048d7b4.wcomhost.com Open in urlscan Pro
206.188.192.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Submission Tags: 7379247
Submission: On December 09 via api (December 9th 2021, 10:19:18 pm UTC) from US — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 20 HTTP transactions. The main IP is 206.188.192.114, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is 048d7b4.wcomhost.com.

This is the only time 048d7b4.wcomhost.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government) Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 20	206.188.192.114 206.188.192.114	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	2606:4700:303... 2606:4700:3036::6815:1d27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2

20 206.188.192.114 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: vux.netsolhost.com

048d7b4.wcomhost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:1d27 (United States)

ASN13335 (CLOUDFLARENET, US)

www9.0zz0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	wcomhost.com 1 redirects 048d7b4.wcomhost.com	160 KB
1	0zz0.com www9.0zz0.com	24 KB
20	2

	Domain	Requested by
20	048d7b4.wcomhost.com	1 redirects 048d7b4.wcomhost.com
1	www9.0zz0.com	048d7b4.wcomhost.com
20	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Frame ID: 12A7F20E8416B73F9E416987C897441D
Requests: 19 HTTP requests in this frame

Frame: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/saved_resource.html
Frame ID: 1DEEACB245BF6172CA62FBA2D50A2D15
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login HTTP 301
http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/ Page URL

Page Statistics

20
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

184 kB
Transfer

506 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login HTTP 301
http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Redirect Chain

http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login
http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/

37 KB
7 KB

137ms
137ms

Document
text/html

206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 3379fcca41b67d023e7bed71ce05f7ef88787f254cf375a12215cba78a761e7c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: openresty/1.17.8.2
Date: Thu, 09 Dec 2021 22:19:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Aug 2021 19:12:03 GMT
ETag: W/"9369-5cadfb99a625c"
X-Webcom-Cache-Status: BYPASS
Content-Encoding: gzip

Redirect headers

Server: openresty/1.17.8.2
Date: Thu, 09 Dec 2021 22:19:13 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 272
Connection: keep-alive
Location: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
X-Webcom-Cache-Status: BYPASS

GET
H/1.1 200
OK bootstrap-3.3.6.min.css
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 145 KB
28 KB 133ms
133ms Stylesheet
text/css 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/bootstrap-3.3.6.min.css
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 4d2c6e795bd471a817829599ce1fc2c3296f993eac0b39c454121c3837567857

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 19:12:12 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: W/"2454c-5cadfba1e8285"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK autentification.css
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 16 KB
5 KB 237ms
235ms Stylesheet
text/css 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/autentification.css
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: a23e8449c4b65836d092f6312ec2b38b05960906099c6b487ceb553e164ac14c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 19:12:09 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: W/"3fe5-5cadfb9f57e6e"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK imp.css
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 35 KB
7 KB 225ms
223ms Stylesheet
text/css 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/imp.css
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 7d8431edc136b4e200908e6cc831fc76b035783ffe06e268d2b804a3d6752ad1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 19:12:14 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: W/"8c9f-5cadfba38ffdd"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK jquery-3.1.0.min.js.t%C3%A9l%C3%A9chargement Show response
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 84 KB
35 KB 235ms
233ms Script
application/javascript 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/jquery-3.1.0.min.js.t%C3%A9l%C3%A9chargement
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:12 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 19:12:17 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: W/"1514f-5cadfba660314"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found jquery.maskedinput.js.t%C3%A9l%C3%A9chargement
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/amel./templates/ 0
0 228ms
226ms Script
text/html 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/amel./templates/jquery.maskedinput.js.t%C3%A9l%C3%A9chargement
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:12 GMT
Last-Modified: Wed, 05 Oct 2011 15:41:30 GMT
Server: openresty/1.17.8.2
Connection: keep-alive
ETag: "23f-4ae8f0ab47e80"
Content-Length: 575
Content-Type: text/html

GET
H/1.1 200
OK 881298324.png
www9.0zz0.com/2019/01/14/00/ 24 KB
24 KB 86ms
76ms Image
image/png 2606:4700:3036::6815:1d27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www9.0zz0.com/2019/01/14/00/881298324.png

