www.igovvite.com Open in urlscan Pro
67.223.117.20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUKuAAm684/1/pKRtgzEGZj...
Effective URL:
https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Submission: On August 09 via manual (August 9th 2024, 2:26:05 pm UTC) from MA — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 5 domains to perform 15 HTTP transactions. The main IP is 67.223.117.20, located in United States and belongs to NAMECHEAP-NET, US. The main domain is www.igovvite.com.
TLS certificate: Issued by R10 on June 27th 2024. Valid for: 3 months.

This is the only time www.igovvite.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.241.186.140 35.241.186.140	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.95.190.74 52.95.190.74	16509 (AMAZON-02) (AMAZON-02)
1 1	162.0.224.56 162.0.224.56	22612 (NAMECHEAP...) (NAMECHEAP-NET)
10	67.223.117.20 67.223.117.20	22612 (NAMECHEAP...) (NAMECHEAP-NET)
4	104.16.160.145 104.16.160.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	3

1 35.241.186.140 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 140.186.241.35.bc.googleusercontent.com

s5xq4.mjt.lu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.95.190.74 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ca-central-1.amazonaws.com

mcav.s3.ca-central-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.0.224.56 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: server.zenopreneur.com

bugfa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 67.223.117.20 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: mail.recessionproofblueprints.co

www.igovvite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.160.145 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	igovvite.com www.igovvite.com	604 KB
4	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 5708 onesignal.com — Cisco Umbrella Rank: 1415	75 KB
1	bugfa.com 1 redirects bugfa.com	542 B
1	amazonaws.com mcav.s3.ca-central-1.amazonaws.com	685 B
1	mjt.lu 1 redirects s5xq4.mjt.lu	228 B
15	5

	Domain	Requested by
10	www.igovvite.com	mcav.s3.ca-central-1.amazonaws.com www.igovvite.com
2	onesignal.com	cdn.onesignal.com
2	cdn.onesignal.com	www.igovvite.com cdn.onesignal.com
1	bugfa.com	1 redirects
1	mcav.s3.ca-central-1.amazonaws.com
1	s5xq4.mjt.lu	1 redirects
15	6

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.ca-central-1.amazonaws.com Amazon RSA 2048 M01	`2024-07-28` - `2025-06-29`	a year	crt.sh
www.jozpotan.com R10	`2024-06-27` - `2024-09-25`	3 months	crt.sh
onesignal.com WE1	`2024-07-29` - `2024-10-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Frame ID: 4F552828F83006248C94B4D70E765007
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gmail

Page URL History Show full URLs

https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUK... HTTP 302
https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html Page URL
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 307
https://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 307
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 302
https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pme... Page URL

Detected technologies

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

3
IPs

4
Countries

679 kB
Transfer

981 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUKuAAm684/1/pKRtgzEGZj9Gok53Z67fiQ/aHR0cHM6Ly9tY2F2LnMzLmNhLWNlbnRyYWwtMS5hbWF6b25hd3MuY29tL3Z0cmNhZGUuaHRtbA HTTP 302
https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html Page URL
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 307
https://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 307
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809 HTTP 302
https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUKuAAm684/1/pKRtgzEGZj9Gok53Z67fiQ/aHR0cHM6Ly9tY2F2LnMzLmNhLWNlbnRyYWwtMS5hbWF6b25hd3MuY29tL3Z0cmNhZGUuaHRtbA HTTP 302
https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

vtrcade.html
mcav.s3.ca-central-1.amazonaws.com/
Redirect Chain

https://s5xq4.mjt.lu/lnk/AV0AAEmzPkgAAc3IsNYAAfptJWIAAYCtiMkAnkECACoMLgBmtg42ir8bz4EITf6dUx556FUKuAAm684/1/pKRtgzEGZj9Gok53Z67fiQ/aHR0cHM6Ly9tY2F2LnMzLmNhLWNlbnRyYWwtMS5hbWF6b25hd3MuY29tL3Z0cmNhZGU...
https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html

