www.chateausaintclair.com
Open in
urlscan Pro
104.24.96.45
Malicious Activity!
Public Scan
Effective URL: http://www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/vom1cgsar9ph3...
Submission: On June 12 via manual from CA
Summary
This is the only time www.chateausaintclair.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 104.24.96.45 104.24.96.45 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
9 | 104.24.97.45 104.24.97.45 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
21 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.chateausaintclair.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.chateausaintclair.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
chateausaintclair.com
1 redirects
www.chateausaintclair.com |
284 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
21 | 2 |
Domain | Requested by | |
---|---|---|
21 | www.chateausaintclair.com |
1 redirects
www.chateausaintclair.com
|
0 | favicon.ico Failed |
www.chateausaintclair.com
|
21 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/vom1cgsar9ph36kpz4qqtjiq.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4
Frame ID: 8B8413776A7A880458F7D13870BDB7AE
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765t...
HTTP 302
http://www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765t... Page URL
Detected technologies
RoundCube (Web Mail) ExpandDetected patterns
- env /^(?:rcmail|rcube_|roundcube)/i
PHP (Programming Languages) Expand
Detected patterns
- url /\.php(?:$|\?)/i
- env /^(?:rcmail|rcube_|roundcube)/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /cloudflare/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
- script /jquery-ui(?:-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui(?:-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery-ui.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/index.php
HTTP 302
http://www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/vom1cgsar9ph36kpz4qqtjiq.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&.rand=13InboxLight.aspx?n=1774256418&fid=4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
vom1cgsar9ph36kpz4qqtjiq.php
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/ Redirect Chain
|
11 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/ |
46 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.9.2.custom.css
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/plugins/jqueryui/themes/larry/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ui.js,qs=1382384360.pagespeed.jm.pIGTQcxhNf.js
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js,qs=1399644532.pagespeed.jm.VDIv7VBTRR.js
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.min.js,qs=1399644532.pagespeed.jm.KO-tSh0q1j.js
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/ |
13 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.min.js,qs=1399644532.pagespeed.jm.Li5S73Q6IE.js
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/ |
128 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jstz.min.js,qs=1399644532.pagespeed.jm.58jmW1riAP.js
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.9.2.custom.min.js,qs=1399644532.pagespeed.jm.ILBYw7cPgq.js
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/ |
230 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
favicon.ico/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
linen.jpg
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/FILES/images/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
ajaxloader.gif
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
4 KB 4 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
buttons.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
addcontact.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
12 KB 12 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
filetypes.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
listicons.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
messages.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
quota.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
selector.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
916 B 916 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
splitter.png
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
watermark.jpg
www.chateausaintclair.com/wp-dir/default/prefetch_domain/987654ewsdfghjuio98765rfghjui98765rdfghu8765tr/auto/skins/larry/images/ |
7 KB 7 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- favicon.ico
- URL
- http://favicon.ico/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| rcube_mail_ui function| rcube_scroller function| rcube_splitter function| $ function| jQuery number| CONTROL_KEY number| SHIFT_KEY number| CONTROL_SHIFT_KEY function| roundcube_browser object| rcube_event function| rcube_event_engine function| rcube_check_email function| rcube_clone_object function| urlencode function| rcube_find_object function| rcube_mouse_is_over function| setCookie function| getCookie function| rcube_console object| bw object| Base64 function| rcube_webmail object| jstz object| rcmail function| MM_findObj function| MM_validateForm object| jQuery111006485321101685271 function| DP_jQuery_1528812427609 object| pagespeed object| UI object| img4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.chateausaintclair.com/ | Name: cf_use_ob Value: 80 |
|
www.chateausaintclair.com/ | Name: PHPSESSID Value: 8ab3f0c7276adbfd5925626bbf6275c9 |
|
www.chateausaintclair.com/ | Name: cf_ob_info Value: 521:429ce1cb540526de:FRA |
|
.chateausaintclair.com/ | Name: __cfduid Value: d8651c34192a81726572971866f449e3b1528812426 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
favicon.ico
www.chateausaintclair.com
favicon.ico
104.24.96.45
104.24.97.45
117a0b623b898d88dbd2b8f3deb0a3aed994bf933c25169132e460ade9b210ab
139fdd034add21090e4eb83904e11895c1050fadf5f9fcfa66c37692e2e63fb2
1d49ab967483f7d6e445a8afd6279525a551f17c280b33ce54ed5f91fc91d627
3c7966de43411591a80fc5eed40f87469689d3bf2c2edd8490a7e351c925d396
474de76a9ddc8b4a15633c96698882e3d7ec6d00f2e2cf66fc4428eddaab9c78
4b9ec47305fadda48594ca46300f37a24db2b335ef54eff6837b9ace1a8852c1
5588dd3dce2138926a1b9155d7a291570bcfe05902444e6970dea7bfa7707d58
5dd4eefb9a5659800e0255ef3848751e6d3fad8ad5af0ecd5aa88fc34bb35abb
60dc662df463ede4ecd32c9f99f6adc59713ffc9dc5bb7cf35733557825bf32d
62b395ccb13ed3de6c3338e8123db977f3b3c173a2b61a58e96d6e22fd2421b3
6c0d1dc6b0ffe6f2be2c3cd4bd971c43d63cc6f355f9ccd0f4937b84f164fb1b
70535cac1d905de0df90fb8b93f6b1332b1d266ae0f91b28584afd108eb221a9
ad989b8811a1249d02399d54ac26a18413fd5bbc132a38c27cdcc9cab06e26f8
bf93001137a1421554e9f3a2bf5c6458b81128389235eea75675d6b28190080f
c21819444c59933ada030bc71b93325df463d5644fd75181f8bbd5c69c07912a
c62eca7846e48c0c9140f090f9ef4957f221580d8d2bf99787a0bfe5ca4f275e
cacf1495be9834183663019dc9453af54b16b1a708e74ed3ae6ab43a1741fcf4
cd71a7682a96a81e762872a2de42ebbc09be15438a9a7e8b0f0430a36b40188f
de5234369b12fc433ce3269a68b0275d8fca7166e9c6747489c6d734398936b3