gouv-antai-france.com Open in urlscan Pro
95.214.25.67 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f...
Submission: On November 23 via api (November 23rd 2023, 5:22:44 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 95.214.25.67, located in United States and belongs to AS-MATRIXTELECOM, GB. The main domain is gouv-antai-france.com.
TLS certificate: Issued by R3 on November 14th 2023. Valid for: 3 months.

This is the only time gouv-antai-france.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: FR Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
6	95.214.25.67 95.214.25.67	216419 (AS-MATRIX...) (AS-MATRIXTELECOM)
2	160.92.148.108 160.92.148.108	47957 (ING-AS) (ING-AS)
1	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:e6:... 2606:4700:e6::ac40:cc14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	4

6 95.214.25.67 (United States)

ASN216419 (AS-MATRIXTELECOM, GB)

gouv-antai-france.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 160.92.148.108 (France)

ASN47957 (ING-AS, FR)
PTR: prod-tai-tfi-as.ca-zne-tlp.as8677.net

www.amendes.gouv.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e6::ac40:cc14 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	gouv-antai-france.com gouv-antai-france.com	10 KB
5	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1492 ka-f.fontawesome.com — Cisco Umbrella Rank: 2891	34 KB
2	amendes.gouv.fr www.amendes.gouv.fr	23 KB
13	3

	Domain	Requested by
6	gouv-antai-france.com	gouv-antai-france.com
4	ka-f.fontawesome.com	kit.fontawesome.com
2	www.amendes.gouv.fr	gouv-antai-france.com
1	kit.fontawesome.com	gouv-antai-france.com
13	4

This site contains links to these domains. Also see Links.

Domain
www.antai.gouv.fr
stationnement.gouv.fr
www.service-public.fr
www.legifrance.gouv.fr

Subject Issuer	Validity	Valid
gouv-antai-france.com R3	`2023-11-14` - `2024-02-12`	3 months	crt.sh
www.amendes.gouv.fr Certigna Services CA	`2023-11-08` - `2024-11-19`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2023-11-08` - `2024-02-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835
Frame ID: 6BD899EADD050C4860A340C4EFCDACDC
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Site officiel unique de télépaiement | Amendes.gouv.fr

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

68 kB
Transfer

225 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.antai.gouv.fr/
Title: ANTAI : Agence nationale de traitement automatisé des infractions

