u664783gie.ha004.t.justns.ru
Open in
urlscan Pro
2a00:b700::23
Malicious Activity!
Public Scan
Effective URL: http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/PortailAS/miseajour.php
Submission: On March 30 via manual from ES
Summary
This is the only time u664783gie.ha004.t.justns.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Assurance Maladie (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 104.219.248.73 104.219.248.73 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
4 26 | 2a00:b700::23 2a00:b700::23 | 51659 (ASBAXET) (ASBAXET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 2606:4700::68... 2606:4700::6811:4104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:825::2001 | 15169 (GOOGLE) (GOOGLE) | |
28 | 6 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium14-5.web-hosting.com
serverstandar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
justns.ru
4 redirects
u664783gie.ha004.t.justns.ru |
455 KB |
3 |
serverstandar.com
2 redirects
serverstandar.com |
682 B |
2 |
fontawesome.com
use.fontawesome.com |
49 KB |
1 |
blogspot.com
ameliv2.blogspot.com |
|
1 |
cloudflare.com
cdnjs.cloudflare.com |
5 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
20 KB |
28 | 6 |
Domain | Requested by | |
---|---|---|
26 | u664783gie.ha004.t.justns.ru |
4 redirects
u664783gie.ha004.t.justns.ru
|
3 | serverstandar.com | 2 redirects |
2 | use.fontawesome.com |
u664783gie.ha004.t.justns.ru
|
1 | ameliv2.blogspot.com |
u664783gie.ha004.t.justns.ru
|
1 | cdnjs.cloudflare.com |
u664783gie.ha004.t.justns.ru
|
1 | maxcdn.bootstrapcdn.com |
u664783gie.ha004.t.justns.ru
|
28 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
serverstandar.com Sectigo RSA Domain Validation Secure Server CA |
2020-03-25 - 2021-03-25 |
a year | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-12-05 - 2020-06-12 |
6 months | crt.sh |
*.googleusercontent.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/PortailAS/miseajour.php
Frame ID: B9C509B662A60323970F3F6CE48D260B
Requests: 28 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://serverstandar.com/AMELI-COVID19
HTTP 301
https://serverstandar.com/AMELI-COVID19 HTTP 301
https://serverstandar.com/AMELI-COVID19/ Page URL
-
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1
HTTP 301
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/ HTTP 302
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5 HTTP 301
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/ HTTP 302
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/PortailAS/miseajour.php Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://serverstandar.com/AMELI-COVID19
HTTP 301
https://serverstandar.com/AMELI-COVID19 HTTP 301
https://serverstandar.com/AMELI-COVID19/ Page URL
-
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1
HTTP 301
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/ HTTP 302
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5 HTTP 301
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/ HTTP 302
http://u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/PortailAS/miseajour.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://serverstandar.com/AMELI-COVID19 HTTP 301
- https://serverstandar.com/AMELI-COVID19 HTTP 301
- https://serverstandar.com/AMELI-COVID19/
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
serverstandar.com/AMELI-COVID19/ Redirect Chain
|
214 B 347 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
miseajour.php
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/PortailAS/ Redirect Chain
|
18 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
1 KB 904 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
biblicnam-structure-sans.min.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
106 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
414 B 681 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hanan.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
1 KB 897 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
liens.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
893 B 858 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
forms.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boutons.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
general.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
40 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nav.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
colors.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
centrer.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
window.css
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/ |
402 B 611 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loadingam.gif
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/img/ |
30 KB 30 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.0.8/css/ |
35 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_general.png
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/css/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/js/ |
156 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/js/ |
34 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
add.class.js
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/js/ |
1 KB 743 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.card.min.js
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/js/ |
14 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ameliv2.blogspot.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
card_sprite.png
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/img/ |
309 KB 309 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ccv.gif
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/img/ |
509 B 861 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.0.8/webfonts/ |
39 KB 40 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu-separateur.png
u664783gie.ha004.t.justns.ru/AMELI-COVID-19/asm1/c40a5/images/as/ |
396 B 396 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Assurance Maladie (Healthcare)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| ccheck function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
u664783gie.ha004.t.justns.ru/ | Name: PHPSESSID Value: 207dd4d477ca714325183dd1224750a1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ameliv2.blogspot.com
cdnjs.cloudflare.com
maxcdn.bootstrapcdn.com
serverstandar.com
u664783gie.ha004.t.justns.ru
use.fontawesome.com
104.219.248.73
2001:4de0:ac19::1:b:3a
23.111.9.35
2606:4700::6811:4104
2a00:1450:4001:825::2001
2a00:b700::23
13c47722ca2ae1e689ffd7083448194db2b15f00b5be8065e9ba57807170cb05
1cf10f935f42da7e67bda25e16e7118226e3e357e78a2efd54468cb73876a194
241b183f93b07aa618a5cef791f3a0475e36ee93eaaada98523740f3b520b5db
275b7a867831a923bb2ab17160004afef43973ac2192b04724506608b8255d99
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
329316c18f273cc546a92591e8443d631842d97158f4b98a7633596fa794748c
3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10
4080b83d8afc4487b8229308be2f196372bd2123613b46388048f14159f07181
434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3
53c3cbf8a57b3b3ca098e13f2b7b3b0d3fc335c0c8cbe9c9b409e0cf7d7e6614
564a025175e43b6d916c34cbdc26e9c7ed2b5ecf2fd88cf2f2261def600d90ed
89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed
8ace94f1d77dacec95fbdca2f24e1dd5740aa38284bfd74b3473a8d8670f2765
8b67caadd4c2dc9062d42f101c3ee4ecc11aa7049d311026983a1cb8436d8dde
9e16d884ac8f1bbbc50dc0d65834d8463ce146dae6bfb32b561d207a37b292a0
ab81426c3eb4b51aeec0655306f2a20017de2b9f3b10c49db589c310a4ca98d9
b408de74a5d540646b52cd39557c6bf83c97169cce4dfb6b85db2434f81755ca
bc1564f6a4450b4dfd2dad3a37175d680aa4913d33fea243d0e7457a482ac1bb
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c3e285de4ffa27370a965adb865756cb95b1c8b9ccb60bc54838cac520b3acd9
ca2bce2c5b0abcccad035b76639deda8f296593c93fb0e6563b87bf21d90a9e2
cf36d0918b2e542e1402aefae8b75b789bf4bb5b0bce612b178ad184d94f1f25
d2d959c7ba13a6db0e8654f4c17638ef57a6aa85d321ed9be2118f752ea2742a
da0364ccdfe2426368b77807325bf80d1b9f7385b59d28f84809456354b8d204
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb3ce9f76c32acfbacc36d21aae2bcf726eafe02a2609ee027f87117811aa51b
fe5ed25e54cea083a0e577d1a65ddc88a8eb11310fd22a63c3d9ed917557f02e