aben-moha.fr
Open in
urlscan Pro
213.186.33.40
Malicious Activity!
Public Scan
Effective URL: https://aben-moha.fr/wp-includes/js/c3.html
Submission: On February 07 via manual from US — Scanned from NL
Summary
TLS certificate: Issued by R3 on December 19th 2023. Valid for: 3 months.
This is the only time aben-moha.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 213.186.33.40 213.186.33.40 | 16276 (OVH) (OVH) | |
3 | 2606:4700::68... 2606:4700::6810:5814 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42::649 2a04:4e42::649 | 54113 (FASTLY) (FASTLY) | |
4 | 78.46.22.25 78.46.22.25 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a02:ec80:300... 2a02:ec80:300:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
12 | 7 |
ASN24940 (HETZNER-AS, DE)
PTR: static.25.22.46.78.clients.your-server.de
www.freepnglogos.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
freepnglogos.com
www.freepnglogos.com — Cisco Umbrella Rank: 154947 |
1 MB |
3 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 324 |
43 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2907 |
23 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 760 |
31 KB |
1 |
aben-moha.fr
aben-moha.fr |
7 KB |
1 |
rcl.ink
rcl.ink |
1 KB |
0 |
jupiternets.com
Failed
jupiternets.com Failed |
|
12 | 7 |
Domain | Requested by | |
---|---|---|
4 | www.freepnglogos.com |
rcl.ink
|
3 | cdn.jsdelivr.net |
rcl.ink
|
1 | upload.wikimedia.org |
rcl.ink
|
1 | code.jquery.com |
rcl.ink
|
1 | aben-moha.fr |
rcl.ink
|
1 | rcl.ink | |
0 | jupiternets.com Failed |
aben-moha.fr
|
12 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rcl.ink E1 |
2023-12-20 - 2024-03-19 |
3 months | crt.sh |
aben-moha.fr R3 |
2023-12-19 - 2024-03-18 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
freepnglogos.com R3 |
2024-01-12 - 2024-04-11 |
3 months | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-10-18 - 2024-10-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://aben-moha.fr/wp-includes/js/c3.html
Frame ID: BC3070B350244498A3CC55BE6A4957DC
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
OneDrivePage URL History Show full URLs
- https://rcl.ink/LfAPK Page URL
- https://aben-moha.fr/wp-includes/js/c3.html Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://rcl.ink/LfAPK Page URL
- https://aben-moha.fr/wp-includes/js/c3.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
LfAPK
rcl.ink/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
c3.html
aben-moha.fr/wp-includes/js/ |
37 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparent-outlook-icon-2.png
www.freepnglogos.com/uploads/logo-outlook/ |
82 KB 82 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft-office-2013-symbol-logo-png-6.png
www.freepnglogos.com/uploads/microsoft-office-png-logo/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1599px-AOL_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b6/AOL_logo.svg/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo-logo-png-free-download-3.png
www.freepnglogos.com/uploads/yahoo-logo-png/ |
118 KB 118 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-logo-png-33.png
www.freepnglogos.com/uploads/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bg.png
jupiternets.com/email-list/dropbx35/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- jupiternets.com
- URL
- https://jupiternets.com/email-list/dropbx35/assets/bg.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer)65 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| OO00 function| _c string| O0OO string| OO0O string| OOO0 string| F149454C594C45 string| qy7 function| qy6 function| qy9 string| qy8 string| msg function| nem undefined| dl number| oe undefined| da function| ge boolean| ws string| tN boolean| izN undefined| zis undefined| zis8 boolean| zOF boolean| i7f number| ppconf function| Illl function| I1lI function| Ill1 function| I111 function| lI1I function| lI11 function| l1Il function| l1I1 string| Il1l string| l111 number| r number| d string| o string| III1 string| Il11 string| lllI string| l11l string| I1l1 string| lIIl function| I11l string| wKRX8NzVF2GL6r2 string| O49454C594C45 function| $ function| jQuery function| Popper object| bootstrap function| validateEmail object| l1II object| lI1l number| lII1 string| u object| l11I object| IIII number| t number| m object| Il1I number| ctaL number| j number| x object| IIIl object| I1ll0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aben-moha.fr
cdn.jsdelivr.net
code.jquery.com
jupiternets.com
rcl.ink
upload.wikimedia.org
www.freepnglogos.com
jupiternets.com
213.186.33.40
2606:4700::6810:5814
2a02:ec80:300:ed1a::2:b
2a04:4e42::649
2a06:98c1:3120::3
78.46.22.25
1b0e467247b9dab100ff77807af502e4277f72f721241c3f5b2eb483971aa9fa
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
5dceec0355eda7880dead5e13d22d394b8a1e79101a93bf96447557997d93e86
747853ad430eac894de31c5c288f97f28a458ffc2820c22e56cb409481c08441
7ea09b560f4ee78eef3bd17346ad544176f524866ebc3d4a954f554afa50d149
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
afd7ff50354d0a373e840405a73fb73f1032bcc338f12129b1a518ce3eefc98b
d9a3473ec58a884a38a3356602b33d053692a1e821a3f14b5b6e27d97d575ff7
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
eb8487a513bc473ada8e9a2876531d18d81108d0982a81c1476484094c3a6aa6