amende-gouvconnexion.fr Open in urlscan Pro
87.121.113.106 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://amende-gouvconnexion.fr/
Effective URL:
https://amende-gouvconnexion.fr/
Submission: On November 15 via api (November 15th 2023, 1:01:31 am UTC) from US — Scanned from FR

Summary HTTP 19 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 19 HTTP transactions. The main IP is 87.121.113.106, located in Bulgaria and belongs to NETERRA-AS, BG. The main domain is amende-gouvconnexion.fr.
TLS certificate: Issued by R3 on November 13th 2023. Valid for: 3 months.

This is the only time amende-gouvconnexion.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: FR Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 17	87.121.113.106 87.121.113.106	34224 (NETERRA-AS) (NETERRA-AS)
1	160.92.148.108 160.92.148.108	47957 (ING-AS) (ING-AS)
1 1	34.77.26.81 34.77.26.81	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:806::201b	15169 (GOOGLE) (GOOGLE)
19	4

17 87.121.113.106 (Bulgaria) 1 redirects

ASN34224 (NETERRA-AS, BG)
PTR: stgrvm.koldikfjfury.net

amende-gouvconnexion.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 160.92.148.108 (France)

ASN47957 (ING-AS, FR)
PTR: prod-tai-tfi-as.ca-zne-tlp.as8677.net

www.amendes.gouv.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.77.26.81 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 81.26.77.34.bc.googleusercontent.com

rogeraccess.rogervoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	amende-gouvconnexion.fr 1 redirects amende-gouvconnexion.fr	267 KB
2	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 409	13 KB
1	rogervoice.com 1 redirects rogeraccess.rogervoice.com — Cisco Umbrella Rank: 932395	216 B
1	amendes.gouv.fr www.amendes.gouv.fr	641 B
19	4

	Domain	Requested by
17	amende-gouvconnexion.fr	1 redirects amende-gouvconnexion.fr
2	storage.googleapis.com	rogeraccess.rogervoice.com
1	rogeraccess.rogervoice.com	1 redirects
1	www.amendes.gouv.fr	amende-gouvconnexion.fr
19	4

This site contains links to these domains. Also see Links.

Domain
www.amendes.gouv.fr
www.antai.gouv.fr
stationnement.gouv.fr
www.service-public.fr
www.legifrance.gouv.fr

Subject Issuer	Validity	Valid
amende-gouvconnexion.fr R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh
www.amendes.gouv.fr Certigna Services CA	`2022-11-21` - `2023-11-21`	a year	crt.sh
storage.googleapis.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://amende-gouvconnexion.fr/
Frame ID: 1F8A4B8245E4E0C2961AFE3936DF1A62
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Site officiel unique de télépaiement | Amendes.gouv.fr

Page URL History Show full URLs

http://amende-gouvconnexion.fr/ HTTP 301
https://amende-gouvconnexion.fr/ Page URL

Page Statistics

19
Requests

95 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

280 kB
Transfer

879 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.amendes.gouv.fr/tai/faq
Title: Accéder aux autres questions

Search URL Search Domain Scan URL

URL: https://www.amendes.gouv.fr/tai/aide
Title: Aide sur le site

Search URL Search Domain Scan URL

URL: https://www.amendes.gouv.fr/tai/confidentialite
Title: Confidentialité / Informations personnelles / Cookies et autres traceurs

Search URL Search Domain Scan URL

URL: https://www.amendes.gouv.fr/tai/glossaire
Title: Glossaire

Search URL Search Domain Scan URL

URL: https://www.amendes.gouv.fr/tai/accesibilite
Title: Accessibilité : Conformité partielle

Search URL Search Domain Scan URL

URL: https://www.amendes.gouv.fr/tai/engagement
Title: Les engagements de la DGFiP

Search URL Search Domain Scan URL

URL: https://www.antai.gouv.fr/
Title: ANTAI : Agence nationale de traitement automatisé des infractions

