urlscan.io logo urlscan.io
SecurityTrails logo

34-230-59-252.cprapid.com Open in urlscan Pro
34.230.59.252  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://moredentalimplantleads.com/wls.html
Effective URL: https://34-230-59-252.cprapid.com/wells/
Submission: On May 25 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 4 domains to perform 7 HTTP transactions. The main IP is 34.230.59.252, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is 34-230-59-252.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 24th 2021. Valid for: a year.
This is the only time 34-230-59-252.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
1 198.71.233.51 26496 (AS-26496-...)
3 34.230.59.252 14618 (AMAZON-AES)
1 13.35.253.165 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 67.202.114.216 32748 (STEADFAST)
7 6
1    198.71.233.51 (Ashburn, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-198-71-233-51.ip.secureserver.net
moredentalimplantleads.com
3    34.230.59.252 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-59-252.compute-1.amazonaws.com
34-230-59-252.cprapid.com
1    13.35.253.165 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-165.fra6.r.cloudfront.net
dg6qn11ynnp6a.cloudfront.net
1    2606:4700:10::ac43:88d (United States)

ASN13335 (CLOUDFLARENET, US)
widgets.amung.us
1    67.202.114.216 (Crown Point, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
Domain Requested by
3 34-230-59-252.cprapid.com moredentalimplantleads.com
34-230-59-252.cprapid.com
1 whos.amung.us widgets.amung.us
1 widgets.amung.us 34-230-59-252.cprapid.com
1 dg6qn11ynnp6a.cloudfront.net 34-230-59-252.cprapid.com
1 moredentalimplantleads.com
7 5

This site contains no links.

Subject Issuer Validity Valid
34-230-59-252.cprapid.com
cPanel, Inc. Certification Authority		 2021-05-24 -
2022-05-24		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2021-02-22 -
2022-02-21		 a year crt.sh
whos.amung.us
Sectigo RSA Domain Validation Secure Server CA		 2020-05-21 -
2022-05-21		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://34-230-59-252.cprapid.com/wells/
Frame ID: 04FCC84FFF8B71915E884D64CEECE97B
Requests: 4 HTTP requests in this frame

Frame: https://34-230-59-252.cprapid.com/wells/framei.php
Frame ID: 30BE13E8F5EE72571BF034596E01A7CE
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://moredentalimplantleads.com/wls.html Page URL
  2. https://34-230-59-252.cprapid.com/wells/ Page URL

Page Statistics

7
Requests

86 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

6
IPs

1
Countries

38 kB
Transfer

41 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://moredentalimplantleads.com/wls.html Page URL
  2. https://34-230-59-252.cprapid.com/wells/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
wls.html
moredentalimplantleads.com/ 		203 B
597 B 		Document
General
Check archive.org
Download Go to
Full URL
http://moredentalimplantleads.com/wls.html
Protocol
HTTP/1.1
Server
198.71.233.51 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-198-71-233-51.ip.secureserver.net
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
moredentalimplantleads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-Ranges
bytes
Age
61905
Content-Encoding
gzip
Content-Length
181
Content-Type
text/html
Date
Mon, 24 May 2021 21:41:16 GMT
Etag
"cb-5c31a44b684ff-gzip"
Last-Modified
Mon, 24 May 2021 21:41:12 GMT
Vary
Accept-Encoding, User-Agent
X-Backend
local
X-Cache
cached
X-Cache-Hit
HIT
X-Cacheable
YES:Forced
X-Content-Type-Options
nosniff
X-Xss-Protection
1; mode=block
Primary Request /
34-230-59-252.cprapid.com/wells/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://34-230-59-252.cprapid.com/wells/
Requested by
Host: moredentalimplantleads.com
URL: http://moredentalimplantleads.com/wls.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.230.59.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-230-59-252.compute-1.amazonaws.com
Software
Apache /
Resource Hash
1646d8da705ec396df601e73021a4723b5d14ec4a5f07c727f265e5f88215a75

Request headers

Host
34-230-59-252.cprapid.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://moredentalimplantleads.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://moredentalimplantleads.com/

