nettoyage-yanis.com
Open in
urlscan Pro
162.219.249.105
Malicious Activity!
Public Scan
Effective URL: https://nettoyage-yanis.com/CD-File/CDLogin.htm
Submission: On June 12 via api from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 28th 2020. Valid for: 3 months.
This is the only time nettoyage-yanis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.234.161.175 54.234.161.175 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 162.219.249.105 162.219.249.105 | 33494 (IHNET) (IHNET) | |
9 | 208.67.16.107 208.67.16.107 | 3257 (GTT-BACKB...) (GTT-BACKBONE GTT) | |
1 | 104.198.104.86 104.198.104.86 | 15169 (GOOGLE) (GOOGLE) | |
11 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-161-175.compute-1.amazonaws.com
shared.outlook.inky.com |
ASN33494 (IHNET, US)
PTR: bears.unisonplatform.com
nettoyage-yanis.com |
ASN3257 (GTT-BACKBONE GTT, DE)
PTR: vps796.plesklogin.net
faminc.biz |
ASN15169 (GOOGLE, US)
PTR: 86.104.198.104.bc.googleusercontent.com
www.entranceconsulting.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
faminc.biz
faminc.biz |
73 KB |
1 |
entranceconsulting.com
www.entranceconsulting.com |
37 KB |
1 |
nettoyage-yanis.com
nettoyage-yanis.com |
4 KB |
1 |
inky.com
1 redirects
shared.outlook.inky.com |
296 B |
11 | 4 |
Domain | Requested by | |
---|---|---|
9 | faminc.biz |
nettoyage-yanis.com
|
1 | www.entranceconsulting.com |
nettoyage-yanis.com
|
1 | nettoyage-yanis.com | |
1 | shared.outlook.inky.com | 1 redirects |
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nettoyage-yanis.com cPanel, Inc. Certification Authority |
2020-04-28 - 2020-07-27 |
3 months | crt.sh |
faminc.biz Sectigo RSA Domain Validation Secure Server CA |
2019-07-26 - 2020-07-25 |
a year | crt.sh |
www.entranceconsulting.com Let's Encrypt Authority X3 |
2020-04-15 - 2020-07-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://nettoyage-yanis.com/CD-File/CDLogin.htm
Frame ID: D07C1CB7F8EF16D817E4EB6F77C24B5B
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://shared.outlook.inky.com/link?domain=nettoyage-yanis.com&t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eJxtj...
HTTP 303
https://nettoyage-yanis.com/CD-File/CDLogin.htm Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
PHP (Programming Languages) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
MySQL (Databases) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
jQuery Migrate (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://shared.outlook.inky.com/link?domain=nettoyage-yanis.com&t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eJxtj1trg0AUhP_LPudq40OEQCA2hdIYQrSpSyCcrkddu5ewu9pq6X_v2ue-DYeZOd98E4cgeUEiUnIFiqEuQaLhDMiEcOXQKBAkKkFYnBD0vrqt9LYDVXRGax-qZkxLbx47_jm3Rowh5-42us6vc4XO6R4qnPaguB1d1_kunu65wFG86IqrWe3G7DEjkWqFmBBXGwR3E9ihr1t6tPEdlaLNL2FDL2uZX5aCSdHk5_UnDfZ9Hoj69ERrJl8D-vY80HPYvAeLjsZseUyrMIlPAY1zrwtBm4If0seHZMhWScoWtDn1tMm6Q5qFh_RjlQz513G3GpJqsxknWTQ3lMDFDYrCoLWe5V6BYRy2JRgPaSz-7f_5Bc8fePs.MEQCICu8VUuIMn46L5mpPaKK1kzeoPFJVAgkuHsoxiRJEHHwAiBoKeC5t0wBNXjKQvWtG8nQNI2QV8hGCrgx_vZ-ly780A
HTTP 303
https://nettoyage-yanis.com/CD-File/CDLogin.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
CDLogin.htm
nettoyage-yanis.com/CD-File/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
faminc.biz/wp-includes/js/jquery/ |
95 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-migrate.min.js
faminc.biz/wp-includes/js/jquery/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
force-zxcvbn.min.js
faminc.biz/wp-content/mu-plugins/force-strong-passwords/ |
227 B 298 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js-admin.min.js
faminc.biz/wp-content/mu-plugins/force-strong-passwords/ |
432 B 329 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dashicons.min.css
faminc.biz/wp-includes/css/ |
46 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buttons.min.css
faminc.biz/wp-includes/css/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
forms.min.css
faminc.biz/wp-admin/css/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l10n.min.css
faminc.biz/wp-admin/css/ |
2 KB 630 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.min.css
faminc.biz/wp-admin/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Office365.jpg
www.entranceconsulting.com/wp-content/uploads/2017/08/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate undefined| $ function| jQuery function| wp_attempt_focus object| d0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
faminc.biz
nettoyage-yanis.com
shared.outlook.inky.com
www.entranceconsulting.com
104.198.104.86
162.219.249.105
208.67.16.107
54.234.161.175
18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
302b74b09a671ab26c7c87f566c1e097fe0e8790f0ff14a60041399c09dbf9c4
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
50daf5ae43de031a57ad729bf664489e6e6955f32138a0d0da0b25ffe477c478
835ddca326b75b1d79843e621d873986795f2e3f1b07f5619482f6f3b2338d9f
86669f0412fff3ba05a09c21f077c7a9ec4d9054633216b6ce04eb3c6c57538b
8f2a9d404f9d0555d9843c8a42fc4be424a188aac72eeff03258680dc35378e6
c4a99d03a7c7342f3571fc4e9ecf8b643f0001eb37ac1c939927909dcaaaf7e1
c7591bf7ecde06f7a8336e46c650119f9d53a7f2b151de409ff1cc7a3666f4c2
e826d92ed6c1e79b4661766ee4fe1781b1d1c2f601700ed3a679e12aef20e2a7