Search URL Search Domain Scan URL

URL: https://stationnement.gouv.fr/
Title: Forfait post-stationnement

Search URL Search Domain Scan URL

URL: https://www.service-public.fr/
Title: Service-public.fr

Search URL Search Domain Scan URL

URL: https://www.legifrance.gouv.fr/
Title: Legifrance.gouv.fr

Search URL Search Domain Scan URL

URL: https://www.amendes.gouv.fr/tai/mention-legales
Title: Mentions légales

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://amende-gouvconnexion.fr/ HTTP 301
https://amende-gouvconnexion.fr/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://rogeraccess.rogervoice.com/widget/mWB5z43v8h HTTP 303
https://storage.googleapis.com/rogervoice-production/rogeraccess/sdk.min.js

19 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response amende-gouvconnexion.fr/ Redirect Chain http://amende-gouvconnexion.fr/ https://amende-gouvconnexion.fr/	63 KB 10 KB	352ms 98ms	Document text/html	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PHP/8.1.25 PleskLin Resource Hash `b341fc47a993dbf0e18005a5a6a559463112c304c01b967d7b284fded53b62bf` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers content-encoding gzip content-length 10317 content-type text/html; charset=UTF-8 date Wed, 15 Nov 2023 01:01:26 GMT server nginx vary Accept-Encoding x-powered-by PHP/8.1.25 PleskLin Redirect headers Connection keep-alive Content-Length 162 Content-Type text/html Date Wed, 15 Nov 2023 01:01:25 GMT Location https://amende-gouvconnexion.fr/ Server nginx
GET H2	200	open-sans-regular.woff2 amende-gouvconnexion.fr/javascript/	14 KB 14 KB	118ms 108ms	Font font/woff2	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/javascript/open-sans-regular.woff2 Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52` Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT last-modified Mon, 13 Nov 2023 04:17:10 GMT server nginx etag "6551a346-382c" x-powered-by PleskLin content-type font/woff2 accept-ranges bytes content-length 14380
GET H2	200	open-sans-bold.woff2 amende-gouvconnexion.fr/javascript/	15 KB 15 KB	171ms 161ms	Font font/woff2	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/javascript/open-sans-bold.woff2 Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc` Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT last-modified Mon, 13 Nov 2023 04:17:10 GMT server nginx etag "6551a346-3a20" x-powered-by PleskLin content-type font/woff2 accept-ranges bytes content-length 14880
GET H2	200	style.css amende-gouvconnexion.fr/css/	24 KB 5 KB	115ms 105ms	Stylesheet text/css	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/css/style.css Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `98f806d3425fcfaf94d9809be8bdde8be0da1996a8648cd6668ad1350b470b8f` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 04:16:55 GMT server nginx etag W/"6551a337-5ecf" x-powered-by PleskLin content-type text/css
GET H2	404	styles.b4a4b31c4a1da914e394.css amende-gouvconnexion.fr/	0 0	116ms 107ms	Stylesheet text/html	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/styles.b4a4b31c4a1da914e394.css Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / Resource Hash Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 02:54:26 GMT server nginx etag W/"328-609ffc9bda4f5" content-type text/html
GET H2	200	logo-amendes-gouv.svg amende-gouvconnexion.fr/image/	23 KB 23 KB	226ms 217ms	Image image/svg+xml	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://amende-gouvconnexion.fr/image/logo-amendes-gouv.svg Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `5932743bf769427d05289e72fb2bdb7cd1a5bc46f01248be159eb820fe27271d` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT last-modified Mon, 13 Nov 2023 04:16:58 GMT server nginx etag "6551a33a-5cbd" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 23741
GET H2	200	dom.js Show response amende-gouvconnexion.fr/js/	2 KB 691 B	171ms 162ms	Script application/javascript	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/js/dom.js Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `5a773a409e12ac29c180abfd56c69f1964b9e049d9a955d313434238c1693de4` Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 04:17:13 GMT server nginx etag W/"6551a349-7ae" x-powered-by PleskLin content-type application/javascript