Requested by

Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/

Protocol

HTTP/1.1

Server

2606:4700:3036::6815:1d27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec5a662072dcbdb760862acb6fed3cda8446dfaba412dbdbcfb56af6e516ab96

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:14 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: REVALIDATED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length: 24157
last-modified: Sun, 13 Jan 2019 21:10:32 GMT
Server: cloudflare
etag: "5e5d-57f5d5bca4a67"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w8zT%2FtAz1hUADlTAuliCZs3fG57W3yK5CkbFDPryt17QJhQj8w91xideQ2gQ4zWrmujnvq96GiVqQCJDd5dNrxWiYpdDTFLtjQkU1lz7pPcWU2dNdK%2BhyQBKarRaLOh%2BhsLTdby4WIFXdJ%2Fm"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=28800
Accept-Ranges: bytes
CF-RAY: 6bb19d24cf075b26-FRA

GET
H/1.1 200
OK picto_erreur.png
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 525 B
805 B 115ms
114ms Image
image/png 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/picto_erreur.png
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 80d1d841d01def794b72d493bd0dcb2c55667e9f3564a0c26a68230285876b09

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:14 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:18 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "20d-5cadfba7894e8"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 525

GET
H/1.1 200
OK info.png
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 422 B
702 B 123ms
122ms Image
image/png 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/info.png
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 1dda410d1e57107370efce2fa1a5f0e462e43441d373b78c67b9c8ad1943dd6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:14 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "1a6-5cadfba349ac5"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 422

GET
H/1.1 200
OK ameli-footer.png
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 10 KB
10 KB 124ms
123ms Image
image/png 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ameli-footer.png
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 0feece22208061aaf14ad937952b2a186cae86668dd0cf9b42e0fc49cb4c4d56

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:14 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:08 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "2884-5cadfb9e4e83a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10372

GET
H/1.1 200
OK fermer.svg
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 2 KB
2 KB 222ms
221ms Image
image/svg+xml 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/fermer.svg
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: bd41f1926d21d2cdcc4522c7d6ad6348e4f79230f97dc81910486b633fc98c23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:14 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:13 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "6dd-5cadfba277797"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1757

GET
H/1.1 200
OK Miniballs.gif
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 1 KB
1 KB 117ms
116ms Image
image/gif 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/Miniballs.gif
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:14 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:18 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "49d-5cadfba77e567"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1181

GET
H/1.1 200
OK jquery-1.11.3.min.js.t%C3%A9l%C3%A9chargement Show response
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 94 KB
38 KB 123ms
123ms Script
application/javascript 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/jquery-1.11.3.min.js.t%C3%A9l%C3%A9chargement
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 19:12:17 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: W/"176d5-5cadfba6441d0"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK bootstrap.min.js.t%C3%A9l%C3%A9chargement Show response
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 36 KB
12 KB 124ms
123ms Script
application/javascript 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/bootstrap.min.js.t%C3%A9l%C3%A9chargement
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 19:12:11 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: W/"9004-5cadfba0c61bb"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK auth.js.t%C3%A9l%C3%A9chargement Show response
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 12 KB
3 KB 127ms
127ms Script
application/javascript 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/auth.js.t%C3%A9l%C3%A9chargement
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 83d95d72a9a2ec992fe568cd6d0ee4e993e0e79b16c198f16146c3cd9cb28453

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:14 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 19:12:09 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: W/"2f45-5cadfb9f4e61b"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK urls.js.t%C3%A9l%C3%A9chargement Show response
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 374 B
667 B 116ms
115ms Script
application/javascript 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/urls.js.t%C3%A9l%C3%A9chargement
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: 366e34cda8e790b77e36d7ff5387a4b449b9cf8f284cd44779cc8e9398b9c405

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:20 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "176-5cadfba8f5544"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 374

GET
H/1.1 404
Not Found jquery.maskedinput.js.t%C3%A9l%C3%A9chargement
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/amel./templates/ 0
0 116ms
116ms Script
text/html 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/amel./templates/jquery.maskedinput.js.t%C3%A9l%C3%A9chargement
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Last-Modified: Wed, 05 Oct 2011 15:41:30 GMT
Server: openresty/1.17.8.2
Connection: keep-alive
ETag: "23f-4ae8f0ab47e80"
Content-Length: 575
Content-Type: text/html

