elfsandjonesconstructions.com Open in urlscan Pro
173.212.192.79 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rb.gy/hjff4r
Effective URL:
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V...
Submission: On January 04 via manual (January 4th 2021, 3:59:15 pm UTC) from FR

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 16 HTTP transactions. The main IP is 173.212.192.79, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is elfsandjonesconstructions.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 30th 2020. Valid for: 3 months.

This is the only time elfsandjonesconstructions.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Assurance Maladie (Healthcare)

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.248.219.100 13.248.219.100	16509 (AMAZON-02) (AMAZON-02)
13	173.212.192.79 173.212.192.79	51167 (CONTABO) (CONTABO)
1	151.101.12.193 151.101.12.193	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
16	4

1 13.248.219.100 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: abaa834e320054d4d.awsglobalaccelerator.com

rb.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 173.212.192.79 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: cub01.africaservers.com

elfsandjonesconstructions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	elfsandjonesconstructions.com elfsandjonesconstructions.com	303 KB
1	gstatic.com fonts.gstatic.com	9 KB
1	googleapis.com fonts.googleapis.com	636 B
1	imgur.com i.imgur.com	23 KB
1	rb.gy 1 redirects rb.gy	276 B
16	5

	Domain	Requested by
13	elfsandjonesconstructions.com	elfsandjonesconstructions.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	elfsandjonesconstructions.com
1	i.imgur.com	elfsandjonesconstructions.com
1	rb.gy	1 redirects
16	5

This site contains no links.

Subject Issuer	Validity	Valid
elfsandjonesconstructions.com Let's Encrypt Authority X3	`2020-10-30` - `2021-01-28`	3 months	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Frame ID: AD5A177C2C197C0D4026A06A0B344DB5
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://rb.gy/hjff4r HTTP 301
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/ Page URL
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnN... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

336 kB
Transfer

539 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rb.gy/hjff4r HTTP 301
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/ Page URL
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://rb.gy/hjff4r HTTP 301
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/
Redirect Chain

https://rb.gy/hjff4r
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/

331 B
461 B

165ms
45ms

Document
text/html

173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache / PHP/7.2.33
Resource Hash: f58acbc5e91783fc44593cbeb156858b6737447af645d9ed8c354fad66756aa8

Request headers

Host: elfsandjonesconstructions.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:58 GMT
Server: Apache
X-Powered-By: PHP/7.2.33
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 201
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Mon, 04 Jan 2021 15:58:58 GMT
Server: Kestrel
Content-Length: 0
Cache-Control: no-cache, no-store
Expires: -1
Location: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/
Engine: Rebrandly.redirect, version 2.1

GET
H/1.1 200
OK Primary Request formulaireInfos.php Show response
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/ 9 KB
3 KB 47ms
47ms Document
text/html 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache / PHP/7.2.33
Resource Hash: 7b945643e71230f76ca8b2a17f5ab0046b7677fb7db0e424f9e09bcd18f0e9e0

Request headers

Host: elfsandjonesconstructions.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Server: Apache
X-Powered-By: PHP/7.2.33
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 2382
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK bootstrap.min.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ 105 KB
16 KB 56ms
54ms Stylesheet
text/css 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/bootstrap.min.css
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 9a6bbae7a8486cff86f36b0a14cd93824f5cba396cfb99b0d20889dd06b98c55

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 16460

GET
H/1.1 200
OK commun.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ 6 KB
2 KB 120ms
42ms Stylesheet
text/css 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/commun.css
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: e8a155d7bfd6bd83dcfe9105bef4e233573cb9cf3d55d051f9143888ec4fa564

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1835

GET
H/1.1 200
OK mire.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ 2 KB
1 KB 121ms
42ms Stylesheet
text/css 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/mire.css
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 9cddc7c4103da2c7fc0e4aaefc621dfb5686d61776d71b97df63fa59205f430e

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 805

GET
H/1.1 200
OK dac.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ 771 B
656 B 120ms
40ms Stylesheet
text/css 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/dac.css
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: cece61d8fd5fbeb96fa77967e4bbc4aa19e4111468133b5cd1521c1b823b43bc

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 370

GET
H/1.1 200
OK font-awesome.min.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/css/ 30 KB
7 KB 124ms
44ms Stylesheet
text/css 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/css/font-awesome.min.css
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6663

GET
H/1.1 200
OK credite2020.png
elfsandjonesconstructions.com/.wp-cli/cache/data/ 39 KB
39 KB 40ms
39ms Image
image/png 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/credite2020.png
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 11a929d4c60903fc15854f0aee37d2d889663668c91701245020c43b419e5aba