GET H2	200	polyfills-es2017.533ebfade82697eddcf6.js Show response amende-gouvconnexion.fr/js/	256 KB 46 KB	172ms 163ms	Script application/javascript	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/js/polyfills-es2017.533ebfade82697eddcf6.js Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `42f9f9229921b258702aa8a3e37fe483e94ed9ddc92cf0f631a6d15060754c11` Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 04:17:28 GMT server nginx etag W/"6551a358-400a4" x-powered-by PleskLin content-type application/javascript
GET H2	200	runtime-es2017.c080178cacbfa7a5ec71.js Show response amende-gouvconnexion.fr/js/	7 KB 2 KB	224ms 216ms	Script application/javascript	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/js/runtime-es2017.c080178cacbfa7a5ec71.js Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `22b858902b7fc0746cb10b4bdfb7564ccff90f611dfc39b9e799867070453394` Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 04:17:28 GMT server nginx etag W/"6551a358-1c6b" x-powered-by PleskLin content-type application/javascript
GET H2	200	js_IFk33jBX_Vvhy3icEvZmBadP0ofYaRO17Wr5M-X_0EQ.js Show response amende-gouvconnexion.fr/js/	280 KB 74 KB	225ms 217ms	Script application/javascript	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/js/js_IFk33jBX_Vvhy3icEvZmBadP0ofYaRO17Wr5M-X_0EQ.js Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `205937de3057fd5be1cb789c12f66605a74fd287d86913b5ed6af933e5ffd044` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 04:17:15 GMT server nginx etag W/"6551a34b-46014" x-powered-by PleskLin content-type application/javascript
GET H2	200	en.json Show response amende-gouvconnexion.fr/js/	60 KB 14 KB	224ms 216ms	Script application/json	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/js/en.json Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `5804df64a649117a58919853d5fef14af36afc6af8dedd2fbc9a154021e1b889` Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 04:17:14 GMT server nginx etag W/"6551a34a-eedf" x-powered-by PleskLin content-type application/json
GET H2	200	nl.json Show response amende-gouvconnexion.fr/js/	64 KB 16 KB	224ms 217ms	Script application/json	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/js/nl.json Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `05127c0bda3080153f5e75ed1c55500db8466160041c91b83af12bcf1607c2f1` Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 04:17:26 GMT server nginx etag W/"6551a356-101ba" x-powered-by PleskLin content-type application/json
GET H2	200	bg-intro.9630b0c4c57c3d72d3ec.jpg amende-gouvconnexion.fr/image/	40 KB 40 KB	128ms 127ms	Image image/jpeg	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://amende-gouvconnexion.fr/image/bg-intro.9630b0c4c57c3d72d3ec.jpg Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `a1fa2ccd5301b72338e02e3b1955b7c3347a27dcc6617bb1b0fcb1fac7069a86` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT last-modified Mon, 13 Nov 2023 04:16:57 GMT server nginx etag "6551a339-9f08" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 40712
GET H2	200	banner.f9855031892baad8a497.svg amende-gouvconnexion.fr/image/	6 KB 6 KB	129ms 129ms	Image image/svg+xml	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://amende-gouvconnexion.fr/image/banner.f9855031892baad8a497.svg Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / PleskLin Resource Hash `7e9f3dfeca57ef07d745b277027de295bab063f6fbab867b10dc6cd519a0a262` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/css/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT last-modified Mon, 13 Nov 2023 04:16:56 GMT server nginx etag "6551a338-1635" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 5685
GET H/1.1	200 OK	lock.d72c3b80536f448a52ed.svg www.amendes.gouv.fr/	364 B 641 B	356ms 42ms	Image image/svg+xml	160.92.148.108 ING-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.amendes.gouv.fr/lock.d72c3b80536f448a52ed.svg Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/css/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 160.92.148.108 , France, ASN47957 (ING-AS, FR), Reverse DNS prod-tai-tfi-as.ca-zne-tlp.as8677.net Software / Resource Hash `cd3b3531417ed9f2290c79f7ee98f9848883309b0f7aeaa4684a96a4d1018795` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT cache-control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 last-modified Wed, 25 Oct 2023 14:14:07 GMT accept-ranges bytes etag "653922af-16c" content-length 364 content-type image/svg+xml
