54-172-191-12.cprapid.com
Open in
urlscan Pro
54.172.191.12
Malicious Activity!
Public Scan
Effective URL: https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8Bek...
Submission: On July 06 via api from JP — Scanned from FI
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 5th 2023. Valid for: 3 months.
This is the only time 54-172-191-12.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Infomaniak (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 35.228.42.232 35.228.42.232 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 3 | 54.172.191.12 54.172.191.12 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
7 | 5 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 232.42.228.35.bc.googleusercontent.com
d8a.infinitydata.io |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-191-12.compute-1.amazonaws.com
54-172-191-12.cprapid.com |
ASN15169 (GOOGLE, US)
ssl.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
cprapid.com
1 redirects
54-172-191-12.cprapid.com |
1 MB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 749 |
82 KB |
1 |
google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 483 |
17 KB |
1 |
infinitydata.io
d8a.infinitydata.io |
502 B |
0 |
pagespeed-mod.com
Failed
www.pagespeed-mod.com Failed |
|
0 |
scriptcdn.net
Failed
3001.scriptcdn.net Failed |
|
7 | 6 |
Domain | Requested by | |
---|---|---|
3 | 54-172-191-12.cprapid.com |
1 redirects
d8a.infinitydata.io
54-172-191-12.cprapid.com |
1 | code.jquery.com |
54-172-191-12.cprapid.com
|
1 | ssl.google-analytics.com |
54-172-191-12.cprapid.com
|
1 | d8a.infinitydata.io | |
0 | www.pagespeed-mod.com Failed |
54-172-191-12.cprapid.com
|
0 | 3001.scriptcdn.net Failed |
54-172-191-12.cprapid.com
|
7 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.infomaniak.com |
welcome.infomaniak.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
54-172-191-12.cprapid.com cPanel, Inc. Certification Authority |
2023-07-05 - 2023-10-03 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4
Frame ID: 07944A9C7119FD3AEB199919FD3F7E0F
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Manager Infomaniak - Se connecter à votre consolePage URL History Show full URLs
- http://d8a.infinitydata.io/i.html Page URL
-
https://54-172-191-12.cprapid.com/mail/
HTTP 302
https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Create an account (free)
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://d8a.infinitydata.io/i.html Page URL
-
https://54-172-191-12.cprapid.com/mail/
HTTP 302
https://54-172-191-12.cprapid.com/mail/login.php?nTJQLGYrP36T5hkzGnTiLLdBJZqz5Zo1A0AzZyJZIrT20IKMC214erM3R3rR4hFPpK4mizmpCJZue8BekSFYiEVLVvjRDAoAgzpqItzs4V5uwpp6xIgbUrQgUsdoREeq9HrrR2yhcqElUaWTLjHcaMMOBv3bzkyRcuYUihgNC2RjxTXXNdEoNJHbWd22noZjjakHo8F4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
i.html
d8a.infinitydata.io/ |
213 B 502 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
54-172-191-12.cprapid.com/mail/ Redirect Chain
|
75 KB 75 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
ssl.google-analytics.com/ |
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-latest.js
code.jquery.com/ |
276 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
54-172-191-12.cprapid.com/mail/library/ |
1 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
1
3001.scriptcdn.net/code/static/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
taas
www.pagespeed-mod.com/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 3001.scriptcdn.net
- URL
- https://3001.scriptcdn.net/code/static/1
- Domain
- www.pagespeed-mod.com
- URL
- https://www.pagespeed-mod.com/v1/taas?id=cs&ak=55c85bbdd6e4d21e7278fbbbb89a9502&si=fb4741a02e044f61940836e20590e7f6&tag=1005&rand=916bde30dbf13276e77f2278b366e12c&ord=7792532756164718
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Infomaniak (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| _gat object| _gaq2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
54-172-191-12.cprapid.com/mail | Name: cleana Value: true |
|
54-172-191-12.cprapid.com/ | Name: PHPSESSID Value: 28e4b5b3ffe7376b6ca95834dfaf2abf |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
3001.scriptcdn.net
54-172-191-12.cprapid.com
code.jquery.com
d8a.infinitydata.io
ssl.google-analytics.com
www.pagespeed-mod.com
3001.scriptcdn.net
www.pagespeed-mod.com
2001:4de0:ac18::1:a:3b
2a00:1450:4001:830::2008
35.228.42.232
54.172.191.12
04b0adf625eea0fb26552795a377180ac678882238bd868191e8bb3afd9731f8
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1587e59e95175bb9d137959999f66f49f2d4fe485b0ef6b64755e31d8e0da760
1e209600fe12a0211c1bceb6750b1566246ef194ce47f62eeb8d57506e6d24e2
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc