blackstar.com.ua
Open in
urlscan Pro
194.28.86.171
Malicious Activity!
Public Scan
Effective URL: https://blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/contrav...
Submission: On September 30 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 3rd 2021. Valid for: 3 months.
This is the only time blackstar.com.ua was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: FR Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 194.28.86.171 194.28.86.171 | 196645 (HOSTPRO-AS) (HOSTPRO-AS) | |
1 | 185.8.53.118 185.8.53.118 | 47957 (ING-AS) (ING-AS) | |
1 | 2606:4700:440... 2606:4700:4400::ac40:93bc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 172.67.139.119 172.67.139.119 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 7 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
blackstar.com.ua
blackstar.com.ua |
81 KB |
6 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 2181 ka-f.fontawesome.com — Cisco Umbrella Rank: 6366 |
189 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257 |
35 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1352 |
15 KB |
1 |
amendes.gouv.fr
www.amendes.gouv.fr |
24 KB |
19 | 5 |
Domain | Requested by | |
---|---|---|
9 | blackstar.com.ua |
blackstar.com.ua
|
5 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | cdnjs.cloudflare.com |
blackstar.com.ua
|
1 | maxcdn.bootstrapcdn.com |
blackstar.com.ua
|
1 | kit.fontawesome.com |
blackstar.com.ua
|
1 | www.amendes.gouv.fr |
blackstar.com.ua
|
19 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.antai.gouv.fr |
stationnement.gouv.fr |
www.service-public.fr |
www.legifrance.gouv.fr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
blackstar.com.ua cPanel, Inc. Certification Authority |
2021-11-03 - 2022-02-01 |
3 months | crt.sh |
www.amendes.gouv.fr Certigna Services CA |
2024-03-21 - 2024-11-18 |
8 months | crt.sh |
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-07-30 - 2025-01-27 |
6 months | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-09-28 - 2024-12-27 |
3 months | crt.sh |
bootstrapcdn.com WE1 |
2024-09-20 - 2024-12-19 |
3 months | crt.sh |
ka-f.fontawesome.com WE1 |
2024-08-29 - 2024-11-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/contraventions-ratachees.php??enc=099536542ccf7e7e690e40d3d9149938558d890f
Frame ID: A235696794FA5165F36B313B4072FA82
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Site officiel unique de télépaiement | Amendes.gouv.frPage URL History Show full URLs
-
http://blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.a...
HTTP 307
https://blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.a... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
PHP (Programming Languages) Expand
Detected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: ANTAI : Agence nationale de traitement automatisé des infractions
Search URL Search Domain Scan URL
Title: Forfait post-stationnement
Search URL Search Domain Scan URL
Title: Service-public.fr
Search URL Search Domain Scan URL
Title: Legifrance.gouv.fr
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/contraventions-ratachees.php??enc=099536542ccf7e7e690e40d3d9149938558d890f
HTTP 307
https://blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/contraventions-ratachees.php??enc=099536542ccf7e7e690e40d3d9149938558d890f Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
contraventions-ratachees.php
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/ Redirect Chain
|
61 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.743d51bbe3793bb36c60.css
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/assets/css/ |
17 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-amendes-gouv.svg
www.amendes.gouv.fr/assets/img/design/ |
23 KB 24 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
antai.png
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/assets/img/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
45c4af5118.js
kit.fontawesome.com/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.6.1/ |
89 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.validate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-intro.9630b0c4c57c3d72d3ec.jpg
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/assets/css/ |
40 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner.f9855031892baad8a497.svg
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/assets/css/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
94 KB 22 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
823 B 962 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.6.0/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.d72c3b80536f448a52ed.svg
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/assets/css/ |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moyen-app.e6b1c8e9e8920b4b6aa6.svg
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/assets/css/ |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moyen-tel.980753f2b4b0302466cb.svg
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/assets/css/ |
0 72 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
312 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
blackstar.com.ua/wp-content/themes/twentynineteen/contraventions.Amendes.gouv.fre.lectronic.antai.gouv.fr/img/ |
2 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.6.0/webfonts/ |
154 KB 154 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: FR Government (Government)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| checkValue function| date_reformat_dd object| FontAwesomeKitConfig function| $ function| jQuery object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
blackstar.com.ua/ | Name: PHPSESSID Value: 7vd85gbnlee26evo7t2ntk1kt4 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blackstar.com.ua
cdnjs.cloudflare.com
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
www.amendes.gouv.fr
104.17.25.14
104.18.11.207
172.67.139.119
185.8.53.118
194.28.86.171
2606:4700:4400::ac40:93bc
1ae3c19265723696f50e3226dcd43fbc7ea617697e0d7169a8e52c854ae3826c
340e6d7f301471e307e50c2ed43fe45debc8ebbf24febef17b24f0b06f8883f2
413a62a0485dd260416f82190779c18141b1c82cd404471b1545cd1f1ef4bee0
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
5932743bf769427d05289e72fb2bdb7cd1a5bc46f01248be159eb820fe27271d
65d9ef8d1a4075246bc21da92fd0aca2d2c3f9248af8778e6d0c3f877dbefcc0
7e9f3dfeca57ef07d745b277027de295bab063f6fbab867b10dc6cd519a0a262
7f264c31cdb355f351235359240c30acae2bbe0a43c73fa6a035123e6d953a01
a1fa2ccd5301b72338e02e3b1955b7c3347a27dcc6617bb1b0fcb1fac7069a86
c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776
cb329aaa1cb453b411a5da821dab1a6fb3c31bdc236f3fc51828436c8080e9e3
d7fdeeebf8fec6b920cb35cf5a3f43c68b5d5a48ce37f67239c9c7d8c4258f46
dd57f113a2eaa7ba3e6b1c507d22910ecd42437f9fef9577cfb8f4719cde59aa
ddfbe9ee1f7088339a85fa25a259765ade4258c082a7921b9f569ff9616f904a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f99c17690330c805c47da3d7592864d6acf0f73817d432447e1b0c66ad28f221
fc9c98b5761932e0449f75e9293654ec8cc7ca3c0a6a61558a5c3b37ae1986ce