Response headers

Date
Tue, 25 May 2021 14:53:03 GMT
Server
Apache
Last-Modified
Tue, 07 Apr 2020 11:04:10 GMT
Accept-Ranges
bytes
Content-Length
1528
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
gen_validatorv2.js
34-230-59-252.cprapid.com/wells/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://34-230-59-252.cprapid.com/wells/gen_validatorv2.js
Requested by
Host: 34-230-59-252.cprapid.com
URL: https://34-230-59-252.cprapid.com/wells/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.230.59.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-230-59-252.compute-1.amazonaws.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
34-230-59-252.cprapid.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://34-230-59-252.cprapid.com/wells/
Connection
keep-alive
Referer
https://34-230-59-252.cprapid.com/wells/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 25 May 2021 14:53:03 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
0
wellsfargo200x200.jpg
dg6qn11ynnp6a.cloudfront.net/wp-content/uploads/2016/02/02144636/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dg6qn11ynnp6a.cloudfront.net/wp-content/uploads/2016/02/02144636/wellsfargo200x200.jpg
Requested by
Host: 34-230-59-252.cprapid.com
URL: https://34-230-59-252.cprapid.com/wells/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.165 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-165.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f2163d39d322368519ce2c0be0df0bd01b4f7b152d1f5b2dc098b3d0ff026be5

Request headers

Referer
https://34-230-59-252.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 20 May 2021 20:16:32 GMT
Via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
Last-Modified
Tue, 02 Feb 2016 19:47:16 GMT
Server
AmazonS3
Age
412592
ETag
"cd6d0b46a6c8e48e23f70d13e3542805"
X-Cache
Hit from cloudfront
x-amz-version-id
m8hDyIGakBXBPYbHrl5spMo9id6VPdHB
Connection
keep-alive
X-Amz-Cf-Pop
FRA6-C1
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
31121
X-Amz-Cf-Id
gl8nEnqb0yTQgxK4ipjnwTN5Vxkax-l2Wd_OmQxe6UtHZpNLQb9w-g==
Expires
Fri, 30 Jan 2026 19:46:36 GMT
framei.php
34-230-59-252.cprapid.com/wells/ Frame 30BE 		382 B
610 B 		Document
General
Check archive.org
Download Go to
Full URL
https://34-230-59-252.cprapid.com/wells/framei.php
Requested by
Host: 34-230-59-252.cprapid.com
URL: https://34-230-59-252.cprapid.com/wells/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.230.59.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-230-59-252.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7d36345ccb6cfaf6af0e49bd04a5c0ef8150d737b013be595275a1ee9e2461dd

Request headers

Host
34-230-59-252.cprapid.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://34-230-59-252.cprapid.com/wells/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://34-230-59-252.cprapid.com/wells/

Response headers

Date
Tue, 25 May 2021 14:53:03 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
small.js
widgets.amung.us/ Frame 30BE 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widgets.amung.us/small.js
Requested by
Host: 34-230-59-252.cprapid.com
URL: https://34-230-59-252.cprapid.com/wells/framei.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84

Request headers

Referer
https://34-230-59-252.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 25 May 2021 14:53:03 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 03 May 2021 17:48:47 GMT
server
cloudflare
age
2827
etag
W/"6090377f-1ed7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
cf-ray
654f975268f54e1f-FRA
cf-request-id
0a459ce77e00004e1fde8f5000000001
expires
Wed, 26 May 2021 14:05:56 GMT
/
whos.amung.us/pingjs/ Frame 30BE 		29 B
145 B 		Script
General
Check archive.org
Download Go to
Full URL
https://whos.amung.us/pingjs/?k=z0fvhkxo411&t=Ip%3A%20217.138.209.76%20-%20217.138.209.76%20%5BWELLS-FARGO-1%5D&c=s&x=https%3A%2F%2F34-230-59-252.cprapid.com%2Fwells%2Fframei.php&y=https%3A%2F%2F34-230-59-252.cprapid.com%2Fwells%2F&a=0&d=0.471&v=27&r=5436
Requested by
Host: widgets.amung.us
URL: https://widgets.amung.us/small.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.114.216 Crown Point, United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
29f4040102d66aba1a4aa46de325e6b12689d7b2abde3fb92768b5ba92599551

Request headers

Referer
https://34-230-59-252.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 25 May 2021 14:53:04 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
truncated
/ Frame 30BE 		439 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block