amelie7b638291f3eb5a.ngrok.io
Open in
urlscan Pro
2600:1f16:d83:1200:cda7:be0:f101:864
Malicious Activity!
Public Scan
URL:
https://amelie7b638291f3eb5a.ngrok.io/assure/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Submission: On April 16 via manual from FR
Submission: On April 16 via manual from FR
Summary
This website contacted 5 IPs
in 2 countries
across 5 domains to perform 22 HTTP transactions.
The main IP is 2600:1f16:d83:1200:cda7:be0:f101:864, located in
Columbus, United States and
belongs to AMAZON-02, US.
The main domain is amelie7b638291f3eb5a.ngrok.io.
TLS certificate: Issued by RapidSSL RSA CA 2018 on March 10th 2020. Valid for: a year.
This is the only time amelie7b638291f3eb5a.ngrok.io was scanned on urlscan.io!
TLS certificate: Issued by RapidSSL RSA CA 2018 on March 10th 2020. Valid for: a year.
This is the only time amelie7b638291f3eb5a.ngrok.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Assurance Maladie (Healthcare)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 18 | 2600:1f16:d83... 2600:1f16:d83:1200:cda7:be0:f101:864 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 78.46.193.159 78.46.193.159 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:821::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 22 | 5 |
18
2600:1f16:d83:1200:cda7:be0:f101:864
(Columbus, United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| amelie7b638291f3eb5a.ngrok.io |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
ngrok.io
amelie7b638291f3eb5a.ngrok.io |
307 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
9 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
685 B |
| 1 |
imgur.com
i.imgur.com |
23 KB |
| 1 |
imgup.net
i76.imgup.net |
6 KB |
| 22 | 5 |
| Domain | Requested by | |
|---|---|---|
| 18 | amelie7b638291f3eb5a.ngrok.io |
amelie7b638291f3eb5a.ngrok.io
|
| 1 | fonts.gstatic.com |
amelie7b638291f3eb5a.ngrok.io
|
| 1 | fonts.googleapis.com |
amelie7b638291f3eb5a.ngrok.io
|
| 1 | i.imgur.com |
amelie7b638291f3eb5a.ngrok.io
|
| 1 | i76.imgup.net |
amelie7b638291f3eb5a.ngrok.io
|
| 22 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.ngrok.io RapidSSL RSA CA 2018 |
2020-03-10 - 2021-03-10 |
a year | crt.sh |
| *.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1O1 |
2020-04-01 - 2020-06-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://amelie7b638291f3eb5a.ngrok.io/assure/formulaireInfos.php?op=c%26url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Frame ID: 8D08C43AE769F1E26FBE95BB125A2B5C
Requests: 22 HTTP requests in this frame
Screenshot
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
Windows Server
(Operating Systems)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
IIS
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
 Cookie set
formulaireInfos.php
amelie7b638291f3eb5a.ngrok.io/assure/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
amelie7b638291f3eb5a.ngrok.io/assure/templates/styles/ |
105 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
commun.css
amelie7b638291f3eb5a.ngrok.io/assure/templates/styles/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mire.css
amelie7b638291f3eb5a.ngrok.io/assure/templates/styles/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dac.css
amelie7b638291f3eb5a.ngrok.io/assure/templates/styles/ |
771 B 853 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
font-awesome.min.css
amelie7b638291f3eb5a.ngrok.io/assure/templates/fa/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
accepted_c22e0.png
i76.imgup.net/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
apbqYpg.png
i.imgur.com/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/ |
33 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
auth2019v3.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/dyn/ |
75 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
idContact.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/dyn/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
messages.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/dyn/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
urls.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/dyn/ |
571 B 663 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