GET
H/1.1 200
OK saved_resource.html Show response
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ Frame 1DEE 156 B
435 B 227ms
115ms Document
text/html 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/saved_resource.html
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: b5185138855c2ff3f2f73fddf5fd924d957b8e524cd8f64a1bb8106e7290380f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/

Response headers

Server: openresty/1.17.8.2
Date: Thu, 09 Dec 2021 22:19:14 GMT
Content-Type: text/html
Content-Length: 156
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 19:12:19 GMT
ETag: "9c-5cadfba836299"
X-Webcom-Cache-Status: BYPASS
Accept-Ranges: bytes

GET
H/1.1 200
OK cccc.png
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 8 KB
8 KB 328ms
238ms Image
image/png 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/cccc.png
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: b31e9d9ddfdc36396eada91eb3eeff90f73c3d4b7ab21fdfb964cace1b4af1e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:12 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "1e50-5cadfba1e3089"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7760

GET
H/1.1 200
OK crypt.png
048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/ 2 KB
2 KB 216ms
117ms Image
image/png 206.188.192.114
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/templates/crypt.png
Requested by: Host: 048d7b4.wcomhost.com
URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
Protocol: HTTP/1.1
Server: 206.188.192.114 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: vux.netsolhost.com
Software: openresty/1.17.8.2 /
Resource Hash: c6fc8dcbd9126717ca5e8d792c6dcdf5d7aa4823b2a0445d14db1fad8d0a8f90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 09 Dec 2021 22:19:13 GMT
Last-Modified: Tue, 31 Aug 2021 19:12:13 GMT
Server: openresty/1.17.8.2
X-Webcom-Cache-Status: BYPASS
ETag: "6a3-5cadfba270253"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1699

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Impots Gouv (Government) Generic (Online)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/amel./templates/jquery.maskedinput.js.t%C3%A9l%C3%A9chargement Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://048d7b4.wcomhost.com/Ameli-Assurance/remboursement/login/amel./templates/jquery.maskedinput.js.t%C3%A9l%C3%A9chargement Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

048d7b4.wcomhost.com
www9.0zz0.com
206.188.192.114
2606:4700:3036::6815:1d27
0feece22208061aaf14ad937952b2a186cae86668dd0cf9b42e0fc49cb4c4d56
1dda410d1e57107370efce2fa1a5f0e462e43441d373b78c67b9c8ad1943dd6c
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
3379fcca41b67d023e7bed71ce05f7ef88787f254cf375a12215cba78a761e7c
366e34cda8e790b77e36d7ff5387a4b449b9cf8f284cd44779cc8e9398b9c405
4d2c6e795bd471a817829599ce1fc2c3296f993eac0b39c454121c3837567857
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
7d8431edc136b4e200908e6cc831fc76b035783ffe06e268d2b804a3d6752ad1
80d1d841d01def794b72d493bd0dcb2c55667e9f3564a0c26a68230285876b09
83d95d72a9a2ec992fe568cd6d0ee4e993e0e79b16c198f16146c3cd9cb28453
a23e8449c4b65836d092f6312ec2b38b05960906099c6b487ceb553e164ac14c
b31e9d9ddfdc36396eada91eb3eeff90f73c3d4b7ab21fdfb964cace1b4af1e6
b5185138855c2ff3f2f73fddf5fd924d957b8e524cd8f64a1bb8106e7290380f
bd41f1926d21d2cdcc4522c7d6ad6348e4f79230f97dc81910486b633fc98c23
c6fc8dcbd9126717ca5e8d792c6dcdf5d7aa4823b2a0445d14db1fad8d0a8f90
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec5a662072dcbdb760862acb6fed3cda8446dfaba412dbdbcfb56af6e516ab96
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

048d7b4.wcomhost.com Open in urlscan Pro 206.188.192.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

20 Requests

0 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

184 kBTransfer

506 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

25 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

048d7b4.wcomhost.com Open in urlscan Pro
206.188.192.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

184 kB
Transfer

506 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!