urlscan.io logo urlscan.io
SecurityTrails logo

stats-info-ameli.selfip.info Open in urlscan Pro
188.213.25.78  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://admi.pl/ins.html
Effective URL: https://stats-info-ameli.selfip.info/
Submission: On July 21 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 5 HTTP transactions. The main IP is 188.213.25.78, located in Breuillet, France and belongs to TECHCREA-SOLUTIONS, FR. The main domain is stats-info-ameli.selfip.info.
TLS certificate: Issued by R3 on July 20th 2023. Valid for: 3 months.
This is the only time stats-info-ameli.selfip.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 193.105.32.183 50584 (DOMINET)
1 2001:19f0:6c0... 20473 (AS-CHOOPA)
1 188.213.25.78 197922 (TECHCREA-...)
1 151.101.194.133 54113 (FASTLY)
1 185.24.186.225 60855 (DISIC-RIE-AS)
5 6
1    193.105.32.183 (Poland)

ASN50584 (DOMINET, PL)
PTR: virt03.expro.pl
admi.pl
1    2001:19f0:6c01:546:5400:ff:fe78:51c1 (Frankfurt am Main, Germany)

ASN20473 (AS-CHOOPA, US)
gabrielafilippi.cz
1    188.213.25.78 (Breuillet, France)

ASN197922 (TECHCREA-SOLUTIONS, FR)
PTR: vps-80459.fhnet.fr
stats-info-ameli.selfip.info
1    151.101.194.133 (United States)

ASN54113 (FASTLY, US)
www.paypalobjects.com
1    185.24.186.225 (Paris, France)

ASN60855 (DISIC-RIE-AS, FR)
app.franceconnect.gouv.fr
Apex Domain
Subdomains		 Transfer
1 franceconnect.gouv.fr
app.franceconnect.gouv.fr — Cisco Umbrella Rank: 406460
12 KB
1 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2259
601 B
1 selfip.info
stats-info-ameli.selfip.info
4 KB
1 gabrielafilippi.cz
gabrielafilippi.cz
350 B
1 admi.pl
admi.pl
524 B
5 5
Domain Requested by
1 app.franceconnect.gouv.fr stats-info-ameli.selfip.info
1 www.paypalobjects.com stats-info-ameli.selfip.info
1 stats-info-ameli.selfip.info gabrielafilippi.cz
1 gabrielafilippi.cz admi.pl
1 admi.pl
5 5

This site contains links to these domains. Also see Links.

Domain
njk.fi
Subject Issuer Validity Valid
gabrielafilippi.cz
ZeroSSL RSA Domain Secure Site CA		 2023-06-13 -
2023-09-11		 3 months crt.sh
stats-info-ameli.selfip.info
R3		 2023-07-20 -
2023-10-18		 3 months crt.sh
www.paypalobjects.com
DigiCert SHA2 Extended Validation Server CA		 2022-10-13 -
2023-11-13		 a year crt.sh
app.franceconnect.gouv.fr
Certigna Services CA		 2022-09-22 -
2023-09-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://stats-info-ameli.selfip.info/
Frame ID: 75B911ED337DFBBB71E06C3A00BBB256
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://admi.pl/ins.html Page URL
  2. https://gabrielafilippi.cz/readme.html Page URL
  3. https://stats-info-ameli.selfip.info/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Page Statistics