GET DATA	200 OK	truncated /	312 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cb329aaa1cb453b411a5da821dab1a6fb3c31bdc236f3fc51828436c8080e9e3` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	404	open-sans-regular.woff2 amende-gouvconnexion.fr/assets/fonts/open-sans/	0 0	125ms 124ms	Font text/html	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/assets/fonts/open-sans/open-sans-regular.woff2 Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / Resource Hash Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 02:54:26 GMT server nginx etag W/"328-609ffc9bda4f5" content-type text/html
GET H2	404	open-sans-bold.woff2 amende-gouvconnexion.fr/assets/fonts/open-sans/	0 0	125ms 124ms	Font text/html	87.121.113.106 NETERRA-AS
General Check archive.org Show headers Download Go to Full URL https://amende-gouvconnexion.fr/assets/fonts/open-sans/open-sans-bold.woff2 Requested by Host: amende-gouvconnexion.fr URL: https://amende-gouvconnexion.fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.121.113.106 , Bulgaria, ASN34224 (NETERRA-AS, BG), Reverse DNS stgrvm.koldikfjfury.net Software nginx / Resource Hash Request headers Referer https://amende-gouvconnexion.fr/ Origin https://amende-gouvconnexion.fr accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding br last-modified Mon, 13 Nov 2023 02:54:26 GMT server nginx etag W/"328-609ffc9bda4f5" content-type text/html
GET H2	200	sdk.min.js Show response storage.googleapis.com/rogervoice-production/rogeraccess/ Redirect Chain https://rogeraccess.rogervoice.com/widget/mWB5z43v8h https://storage.googleapis.com/rogervoice-production/rogeraccess/sdk.min.js	18 KB 11 KB	152ms 92ms	Script application/javascript	2a00:1450:4001:806::201b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/rogervoice-production/rogeraccess/sdk.min.js Protocol H2 Server 2a00:1450:4001:806::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash `535720ae9e46c178b6ae467fa940e1717206f80dcf10eb563cd9e2646ef3302a` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding gzip age 0 x-guploader-uploadid ABPtcPryX4eVRVAXoTsovgOyrRSbZl8anyZP19MjT006oNgcQjuDMI1gajwxvmyRnBiSCqtCtA x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11218 last-modified Tue, 11 Jul 2023 12:24:00 GMT server UploadServer etag "fcb35ed20c98b0103517b2e365dbd03b" x-goog-generation 1689078240161587 x-goog-hash crc32c=3IfAUg==, md5=/LNe0gyYsBA1F7LjZdvQOw== access-control-allow-origin * access-control-expose-headers Authorization, Content-Range, Accept, Content-Type, Origin, Range cache-control no-cache,no-transform x-goog-stored-content-length 11218 accept-ranges bytes content-type application/javascript expires Thu, 14 Nov 2024 01:01:26 GMT Redirect headers date Wed, 15 Nov 2023 01:01:26 GMT strict-transport-security max-age=15724800; includeSubDomains x-powered-by Express vary Accept content-type text/plain; charset=utf-8 location https://storage.googleapis.com/rogervoice-production/rogeraccess/sdk.min.js access-control-allow-origin * content-length 101
GET H2	200	style.css storage.googleapis.com/rogervoice-production/rogeraccess/	6 KB 1 KB	49ms 48ms	Stylesheet text/css	2a00:1450:4001:806::201b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://storage.googleapis.com/rogervoice-production/rogeraccess/style.css Requested by Host: rogeraccess.rogervoice.com URL: https://rogeraccess.rogervoice.com/widget/mWB5z43v8h Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash `934ac7e38c504e3ccaf658dbb08d50c14f5ef64e2cece84dd743179c335f60c5` Request headers accept-language fr-FR,fr;q=0.9 Referer https://amende-gouvconnexion.fr/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36 Response headers date Wed, 15 Nov 2023 01:01:26 GMT content-encoding gzip age 0 x-guploader-uploadid ABPtcPonFURj7sOt5Y4zPtpUKWI8gAsgkRihoPckz7PkoSpqDp4Ei06CTGn3IEdVUnOhlaksSqKdq-1r-Q x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1220 last-modified Tue, 11 Jul 2023 12:24:06 GMT server UploadServer etag "becb2e63cc8a57350338694d28194eb8" x-goog-generation 1689078246196941 x-goog-hash crc32c=2FERmw==, md5=vssuY8yKVzUDOGlNKBlOuA== access-control-allow-origin * access-control-expose-headers Authorization,Content-Range,Accept,Content-Type,Origin,Range cache-control no-cache,no-transform x-goog-stored-content-length 1220 accept-ranges bytes content-type text/css expires Thu, 14 Nov 2024 01:01:26 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: FR Government (Government)

