164-132-121-0.cprapid.com
Open in
urlscan Pro
164.132.121.0
Malicious Activity!
Public Scan
Effective URL: https://164-132-121-0.cprapid.com/prv/188552630254751.php?TokenID=nfzAFNaMESmSPULMibXaGUVpYRv
Submission: On December 16 via api from IE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 16th 2020. Valid for: a year.
This is the only time 164-132-121-0.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.98.131.153 185.98.131.153 | 16347 (RMI-FITECH) (RMI-FITECH) | |
3 13 | 164.132.121.0 164.132.121.0 | 16276 (OVH) (OVH) | |
1 | 2606:4700:10:... 2606:4700:10::6816:4bab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 67.202.94.86 67.202.94.86 | 32748 (STEADFAST) (STEADFAST) | |
2 | 52.21.8.77 52.21.8.77 | 14618 (AMAZON-AES) (AMAZON-AES) | |
14 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
cprapid.com
3 redirects
164-132-121-0.cprapid.com |
320 KB |
2 |
amazon.com
fls-na.amazon.com |
174 B |
2 |
amung.us
widgets.amung.us whos.amung.us |
4 KB |
1 |
ajddigue.com
1 redirects
ajddigue.com |
124 B |
14 | 4 |
Domain | Requested by | |
---|---|---|
13 | 164-132-121-0.cprapid.com |
3 redirects
164-132-121-0.cprapid.com
|
2 | fls-na.amazon.com | |
1 | whos.amung.us |
widgets.amung.us
|
1 | widgets.amung.us |
164-132-121-0.cprapid.com
|
1 | ajddigue.com | 1 redirects |
14 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
vehicleenquiry.service.gov.uk |
www.gov.uk |
dvladigital.blog.gov.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
164-132-121-0.cprapid.com cPanel, Inc. Certification Authority |
2020-12-16 - 2021-12-16 |
a year | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
fls-na.amazon.com Amazon |
2020-08-14 - 2021-08-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://164-132-121-0.cprapid.com/prv/188552630254751.php?TokenID=nfzAFNaMESmSPULMibXaGUVpYRv
Frame ID: 89F6A3EC4703DC7BA28E515B84D4AD30
Requests: 11 HTTP requests in this frame
Frame:
https://164-132-121-0.cprapid.com/prv/framei.php
Frame ID: 8379D27D262B31F01C5D466FA5D51793
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://ajddigue.com/red/?p=338840DD99CA14B119A5
HTTP 303
https://164-132-121-0.cprapid.com/ HTTP 302
https://164-132-121-0.cprapid.com/prv HTTP 301
https://164-132-121-0.cprapid.com/prv/ HTTP 302
https://164-132-121-0.cprapid.com/prv/188552630254751.php?TokenID=nfzAFNaMESmSPULMibXaGUVpYRv Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Skip to main content
Search URL Search Domain Scan URL
Title: GOV.UK
Search URL Search Domain Scan URL
Title: Vehicle Tax Application
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: Terms and Conditions
Search URL Search Domain Scan URL
Title: Cymraeg
Search URL Search Domain Scan URL
Title: Privacy Information Notice
Search URL Search Domain Scan URL
Title: Driver & Vehicle Licensing Agency
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: @ Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ajddigue.com/red/?p=338840DD99CA14B119A5
HTTP 303
https://164-132-121-0.cprapid.com/ HTTP 302
https://164-132-121-0.cprapid.com/prv HTTP 301
https://164-132-121-0.cprapid.com/prv/ HTTP 302
https://164-132-121-0.cprapid.com/prv/188552630254751.php?TokenID=nfzAFNaMESmSPULMibXaGUVpYRv Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
188552630254751.php
164-132-121-0.cprapid.com/prv/ Redirect Chain
|
28 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
164-132-121-0.cprapid.com/prv/ |
8 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-edbf15f9.css
164-132-121-0.cprapid.com/prv/includes/ |
93 KB 94 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-5f3eeb9f79e61d1b297c.js.download
164-132-121-0.cprapid.com/prv/includes/ |
187 KB 187 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
framei.php
164-132-121-0.cprapid.com/prv/ Frame 8379 |
376 B 603 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
light-94a07e06a1-v2.woff2
164-132-121-0.cprapid.com/packs/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-crest.png
164-132-121-0.cprapid.com/packs/assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bold-b542beb274-v2.woff2
164-132-121-0.cprapid.com/packs/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
light-f591b13f7d-v2.woff
164-132-121-0.cprapid.com/packs/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
small.js
widgets.amung.us/ Frame 8379 |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bold-affa96571d-v2.woff
164-132-121-0.cprapid.com/packs/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ Frame 8379 |
27 B 143 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
A1EVAM02EL8SFB:138-1411615-8741828:57RD9PTNQYZPQVN1XPEG=s:undefined%3Fld%26v%3D0.214429.0%26id%3D57RD9PTNQYZPQVN1XPEG%26m%3D1%26sc%3D57RD9PTNQYZPQVN1XPEG%26ue%3D18%26pc%3D359%26tc%3D-587%26na_%3D-5...