291 B
685 B

425ms
142ms

Document
text/html

52.95.190.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 52.95.190.74 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Content-Length: 291
Content-Type: text/html
Date: Fri, 09 Aug 2024 14:25:59 GMT
ETag: "7eea9e89f65a39c32c6c5f78ff3b509b"
Last-Modified: Fri, 09 Aug 2024 12:37:49 GMT
Server: AmazonS3
x-amz-id-2: YmWjyEQEUAQUeRx0YTFehpOWkFgcOoH7vOirmuzkCORUgDQK3dVCVsw1viSLwEypwFxRrqs5zok=
x-amz-request-id: 6G0TJMJ774FBKBVD
x-amz-server-side-encryption: AES256

Redirect headers

content-length: 78
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 14:25:57 GMT
location: https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html

GET
H/1.1

200
OK

Primary Request / Show response
www.igovvite.com/FR/FR_fnamal/
Redirect Chain

http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809
https://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809
http://bugfa.com/click.php?key=q7dovzo8cskh6ttircvz&batchid=FR_BH0806_0809
https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2

10 KB
4 KB

751ms
194ms

Document
text/html

67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Requested by: Host: mcav.s3.ca-central-1.amazonaws.com
URL: https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6904bf8095f816ee8ab9d75d35ef6472c1d3d877c8b6914eee411c7ae8412c09

Request headers

Referer: https://mcav.s3.ca-central-1.amazonaws.com/vtrcade.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 09 Aug 2024 14:25:59 GMT
ETag: W/"66585df8-2914"
Last-Modified: Thu, 30 May 2024 11:07:36 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 09 Aug 2024 14:25:58 GMT
Location: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

GET
H/1.1 200
OK jquer.js Show response
www.igovvite.com/ 87 KB
88 KB 386ms
386ms Script
application/javascript 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/jquer.js
Requested by: Host: www.igovvite.com
URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:25:59 GMT
Last-Modified: Wed, 10 Apr 2024 08:48:31 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6616525f-15d84"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89476

GET
H/1.1 200
OK p.min.js Show response
www.igovvite.com/FR/FR_fnamal/files/ 6 KB
6 KB 583ms
194ms Script
application/javascript 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/FR/FR_fnamal/files/p.min.js
Requested by: Host: www.igovvite.com
URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 9c9c33dcbf0aa62d15a7723339b5f3d757267568d9faae5ded11ce9940bdce5c

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:00 GMT
Last-Modified: Wed, 29 May 2024 10:07:47 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6656fe73-171b"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5915

GET
H/1.1 200
OK os.js Show response
www.igovvite.com/ 952 B
1 KB 194ms
194ms Script
application/javascript 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/os.js
Requested by: Host: www.igovvite.com
URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6cb922a7f9dddb45e3c3e08509eeb1be20a505d920aff6f155dec3cd1ff4b340

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:00 GMT
Last-Modified: Wed, 17 Jul 2024 06:28:12 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6697647c-3b8"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 952

GET
H/1.1 200
OK BButton.js Show response
www.igovvite.com/ 577 B
837 B 194ms
194ms Script
application/javascript 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/BButton.js
Requested by: Host: www.igovvite.com
URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 61aaea264cda3bda33a016410fac4b228cec8996305ddd66c4aae5ce1aea0c13

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:00 GMT
Last-Modified: Fri, 12 Jul 2024 16:42:37 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "66915cfd-241"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 577

GET
H/1.1 200
OK logo.png
www.igovvite.com/FR/FR_fnamal/files/ 4 KB
4 KB 562ms
188ms Image
image/png 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.igovvite.com/FR/FR_fnamal/files/logo.png
Requested by: Host: www.igovvite.com
URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 61217fa900381fc5f3b000919fbd325eaf16eb48bcc2bd6874d9f5f79ff52697

