robinhood.com.193-111-125-205.cprapid.com
Open in
urlscan Pro
193.111.125.205
Malicious Activity!
Public Scan
Effective URL: https://robinhood.com.193-111-125-205.cprapid.com/login?c_ds_na=IIvUJYUVEBqPmkub8hd1Yxqvmto2ZbbjBMtBBbdXJ8&c_ds_no=text%2Fhtml%2Capplication%2Fxht...
Submission: On August 20 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R11 on August 15th 2024. Valid for: 3 months.
This is the only time robinhood.com.193-111-125-205.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Robinhood (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 103.179.69.10 103.179.69.10 | 149346 (IDNIC-DIS...) (IDNIC-DISKOMINFOPKP-AS-ID Dinas Komunikasi dan Informatika Kota Pangkalpinang) | |
1 9 | 193.111.125.205 193.111.125.205 | 210574 (POYRAZ) (POYRAZ) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2 |
ASN149346 (IDNIC-DISKOMINFOPKP-AS-ID Dinas Komunikasi dan Informatika Kota Pangkalpinang, ID)
s.pangkalpinangkota.go.id |
ASN210574 (POYRAZ, TR)
PTR: server.poyrazhosting.com
robinhood.com.193-111-125-205.cprapid.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
cprapid.com
1 redirects
robinhood.com.193-111-125-205.cprapid.com |
734 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 4508 |
29 KB |
1 |
pangkalpinangkota.go.id
1 redirects
s.pangkalpinangkota.go.id |
512 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
9 | robinhood.com.193-111-125-205.cprapid.com |
1 redirects
robinhood.com.193-111-125-205.cprapid.com
|
1 | stackpath.bootstrapcdn.com |
robinhood.com.193-111-125-205.cprapid.com
|
1 | s.pangkalpinangkota.go.id | 1 redirects |
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.robinhood.com.193-111-125-205.cprapid.com R11 |
2024-08-15 - 2024-11-13 |
3 months | crt.sh |
bootstrapcdn.com WE1 |
2024-07-23 - 2024-10-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://robinhood.com.193-111-125-205.cprapid.com/login?c_ds_na=IIvUJYUVEBqPmkub8hd1Yxqvmto2ZbbjBMtBBbdXJ8&c_ds_no=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7
Frame ID: A3CB0409CC555FA1B2356E5F3E90726D
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Log In | RobinhoodPage URL History Show full URLs
-
https://s.pangkalpinangkota.go.id/robinhood?userid=PDcEZIFq
HTTP 302
https://robinhood.com.193-111-125-205.cprapid.com/?kodok HTTP 302
https://robinhood.com.193-111-125-205.cprapid.com/login?c_ds_na=IIvUJYUVEBqPmkub8hd1Yxqvmto2ZbbjBMtBBbdXJ8&c_ds_no=text%2Fhtml... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.pangkalpinangkota.go.id/robinhood?userid=PDcEZIFq
HTTP 302
https://robinhood.com.193-111-125-205.cprapid.com/?kodok HTTP 302
https://robinhood.com.193-111-125-205.cprapid.com/login?c_ds_na=IIvUJYUVEBqPmkub8hd1Yxqvmto2ZbbjBMtBBbdXJ8&c_ds_no=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login
robinhood.com.193-111-125-205.cprapid.com/ Redirect Chain
|
133 KB 133 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
legacyStyles.54f4576ded752cf2cfa8.css
robinhood.com.193-111-125-205.cprapid.com/assets/style/ |
93 KB 93 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ |
157 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
App.8d455d3471c517adc757.css
robinhood.com.193-111-125-205.cprapid.com/assets/style/ |
45 KB 45 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9435691b466061dc75b0.jpg
robinhood.com.193-111-125-205.cprapid.com/assets/images/ |
401 KB 402 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8b42e3fc6d1d161d6fbd.woff2
robinhood.com.193-111-125-205.cprapid.com/assets/font/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ece4dfe7c8753c6ed9e4.woff2
robinhood.com.193-111-125-205.cprapid.com/assets/font/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f31b2ecb2f8e039d53bd.woff2
robinhood.com.193-111-125-205.cprapid.com/assets/font/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
robinhood.com.193-111-125-205.cprapid.com/assets/images/ |
4 KB 4 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Robinhood (Financial)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
robinhood.com.193-111-125-205.cprapid.com/ | Name: PHPSESSID Value: 92414ac7e4da8dbb359ba6159653e4a1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
robinhood.com.193-111-125-205.cprapid.com
s.pangkalpinangkota.go.id
stackpath.bootstrapcdn.com
103.179.69.10
104.18.11.207
193.111.125.205
027ab0a5f3e4c1ad69e2b8edd3bc7bc73db91c4d1af84760d98e4d137d4b2b78
0ef7c688bd1385a7df6941a13f3b4e980cd2f90f01b9268c9bb3e95394eec486
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
6573ba5ca76b29d5ffe83d94b27a4a8a09c8d5c8d5f2ca0719aaeef6856042d8
6b246e0972a04ca126a4cb4edf2e4755ed865e2683070fae90f760523b783c50
d6e0f9a85b076741a771ec8574c1278fb65fe34160e73bd8beffa2f927831302
d94ee7e0d70ca2074c1d040a373731061200dc94aa3b218a9264f0511f603c78
d9fee132950dfdd93814447d12e049fd1795fbcc5e13fa9961d2fc3141f4534e
f2413a8bddf0d54c3a1080c123f4f51db1eeb03310f548a75f5ce1466aaaa30e