adobe-connect.gq
Open in
urlscan Pro
2606:4700:3035::6818:640e
Malicious Activity!
Public Scan
Effective URL: https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/?session=MWIzMWQ1MDk2ZGM2ZDM0ZD...
Submission: On May 26 via manual from HK
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on May 13th 2020. Valid for: 5 months.
This is the only time adobe-connect.gq was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fake Adobe UpdateDomain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.16 167.89.123.16 | 11377 (SENDGRID) (SENDGRID) | |
5 | 169.47.124.25 169.47.124.25 | 36351 (SOFTLAYER) (SOFTLAYER) | |
3 9 | 2606:4700:303... 2606:4700:3035::6818:640e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 2 |
ASN11377 (SENDGRID, US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u16501255.ct.sendgrid.net |
ASN36351 (SOFTLAYER, US)
PTR: 19.7c.2fa9.ip4.static.sl-reverse.com
pdf.us-south.cf.appdomain.cloud |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
adobe-connect.gq
3 redirects
adobe-connect.gq |
433 KB |
5 |
appdomain.cloud
pdf.us-south.cf.appdomain.cloud |
4 KB |
1 |
sendgrid.net
1 redirects
u16501255.ct.sendgrid.net |
282 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
9 | adobe-connect.gq |
3 redirects
adobe-connect.gq
|
5 | pdf.us-south.cf.appdomain.cloud | |
1 | u16501255.ct.sendgrid.net | 1 redirects |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.us-south.cf.appdomain.cloud DigiCert SHA2 Secure Server CA |
2019-09-24 - 2020-09-28 |
a year | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-05-13 - 2020-10-09 |
5 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/?session=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&ref=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&login=puros.khan1@huawei.com
Frame ID: D67507F47F93B8D9C8DA910CE5608F24
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u16501255.ct.sendgrid.net/ls/click?upn=ZuFAIcgtjUZjVE-2BOHnSJDftXNBmjk4NUcCax2FIupsms-2BQuJyLM4RS0hPKx...
HTTP 302
https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
-
https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/index.php?login=puros.khan1@huawei.com
HTTP 302
https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f?session=MWI... HTTP 301
http://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/?session=MW... HTTP 301
https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/?session=MW... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u16501255.ct.sendgrid.net/ls/click?upn=ZuFAIcgtjUZjVE-2BOHnSJDftXNBmjk4NUcCax2FIupsms-2BQuJyLM4RS0hPKxjDV-2B4G1HqJfE57gCBESnZ9iOWhWwv31SPfGZ5shS211EHjI7wwSDIoaYFJ0Stv2OY2wftVZbF_i5fpniJWPa6h8Lfs7W3aplxdK-2Bd03A1LDAe5Kv-2BbiO5hulQewgSjaCe1vdNLL42OlUdBzop9aLRfy1188sFslCWiGRW4BwIqylk4XR-2FiFdwsFiYD7lQYJO-2BbBi6IBzyenNcbFCvA-2F9cUEtYgJp-2FofNX-2FWcvEIVza-2Ben3GicvvzhvPdNQytYBU3rmjPwwHyImDfbHJXP93e8oVCYqmS-2F55e6k0XlIoar6FVdYKuOr41k-3D
HTTP 302
https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com Page URL
-
https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/index.php?login=puros.khan1@huawei.com
HTTP 302
https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f?session=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&ref=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&login=puros.khan1@huawei.com HTTP 301
http://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/?session=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&ref=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&login=puros.khan1@huawei.com HTTP 301
https://adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/?session=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&ref=MWIzMWQ1MDk2ZGM2ZDM0ZDhkMzA4YTc1YTFlMzQ4OTM=&login=puros.khan1@huawei.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://u16501255.ct.sendgrid.net/ls/click?upn=ZuFAIcgtjUZjVE-2BOHnSJDftXNBmjk4NUcCax2FIupsms-2BQuJyLM4RS0hPKxjDV-2B4G1HqJfE57gCBESnZ9iOWhWwv31SPfGZ5shS211EHjI7wwSDIoaYFJ0Stv2OY2wftVZbF_i5fpniJWPa6h8Lfs7W3aplxdK-2Bd03A1LDAe5Kv-2BbiO5hulQewgSjaCe1vdNLL42OlUdBzop9aLRfy1188sFslCWiGRW4BwIqylk4XR-2FiFdwsFiYD7lQYJO-2BbBi6IBzyenNcbFCvA-2F9cUEtYgJp-2FofNX-2FWcvEIVza-2Ben3GicvvzhvPdNQytYBU3rmjPwwHyImDfbHJXP93e8oVCYqmS-2F55e6k0XlIoar6FVdYKuOr41k-3D HTTP 302
- https://pdf.us-south.cf.appdomain.cloud/index.php?login=puros.khan1@huawei.com
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.php
pdf.us-south.cf.appdomain.cloud/ Redirect Chain
|
662 B 738 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
pdf.us-south.cf.appdomain.cloud/ |
662 B 738 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
pdf.us-south.cf.appdomain.cloud/ |
662 B 738 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
pdf.us-south.cf.appdomain.cloud/ |
662 B 738 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
pdf.us-south.cf.appdomain.cloud/ |
716 B 772 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/ Redirect Chain
|
5 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e3.png
adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/images/ |
119 KB 120 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e7.png
adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/images/ |
121 KB 121 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e8.png
adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/images/ |
159 KB 159 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
file.png
adobe-connect.gq/adobedocument/en/pdf/cloud/0/ad=300308dff2f464ff22433eb64d8eb61f/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fake Adobe Update9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| email object| password object| loginBtn object| load number| count1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.adobe-connect.gq/ | Name: __cfduid Value: df42703eaaa04368719fe55925908c9471590494188 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adobe-connect.gq
pdf.us-south.cf.appdomain.cloud
u16501255.ct.sendgrid.net
167.89.123.16
169.47.124.25
2606:4700:3035::6818:640e
2c2d49b179988141e44702d0d27ff2e9a5c1fcda2d1b7923bcbfbade435a10c4
35de3269a65ec86df11e6cd3fce726d7472f67df3c2b3cfb3bd32020aa117cd8
8cd6099bbaa0e3e2c9721345f4c06bd60142cc72bd5a4d190d35dde57918ecb8
b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365
ed2f86db7ac8ec202cc583c17a465e8ed33d7325e50a1d8b201bdbbfe60eaa6f
f80286d8a3c0538162f62c6646c961f6556df8a19a5b5091c074d4056fc3faa3
f91938a6534d66ad9ca93f74025f77bca314a08157b455354d280be1193efc7e