4z-2F2Oh0QrGqVFK-2FekvxoWaAvJOVonZUalJfROrkNrIVw7Pemo-3D
HTTP 302
https://docfiles.tk/Adobe/Adobe%c3%82%c2%ae%20PDF%20Reader%c3%82%c2%ae%20Xl.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Adobe%c3%82%c2%ae%20PDF%20Reader%c3%82%c2%ae%20Xl.html
docfiles.tk/Adobe/ Redirect Chain
|
852 B 643 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource.html
docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/ Frame C3AD |
12 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.css
www.astrojenwil.com/0dHBzOi8vd3d3LmZuYi5jby56YS8wMEFzc2V0cy92Mi4yL2pzL2xpYnMvQW5pbWF0ZS5qcyI+PC9zY3JpcHQ+DQoJCTxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9I/1/Adobe%c2%ae%20PDF%20Reader%c2%ae%20X... Frame C3AD |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/ Frame C3AD |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lg_211.png
docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/ Frame C3AD |
44 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
warning_sign_clip_art_20327.gif
docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/ Frame C3AD |
36 KB 36 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lg_213.png
docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/ Frame C3AD |
70 KB 70 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/ Frame C3AD |
82 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.js
docfiles.tk/Adobe/Adobe%C3%82%C2%AE%20PDF%20Reader%C3%82%C2%AE%20Xl_files/ Frame C3AD |
234 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-ui.css
www.astrojenwil.com/0dHBzOi8vd3d3LmZuYi5jby56YS8wMEFzc2V0cy92Mi4yL2pzL2xpYnMvQW5pbWF0ZS5qcyI+PC9zY3JpcHQ+DQoJCTxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9I/1/Adobe%c2%ae%20PDF%20Reader%c2%ae%20X... Frame C3AD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
fonts.googleapis.com/ Frame C3AD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2222.png
www.astrojenwil.com/0dHBzOi8vd3d3LmZuYi5jby56YS8wMEFzc2V0cy92Mi4yL2pzL2xpYnMvQW5pbWF0ZS5qcyI+PC9zY3JpcHQ+DQoJCTxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9I/1/Adobe%C2%AE%20PDF%20Reader%C2%AE%20X... Frame C3AD |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.astrojenwil.com
- URL
- https://www.astrojenwil.com/0dHBzOi8vd3d3LmZuYi5jby56YS8wMEFzc2V0cy92Mi4yL2pzL2xpYnMvQW5pbWF0ZS5qcyI+PC9zY3JpcHQ+DQoJCTxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9I/1/Adobe%c2%ae%20PDF%20Reader%c2%ae%20Xl_files/jquery-ui.css
- Domain
- fonts.googleapis.com
- URL
- http://fonts.googleapis.com/css?family=Roboto:400,100
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
docfiles.tk
fonts.googleapis.com
u11815246.ct.sendgrid.net
www.astrojenwil.com
fonts.googleapis.com
www.astrojenwil.com
167.89.118.35
192.64.117.83
206.72.196.155
04080e27c3dd058039dac07def44ff34b512ed3443f77de7289d55744c0448be
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
5255bd699be462dfceec236065ebcc68f5dc4545a9c767f882fc42d2b292bebe
7ab17d7c830048456601619d3a6422eb5e419b1d0bfef58d8b1c533435d2e054
90d381f2ceecf0b51a299c946be129321c49562caedb197e81b3cd981c1d97d8
d299906cff501eafbe8940e7f3b9aa812a8578c9bdab56e727ca32c3c0110aaf
d3e3c3e7978c2d64521e39007547e055e469b296917572fd2c06260f70c995f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e698a451d0551cd83c162bffbd70a039ed8cf79ed3baca0b62c40ad00a4bed71