148 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://amende-gouvconnexion.fr/styles.b4a4b31c4a1da914e394.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://amende-gouvconnexion.fr/assets/fonts/open-sans/open-sans-regular.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://amende-gouvconnexion.fr/assets/fonts/open-sans/open-sans-bold.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://amende-gouvconnexion.fr/js/en.json Message: Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "application/json". Strict MIME type checking is enforced for module scripts per HTML spec.
javascript	error	URL: https://amende-gouvconnexion.fr/js/nl.json Message: Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "application/json". Strict MIME type checking is enforced for module scripts per HTML spec.
javascript	warning	URL: https://amende-gouvconnexion.fr/ Message: The resource https://amende-gouvconnexion.fr/javascript/open-sans-bold.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://amende-gouvconnexion.fr/ Message: The resource https://amende-gouvconnexion.fr/javascript/open-sans-regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amende-gouvconnexion.fr
rogeraccess.rogervoice.com
storage.googleapis.com
www.amendes.gouv.fr
160.92.148.108
2a00:1450:4001:806::201b
34.77.26.81
87.121.113.106
05127c0bda3080153f5e75ed1c55500db8466160041c91b83af12bcf1607c2f1
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
205937de3057fd5be1cb789c12f66605a74fd287d86913b5ed6af933e5ffd044
22b858902b7fc0746cb10b4bdfb7564ccff90f611dfc39b9e799867070453394
42f9f9229921b258702aa8a3e37fe483e94ed9ddc92cf0f631a6d15060754c11
535720ae9e46c178b6ae467fa940e1717206f80dcf10eb563cd9e2646ef3302a
5804df64a649117a58919853d5fef14af36afc6af8dedd2fbc9a154021e1b889
5932743bf769427d05289e72fb2bdb7cd1a5bc46f01248be159eb820fe27271d
5a773a409e12ac29c180abfd56c69f1964b9e049d9a955d313434238c1693de4
7e9f3dfeca57ef07d745b277027de295bab063f6fbab867b10dc6cd519a0a262
934ac7e38c504e3ccaf658dbb08d50c14f5ef64e2cece84dd743179c335f60c5
98f806d3425fcfaf94d9809be8bdde8be0da1996a8648cd6668ad1350b470b8f
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a1fa2ccd5301b72338e02e3b1955b7c3347a27dcc6617bb1b0fcb1fac7069a86
b341fc47a993dbf0e18005a5a6a559463112c304c01b967d7b284fded53b62bf
cb329aaa1cb453b411a5da821dab1a6fb3c31bdc236f3fc51828436c8080e9e3
cd3b3531417ed9f2290c79f7ee98f9848883309b0f7aeaa4684a96a4d1018795

amende-gouvconnexion.fr Open in urlscan Pro 87.121.113.106 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

19 Requests

95 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

4 Countries

280 kBTransfer

879 kBSize

0 Cookies

11 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

148 JavaScript Global Variables

0 Cookies

7 Console Messages

Indicators

amende-gouvconnexion.fr Open in urlscan Pro
87.121.113.106 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

95 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

280 kB
Transfer

879 kB
Size

0
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!