configuration.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/dyn/ |
929 B 909 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
franceConnect.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/dyn/ |
159 B 523 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.details.js
amelie7b638291f3eb5a.ngrok.io/assure/templates/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
2 KB 685 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
amelie7b638291f3eb5a.ngrok.io/assure/templates/styles/ |
120 KB 120 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fontawesome-webfont.woff2
amelie7b638291f3eb5a.ngrok.io/assure/templates/fa/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fontawesome-webfont.woff
amelie7b638291f3eb5a.ngrok.io/assure/templates/fa/fonts/ |
96 KB 96 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Assurance Maladie (Healthcare)70 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| trim function| hasClassName function| addClassName function| deleteClassName function| NoError function| erreurEtVideChamps function| erreurEtGardeChamps function| obligatoire function| obligatoireNoFg function| estVide function| exactement function| exactementv2 function| verifiePWD function| verifieDate function| verifieDatev2 function| auMoins function| videChamps function| switchEtVideChamps function| switchEtVideChampsSurId function| noSend function| rePermit function| reverseEtGardeChamps function| reverseEtGardeChampsSurId function| afficheChampsenSus function| donneFocus function| afficheForm function| controleFormulaireEtSubmit function| messageACaractereInformatif function| ecouteReponseForm function| controleEntreeLive function| accordeon function| disconnect function| traiteOubli function| traite3S function| traitePAS function| traiteLMDP function| switchVisuMdp function| resendSMS function| decompte function| getPrecedent function| incrementPrecedent function| pagePrecedente function| initIdContact function| initMessages string| PortPub string| PathPub string| PathPriv string| PathCFP string| Payer string| ProPrivFqdn string| ProPrivPath string| fqdnFCFS string| pathFCFS string| authFCFS undefined| stateObj string| afficherVersion number| afficherGestPas number| afficherActualites string| urlBudget number| afficherChangerSpi number| afficherVisuMdp string| urlMPRecup number| debrayerSMS string| authType string| pageServices number| desactiveFranceConnect1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| amelie7b638291f3eb5a.ngrok.io/ | Name: PHPSESSID Value: rnhpdg1nu3s6vigd28pg3v70b2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amelie7b638291f3eb5a.ngrok.io
fonts.googleapis.com
fonts.gstatic.com
i.imgur.com
i76.imgup.net
151.101.112.193
2600:1f16:d83:1200:cda7:be0:f101:864
2a00:1450:4001:806::200a
2a00:1450:4001:821::2003
78.46.193.159
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07a4d78d858bb93b3220fd4af3f599035ea5e4f932bfb53b1196ee328116c5b9
084a40e80e93de71d06ed2dd71d1e342eb101e85e251ae1f5a581e124d2bbf70
328456cc771ebe61aaad9d3fd5e5dfc1f8b158daa5f196290cf55aed483a6911
355d6f09f4e882cc47eed823fe12844b3d2a5b1c958af337817148e0be240608
3a98cf6bdbbd2d86df4bea4d6e78f8df08bf531a82d2a2b4716abfd6ae2a7822
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
75b52a07e8d4d433f8dc2dd323b7661d7945611c3258161ce37772f4dda615ad
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9a6bbae7a8486cff86f36b0a14cd93824f5cba396cfb99b0d20889dd06b98c55
9cddc7c4103da2c7fc0e4aaefc621dfb5686d61776d71b97df63fa59205f430e
a4378f8d6faa5e999d889eafd5cc9629baf351c252910c28d667fc942e86c907
a8252492db56de6a43a1e52010746aa4b09c216f522dfaa82a62169a811e3405
b76f2c252c0ba3229c61bcd601d7582ac32bfbb48c57c8986e351aca3f0ca072
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
c3eb3265dddf3a7527147670249ad8a956870e0fa4c3dfaf99a3b4d737ca56c8
cece61d8fd5fbeb96fa77967e4bbc4aa19e4111468133b5cd1521c1b823b43bc
dc35e548f9f5cdddeb342e5663624a19cf8f4df71260d362b92d5bc620fbdaba
e8a155d7bfd6bd83dcfe9105bef4e233573cb9cf3d55d051f9143888ec4fa564
f9d32f35707df52561a55b4649691ba45a3b1d638ffbfdaf514d3c7b1751c49d
feb2c90181ca199fe02f5f33f99d418953958a514fd8952f771ffe8210808e20