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:00 GMT
Last-Modified: Wed, 29 May 2024 10:07:47 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6656fe73-10fd"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4349

GET
H/1.1 200
OK ama.png
www.igovvite.com/FR/FR_fnamal/files/ 234 KB
234 KB 773ms
386ms Image
image/png 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.igovvite.com/FR/FR_fnamal/files/ama.png
Requested by: Host: www.igovvite.com
URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0b5ca60568ea3149d9b66eaa8d7d2187eb5aae7a464afc1b0f6628037f858014

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:00 GMT
Last-Modified: Wed, 29 May 2024 10:07:47 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6656fe73-3a60a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 239114

GET
H/1.1 200
OK Montserrat-SemiBold.ttf
www.igovvite.com/FR/FR_fnamal/files/ 238 KB
238 KB 375ms
375ms Font
application/octet-stream 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/FR/FR_fnamal/files/Montserrat-SemiBold.ttf
Requested by: Host: www.igovvite.com
URL: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f227901ef48ac4d1fe4cc6ed0dbce99e6b38969babe5e05da2dfb33521b02944

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
Origin: https://www.igovvite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:00 GMT
Last-Modified: Wed, 29 May 2024 10:07:47 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6656fe73-3b868"
Content-Type: application/octet-stream
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 243816

GET
H3 200 OneSignalSDK.page.js Show response
cdn.onesignal.com/sdks/web/v16/ 2 KB
1 KB 125ms
73ms Script
application/javascript 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js

Requested by

Host: www.igovvite.com
URL: https://www.igovvite.com/os.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

058eeeab39a650f6724fce5c96e8272c4a5d8e6c2cfe3d7e6465626f6df522b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.igovvite.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 14:26:00 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 948
etag: W/"19fb0fd50e69d6b97e1badc837a6dff2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8b086b31affd3506-WAW
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Mon, 12 Aug 2024 14:26:00 GMT

GET
H3 200 OneSignalSDK.page.es6.js Show response
cdn.onesignal.com/sdks/web/v16/ 259 KB
63 KB 75ms
75ms Script
application/javascript 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.es6.js?v=160202

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d24ec64291900c8a48816a802de8d32e6f4466018218cab64f9961fe33b0f71f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.igovvite.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 14:26:00 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 3513
etag: W/"2d5effdf1f67f3d889acd0f923ae833f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8b086b3228a43506-WAW
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Mon, 12 Aug 2024 14:26:00 GMT

GET
H3 200 web Show response
onesignal.com/api/v1/sync/eb6867ad-efc3-423c-8c0b-0a7b12b86da0/ 4 KB
2 KB 65ms
64ms Script
text/javascript 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/eb6867ad-efc3-423c-8c0b-0a7b12b86da0/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.es6.js?v=160202

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e89572a5dc5f0706ee07685cf5391c78d8fb2f907f6fa15cc45fb2435df9d93e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.igovvite.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 14:26:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
age: 3120
cf-polished: origSize=3967
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: b5a4c3e2-c1f8-47df-83af-85e4f837e08b
x-runtime: 0.040868
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"6d6287274aae22ac77eb395f5c35286d"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 8b086b3349eb3506-WAW
access-control-allow-headers: SDK-Version
expires: Fri, 09 Aug 2024 15:26:00 GMT

GET
H3 200 OneSignalSDK.page.styles.css
onesignal.com/sdks/web/v16/ 81 KB
9 KB 65ms
64ms Stylesheet
text/css 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/web/v16/OneSignalSDK.page.styles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.es6.js?v=160202

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfec5bf838970781b8ba4719b84da76d554ae91e4d18f85f88d379748ee4fb5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://www.igovvite.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 14:26:01 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1586
etag: W/"4d2d93daa58eeb4af0cdacaabf8bfe82"
cf-polished: origSize=83008
vary: Accept-Encoding
content-type: text/css
cf-ray: 8b086b343b033506-WAW
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK ico.png
www.igovvite.com/FR/FR_fnamal/files/ 27 KB
28 KB 190ms
190ms Other
image/png 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/FR/FR_fnamal/files/ico.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: fbe8559ad3b4307678250a671b8c259adf8ded119c8d133d1b706f0f4879a051