Search URL Search Domain Scan URL

URL: https://stationnement.gouv.fr/
Title: Forfait post-stationnement

Search URL Search Domain Scan URL

URL: https://www.service-public.fr/
Title: Service-public.fr

Search URL Search Domain Scan URL

URL: https://www.legifrance.gouv.fr/
Title: Legifrance.gouv.fr

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request start.php Show response gouv-antai-france.com/certificat/	61 KB 10 KB	548ms 176ms	Document text/html	95.214.25.67 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.214.25.67 , United States, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / PHP/8.0.30 PleskLin Resource Hash `ea917c99d59c5a881e1ac04d5b15711808c7bedb6b4a128c8e54e38da880eb4d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 10419 content-type text/html; charset=UTF-8 date Thu, 23 Nov 2023 17:22:39 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.0.30 PleskLin
GET H2	404	open-sans-regular.woff2 gouv-antai-france.com/certificat/assets/fonts/open-sans/	0 0	167ms 165ms	Font text/html	95.214.25.67 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://gouv-antai-france.com/certificat/assets/fonts/open-sans/open-sans-regular.woff2 Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.214.25.67 , United States, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash Request headers Referer https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Origin https://gouv-antai-france.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:39 GMT content-encoding br server nginx content-type text/html; charset=iso-8859-1
GET H2	404	open-sans-bold.woff2 gouv-antai-france.com/certificat/assets/fonts/open-sans/	0 0	173ms 172ms	Font text/html	95.214.25.67 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://gouv-antai-france.com/certificat/assets/fonts/open-sans/open-sans-bold.woff2 Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.214.25.67 , United States, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash Request headers Referer https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Origin https://gouv-antai-france.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:39 GMT content-encoding br server nginx content-type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	styles.b4a4b31c4a1da914e394.css www.amendes.gouv.fr/	0 0	975ms 149ms	Stylesheet text/html	160.92.148.108 ING-AS
General Check archive.org Show headers Download Go to Full URL https://www.amendes.gouv.fr/styles.b4a4b31c4a1da914e394.css Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 160.92.148.108 , France, ASN47957 (ING-AS, FR), Reverse DNS prod-tai-tfi-as.ca-zne-tlp.as8677.net Software / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://gouv-antai-france.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers
GET H/1.1	200 OK	logo-amendes-gouv.svg www.amendes.gouv.fr/assets/img/design/	23 KB 23 KB	976ms 150ms	Image image/svg+xml	160.92.148.108 ING-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.amendes.gouv.fr/assets/img/design/logo-amendes-gouv.svg Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 160.92.148.108 , France, ASN47957 (ING-AS, FR), Reverse DNS prod-tai-tfi-as.ca-zne-tlp.as8677.net Software / Resource Hash `5932743bf769427d05289e72fb2bdb7cd1a5bc46f01248be159eb820fe27271d` Request headers accept-language en-US,en;q=0.9 Referer https://gouv-antai-france.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:40 GMT cache-control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 last-modified Wed, 22 Nov 2023 15:58:36 GMT accept-ranges bytes etag "655e252c-5cbd" content-length 23741 content-type image/svg+xml
GET H2	200	45c4af5118.js Show response kit.fontawesome.com/	11 KB 5 KB	150ms 92ms	Script text/javascript	2606:4700:4400::ac40:93bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kit.fontawesome.com/45c4af5118.js Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cf88a6141c44b13f721e282aa39753312890f0c517d0c3acc4f24b4d3617de07` Request headers Referer https://gouv-antai-france.com/ Origin https://gouv-antai-france.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:39 GMT content-encoding gzip cf-cache-status REVALIDATED server cloudflare vary origin, accept-encoding, access-control-request-headers, access-control-request-method access-control-max-age 3000 access-control-allow-methods GET, OPTIONS access-control-allow-origin * content-type text/javascript cache-control max-age=60, public, stale-while-revalidate=30 cf-ray 82ab18749f3e67c2-MIA access-control-allow-headers accept, accept-langauge, content-language, content-type, fa-kit-token x-request-id F5pJxA3tknw7m2pQPw2i
GET H2	404	runtime-es2017.cf3238a554b19a10cb82.js gouv-antai-france.com/certificat/	0 0	184ms 183ms	Script text/html	95.214.25.67 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://gouv-antai-france.com/certificat/runtime-es2017.cf3238a554b19a10cb82.js Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.214.25.67 , United States, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash Request headers Referer https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Origin https://gouv-antai-france.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:39 GMT content-encoding br server nginx content-type text/html; charset=iso-8859-1
GET H2	404	polyfills-es2017.533ebfade82697eddcf6.js gouv-antai-france.com/certificat/	0 0	174ms 173ms	Script text/html	95.214.25.67 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://gouv-antai-france.com/certificat/polyfills-es2017.533ebfade82697eddcf6.js Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.214.25.67 , United States, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash Request headers Referer https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Origin https://gouv-antai-france.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:39 GMT content-encoding br server nginx content-type text/html; charset=iso-8859-1
GET H2	404	main-es2017.3f346dd5d8d0c431d6e2.js gouv-antai-france.com/certificat/	0 0	184ms 184ms	Script text/html	95.214.25.67 AS-MATRIXTELECOM
