urlscan.io logo urlscan.io
SecurityTrails logo

54-172-191-12.cprapid.com Open in urlscan Pro
54.172.191.12  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://d8a.infinitydata.io/i.html
Effective URL: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8Bek...
Submission: On July 06 via api from JP — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 6 domains to perform 7 HTTP transactions. The main IP is 54.172.191.12, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is 54-172-191-12.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 5th 2023. Valid for: 3 months.
This is the only time 54-172-191-12.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Infomaniak (Online)

Domain & IP information

IP Address AS Autonomous System
1 35.228.42.232 396982 (GOOGLE-CL...)
1 3 54.172.191.12 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (STACKPATH...)
7 5
Apex Domain
Subdomains		 Transfer
3 cprapid.com
54-172-191-12.cprapid.com
1 MB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 749
82 KB
1 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 483
17 KB
1 infinitydata.io
d8a.infinitydata.io
502 B
0 pagespeed-mod.com Failed
www.pagespeed-mod.com Failed
0 scriptcdn.net Failed
3001.scriptcdn.net Failed
7 6
Domain Requested by
3 54-172-191-12.cprapid.com 1 redirects d8a.infinitydata.io
54-172-191-12.cprapid.com
1 code.jquery.com 54-172-191-12.cprapid.com
1 ssl.google-analytics.com 54-172-191-12.cprapid.com
1 d8a.infinitydata.io
0 www.pagespeed-mod.com Failed 54-172-191-12.cprapid.com
0 3001.scriptcdn.net Failed 54-172-191-12.cprapid.com
7 6

This site contains links to these domains. Also see Links.

Domain
www.infomaniak.com
welcome.infomaniak.com
Subject Issuer Validity Valid
54-172-191-12.cprapid.com
cPanel, Inc. Certification Authority		 2023-07-05 -
2023-10-03		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Frame ID: 07944A9C7119FD3AEB199919FD3F7E0F
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Manager Infomaniak - Se connecter à votre console

Page URL History Show full URLs

  1. http://d8a.infinitydata.io/i.html Page URL
  2. https://54-172-191-12.cprapid.com/mail/ HTTP 302
    https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

57 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

5
IPs

4
Countries

1224 kB
Transfer

1456 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://d8a.infinitydata.io/i.html Page URL
  2. https://54-172-191-12.cprapid.com/mail/ HTTP 302
    https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
i.html
d8a.infinitydata.io/ 		213 B
502 B 		Document
General
Check archive.org
Download Go to
Full URL
http://d8a.infinitydata.io/i.html
Protocol
HTTP/1.1
Server
35.228.42.232 Lappeenranta, Finland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.42.228.35.bc.googleusercontent.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
182
Content-Type
text/html
Date
Thu, 06 Jul 2023 03:33:14 GMT
ETag
"d5-5ffbbbd5b33c9-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Wed, 05 Jul 2023 11:31:24 GMT
Server
Apache
Vary
Accept-Encoding
Primary Request login.php
54-172-191-12.cprapid.com/mail/
Redirect Chain
  • https://54-172-191-12.cprapid.com/mail/
  • https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHc...
75 KB
75 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Requested by
Host: d8a.infinitydata.io
URL: http://d8a.infinitydata.io/i.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.172.191.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-172-191-12.compute-1.amazonaws.com
Software
Apache /
Resource Hash
1e209600fe12a0211c1bceb6750b1566246ef194ce47f62eeb8d57506e6d24e2

Request headers

Referer
http://d8a.infinitydata.io/i.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 03:33:14 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 03:33:14 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Pragma
no-cache
Server
Apache
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: 54-172-191-12.cprapid.com
URL: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://54-172-191-12.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 06 Jul 2023 02:13:50 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4765
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Thu, 06 Jul 2023 04:13:50 GMT
jquery-latest.js
code.jquery.com/ 		276 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-latest.js
Requested by
Host: 54-172-191-12.cprapid.com
URL: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://54-172-191-12.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 03:33:15 GMT
content-encoding
gzip
last-modified
Wed, 16 Feb 2022 10:50:39 GMT
server
nginx
etag
W/"620cd6ff-4508e"
vary
Accept-Encoding
x-hw
1688614395.dop001.sk1.t,1688614395.cds223.sk1.hn,1688614395.cds212.sk1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
83875
login.css
54-172-191-12.cprapid.com/mail/library/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://54-172-191-12.cprapid.com/mail/library/login.css
Requested by
Host: 54-172-191-12.cprapid.com
URL: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.172.191.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-172-191-12.compute-1.amazonaws.com
Software
Apache /
Resource Hash
1587e59e95175bb9d137959999f66f49f2d4fe485b0ef6b64755e31d8e0da760

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 06 Jul 2023 03:33:15 GMT
Last-Modified
Sat, 29 Jan 2022 16:13:36 GMT
Server
Apache
Content-Type
text/css
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1074037
Expires
0
1
3001.scriptcdn.net/code/static/ 		0
0
taas
www.pagespeed-mod.com/v1/ 		0
0
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04b0adf625eea0fb26552795a377180ac678882238bd868191e8bb3afd9731f8

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
3001.scriptcdn.net
URL
https://3001.scriptcdn.net/code/static/1
Domain
www.pagespeed-mod.com
URL
https://www.pagespeed-mod.com/v1/taas?id=cs&ak=55c85bbdd6e4d21e7278fbbbb89a9502&si=fb4741a02e044f61940836e20590e7f6&tag=1005&rand=916bde30dbf13276e77f2278b366e12c&ord=7792532756164718

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Infomaniak (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| _gat object| _gaq

2 Cookies

Domain/Path Name / Value
54-172-191-12.cprapid.com/mail Name: cleana
Value: true
54-172-191-12.cprapid.com/ Name: PHPSESSID
Value: 28e4b5b3ffe7376b6ca95834dfaf2abf

2 Console Messages

Source Level URL
Text
security error URL: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Message:
Refused to load the script 'https://3001.scriptcdn.net/code/static/1' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Message:
Refused to load the script 'https://www.pagespeed-mod.com/v1/taas?id=cs&ak=55c85bbdd6e4d21e7278fbbbb89a9502&si=fb4741a02e044f61940836e20590e7f6&tag=1005&rand=916bde30dbf13276e77f2278b366e12c&ord=7792532756164718' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.