elfsandjonesconstructions.com
Open in
urlscan Pro
173.212.192.79
Malicious Activity!
Public Scan
Effective URL: https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V...
Submission: On January 04 via manual from FR
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 30th 2020. Valid for: 3 months.
This is the only time elfsandjonesconstructions.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Assurance Maladie (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 13.248.219.100 13.248.219.100 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 173.212.192.79 173.212.192.79 | 51167 (CONTABO) (CONTABO) | |
1 | 151.101.12.193 151.101.12.193 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81e::2003 | 15169 (GOOGLE) (GOOGLE) | |
16 | 4 |
ASN16509 (AMAZON-02, US)
PTR: abaa834e320054d4d.awsglobalaccelerator.com
rb.gy |
ASN51167 (CONTABO, DE)
PTR: cub01.africaservers.com
elfsandjonesconstructions.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
elfsandjonesconstructions.com
elfsandjonesconstructions.com |
303 KB |
1 |
gstatic.com
fonts.gstatic.com |
9 KB |
1 |
googleapis.com
fonts.googleapis.com |
636 B |
1 |
imgur.com
i.imgur.com |
23 KB |
1 |
rb.gy
1 redirects
rb.gy |
276 B |
16 | 5 |
Domain | Requested by | |
---|---|---|
13 | elfsandjonesconstructions.com |
elfsandjonesconstructions.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
elfsandjonesconstructions.com
|
1 | i.imgur.com |
elfsandjonesconstructions.com
|
1 | rb.gy | 1 redirects |
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
elfsandjonesconstructions.com Let's Encrypt Authority X3 |
2020-10-30 - 2021-01-28 |
3 months | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Frame ID: AD5A177C2C197C0D4026A06A0B344DB5
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://rb.gy/hjff4r
HTTP 301
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/ Page URL
- https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnN... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://rb.gy/hjff4r
HTTP 301
https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/ Page URL
- https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw== Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://rb.gy/hjff4r HTTP 301
- https://elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/ Redirect Chain
|
331 B 461 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
formulaireInfos.php
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ |
105 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
commun.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mire.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dac.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ |
771 B 656 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
credite2020.png
elfsandjonesconstructions.com/.wp-cli/cache/data/ |
39 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apbqYpg.png
i.imgur.com/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/ |
33 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.details.js
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 636 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/styles/ |
120 KB 120 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff2
elfsandjonesconstructions.com/.wp-cli/cache/data/Mon-compte/templates/fa/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Assurance Maladie (Healthcare)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| date function| checkValue object| newInput function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
elfsandjonesconstructions.com
fonts.googleapis.com
fonts.gstatic.com
i.imgur.com
rb.gy
13.248.219.100
151.101.12.193
173.212.192.79
2a00:1450:4001:81d::200a
2a00:1450:4001:81e::2003
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07a4d78d858bb93b3220fd4af3f599035ea5e4f932bfb53b1196ee328116c5b9
11a929d4c60903fc15854f0aee37d2d889663668c91701245020c43b419e5aba
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
75b52a07e8d4d433f8dc2dd323b7661d7945611c3258161ce37772f4dda615ad
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b945643e71230f76ca8b2a17f5ab0046b7677fb7db0e424f9e09bcd18f0e9e0
9a6bbae7a8486cff86f36b0a14cd93824f5cba396cfb99b0d20889dd06b98c55
9cddc7c4103da2c7fc0e4aaefc621dfb5686d61776d71b97df63fa59205f430e
c3eb3265dddf3a7527147670249ad8a956870e0fa4c3dfaf99a3b4d737ca56c8
cece61d8fd5fbeb96fa77967e4bbc4aa19e4111468133b5cd1521c1b823b43bc
cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58
e8a155d7bfd6bd83dcfe9105bef4e233573cb9cf3d55d051f9143888ec4fa564
f58acbc5e91783fc44593cbeb156858b6737447af645d9ed8c354fad66756aa8
feb2c90181ca199fe02f5f33f99d418953958a514fd8952f771ffe8210808e20