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:01 GMT
Last-Modified: Wed, 29 May 2024 10:07:47 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "6656fe73-6df1"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28145

GET
H/1.1 200
OK ico.png
www.igovvite.com/FR/FR_fnamal/files/ 27 KB
0 0ms
0ms Other
image/png 67.223.117.20
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.igovvite.com/FR/FR_fnamal/files/ico.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.223.117.20 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: mail.recessionproofblueprints.co
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: fbe8559ad3b4307678250a671b8c259adf8ded119c8d133d1b706f0f4879a051

Request headers

Referer: https://www.igovvite.com/FR/FR_fnamal/?uclick=ocfte83v&uclickhash=ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 14:26:01 GMT
Last-Modified: Wed, 29 May 2024 10:07:47 GMT
Server: nginx/1.18.0 (Ubuntu)
Accept-Ranges: bytes
ETag: "6656fe73-6df1"
Content-Length: 28145
Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bugfa.com/	1970-01-20 22:41:39	Name: uclick Value: ocfte83v
bugfa.com/	1970-01-20 22:41:39	Name: uclickhash Value: ocfte83v-ocfte83v-7swh-0-bzfvdz-pmejb4-pm6jdu-3036a2
.onesignal.com/	1970-01-20 22:40:15	Name: __cf_bm Value: u7lpfOS7igehN0g0WlA6ijSp1jI8zSJ5yScXW_UdBWw-1723213560-1.0.1.1-43iNOdJwQa9y8NQLImt3NoRtEJPKPw8OXQ0YH3hnhiS4D13Acljz6yyQicNFXENCWLN7bvM9fWD_SDCqjzYPaQ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bugfa.com
cdn.onesignal.com
mcav.s3.ca-central-1.amazonaws.com
onesignal.com
s5xq4.mjt.lu
www.igovvite.com
104.16.160.145
162.0.224.56
35.241.186.140
52.95.190.74
67.223.117.20
058eeeab39a650f6724fce5c96e8272c4a5d8e6c2cfe3d7e6465626f6df522b6
0b5ca60568ea3149d9b66eaa8d7d2187eb5aae7a464afc1b0f6628037f858014
61217fa900381fc5f3b000919fbd325eaf16eb48bcc2bd6874d9f5f79ff52697
61aaea264cda3bda33a016410fac4b228cec8996305ddd66c4aae5ce1aea0c13
6904bf8095f816ee8ab9d75d35ef6472c1d3d877c8b6914eee411c7ae8412c09
6cb922a7f9dddb45e3c3e08509eeb1be20a505d920aff6f155dec3cd1ff4b340
9c9c33dcbf0aa62d15a7723339b5f3d757267568d9faae5ded11ce9940bdce5c
cfec5bf838970781b8ba4719b84da76d554ae91e4d18f85f88d379748ee4fb5d
d24ec64291900c8a48816a802de8d32e6f4466018218cab64f9961fe33b0f71f
e89572a5dc5f0706ee07685cf5391c78d8fb2f907f6fa15cc45fb2435df9d93e
f227901ef48ac4d1fe4cc6ed0dbce99e6b38969babe5e05da2dfb33521b02944
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbe8559ad3b4307678250a671b8c259adf8ded119c8d133d1b706f0f4879a051

www.igovvite.com Open in urlscan Pro 67.223.117.20 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

5 Domains

6 Subdomains

3 IPs

4 Countries

679 kBTransfer

981 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

3 Cookies

Indicators

www.igovvite.com Open in urlscan Pro
67.223.117.20 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

3
IPs

4
Countries

679 kB
Transfer

981 kB
Size

3
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!