fls-na.amazon.com/1/batch/1/OP/ |
87 B 87 B |
Image
text/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
A1EVAM02EL8SFB:138-1411615-8741828:57RD9PTNQYZPQVN1XPEG=s:undefined%3Fld%26v%3D0.214429.0%26id%3D57RD9PTNQYZPQVN1XPEG%26sc0%3DLoadTitle%26be0%3D18%26pc0%3D19%26ld0%3D19%26t0%3D1608133828204%26ctb%3...
fls-na.amazon.com/1/batch/1/OP/ |
87 B 87 B |
Image
text/xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 8379 |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)58 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated number| ue_t0 object| ue_csm number| ue_hob string| ue_err_chan string| ue_id undefined| ue_url number| ue_navtiming string| ue_mid string| ue_sid string| ue_sn string| ue_furl string| ue_surl number| ue_int number| ue_fcsn number| ue_urt string| ue_rpl_ns number| ue_ddq string| ue_fpf number| ue_sbuimp number| ue_bfd number| ue_swi function| ue_viz number| ue_hoe number| ue_ihb object| ue function| ueLogError object| ue_err number| ueinit function| uei function| ueh function| ues function| uet function| uex function| onLd function| onLdEnd function| onUl function| onstop object| Aes object| Base64 object| Utf8 string| apt_sers_id string| eu_im_seces string| indo_tokese string| ctrTxt object| _0xa211 function| _kaktys_encode function| uQUWLTxlTSIzXKQa object| ReactRailsUJS1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
164-132-121-0.cprapid.com/ | Name: PHPSESSID Value: 29201b87da8ea31f285d62635b4bad33 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
164-132-121-0.cprapid.com
ajddigue.com
fls-na.amazon.com
whos.amung.us
widgets.amung.us
164.132.121.0
185.98.131.153
2606:4700:10::6816:4bab
52.21.8.77
67.202.94.86
0298a25db873588e37945ece2b90e9f573dda86bfc84ae9f3efb8c3fbdcbce84
4b194f7071877dbd9e2477bb7e5e688b659638f4ebe7377edda626bcb9467fdf
6369118b817a8a0549092cce8b77d77ac7ec88cc76a66d3ed9e32e9c4f6fb23f
8deaf41a3b81717c97447f32183dfab554f7f05d2d2ef96d4e5d694273ccced3
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f005aca517723669a9e5bb5b9ae9dd3333f74236292c3c0bbb65593a3f97ba56
f11cf306d050f927ed438682a026801f04251f0eafaacae2987c0444bb6e7889
f66659d959eee856ff9eeb35d8aa2206ca55ffb3bc07f4180b33606f98d11edc
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
f89dc7d294120ea77a572fd063c2a9d9bcb2699e1608b6fc7732158bc090e82c