General Check archive.org Show headers Download Go to Full URL https://gouv-antai-france.com/certificat/main-es2017.3f346dd5d8d0c431d6e2.js Requested by Host: gouv-antai-france.com URL: https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 95.214.25.67 , United States, ASN216419 (AS-MATRIXTELECOM, GB), Reverse DNS Software nginx / Resource Hash Request headers Referer https://gouv-antai-france.com/certificat/start.php?enc=ac87302d94eaf73fceeb6aa80cd9560e&p=0&dispatch=44c82b4795e917ba0b73e318f400f72b0e34c835 Origin https://gouv-antai-france.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:39 GMT content-encoding br server nginx content-type text/html; charset=iso-8859-1
GET H2	200	free.min.css Show response ka-f.fontawesome.com/releases/v6.4.2/css/	100 KB 23 KB	114ms 45ms	Fetch text/css	2606:4700:e6::ac40:cc14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css?token=45c4af5118 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/45c4af5118.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e6::ac40:cc14 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5e0821588462d15b0ff8e911760fc041332c162e2e30ab4b1071bcc8eb6c8223` Request headers accept-language en-US,en;q=0.9 Referer https://gouv-antai-france.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:40 GMT via 1.1 b3fa6483b226ef7cc87d8bab653f621c.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop MIA3-C3 age 7463 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 01 Aug 2023 19:07:56 GMT server cloudflare etag W/"ae737a19e46fd502ba9cbe9e33213861" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3rBVQ0tnq5C2s%2Fr6BJ4eB3WV4Y4%2ByYMdeZccyuh3j1kZY4VZToIg1PipAOMb060qQWfEl2vLMpqb25WFm76L7oQ1qejy9%2BR8CmTd%2FeVAFdmqWiCIZmY7MN96uchTtUW00p5XqHQ8m%2F9C5QKuoZwQhUrFnA%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 82ab1879fdfc02e4-MIA access-control-allow-headers fa-kit-token x-amz-cf-id n44mQRDhjcPc1XsJyRuuNA5gM38-Ku7HTH87QOXk7cyqc4UYbiITSw==
GET H2	200	free-v4-shims.min.css Show response ka-f.fontawesome.com/releases/v6.4.2/css/	27 KB 5 KB	106ms 37ms	Fetch text/css	2606:4700:e6::ac40:cc14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css?token=45c4af5118 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/45c4af5118.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e6::ac40:cc14 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `236e285339a2a692e9491d356489cdf83513cfb1add049a0620123d644e47554` Request headers accept-language en-US,en;q=0.9 Referer https://gouv-antai-france.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:40 GMT via 1.1 d1c64d10e2bd86b43a04bfb63e7766c2.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop MIA3-C3 age 7463 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 01 Aug 2023 19:07:56 GMT server cloudflare etag W/"da06df503ced6ee507b5fb4fa0999f74" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBl2uxyFNEwhhCT%2BlVapGZvE17%2FfqiGcU0g4c5426wXPwlhK5615PYMU9HOCmzmAUVrg9%2B2x1UydQwFE%2BA9qpzRf9tE1%2FlzNS%2BWls%2FfdKoxfY2sJq%2BgUbknumQq2pso6UQUnkwwIqYsXxhAmcYevzLYynA%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 82ab1879fdfb02e4-MIA access-control-allow-headers fa-kit-token x-amz-cf-id YPFlBP-Ml3Npx5-SPhuNiVUIGizDa42nxqEt9CV_Zsb3l5Uy2ag2HA==
GET H2	200	free-v5-font-face.min.css Show response ka-f.fontawesome.com/releases/v6.4.2/css/	823 B 1 KB	102ms 33ms	Fetch text/css	2606:4700:e6::ac40:cc14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css?token=45c4af5118 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/45c4af5118.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e6::ac40:cc14 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e81443469aa4b967191ce19b7474eb223746a2b8d5dc42d3786da84d99dfad9` Request headers accept-language en-US,en;q=0.9 Referer https://gouv-antai-france.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:40 GMT via 1.1 bb707a876db211940a3cb07991cacbdc.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop MIA3-C3 age 7463 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 01 Aug 2023 19:07:56 GMT server cloudflare etag W/"dbf296002d53e56d340b105d9d764940" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orTVcW1OVlGK94ygatDACVT46OXFE7CjC%2BwJfAd3X5ZPnhTdStV5rLS%2B1QsX6oyEoDD82WP3WIKgKaxiGUpWTCcp%2BnWx2Bpp%2FWMjZBmCjafhqyZyAM4sf%2FHYWUF1rn%2Big7cLB0oQ%2BNv7eBvM9yzM9hsxQA%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 82ab1879fdf802e4-MIA access-control-allow-headers fa-kit-token x-amz-cf-id POTEMd-vOhIU-f7TDIUzd62lIBK5o88GE6UWQAEbPg2KTy7i5yJH-w==
GET H2	200	free-v4-font-face.min.css Show response ka-f.fontawesome.com/releases/v6.4.2/css/	2 KB 1 KB	108ms 39ms	Fetch text/css	2606:4700:e6::ac40:cc14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css?token=45c4af5118 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/45c4af5118.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e6::ac40:cc14 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6c58c4804370b9c347d517491c450416ca371fb1403aceaa1d6f751403b07c48` Request headers accept-language en-US,en;q=0.9 Referer https://gouv-antai-france.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 17:22:40 GMT via 1.1 b3879c23ec3b402566708cfe9d0ddc18.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop MIA3-C3 age 7463 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 01 Aug 2023 19:07:56 GMT server cloudflare etag W/"9b853b50f37dd0ca770ce0f294d427df" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vc0Beqfv5S7OWeTQIR7nzGNO9e13W4HPZlkCkptQDA0Tq7J9RlpyN6kw9xPdby3B2p%2Bm%2BTMsMkoFcBPnc93nY5g426w5litLTFH8sCvJzzzuIWNVflkzYhoG%2BQClBq92Nn3W%2BfJHrDq5YiwNR0aAoXfVWQ%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 82ab1879fdf902e4-MIA access-control-allow-headers fa-kit-token x-amz-cf-id 57TV70jhrdyOPNCneLqIix1OusjfmtJ1qrLVUoa11E2Cq_7Rsxl8KQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: FR Government (Government)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| checkValue function| date_reformat_dd object| FontAwesomeKitConfig

