94-156-79-72.cprapid.com
Open in
urlscan Pro
94.156.79.72
Malicious Activity!
Public Scan
Effective URL: https://94-156-79-72.cprapid.com/login/login.php?WT.ac=PLO61489&tl_cookie=NjJpbUtaa204eWdSb0NmU3RlQzViUzB4eUtka0NGa2YzSncwRUREeXV...
Submission: On April 24 via manual from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on April 20th 2024. Valid for: 3 months.
This is the only time 94-156-79-72.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 132.226.118.109 132.226.118.109 | 31898 (ORACLE-BM...) (ORACLE-BMC-31898) | |
1 22 | 94.156.79.72 94.156.79.72 | 215240 (NETRESEARCH) (NETRESEARCH) | |
22 | 2 |
ASN31898 (ORACLE-BMC-31898, US)
jb6blguky925b82.ham-radio-op.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
cprapid.com
1 redirects
94-156-79-72.cprapid.com |
676 KB |
1 |
ham-radio-op.net
1 redirects
jb6blguky925b82.ham-radio-op.net |
161 B |
22 | 2 |
Domain | Requested by | |
---|---|---|
22 | 94-156-79-72.cprapid.com |
1 redirects
94-156-79-72.cprapid.com
|
1 | jb6blguky925b82.ham-radio-op.net | 1 redirects |
22 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
webmail.94-156-79-72.cprapid.com R3 |
2024-04-20 - 2024-07-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://94-156-79-72.cprapid.com/login/login.php?WT.ac=PLO61489&tl_cookie=NjJpbUtaa204eWdSb0NmU3RlQzViUzB4eUtka0NGa2YzSncwRUREeXVoUFFmeHoxWFMxb1QxT202a1lTa2xFdVZEOUM1SzlLVmZodW93REFkN2NjVUVxVEJENEY3aDA3TEdUOQ%3D%3D
Frame ID: BC3012C84ECCA11DEE8D8304490BD927
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
NetflixPage URL History Show full URLs
-
http://jb6blguky925b82.ham-radio-op.net/
HTTP 307
https://jb6blguky925b82.ham-radio-op.net/ HTTP 307
http://jb6blguky925b82.ham-radio-op.net/ HTTP 302
https://94-156-79-72.cprapid.com/login HTTP 301
https://94-156-79-72.cprapid.com/login/ Page URL
- https://94-156-79-72.cprapid.com/login/login.php Page URL
- https://94-156-79-72.cprapid.com/login/login.php?WT.ac=PLO61489&tl_cookie=NjJpbUtaa204eWdSb0NmU3RlQzViUzB4eUt... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://jb6blguky925b82.ham-radio-op.net/
HTTP 307
https://jb6blguky925b82.ham-radio-op.net/ HTTP 307
http://jb6blguky925b82.ham-radio-op.net/ HTTP 302
https://94-156-79-72.cprapid.com/login HTTP 301
https://94-156-79-72.cprapid.com/login/ Page URL
- https://94-156-79-72.cprapid.com/login/login.php Page URL
- https://94-156-79-72.cprapid.com/login/login.php?WT.ac=PLO61489&tl_cookie=NjJpbUtaa204eWdSb0NmU3RlQzViUzB4eUtka0NGa2YzSncwRUREeXVoUFFmeHoxWFMxb1QxT202a1lTa2xFdVZEOUM1SzlLVmZodW93REFkN2NjVUVxVEJENEY3aDA3TEdUOQ%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://jb6blguky925b82.ham-radio-op.net/ HTTP 307
- https://jb6blguky925b82.ham-radio-op.net/ HTTP 307
- http://jb6blguky925b82.ham-radio-op.net/ HTTP 302
- https://94-156-79-72.cprapid.com/login HTTP 301
- https://94-156-79-72.cprapid.com/login/
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
94-156-79-72.cprapid.com/login/ Redirect Chain
|
71 B 451 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.php
94-156-79-72.cprapid.com/login/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nonev.css
94-156-79-72.cprapid.com/login/theme/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none_002v.css
94-156-79-72.cprapid.com/login/theme/ |
130 KB 130 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
US-en-20201116-popsignuptwoweeks-perspective_alpha_website_l.jpg
94-156-79-72.cprapid.com/login/theme/ |
319 KB 319 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
94-156-79-72.cprapid.com/login/assets/js/ |
94 KB 94 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
94-156-79-72.cprapid.com/login/assets/js/ |
5 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
94-156-79-72.cprapid.com/login/theme/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
94-156-79-72.cprapid.com/login/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nonev.css
94-156-79-72.cprapid.com/login/theme/ |
10 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none_002v.css
94-156-79-72.cprapid.com/login/theme/ |
130 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
US-en-20201116-popsignuptwoweeks-perspective_alpha_website_l.jpg
94-156-79-72.cprapid.com/login/theme/ |
319 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
94-156-79-72.cprapid.com/login/assets/js/ |
94 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
94-156-79-72.cprapid.com/login/assets/js/ |
5 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
94-156-79-72.cprapid.com/login/theme/ |
72 KB 0 |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fav.ico
94-156-79-72.cprapid.com/login/theme/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
action.php
94-156-79-72.cprapid.com/login/ipanel/inc/ |
0 296 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
action.php
94-156-79-72.cprapid.com/login/ipanel/inc/ |
0 296 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
action.php
94-156-79-72.cprapid.com/login/ipanel/inc/ |
0 296 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
action.php
94-156-79-72.cprapid.com/login/ipanel/inc/ |
0 296 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
action.php
94-156-79-72.cprapid.com/login/ipanel/inc/ |
0 296 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
action.php
94-156-79-72.cprapid.com/login/ipanel/inc/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 94-156-79-72.cprapid.com
- URL
- https://94-156-79-72.cprapid.com/login/ipanel/inc/action.php?type=ping
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| toggleText function| showit function| hideit function| gobackone function| Dontgobackone function| gobacktwo function| Dontgobacktwo function| check function| $ function| jQuery function| checkParams_1 function| checkParams_2 function| checkParams_3 function| isEmail function| luhnCheck function| make_fake_cookie function| make_fake_id number| pinger function| submit_form1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
94-156-79-72.cprapid.com/ | Name: PHPSESSID Value: af19113c6ed9cba1357ad61093d87bb7 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
94-156-79-72.cprapid.com
jb6blguky925b82.ham-radio-op.net
94-156-79-72.cprapid.com
132.226.118.109
94.156.79.72
4d0a7ff26639d810faf01498852ee1c9c3ea2d0205ca0b18bd855f4d6f5cf9d4
59100640e7f7d40ee29d64b39683d3709df5c6f18a3abf9bd7bde46bd8d671e2
729a038c13f69bbcc446f2b0a4548482fd28afa4c11ac9c090b864f4f5e5bab9
83cd38659f0a331303ef97bbf40f3eb7ce12e5c271b768cc452b3e39e722f368
911cd281f507cb4429912e64dbd8196d25a7baae85c759048063fc5738764442
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a9587add33b42b806341bae8ff7535cfc85befd11de456a19db5d995f7d84fb1
abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8