auths-requise-indemnite.vercel.app Open in urlscan Pro
76.223.125.115 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immed...
Effective URL:
https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immed...
Submission: On March 09 via automatic, source openphish (March 9th 2022, 1:03:13 pm UTC) — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 76.223.125.115, located in United States and belongs to AMAZON-02, US. The main domain is auths-requise-indemnite.vercel.app.
TLS certificate: Issued by R3 on March 3rd 2022. Valid for: 3 months.

This is the only time auths-requise-indemnite.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Assurance Maladie (Healthcare)

Domain & IP information

	IP Address		AS Autonomous System
8	76.223.125.115 76.223.125.115		16509 (AMAZON-02) (AMAZON-02)
10	2

8 76.223.125.115 (United States)

ASN16509 (AMAZON-02, US)

auths-requise-indemnite.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	vercel.app auths-requise-indemnite.vercel.app	119 KB
0	pythonanywhere.com Failed drovn.pythonanywhere.com Failed
10	2

	Domain	Requested by
8	auths-requise-indemnite.vercel.app	auths-requise-indemnite.vercel.app
0	drovn.pythonanywhere.com Failed	auths-requise-indemnite.vercel.app
10	2

This site contains no links.

Subject Issuer	Validity	Valid
*.vercel.app R3	`2022-03-03` - `2022-06-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=
Frame ID: 30D0CAD65A3FB7F3EFCA9C2AA648EC9D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Compte ameli - mon espace personnel

Page URL History Show full URLs

http://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=... HTTP 307
https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=... Page URL

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

119 kB
Transfer

398 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1= HTTP 307
https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request assures Show response
auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/
Redirect Chain

http://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=
https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=

518 B
790 B

29ms
9ms

Document
text/html

76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a0406b7687f45173fbb184537d7c6871eb30241ca33f2ace20a7151a3d167763

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 09 Mar 2022 13:03:08 GMT
content-type: text/html; charset=utf-8
content-length: 518
cache-control: s-maxage=0
etag: W/"a0406b7687f45173fbb184537d7c6871eb30241ca33f2ace20a7151a3d167763"
access-control-allow-origin: *
content-disposition: inline; filename="index.html"
age: 5520318
x-vercel-cache: HIT
server: Vercel
x-vercel-id: fra1:fra1::tnktj-1646830988968-a38fa022bba6
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes

Redirect headers

Location: https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=
Cross-Origin-Resource-Policy: Cross-Origin
Non-Authoritative-Reason: HSTS

GET
H2 200 general.css
auths-requise-indemnite.vercel.app/static/css/ 633 B
824 B 9ms
8ms Stylesheet
text/css 76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auths-requise-indemnite.vercel.app/static/css/general.css

Requested by

Host: auths-requise-indemnite.vercel.app
URL: https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e7c835cf4e514f78d7ea4e4bfcfb8fd888d84dd75ca33bc1642257c40668ed53

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 13:03:08 GMT
server: Vercel
age: 5523534
x-vercel-id: fra1:fra1::tnktj-1646830988998-8909c3eb1df4
etag: W/"e7c835cf4e514f78d7ea4e4bfcfb8fd888d84dd75ca33bc1642257c40668ed53"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=31536000, immutable
content-disposition: inline; filename="general.css"
accept-ranges: bytes
x-vercel-cache: HIT
content-length: 633

GET
H2 200 main.e60eb482.css
auths-requise-indemnite.vercel.app/static/css/ 63 KB
8 KB 10ms
9ms Stylesheet
text/css 76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auths-requise-indemnite.vercel.app/static/css/main.e60eb482.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

023914225b07dbdea8957c53be6eb8e89ff9552ec07bab20c9d6b650933e7899

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 13:03:08 GMT
content-encoding: br
server: Vercel
age: 5520403
x-vercel-id: fra1:fra1::tnktj-1646830988998-77a05f07e80c
etag: W/"023914225b07dbdea8957c53be6eb8e89ff9552ec07bab20c9d6b650933e7899"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=31536000, immutable
content-disposition: inline; filename="main.e60eb482.css"
x-vercel-cache: HIT

GET
H2 200 main.e4d034bb.js Show response
auths-requise-indemnite.vercel.app/static/js/ 319 KB
93 KB 12ms
11ms Script
application/javascript 76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auths-requise-indemnite.vercel.app/static/js/main.e4d034bb.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

20d56a31f560fc5ab79974cfd54475c02502874791693a8861982c3aa304d205

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://auths-requise-indemnite.vercel.app/portailas-s/appmanagers/v17v3ad_x5v55c78/assures?_nfpbru6=true&_pagek1label=as_e__creation_immediate_page&hqn1=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 13:03:08 GMT
content-encoding: br
server: Vercel
age: 5520402
x-vercel-id: fra1:fra1::tnktj-1646830988998-71a3fe6b7d6d
etag: W/"20d56a31f560fc5ab79974cfd54475c02502874791693a8861982c3aa304d205"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=31536000, immutable
content-disposition: inline; filename="main.e4d034bb.js"
x-vercel-cache: HIT

GET
H2 200 logoregimegeneral.57cf389e.bin
auths-requise-indemnite.vercel.app/static/media/ 6 KB
6 KB 9ms
8ms Image
application/octet-stream 76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auths-requise-indemnite.vercel.app/static/media/logoregimegeneral.57cf389e.bin