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Last-Modified: Mon, 04 Jan 2021 11:11:54 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 39481

GET
H2 200 apbqYpg.png
i.imgur.com/ 23 KB
23 KB 97ms
32ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/apbqYpg.png

Requested by

Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

feb2c90181ca199fe02f5f33f99d418953958a514fd8952f771ffe8210808e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 04 Jan 2021 15:58:59 GMT
x-content-type-options: nosniff
age: 1692318
x-cache: HIT, HIT
content-length: 23722
x-served-by: cache-bwi5141-BWI, cache-fra19149-FRA
last-modified: Tue, 07 Apr 2020 23:03:22 GMT
server: cat factory 1.0
x-timer: S1609775939.150893,VS0,VE2
etag: "92e845facc8c26c09e2bceaf283d5cef"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H/1.1 200
OK jquery.min.js Show response
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/ 84 KB
29 KB 136ms
55ms Script
application/javascript 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/jquery.min.js
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 29212

GET
H/1.1 200
OK bootstrap.min.js Show response
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/ 33 KB
9 KB 50ms
47ms Script
application/javascript 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/bootstrap.min.js
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 75b52a07e8d4d433f8dc2dd323b7661d7945611c3258161ce37772f4dda615ad

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8675

GET
H/1.1 200
OK jquery.details.js Show response
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/ 2 KB
1 KB 41ms
40ms Script
application/javascript 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/jquery.details.js
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 07a4d78d858bb93b3220fd4af3f599035ea5e4f932bfb53b1196ee328116c5b9

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 821

GET
H2 200 css
fonts.googleapis.com/ 2 KB
636 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext

Requested by

Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/commun.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/commun.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Jan 2021 15:29:50 GMT
server: ESF
date: Mon, 04 Jan 2021 15:58:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Jan 2021 15:58:59 GMT

GET
H/1.1 200
OK logo.png
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ 120 KB
120 KB 39ms
39ms Image
image/png 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/logo.png
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/commun.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: c3eb3265dddf3a7527147670249ad8a956870e0fa4c3dfaf99a3b4d737ca56c8

Request headers

Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/commun.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Last-Modified: Mon, 04 Jan 2021 11:07:36 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 122980

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://elfsandjonesconstructions.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 01 Jan 2021 16:31:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 257274
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Sat, 01 Jan 2022 16:31:05 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/fonts/ 75 KB
76 KB 43ms
43ms Font
font/woff2 173.212.192.79
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: elfsandjonesconstructions.com
URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/css/font-awesome.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 173.212.192.79 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: cub01.africaservers.com
Software: Apache /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://elfsandjonesconstructions.com
Referer: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 04 Jan 2021 15:58:59 GMT
Content-Encoding: br
Last-Modified: Mon, 04 Jan 2021 11:07:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 77165

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Assurance Maladie (Healthcare)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

elfsandjonesconstructions.com
fonts.googleapis.com
fonts.gstatic.com
i.imgur.com
rb.gy
13.248.219.100
151.101.12.193
173.212.192.79
2a00:1450:4001:81d::200a
2a00:1450:4001:81e::2003
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07a4d78d858bb93b3220fd4af3f599035ea5e4f932bfb53b1196ee328116c5b9
11a929d4c60903fc15854f0aee37d2d889663668c91701245020c43b419e5aba
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
75b52a07e8d4d433f8dc2dd323b7661d7945611c3258161ce37772f4dda615ad
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b945643e71230f76ca8b2a17f5ab0046b7677fb7db0e424f9e09bcd18f0e9e0
9a6bbae7a8486cff86f36b0a14cd93824f5cba396cfb99b0d20889dd06b98c55
9cddc7c4103da2c7fc0e4aaefc621dfb5686d61776d71b97df63fa59205f430e
c3eb3265dddf3a7527147670249ad8a956870e0fa4c3dfaf99a3b4d737ca56c8
cece61d8fd5fbeb96fa77967e4bbc4aa19e4111468133b5cd1521c1b823b43bc
cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58
e8a155d7bfd6bd83dcfe9105bef4e233573cb9cf3d55d051f9143888ec4fa564
f58acbc5e91783fc44593cbeb156858b6737447af645d9ed8c354fad66756aa8
feb2c90181ca199fe02f5f33f99d418953958a514fd8952f771ffe8210808e20

elfsandjonesconstructions.com Open in urlscan Pro 173.212.192.79 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

336 kBTransfer

539 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

elfsandjonesconstructions.com Open in urlscan Pro
173.212.192.79 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

336 kB
Transfer

539 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!