assurancemaladie-france.fr Open in urlscan Pro
94.103.188.243 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://assurancemaladie-france.fr/pages/ap.php
Effective URL:
https://assurancemaladie-france.fr/pages/ap.php
Submission: On August 03 via api (August 3rd 2024, 7:21:41 am UTC) from LU — Scanned from FR

Summary HTTP 2 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 94.103.188.243, located in Moscow, Russian Federation and belongs to ALEXHOST, MD. The main domain is assurancemaladie-france.fr.
TLS certificate: Issued by R10 on August 1st 2024. Valid for: 3 months.

This is the only time assurancemaladie-france.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Assurance Maladie (Healthcare)

Domain & IP information

	IP Address	AS Autonomous System
1	94.103.188.243 94.103.188.243	200019 (ALEXHOST) (ALEXHOST)
1	82.180.175.231 82.180.175.231	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	3

1 94.103.188.243 (Moscow, Russian Federation)

ASN200019 (ALEXHOST, MD)
PTR: refait

assurancemaladie-france.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.180.175.231 (Phoenix, United States)

ASN47583 (AS-HOSTINGER, CY)

www.card-cutters.ae	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	card-cutters.ae www.card-cutters.ae	29 KB
1	assurancemaladie-france.fr assurancemaladie-france.fr	1019 KB
2	2

	Domain	Requested by
1	www.card-cutters.ae	assurancemaladie-france.fr
1	assurancemaladie-france.fr
2	2

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
www.facebook.com

Subject Issuer	Validity	Valid
assurancemaladie-france.fr R10	`2024-08-01` - `2024-10-30`	3 months	crt.sh
card-cutters.ae R10	`2024-07-30` - `2024-10-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://assurancemaladie-france.fr/pages/ap.php
Frame ID: 018634858390F48BD92ABB0C24581739
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ameli, le site de l’Assurance Maladie en ligne | ameli.fr | Assuré

Page URL History Show full URLs

http://assurancemaladie-france.fr/pages/ap.php HTTP 307
https://assurancemaladie-france.fr/pages/ap.php Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1312 kB
Transfer

3466 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/Assur_Maladie
Title: @Assur_Maladie

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/assurance-maladie/
Title: Assurance Maladie

Search URL Search Domain Scan URL

URL: https://www.facebook.com/tabacinfoservice
Title: Tabac info service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://assurancemaladie-france.fr/pages/ap.php HTTP 307
https://assurancemaladie-france.fr/pages/ap.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
25 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request ap.php Show response
assurancemaladie-france.fr/pages/
Redirect Chain

http://assurancemaladie-france.fr/pages/ap.php
https://assurancemaladie-france.fr/pages/ap.php

3 MB
1019 KB

378ms
224ms

Document
text/html

94.103.188.243
ALEXHOST

General

assurancemaladie-france.fr Open in urlscan Pro 94.103.188.243 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1312 kBTransfer

3466 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 25 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

assurancemaladie-france.fr Open in urlscan Pro
94.103.188.243 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1312 kB
Transfer

3466 kB
Size

1
Cookies

2 HTTP transactions
25 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!