Requested by

Host: auths-requise-indemnite.vercel.app
URL: https://auths-requise-indemnite.vercel.app/PortailAS-S/appmanagers/jjqlf94f5u879p9m/assures?_nfpbqxz=true&_pagea-Label=as_lh_creation_immediate_page&b41z

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://auths-requise-indemnite.vercel.app/PortailAS-S/appmanagers/jjqlf94f5u879p9m/assures?_nfpbqxz=true&_pagea-Label=as_lh_creation_immediate_page&b41z
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 13:03:09 GMT
server: Vercel
age: 5520402
x-vercel-id: fra1:fra1::tnktj-1646830989060-fb207d729e31
etag: W/"3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: s-maxage=31536000, immutable
content-disposition: inline; filename="logoregimegeneral.57cf389e.bin"
accept-ranges: bytes
x-vercel-cache: HIT
content-length: 5778

GET
H2 200 ame-footer.png
auths-requise-indemnite.vercel.app/static/images/ 10 KB
10 KB 9ms
9ms Image
image/png 76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auths-requise-indemnite.vercel.app/static/images/ame-footer.png

Requested by

Host: auths-requise-indemnite.vercel.app
URL: https://auths-requise-indemnite.vercel.app/static/css/main.e60eb482.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0feece22208061aaf14ad937952b2a186cae86668dd0cf9b42e0fc49cb4c4d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://auths-requise-indemnite.vercel.app/static/css/main.e60eb482.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 13:03:09 GMT
server: Vercel
age: 5523534
x-vercel-id: fra1:fra1::tnktj-1646830989063-72c65d6eb55a
etag: W/"0feece22208061aaf14ad937952b2a186cae86668dd0cf9b42e0fc49cb4c4d56"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=31536000, immutable
content-disposition: inline; filename="ame-footer.png"
accept-ranges: bytes
x-vercel-cache: HIT
content-length: 10372

GET
H2 200 pictoflecheaction.png
auths-requise-indemnite.vercel.app/static/images/ 204 B
353 B 10ms
9ms Image
image/png 76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auths-requise-indemnite.vercel.app/static/images/pictoflecheaction.png

Requested by

Host: auths-requise-indemnite.vercel.app
URL: https://auths-requise-indemnite.vercel.app/static/css/main.e60eb482.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

101daff056dbb47ea3d2c2dc20a39c349d706fd6cf38c4943e70494107c05236

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://auths-requise-indemnite.vercel.app/static/css/main.e60eb482.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 13:03:09 GMT
server: Vercel
age: 5523534
x-vercel-id: fra1:fra1::tnktj-1646830989065-44b07c7e4f40
etag: W/"101daff056dbb47ea3d2c2dc20a39c349d706fd6cf38c4943e70494107c05236"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=31536000, immutable
content-disposition: inline; filename="pictoflecheaction.png"
accept-ranges: bytes
x-vercel-cache: HIT
content-length: 204

GET
H2 200 menueparateur.png
auths-requise-indemnite.vercel.app/static/images/ 115 B
262 B 10ms
10ms Image
image/png 76.223.125.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auths-requise-indemnite.vercel.app/static/images/menueparateur.png

Requested by

Host: auths-requise-indemnite.vercel.app
URL: https://auths-requise-indemnite.vercel.app/static/css/main.e60eb482.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.223.125.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4c51961a98bff2068f9b72f207e0a8a5dcb64fbd04faab23d8b004deecd16705

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://auths-requise-indemnite.vercel.app/static/css/main.e60eb482.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 13:03:09 GMT
server: Vercel
age: 5523534
x-vercel-id: fra1:fra1::tnktj-1646830989065-944abee6681c
etag: W/"4c51961a98bff2068f9b72f207e0a8a5dcb64fbd04faab23d8b004deecd16705"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=31536000, immutable
content-disposition: inline; filename="menueparateur.png"
accept-ranges: bytes
x-vercel-cache: HIT
content-length: 115

GET service-worker.js
auths-requise-indemnite.vercel.app/ 0
0

GET analytics
drovn.pythonanywhere.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: auths-requise-indemnite.vercel.app
URL: https://auths-requise-indemnite.vercel.app/service-worker.js

Domain: drovn.pythonanywhere.com
URL: https://drovn.pythonanywhere.com/analytics?page=information&type=alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Assurance Maladie (Healthcare)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auths-requise-indemnite.vercel.app
drovn.pythonanywhere.com
auths-requise-indemnite.vercel.app
drovn.pythonanywhere.com
76.223.125.115
023914225b07dbdea8957c53be6eb8e89ff9552ec07bab20c9d6b650933e7899
0feece22208061aaf14ad937952b2a186cae86668dd0cf9b42e0fc49cb4c4d56
101daff056dbb47ea3d2c2dc20a39c349d706fd6cf38c4943e70494107c05236
20d56a31f560fc5ab79974cfd54475c02502874791693a8861982c3aa304d205
3498297c12089ddc4341fde707d5e94697bc0a435640a726aed5121914609a10
4c51961a98bff2068f9b72f207e0a8a5dcb64fbd04faab23d8b004deecd16705
a0406b7687f45173fbb184537d7c6871eb30241ca33f2ace20a7151a3d167763
e7c835cf4e514f78d7ea4e4bfcfb8fd888d84dd75ca33bc1642257c40668ed53

auths-requise-indemnite.vercel.app Open in urlscan Pro 76.223.125.115 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

80 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

119 kBTransfer

398 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

auths-requise-indemnite.vercel.app Open in urlscan Pro
76.223.125.115 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

119 kB
Transfer

398 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!