elinajaguar.com Open in urlscan Pro
185.165.31.151 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://elinajaguar.com/wp-admin/index.html
Submission: On May 24 via manual (May 24th 2023, 9:00:17 am UTC) from IT — Scanned from IT

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 6 domains to perform 13 HTTP transactions. The main IP is 185.165.31.151, located in Iran, Islamic Republic Of and belongs to WEIDE, IR. The main domain is elinajaguar.com.
TLS certificate: Issued by R3 on April 11th 2023. Valid for: 3 months.

This is the only time elinajaguar.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	185.165.31.151 185.165.31.151	201691 (WEIDE) (WEIDE)
3	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::2010	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:e6:... 2606:4700:e6::ac40:ca1c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	9

1 185.165.31.151 (Iran, Islamic Republic Of)

ASN201691 (WEIDE, IR)
PTR: pumpkin.7ho.st

elinajaguar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e6::ac40:ca1c (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 storage.googleapis.com — Cisco Umbrella Rank: 395 ajax.googleapis.com — Cisco Umbrella Rank: 320	41 KB
3	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1352 ka-f.fontawesome.com — Cisco Umbrella Rank: 2368	22 KB
3	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 817 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2440	50 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 696	24 KB
1	elinajaguar.com elinajaguar.com	3 KB
13	6

	Domain	Requested by
2	ka-f.fontawesome.com	kit.fontawesome.com
2	storage.googleapis.com	elinajaguar.com
2	maxcdn.bootstrapcdn.com	elinajaguar.com
1	stackpath.bootstrapcdn.com	elinajaguar.com
1	ajax.googleapis.com	elinajaguar.com
1	cdnjs.cloudflare.com	elinajaguar.com
1	code.jquery.com	elinajaguar.com
1	kit.fontawesome.com	elinajaguar.com
1	fonts.googleapis.com	elinajaguar.com
1	elinajaguar.com
13	10

This site contains no links.

Subject Issuer	Validity	Valid
elinajaguar.com R3	`2023-04-11` - `2023-07-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
storage.googleapis.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://elinajaguar.com/wp-admin/index.html
Frame ID: 66D987B6E553626023E06D5A75AF9859
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

...Login...

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

89 %
IPv6

6
Domains

10
Subdomains

9
IPs

4
Countries

146 kB
Transfer

525 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.html Show response
elinajaguar.com/wp-admin/ 9 KB
3 KB 536ms
122ms Document
text/html 185.165.31.151
WEIDE

General

Check archive.org

Show headers Download Go to

Full URL: https://elinajaguar.com/wp-admin/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.165.31.151 , Iran, Islamic Republic Of, ASN201691 (WEIDE, IR),
Reverse DNS: pumpkin.7ho.st
Software: /
Resource Hash: 93cbd17156c1543547b3bae58bf48eb7d990025722c2fca827c02ba4d7e7d0ba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 2449
content-type: text/html
date: Wed, 24 May 2023 09:00:12 GMT
last-modified: Tue, 23 May 2023 22:13:56 GMT
vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
22 KB 77ms
32ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://elinajaguar.com/
Origin: https://elinajaguar.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 865
age: 2456
cdn-cachedat: 04/26/2023 08:07:14
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"450fc463b8b1a349df717056fbb3e078"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: ae128c0daac0480a7b2ef2473853452b
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7cc458d5bd233760-MXP
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 1 KB
904 B 129ms
48ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap

Requested by

Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f9a23f961b3f241843964f9906170e4911d52a8c2c601e0793d5d8bf5a5cf19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://elinajaguar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 24 May 2023 09:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 24 May 2023 08:43:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 May 2023 09:00:13 GMT

GET
H2 200 585b051251.js Show response
kit.fontawesome.com/ 11 KB
4 KB 79ms
40ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/585b051251.js

Requested by

Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb735764ab1aefbec2633325db64f1a4cffbd7172524cdf29e8f4cbd897aff4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://elinajaguar.com/
Origin: https://elinajaguar.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 7cc458d5af96bae8-MXP
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F2IGgBqRTJOUCIhX81tk

GET
H2 200 landing.css
storage.googleapis.com/oijhgbfvergyt4res.appspot.com/ 2 KB
2 KB 119ms
37ms Stylesheet
text/css 2a00:1450:4001:809::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/oijhgbfvergyt4res.appspot.com/landing.css
Requested by: Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: bed9a5050ff03491e4f55741a3b3ec18429d79c8337ffb2fb4511da79b6a10ee

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://elinajaguar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 08:25:37 GMT
age: 2076
x-guploader-uploadid: ADPycdtpjAU7o-uZYFMSRlgCQT10nxxxZnnidPh56Umqy2Od7ZepSkDBJ0inJFtM7G76v6Z-iLDflAYBomfKS9Doqh0wAApa70d2
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1885
last-modified: Sun, 27 Sep 2020 22:15:04 GMT
server: UploadServer
etag: "673a72457fdc4e41205701caad05c205"
x-goog-generation: 1601244904421088
x-goog-hash: crc32c=HREymg==, md5=ZzpyRX/cTkEgVwHKrQXCBQ==
content-type: text/css
cache-control: public, max-age=3600
x-goog-stored-content-length: 1885
accept-ranges: bytes
expires: Wed, 24 May 2023 09:25:37 GMT

GET
H2 200 weblogo.png
storage.googleapis.com/oijhgbfvergyt4res.appspot.com/ 8 KB
8 KB 39ms
38ms Image
image/png 2a00:1450:4001:809::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/oijhgbfvergyt4res.appspot.com/weblogo.png
Requested by: Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 31ccb91ffa866d8e061ada54bc00a8ee5f098eb8014607eb92f25d3b8a9eab2f

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://elinajaguar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 08:25:37 GMT
age: 2076
x-guploader-uploadid: ADPycduFxT7hWoYEIGYMtdQMelJxRkt0BQXYueHA3v_UzA9XBLxKE2GX8Qri1dcb7PYHZOlPefAQHTRaLLux3nDPrug6xdgGnToj
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7838
last-modified: Sun, 27 Sep 2020 22:14:28 GMT
server: UploadServer
etag: "40ae4f6568f8a76588ff3dcb4d5f43b4"
x-goog-generation: 1601244868024420
x-goog-hash: crc32c=gAmXSQ==, md5=QK5PZWj4p2WI/z3LTV9DtA==
content-type: image/png
cache-control: public, max-age=3600
x-goog-stored-content-length: 7838
accept-ranges: bytes
expires: Wed, 24 May 2023 09:25:37 GMT

GET
H2 200 jquery-3.2.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 66ms
21ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer: https://elinajaguar.com/
Origin: https://elinajaguar.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-10fdd"
vary: Accept-Encoding
x-hw: 1684918813.dop026.ml1.t,1684918813.cds031.ml1.hn,1684918813.cds202.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 23856

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 76ms
40ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://elinajaguar.com/
Origin: https://elinajaguar.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 41444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/rp.liu233w.com:443\/https\/a.nel.cloudflare.com\/report\/v3?s=S9B%2B2B9d5viei14oNe3n5539su61A0ZvCgnhTaa6pWH12mfts1bIMhJ890tG5M69kmztx9BJ0u5nbz%2BciBsvNjIVZXdhkYgenyplPC6pGgCVt8qSUPX0aT3MPL2Zzx131vrTwpgzbB912H64WlPh9ZEZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7cc458d6780cbaed-MXP
expires: Mon, 13 May 2024 09:00:13 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
13 KB 35ms
34ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://elinajaguar.com/
Origin: https://elinajaguar.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 865
age: 2456
cdn-cachedat: 11/25/2022 23:23:38
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: f0a868af04c83476cf5fae68a277d357
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7cc458d66e0e3760-MXP
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 120ms
37ms Script
text/javascript 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://elinajaguar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 23 May 2023 16:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 May 2024 16:17:06 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
15 KB 76ms
28ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: elinajaguar.com
URL: https://elinajaguar.com/wp-admin/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://elinajaguar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723, 718, 718
age: 2709945
cdn-cachedat: 2021-04-23 01:55:59
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: bfd206ecfa09eb62ab5cc1f5a60dc3bf
timing-allow-origin: *
cdn-requestcountrycode: IT
cf-ray: 7cc458d6b9d3e903-MXP
cdn-requestpullsuccess: True

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 70ms
30ms Fetch
text/css 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://elinajaguar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
via: 1.1 782307cc86daaa076cbdb91c6d06353e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-P1
age: 1214
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/rp.liu233w.com:443\/https\/a.nel.cloudflare.com\/report\/v3?s=bkBGC1ErFbbwUYPUrkv6gO3HiTiCsNkR9MMVzgU87oKX5KPrirKSLP8gmMZUCTBJKTo18LjLZrG2ST%2FAwTXxKWzS4lqvTkwayMVwkU7nWRv1vPwKxnbi1nWlQLDKkwPvbKwD8Iurf49S1cErb4fM%2BzipKA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7cc458d6a8c10e23-MXP
access-control-allow-headers: fa-kit-token
x-amz-cf-id: zSV9HmiBMwOMotSBUT0rPscwAHrWtn82AmHzdeW9FPV8s_2lhwtwqg==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
5 KB 68ms
29ms Fetch
text/css 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://elinajaguar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 09:00:13 GMT
via: 1.1 2c6b43ece241a6b4a6a59e19ffb626fe.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-P1
age: 1214
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/rp.liu233w.com:443\/https\/a.nel.cloudflare.com\/report\/v3?s=0SXR%2BZjNsf7%2B8BcHilwkHcOlibcS40TDHh0w%2Fq8R0L2jad77OL5OnBxeWZgUgKywW2QRfJ5XTkWkLUYOnhYSfM4Y27k4NkgwemS1NKgHNr68%2BDguxLHh18Cw6f8gWVWq%2BQPSBqjVNa41RcZ%2F3Bld0hM8cg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7cc458d6a8c30e23-MXP
access-control-allow-headers: fa-kit-token
x-amz-cf-id: fiK2PRx3wRweW7mjhOU3K4JT9TSdU3XcYjjuOEhVcQbvO_NJKFSSmA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
elinajaguar.com
fonts.googleapis.com
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
storage.googleapis.com
185.165.31.151
2001:4de0:ac18::1:a:3b
2606:4700::6811:190e
2606:4700::6812:1734
2606:4700::6812:bcf
2606:4700:e6::ac40:ca1c
2a00:1450:4001:802::200a
2a00:1450:4001:809::2010
2a00:1450:4001:827::200a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
31ccb91ffa866d8e061ada54bc00a8ee5f098eb8014607eb92f25d3b8a9eab2f
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
6f9a23f961b3f241843964f9906170e4911d52a8c2c601e0793d5d8bf5a5cf19
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
93cbd17156c1543547b3bae58bf48eb7d990025722c2fca827c02ba4d7e7d0ba
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
bb735764ab1aefbec2633325db64f1a4cffbd7172524cdf29e8f4cbd897aff4d
bed9a5050ff03491e4f55741a3b3ec18429d79c8337ffb2fb4511da79b6a10ee
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

elinajaguar.com Open in urlscan Pro 185.165.31.151 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

89 %IPv6

6 Domains

10 Subdomains

9 IPs

4 Countries

146 kBTransfer

525 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

elinajaguar.com Open in urlscan Pro
185.165.31.151 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

89 %
IPv6

6
Domains

10
Subdomains

9
IPs

4
Countries

146 kB
Transfer

525 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!