prissmfrzs.cluster011.ovh.net
Open in
urlscan Pro
2001:41d0:1:1b00:213:186:33:40
Malicious Activity!
Public Scan
Effective URL: http://prissmfrzs.cluster011.ovh.net/adherent/App/App/
Submission: On August 30 via api from FR — Scanned from FR
Summary
This is the only time prissmfrzs.cluster011.ovh.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Assurance Maladie (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.241.186.140 35.241.186.140 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
4 | 2001:41d0:1:1... 2001:41d0:1:1b00:213:186:33:40 | 16276 (OVH) (OVH) | |
3 3 | 2606:4700:303... 2606:4700:3037::6815:3f6d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 6 | 2a06:98c1:312... 2a06:98c1:3121::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 3 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 140.186.241.35.bc.googleusercontent.com
5o3l.mj.am |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
ovh.net
prissmfrzs.cluster011.ovh.net |
12 KB |
3 |
downzit.com
downzit.com |
|
3 |
googleplay-apk.com
3 redirects
www.googleplay-apk.com |
1 KB |
3 |
imggmi.com
3 redirects
cdn1.imggmi.com |
1 KB |
1 |
mj.am
1 redirects
5o3l.mj.am |
266 B |
7 | 5 |
Domain | Requested by | |
---|---|---|
4 | prissmfrzs.cluster011.ovh.net |
prissmfrzs.cluster011.ovh.net
|
3 | downzit.com |
prissmfrzs.cluster011.ovh.net
|
3 | www.googleplay-apk.com | 3 redirects |
3 | cdn1.imggmi.com | 3 redirects |
1 | 5o3l.mj.am | 1 redirects |
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://prissmfrzs.cluster011.ovh.net/adherent/App/App/
Frame ID: B2F60AFB7AE15AFD966360B3E41D01E0
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://5o3l.mj.am/lnk/ANEAAM84LIEAAcfAesQAAKOS1bUAARH74jsAmUm_AAUZXwBi9YwDvKwy0GS9Rdq8TFVMJ2mQ...
HTTP 302
http://prissmfrzs.cluster011.ovh.net/work/Suivi/index.php?id=937U4938973783939&utm_campaign=22-JUI&utm_medium=ema... Page URL
- http://prissmfrzs.cluster011.ovh.net/adherent/App/App/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://5o3l.mj.am/lnk/ANEAAM84LIEAAcfAesQAAKOS1bUAARH74jsAmUm_AAUZXwBi9YwDvKwy0GS9Rdq8TFVMJ2mQIwABU_M/1/-v_HQdlx0kdRv0AjOBI9MQ/aHR0cDovL3ByaXNzbWZyenMuY2x1c3RlcjAxMS5vdmgubmV0L3dvcmsvU3VpdmkvaW5kZXgucGhwP2lkPTkzN1U0OTM4OTczNzgzOTM5JnV0bV9jYW1wYWlnbj0yMi1KVUkmdXRtX21lZGl1bT1lbWFpbCZ1dG1fc291cmNlPU1haWxqZXQ
HTTP 302
http://prissmfrzs.cluster011.ovh.net/work/Suivi/index.php?id=937U4938973783939&utm_campaign=22-JUI&utm_medium=email&utm_source=Mailjet Page URL
- http://prissmfrzs.cluster011.ovh.net/adherent/App/App/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://5o3l.mj.am/lnk/ANEAAM84LIEAAcfAesQAAKOS1bUAARH74jsAmUm_AAUZXwBi9YwDvKwy0GS9Rdq8TFVMJ2mQIwABU_M/1/-v_HQdlx0kdRv0AjOBI9MQ/aHR0cDovL3ByaXNzbWZyenMuY2x1c3RlcjAxMS5vdmgubmV0L3dvcmsvU3VpdmkvaW5kZXgucGhwP2lkPTkzN1U0OTM4OTczNzgzOTM5JnV0bV9jYW1wYWlnbj0yMi1KVUkmdXRtX21lZGl1bT1lbWFpbCZ1dG1fc291cmNlPU1haWxqZXQ HTTP 302
- http://prissmfrzs.cluster011.ovh.net/work/Suivi/index.php?id=937U4938973783939&utm_campaign=22-JUI&utm_medium=email&utm_source=Mailjet
- https://cdn1.imggmi.com/uploads/2019/10/24/323e1671b633d1044f7a11379e8f63f8-full.png HTTP 301
- https://www.googleplay-apk.com/ HTTP 301
- https://downzit.com/
- https://cdn1.imggmi.com/uploads/2019/10/24/e40317b608a1fdebed7e7f21b3368de0-full.png HTTP 301
- https://www.googleplay-apk.com/ HTTP 301
- https://downzit.com/
- https://cdn1.imggmi.com/uploads/2019/10/24/4e2e086e85b744cae5382927a1729085-full.png HTTP 301
- https://www.googleplay-apk.com/ HTTP 301
- https://downzit.com/
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.php
prissmfrzs.cluster011.ovh.net/work/Suivi/ Redirect Chain
|
141 B 501 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
prissmfrzs.cluster011.ovh.net/adherent/App/App/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
prissmfrzs.cluster011.ovh.net/adherent/App/App/css/ |
46 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.jpg
prissmfrzs.cluster011.ovh.net/adherent/App/App/img/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
266 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
downzit.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
downzit.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
downzit.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Assurance Maladie (Healthcare)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
5o3l.mj.am
cdn1.imggmi.com
downzit.com
prissmfrzs.cluster011.ovh.net
www.googleplay-apk.com
2001:41d0:1:1b00:213:186:33:40
2606:4700:3037::6815:3f6d
2a06:98c1:3121::c
35.241.186.140
3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10
5340f2d3338f35a973c994ddcce2359be440ab6d635a4984b633735f22540fb1
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
7e9d8748dcac496361a8c0341637dcf4a47a79022a4f00be98b69cb661c19074
96420a6b9ddcf817ffc0a12b2bb00eeb1d53a06003bd81129e31b4bc76355b05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855