ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com
Open in
urlscan Pro
2a03:b0c0:3:d0::d23:d001
Malicious Activity!
Public Scan
Submission: On June 18 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by R3 on June 18th 2021. Valid for: 3 months.
This is the only time ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Assurance Maladie (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2a03:b0c0:3:d... 2a03:b0c0:3:d0::d23:d001 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 50.16.218.217 50.16.218.217 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 95.179.220.144 95.179.220.144 | 20473 (AS-CHOOPA) (AS-CHOOPA) | |
4 | 52.210.208.94 52.210.208.94 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 4 |
ASN14061 (DIGITALOCEAN-ASN, US)
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-218-217.compute-1.amazonaws.com
api.ipify.org |
ASN20473 (AS-CHOOPA, US)
PTR: 95.179.220.144.vultr.com
authen-particulier.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-208-94.eu-west-1.compute.amazonaws.com
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
serviceenlignevoscompte.com
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com |
105 KB |
4 |
platformsh.site
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site |
406 B |
2 |
authen-particulier.com
authen-particulier.com |
371 B |
1 |
ipify.org
api.ipify.org |
304 B |
12 | 4 |
Domain | Requested by | |
---|---|---|
5 | ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com |
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com
|
4 | master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site |
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com
|
2 | authen-particulier.com |
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com
|
1 | api.ipify.org |
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com
|
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com R3 |
2021-06-18 - 2021-09-16 |
3 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2021-01-19 - 2022-02-19 |
a year | crt.sh |
authen-particulier.com R3 |
2021-05-25 - 2021-08-23 |
3 months | crt.sh |
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site R3 |
2021-06-12 - 2021-09-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com/
Frame ID: 5942A39C23C8BBC4A759BFE61B3BB2DE
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com/ |
518 B 725 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
general.css
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com/static/css/ |
633 B 761 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.12e82920.css
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com/static/css/ |
63 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.433066b0.js
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com/static/js/ |
333 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
23 B 304 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contact.php
authen-particulier.com/ |
32 B 371 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
contact.php
authen-particulier.com/ |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_regime_general.57cf389e.bin
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com/static/media/ |
6 KB 6 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site// |
5 B 101 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site// |
5 B 102 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site// |
5 B 102 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site// |
5 B 101 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Assurance Maladie (Healthcare)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ameli.fr.serviceenlignevoscompte.com.serviceenlignevoscompte.com
api.ipify.org
authen-particulier.com
master-7rqtwti-742jrczr6g4ig.eu-2.platformsh.site
2a03:b0c0:3:d0::d23:d001
50.16.218.217
52.210.208.94
95.179.220.144
105b9446be68791cc9ffa0413871ee34b3a3f83b12bd0dbb8f357cad6634e9af
3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10
38e0b9de817f645c4bec37c0d4a3e58baecccb040f5718dc069a72c7385a0bed
50c2ee27aeaf8f8ffef3774acac310770e5568a78801c0603634aeddd8b6ad90
78f39c04f49a6d2fca099a49ed1c85671e73778ca07a733ce39e85fc20c5c00b
bfd0d5fc45cd622978287286c59bfd11445fcc4550de3f1798f26ab7d5987067
cee462cec475d44821f0ebbdee2f2db4d956ca918ce8342bee9902a1e4641384
e7c835cf4e514f78d7ea4e4bfcfb8fd888d84dd75ca33bc1642257c40668ed53