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			gouv-antai-france.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: q08t1tp2obdjeij3sofder2g5j

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://gouv-antai-france.com/certificat/assets/fonts/open-sans/open-sans-regular.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gouv-antai-france.com/certificat/assets/fonts/open-sans/open-sans-bold.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gouv-antai-france.com/certificat/polyfills-es2017.533ebfade82697eddcf6.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gouv-antai-france.com/certificat/runtime-es2017.cf3238a554b19a10cb82.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gouv-antai-france.com/certificat/main-es2017.3f346dd5d8d0c431d6e2.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.amendes.gouv.fr/styles.b4a4b31c4a1da914e394.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gouv-antai-france.com
ka-f.fontawesome.com
kit.fontawesome.com
www.amendes.gouv.fr
160.92.148.108
2606:4700:4400::ac40:93bc
2606:4700:e6::ac40:cc14
95.214.25.67
0e81443469aa4b967191ce19b7474eb223746a2b8d5dc42d3786da84d99dfad9
236e285339a2a692e9491d356489cdf83513cfb1add049a0620123d644e47554
5932743bf769427d05289e72fb2bdb7cd1a5bc46f01248be159eb820fe27271d
5e0821588462d15b0ff8e911760fc041332c162e2e30ab4b1071bcc8eb6c8223
6c58c4804370b9c347d517491c450416ca371fb1403aceaa1d6f751403b07c48
cf88a6141c44b13f721e282aa39753312890f0c517d0c3acc4f24b4d3617de07
ea917c99d59c5a881e1ac04d5b15711808c7bedb6b4a128c8e54e38da880eb4d

gouv-antai-france.com Open in urlscan Pro 95.214.25.67 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

50 %IPv6

3 Domains

4 Subdomains

4 IPs

2 Countries

68 kBTransfer

225 kBSize

1 Cookies

4 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

6 Console Messages

Indicators

gouv-antai-france.com Open in urlscan Pro
95.214.25.67 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

68 kB
Transfer

225 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!