104-237-146-236.cprapid.com
Open in
urlscan Pro
104.237.146.236
Malicious Activity!
Public Scan
Effective URL: https://104-237-146-236.cprapid.com/norvegian/
Submission: On June 17 via manual from NO — Scanned from NL
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on June 16th 2023. Valid for: 3 months.
This is the only time 104-237-146-236.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.104.29.58 185.104.29.58 | 206281 (AS-ZXCS) (AS-ZXCS) | |
13 | 104.237.146.236 104.237.146.236 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
2 | 2606:4700:10:... 2606:4700:10::6816:4bab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:21:... 2606:4700:21::8d65:780a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.64.151.83 172.64.151.83 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 67.202.105.31 67.202.105.31 | 32748 (STEADFAST) (STEADFAST) | |
1 | 67.202.105.34 67.202.105.34 | 32748 (STEADFAST) (STEADFAST) | |
25 | 8 |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 104-237-146-236.ip.linodeusercontent.com
104-237-146-236.cprapid.com |
ASN13335 (CLOUDFLARENET, US)
widgets.amung.us | |
whos.amung.us |
ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net
ic.tynt.com |
ASN32748 (STEADFAST, US)
PTR: ip34.67-202-105.static.steadfastdns.net
de.tynt.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
cprapid.com
104-237-146-236.cprapid.com |
165 KB |
7 |
tynt.com
cdn.tynt.com — Cisco Umbrella Rank: 14429 ic.tynt.com — Cisco Umbrella Rank: 8732 de.tynt.com — Cisco Umbrella Rank: 1841 |
8 KB |
2 |
dtscout.com
t.dtscout.com — Cisco Umbrella Rank: 13998 |
2 KB |
2 |
amung.us
widgets.amung.us — Cisco Umbrella Rank: 20985 whos.amung.us — Cisco Umbrella Rank: 13356 |
4 KB |
1 |
coverdesigns.nl
coverdesigns.nl |
361 B |
25 | 5 |
Domain | Requested by | |
---|---|---|
13 | 104-237-146-236.cprapid.com |
coverdesigns.nl
104-237-146-236.cprapid.com |
5 | ic.tynt.com |
104-237-146-236.cprapid.com
|
2 | t.dtscout.com |
widgets.amung.us
t.dtscout.com |
1 | de.tynt.com |
cdn.tynt.com
|
1 | cdn.tynt.com |
widgets.amung.us
|
1 | whos.amung.us |
widgets.amung.us
|
1 | widgets.amung.us |
104-237-146-236.cprapid.com
|
1 | coverdesigns.nl | |
25 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.banknorwegian.no |
play.google.com |
itunes.apple.com |
identity.banknorwegian.no |
Subject Issuer | Validity | Valid | |
---|---|---|---|
coverdesigns.nl R3 |
2023-05-06 - 2023-08-04 |
3 months | crt.sh |
104-237-146-236.cprapid.com ZeroSSL RSA Domain Secure Site CA |
2023-06-16 - 2023-09-14 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-06-11 - 2024-06-09 |
a year | crt.sh |
dtscout.com GTS CA 1P5 |
2023-05-27 - 2023-08-25 |
3 months | crt.sh |
*.tynt.com Sectigo RSA Domain Validation Secure Server CA |
2022-09-07 - 2023-09-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://104-237-146-236.cprapid.com/norvegian/
Frame ID: E3A237751D539C386BA884E851988B29
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
BankNorvegianPage URL History Show full URLs
- https://coverdesigns.nl/noba.html?2468 Page URL
- https://104-237-146-236.cprapid.com/norvegian/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: BankID
Search URL Search Domain Scan URL
Title: BankID på mobil
Search URL Search Domain Scan URL
Title: SMS
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://coverdesigns.nl/noba.html?2468 Page URL
- https://104-237-146-236.cprapid.com/norvegian/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
noba.html
coverdesigns.nl/ |
210 B 361 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
104-237-146-236.cprapid.com/norvegian/ |
22 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reboot-idsvr.min.css
104-237-146-236.cprapid.com/norvegian/all/ |
36 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
104-237-146-236.cprapid.com/norvegian/all/ |
971 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
playstore.svg
104-237-146-236.cprapid.com/norvegian/all/ |
6 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
appstore.svg
104-237-146-236.cprapid.com/norvegian/all/ |
9 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.min.js
104-237-146-236.cprapid.com/norvegian/all/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.maskedinput.min.js
104-237-146-236.cprapid.com/norvegian/all/ |
4 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apercu_bold_pro-web.woff
104-237-146-236.cprapid.com/content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apercu_regular_pro-web.woff
104-237-146-236.cprapid.com/content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TiemposTextWeb-Regular.woff
104-237-146-236.cprapid.com/content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apercu_bold_pro-web.woff2
104-237-146-236.cprapid.com/content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apercu_regular_pro-web.woff2
104-237-146-236.cprapid.com/content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TiemposTextWeb-Regular.woff2
104-237-146-236.cprapid.com/content/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
small.js
widgets.amung.us/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
t.dtscout.com/i/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
27 B 128 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tc.js
cdn.tynt.com/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
t.dtscout.com/pv/ |
51 B 344 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 228 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2
de.tynt.com/deb/ |
4 B 327 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p
ic.tynt.com/b/ |
0 227 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
June 17th 2023, 9:53:50 pm
UTC —
From Norway
Threats:
Phishing
Brands:
Bank Norwegian
NO
Comment: Phishing scam distributed through SMS: "4205 Norvegian https://coverdesigns.nl/noba.html?2468"
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| _wau object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x2 object| Tynt object| _dtspv object| _33Across function| __uspapi4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
104-237-146-236.cprapid.com/ | Name: PHPSESSID Value: 9d69a3a2a3234194b71e777c7dda97a3 |
|
.dtscout.com/ | Name: m Value: 1 |
|
.dtscout.com/ | Name: oa Value: 1 |
|
.dtscout.com/ | Name: df Value: 1687038686 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
104-237-146-236.cprapid.com
cdn.tynt.com
coverdesigns.nl
de.tynt.com
ic.tynt.com
t.dtscout.com
whos.amung.us
widgets.amung.us
104.237.146.236
172.64.151.83
185.104.29.58
2606:4700:10::6816:4bab
2606:4700:21::8d65:780a
67.202.105.31
67.202.105.34
086c29fe7599556d5c1c8fbbfc84e82bccb5e040f4b56a1c7eab45fa61831e4e
0f9f734864f15a769277815bb96d6b27f81d60db02e29faa9dc281e76ffc3881
1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
38e57bc218943a28b970f668d472554ea2ce99e05379ec7676519808d3b57e4d
3daee467cde72131e93820b6bad1f44ac52924b5cf8dea17e7bd7a242d7bcab9
8da6e4fe47faa771c77f2f91582f5dbdf8fb41c320c3ad55263d1aaf40b28363
9285a80d8ab5865b3c84926cf203f1b3d15667d275a88f64dcfeb83d9ed2d316
b1804777ba20dafab3f354093af8b20442bec0eb61b2d34ea8a735a3bfefa278
c49bfc81d4c498d74f701117b3a9d14047d3f6a78d48ca8b8106f033806fada0
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
de046e4de886815f029b43308851075466b0c2895335925dead88f826aafd767
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f51e2e21c5abccbf5ae5f8087e67ba2b396bfb32902394ca8b25ff6627ecb4fd
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac