elfqrin.cf
Open in
urlscan Pro
154.0.163.131
Malicious Activity!
Public Scan
URL:
http://elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/
Submission: On July 25 via api from CA
Submission: On July 25 via api from CA
Summary
This website contacted 3 IPs
in 3 countries
across 3 domains to perform 12 HTTP transactions.
The main IP is 154.0.163.131, located in
South Africa and
belongs to Afrihost, ZA.
The main domain is elfqrin.cf.
This is the only time elfqrin.cf was scanned on urlscan.io!
This is the only time elfqrin.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 9 | 154.0.163.131 154.0.163.131 | 37611 (Afrihost) (Afrihost) | |
| 1 | 94.31.29.138 94.31.29.138 | 54104 (AS-NETDNA) (AS-NETDNA - netDNA) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:818::2003 | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
| 12 | 3 |
1
94.31.29.138
(United Kingdom)
ASN54104 (AS-NETDNA - netDNA, US)
PTR: 94.31.29.138.IPYX-077437-ZYO.above.net
ASN54104 (AS-NETDNA - netDNA, US)
PTR: 94.31.29.138.IPYX-077437-ZYO.above.net
| cdn.jsdelivr.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
elfqrin.cf
elfqrin.cf |
85 KB |
| 2 |
gstatic.com
fonts.gstatic.com |
57 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net |
11 KB |
| 12 | 3 |
| Domain | Requested by | |
|---|---|---|
| 9 | elfqrin.cf |
elfqrin.cf
|
| 2 | fonts.gstatic.com |
elfqrin.cf
|
| 1 | cdn.jsdelivr.net |
elfqrin.cf
|
| 12 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.google.com Google Internet Authority G2 |
2017-07-12 - 2017-10-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/
Frame ID: 27234.1
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/css/ |
115 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
grayscale.css
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/css/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/js/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/js/ |
35 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.easing.min.js
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.validate.js
cdn.jsdelivr.net/jquery.validation/1.14.0/ |
42 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
send-videos-quickly-vflhWvqHj.png
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/img/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logotext.png
elfqrin.cf/gdoc/dropboxhtml/04d36e043e10647b6af7b6762ee67fbb/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
k3k702ZOKiLJc3WVjuplzI3LH2FgLjViKkqswU-xtII.ttf
fonts.gstatic.com/s/opensans/v13/ |
53 KB 28 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
u-WUoqrET9fUeobQW7jkRSZ2oysoEQEeKwjgmXLRnTc.ttf
fonts.gstatic.com/s/opensans/v13/ |
53 KB 29 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
elfqrin.cf
fonts.gstatic.com
154.0.163.131
2a00:1450:4001:818::2003
94.31.29.138
0cabd88374e469234405061c78578a5aa77ed1d4fe371d024f09c2fd5762e3d1
1d2938ef23ca692c628dfba4fbeaf906338b8a92a7446eb0578287c23c5a5ad6
24262baafef17092927c3dafe764aaa52a2a371b83ed2249cca7e414df99fac1
aab60e42eda8c95d43654d6fd93c2724b3c2a30ef25cd90a8a2b370ad1ac79a2
ad5da6112553bd7511aea64dd18d23cef797432148142d766424c900dd919d0a
d15c26931ad75e64d7d1af6438c2b21f249f2ae7f7eb33eaf53c4979903ea4c0
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
e6cc59f65d8e48b5659483136152262936f6e8f2519d3f1e90f1397079768e80
ecfc183e33d25d24aa7c06218e0a413488fff8774e4b4b87543c766db9b0b8ba
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f17e56ed7bbea435b09866056ef90c2b4237e5832cb945863192b17357f5f9de
f23105737f8b4defc56d07346cc655cea221c205067ff5bf4711b1088d19fc5b