5
Requests

80 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

6
IPs

4
Countries

18 kB
Transfer

23 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://admi.pl/ins.html Page URL
  2. https://gabrielafilippi.cz/readme.html Page URL
  3. https://stats-info-ameli.selfip.info/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ins.html
admi.pl/ 		241 B
524 B 		Document
General
Check archive.org
Download Go to
Full URL
http://admi.pl/ins.html
Protocol
HTTP/1.1
Server
193.105.32.183 , Poland, ASN50584 (DOMINET, PL),
Reverse DNS
virt03.expro.pl
Software
Apache/2.2.15 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
241
Content-Type
text/html
Date
Fri, 21 Jul 2023 06:45:58 GMT
ETag
"221a2b-f1-6006af4089340"
Keep-Alive
timeout=15, max=100
Last-Modified
Fri, 14 Jul 2023 04:33:41 GMT
Server
Apache/2.2.15
readme.html
gabrielafilippi.cz/ 		229 B
350 B 		Document
General
Check archive.org
Download Go to
Full URL
https://gabrielafilippi.cz/readme.html
Requested by
Host: admi.pl
URL: http://admi.pl/ins.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:19f0:6c01:546:5400:ff:fe78:51c1 Frankfurt am Main, Germany, ASN20473 (AS-CHOOPA, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
http://admi.pl/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

accept-ranges
bytes
content-length
229
content-type
text/html
date
Fri, 21 Jul 2023 06:45:58 GMT
etag
"64b9570f-e5"
last-modified
Thu, 20 Jul 2023 15:47:27 GMT
server
nginx
Primary Request /
stats-info-ameli.selfip.info/ 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://stats-info-ameli.selfip.info/
Requested by
Host: gabrielafilippi.cz
URL: https://gabrielafilippi.cz/readme.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.213.25.78 Breuillet, France, ASN197922 (TECHCREA-SOLUTIONS, FR),
Reverse DNS
vps-80459.fhnet.fr
Software
nginx / PleskLin
Resource Hash
076317e470a86837b2cdd88b056a09511de42f03e88a471b29f342bc01891b24

Request headers

Referer
https://gabrielafilippi.cz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
br
content-type
text/html
date
Fri, 21 Jul 2023 06:47:46 GMT
etag
W/"64b95280-1e85"
last-modified
Thu, 20 Jul 2023 15:28:00 GMT
server
nginx
x-powered-by
PleskLin
spacer10.gif
www.paypalobjects.com/webstatic/eCAT/GCE/ 		49 B
601 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/webstatic/eCAT/GCE/spacer10.gif
Requested by
Host: stats-info-ameli.selfip.info
URL: https://stats-info-ameli.selfip.info/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
999e79ba2bb98ebc0ed7d462952afdbbd52d0c6b765d2eb65317e501916d0992
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://stats-info-ameli.selfip.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date
Fri, 21 Jul 2023 06:45:58 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
fastly-io-info
ifsz=49 idim=10x10 ifmt=gif ofsz=49 odim=10x10 ofmt=gif
paypal-debug-id
9cef29ed8293f
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
49
fastly-io-warning
Failed to shrink image
x-served-by
cache-sjc1000129-SJC, cache-lcy-eglc8600052-LCY
traceparent
00-00000000000000000009cef29ed8293f-450762418d9d88cd-01
x-timer
S1689921959.873192,VS0,VE1
etag
"+rOY3DtC55WuHHH0owzQK5lyVVJuco4/Sk0b7pBqGHs"
content-type
image/gif
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
806, 1
fi-ameli.png
app.franceconnect.gouv.fr/images/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.franceconnect.gouv.fr/images/fi-ameli.png
Requested by
Host: stats-info-ameli.selfip.info
URL: https://stats-info-ameli.selfip.info/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.24.186.225 Paris, France, ASN60855 (DISIC-RIE-AS, FR),
Reverse DNS
Software
/
Resource Hash
cdf7bab061aadd88e6e98d6ac4b9731d99773b2c19acd65fd80de2b175d011a1

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://stats-info-ameli.selfip.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date
Fri, 21 Jul 2023 06:45:58 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Jul 2023 12:18:05 GMT
ETag
W/"2e8c-18925fd0048"
X-Cache-Status
HIT
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public, max-age=2592000
Connection
keep-alive
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eeaaac2a33dd921853e9098917d2557f6ad882768ce3c55392b5e48c63b0264d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on July 21st 2023, 6:47:37 am UTC — From France

Threats: Phishing
Brands: Assurance Maladie FR
Comment: Phishing - Website is trying to steal user credentials

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies