www.igovvite.com
Open in
urlscan Pro
67.223.117.20
Malicious Activity!
Public Scan
Effective URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Submission: On August 09 via manual from MA — Scanned from DE
Summary
TLS certificate: Issued by R10 on June 27th 2024. Valid for: 3 months.
This is the only time www.igovvite.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.241.186.140 35.241.186.140 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 52.95.190.74 52.95.190.74 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 162.0.224.56 162.0.224.56 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
10 | 67.223.117.20 67.223.117.20 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
4 | 104.16.160.145 104.16.160.145 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 3 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 140.186.241.35.bc.googleusercontent.com
s5xq4.mjt.lu |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ca-central-1.amazonaws.com
mcav.s3.ca-central-1.amazonaws.com |
ASN22612 (NAMECHEAP-NET, US)
PTR: mail.recessionproofblueprints.co
www.igovvite.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
igovvite.com
www.igovvite.com |
604 KB |
4 |
onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 5708 onesignal.com — Cisco Umbrella Rank: 1415 |
75 KB |
1 |
bugfa.com
1 redirects
bugfa.com |
542 B |
1 |
amazonaws.com
mcav.s3.ca-central-1.amazonaws.com |
685 B |
1 |
mjt.lu
1 redirects
s5xq4.mjt.lu |
228 B |
15 | 5 |
Domain | Requested by | |
---|---|---|
10 | www.igovvite.com |
mcav.s3.ca-central-1.amazonaws.com
www.igovvite.com |
2 | onesignal.com |
cdn.onesignal.com
|
2 | cdn.onesignal.com |
www.igovvite.com
cdn.onesignal.com |
1 | bugfa.com | 1 redirects |
1 | mcav.s3.ca-central-1.amazonaws.com | |
1 | s5xq4.mjt.lu | 1 redirects |
15 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.ca-central-1.amazonaws.com Amazon RSA 2048 M01 |
2024-07-28 - 2025-06-29 |
a year | crt.sh |
www.jozpotan.com R10 |
2024-06-27 - 2024-09-25 |
3 months | crt.sh |
onesignal.com WE1 |
2024-07-29 - 2024-10-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Frame ID: 4F552828F83006248C94B4D70E765007
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
GmailPage URL History Show full URLs
-
https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUK...
HTTP 302
https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html Page URL
-
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809
HTTP 307
https://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 307
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 302
https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pme... Page URL
Detected technologies
OneSignal (Marketing automation) ExpandDetected patterns
- cdn\.onesignal\.com
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUKuAAm684/1/pKRtgzEGZj9Gok53Z67fiQ/aHR0cHM6Ly9tY2F2LnMzLmNhLWNlbnRyYWwtMS5hbWF6b25hd3MuY29tL3Z0cmNhZGUuaHRtbA
HTTP 302
https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html Page URL
-
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809
HTTP 307
https://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 307
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 302
https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUKuAAm684/1/pKRtgzEGZj9Gok53Z67fiQ/aHR0cHM6Ly9tY2F2LnMzLmNhLWNlbnRyYWwtMS5hbWF6b25hd3MuY29tL3Z0cmNhZGUuaHRtbA HTTP 302
- https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
vtrcade.html
mcav.s3.ca-central-1.amazonaws.com/ Redirect Chain
|
291 B 685 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
www.igovvite.com/FR/FR_fnamal/ Redirect Chain
|
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquer.js
www.igovvite.com/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p.min.js
www.igovvite.com/FR/FR_fnamal/files/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
os.js
www.igovvite.com/ |
952 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BButton.js
www.igovvite.com/ |
577 B 837 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.igovvite.com/FR/FR_fnamal/files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ama.png
www.igovvite.com/FR/FR_fnamal/files/ |
234 KB 234 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Montserrat-SemiBold.ttf
www.igovvite.com/FR/FR_fnamal/files/ |
238 KB 238 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OneSignalSDK.page.js
cdn.onesignal.com/sdks/web/v16/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OneSignalSDK.page.es6.js
cdn.onesignal.com/sdks/web/v16/ |
259 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
web
onesignal.com/api/v1/sync/eb6867ad-efc3-423c-8c0b-0a7b12b86da0/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
OneSignalSDK.page.styles.css
onesignal.com/sdks/web/v16/ |
81 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico.png
www.igovvite.com/FR/FR_fnamal/files/ |
27 KB 28 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico.png
www.igovvite.com/FR/FR_fnamal/files/ |
27 KB 0 |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery string| portal string| theme string| template string| brand_country object| dayNames object| monthNames string| img_regalo string| minutos_y string| segundos object| modalOptions function| getURLParameter function| redirect function| getCurrentDate function| stepfinal function| goToUrlFinish function| getBrowser function| getPlatform object| boxRoot number| count number| intentos string| a string| x function| OneSignalDeferred number| __oneSignalSdkLoadCount function| OneSignal function| __jp03 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bugfa.com/ | Name: uclick Value: ocfte83v |
|
bugfa.com/ | Name: uclickhash Value: ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2 |
|
.onesignal.com/ | Name: __cf_bm Value: u7lpfOS7igehN0g0WlA6ijSp1jI8zSJ5yScXW_UdBWw-1723213560-1.0.1.1-43iNOdJwQa9y8NQLImt3NoRtEJPKPw8OXQ0YH3hnhiS4D13Acljz6yyQicNFXENCWLN7bvM9fWD_SDCqjzYPaQ |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bugfa.com
cdn.onesignal.com
mcav.s3.ca-central-1.amazonaws.com
onesignal.com
s5xq4.mjt.lu
www.igovvite.com
104.16.160.145
162.0.224.56
35.241.186.140
52.95.190.74
67.223.117.20
058eeeab39a650f6724fce5c96e8272c4a5d8e6c2cfe3d7e6465626f6df522b6
0b5ca60568ea3149d9b66eaa8d7d2187eb5aae7a464afc1b0f6628037f858014
61217fa900381fc5f3b000919fbd325eaf16eb48bcc2bd6874d9f5f79ff52697
61aaea264cda3bda33a016410fac4b228cec8996305ddd66c4aae5ce1aea0c13
6904bf8095f816ee8ab9d75d35ef6472c1d3d877c8b6914eee411c7ae8412c09
6cb922a7f9dddb45e3c3e08509eeb1be20a505d920aff6f155dec3cd1ff4b340
9c9c33dcbf0aa62d15a7723339b5f3d757267568d9faae5ded11ce9940bdce5c
cfec5bf838970781b8ba4719b84da76d554ae91e4d18f85f88d379748ee4fb5d
d24ec64291900c8a48816a802de8d32e6f4466018218cab64f9961fe33b0f71f
e89572a5dc5f0706ee07685cf5391c78d8fb2f907f6fa15cc45fb2435df9d93e
f227901ef48ac4d1fe4cc6ed0dbce99e6b38969babe5e05da2dfb33521b02944
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbe8559ad3b4307678250a671b8c259adf8ded119c8d133d1b706f0f4879a051