uscounter-robinhoodrestriction.162-240-229-169.cprapid.com
Open in
urlscan Pro
162.240.229.169
Malicious Activity!
Public Scan
Effective URL: https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/auth
Submission: On June 16 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R11 on June 15th 2024. Valid for: 3 months.
This is the only time uscounter-robinhoodrestriction.162-240-229-169.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Robinhood (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 202.89.117.210 202.89.117.210 | 45320 (DEPKOMINF...) (DEPKOMINFO-AS-ID Departemen Komunikasi dan Informasi Republik Indonesia) | |
1 15 | 162.240.229.169 162.240.229.169 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:11::215:14c7 | () () | |
19 | 5 |
ASN45320 (DEPKOMINFO-AS-ID Departemen Komunikasi dan Informasi Republik Indonesia, ID)
komin.fo |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-240-229-169.unifiedlayer.com
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
cprapid.com
1 redirects
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com |
414 KB |
2 |
komin.fo
komin.fo |
206 KB |
1 |
flaticon.com
cdn-icons-png.flaticon.com |
9 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 457 |
31 KB |
0 |
helpmegrowutah.org
Failed
wisconsin.helpmegrowutah.org Failed |
|
19 | 5 |
Domain | Requested by | |
---|---|---|
15 | uscounter-robinhoodrestriction.162-240-229-169.cprapid.com |
1 redirects
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com
|
2 | komin.fo | |
1 | cdn-icons-png.flaticon.com |
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com
|
1 | ajax.googleapis.com |
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com
|
0 | wisconsin.helpmegrowutah.org Failed |
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com
|
19 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
komin.fo Sectigo RSA Domain Validation Secure Server CA |
2024-03-08 - 2025-03-08 |
a year | crt.sh |
www.uscounter-robinhoodrestriction.162-240-229-169.cprapid.com R11 |
2024-06-15 - 2024-09-13 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-05-27 - 2024-08-19 |
3 months | crt.sh |
*.flaticon.com E6 |
2024-06-07 - 2024-09-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/auth
Frame ID: A6B421DD6E02AB6A7B6BF152BB3F0CA3
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Log In | RobinhoodPage URL History Show full URLs
- https://komin.fo/robins Page URL
- https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/?wew&utm_source=kominfo&utm_medium=shorturl Page URL
-
https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin
HTTP 301
https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/ Page URL
- https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/auth Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://komin.fo/robins Page URL
- https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/?wew&utm_source=kominfo&utm_medium=shorturl Page URL
-
https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin
HTTP 301
https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/ Page URL
- https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/auth Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin HTTP 301
- https://uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
robins
komin.fo/ |
675 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/ |
69 B 575 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
komin.fo/ |
204 KB 204 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/ Redirect Chain
|
92 B 523 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
auth
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/signin/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
legacy.css
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/css/ |
8 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/css/ |
14 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
632fcb3e7ed928b2a960f3e003d10b44.jpg
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/img/ |
378 KB 378 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ece4dfe7c8753c6ed9e4ede8ad811074.woff2
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/generated_assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon-1.png
wisconsin.helpmegrowutah.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8b42e3fc6d1d161d6fbd7487babe6cfe.woff2
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/generated_assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6866733.png
cdn-icons-png.flaticon.com/512/6866/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f31b2ecb2f8e039d53bd75d5314229c7.woff2
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/generated_assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8ba279fa6846f41bb21912578ff1ea58.woff
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/generated_assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eae2cabcf8266bed9e324af939bcfa6b.woff
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/generated_assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ba3ebea0939580614269729932955862.woff
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/generated_assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/Assets/img/ |
4 KB 4 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- wisconsin.helpmegrowutah.org
- URL
- https://wisconsin.helpmegrowutah.org/favicon-1.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Robinhood (Financial)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
komin.fo/ | Name: XSRF-TOKEN Value: eyJpdiI6IkE4eWNvVElWVXNyTWNPY043c1ZVekE9PSIsInZhbHVlIjoiWVBVRTVRT3pOanVpRm12eVpianFjVy81bzNZWjhvY3BrNC9WcDQ2dWpzb2gwd1NkemVsbEoyTW81bVg4MlAvSWJiZXlpQzNiNXA3akdNb1g3czF1d2w2VTEwMDA0UVI2OUtoRzhFWmJqenBCUHhtKzg3UnJKMWpTVy8zNlNnSmQiLCJtYWMiOiIyNWFkZDgwNDEwNzZkNjg5YjZmOTJhOGM1OTg1MjdiODBlMGUwZjhiODk1MmYwMTAxYmIwZmEwODU4YzEyMDgxIiwidGFnIjoiIn0%3D |
|
komin.fo/ | Name: short_url_kominfo_session Value: V1xBbEsFwLIDKjro5SSussnwWIhm3WGa9ezV8cIn |
|
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com/ | Name: PHPSESSID Value: db0a744a3b2034996dc21d7dd7da08ce |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'none';style-src 'self';script-src 'self';connect-src 'self';img-src 'self';font-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self';media-src 'self';child-src 'self' |
Strict-Transport-Security | max-age=15724800; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn-icons-png.flaticon.com
komin.fo
uscounter-robinhoodrestriction.162-240-229-169.cprapid.com
wisconsin.helpmegrowutah.org
wisconsin.helpmegrowutah.org
162.240.229.169
202.89.117.210
2a00:1450:4001:829::200a
2a02:26f0:3500:11::215:14c7
01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126
6f9f23c037764fa240bf5073075f7a5842ad9eb457133fb6399c296784b05200
8032d99d4c7e7a0c668c4822c7c5fc6e40f6dde9ae7bac3591310ba8edd28e5f
b26a8b8f4bef207596f466204fb1eaa35fbf3624f8e6be5e0414319dbdb61c08
ce72e3b98db4842b7dc5ea8610d9046ac2e979f773c0b53ac6aa10cf29f64d3a
dafef08402f6de96e73f5798dfb91f5291ee1e55d3f10174fde44966f3162c8a
e31e9c483be9add2687e92bcf347a0ce4c180b7fab7b5df93f1650f3fa771888
f2413a8bddf0d54c3a1080c123f4f51db1eeb03310f548a75f5ce1466aaaa30e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d