socalprep.us Open in urlscan Pro
160.153.90.131 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html
Effective URL:
https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbV...
Submission: On September 11 via manual (September 11th 2019, 11:00:49 am UTC) from GB

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 160.153.90.131, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is socalprep.us.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 18th 2018. Valid for: 2 years.

This is the only time socalprep.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
11	160.153.90.131 160.153.90.131	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
1	185.225.208.133 185.225.208.133	13213 (UK2NET-AS) (UK2NET-AS)
1	67.202.94.93 67.202.94.93	32748 (STEADFAST) (STEADFAST - Steadfast)
13	4

11 160.153.90.131 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-160-153-90-131.ip.secureserver.net

socalprep.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.225.208.133 (Germany)

ASN13213 (UK2NET-AS, GB)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.94.93 (Chicago, United States)

ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	socalprep.us socalprep.us	253 KB
1	amung.us whos.amung.us	145 B
1	waust.at waust.at	7 KB
13	3

	Domain	Requested by
11	socalprep.us	socalprep.us
1	whos.amung.us	waust.at
1	waust.at	socalprep.us
13	3

This site contains no links.

Subject Issuer	Validity	Valid
socalprep.us Go Daddy Secure Certificate Authority - G2	`2018-09-18` - `2020-11-06`	2 years	crt.sh
whos.amung.us GeoTrust EV RSA CA 2018	`2018-03-09` - `2020-05-25`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU
Frame ID: A23669D5E32AC618077B774DE6434CCC
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html Page URL
https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=de... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

425 kB
Transfer

658 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html Page URL
https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	OUTrefundxq5athndo6dq.html Show response socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/	360 B 531 B	540ms 174ms	Document text/html	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / PHP/7.0.33 Resource Hash `47ca49c81a066fd72d7f96e727fd38b63ffbad9586731a5d1373c62f8a93a0f4` Request headers :method GET :authority socalprep.us :scheme https :path /.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Response headers status 404 date Wed, 11 Sep 2019 11:00:33 GMT server Apache x-powered-by PHP/7.0.33 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache set-cookie PHPSESSID=rebcubjoti2q198j8j1iskaag0; path=/ vary Accept-Encoding,User-Agent content-encoding gzip content-length 304 content-type text/html; charset=UTF-8
GET H2	200	d.js Show response waust.at/	13 KB 7 KB	220ms 43ms	Script application/x-javascript	185.225.208.133 UK2NET-AS
General Check archive.org Show headers Download Go to Full URL https://waust.at/d.js Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.225.208.133 , Germany, ASN13213 (UK2NET-AS, GB), Reverse DNS Software / Resource Hash `9aef19b23a01bd96033bc1f1acb3da5e38dc54bcc4aa1972919c7b2b2a71e4aa` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:33 GMT content-encoding gzip last-modified Thu, 11 Jul 2019 20:01:12 GMT etag W/"5d279588-32b0" status 200 content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400, private expires Thu, 12 Sep 2019 11:00:33 GMT
GET H2	200	/ whos.amung.us/pingjs/	29 B 145 B	338ms 113ms	Script text/javascript	67.202.94.93 Steadfast
General Check archive.org Show headers Download Go to Full URL https://whos.amung.us/pingjs/?k=appnew9921&t=&c=d&y=&a=0&r=7661 Requested by Host: waust.at URL: https://waust.at/d.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.202.94.93 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS amung.us Software / Resource Hash Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 date Wed, 11 Sep 2019 11:00:34 GMT content-encoding gzip content-type text/javascript;charset=UTF-8
GET H2	200	Primary Request select-category.php Show response socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/	9 KB 3 KB	342ms 341ms	Document text/html	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / PHP/7.0.33 Resource Hash `fdac6f8dd37ba36e7e34783aceaf52549fc691f3c0139a9c2a2bc3b252f803e0` Request headers :method GET :authority socalprep.us :scheme https :path /.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site same-origin referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html accept-encoding gzip, deflate, br cookie PHPSESSID=rebcubjoti2q198j8j1iskaag0 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/OUTrefundxq5athndo6dq.html Response headers status 200 date Wed, 11 Sep 2019 11:00:34 GMT server Apache x-powered-by PHP/7.0.33 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache vary Accept-Encoding,User-Agent content-encoding gzip content-length 3206 content-type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H2	200	te.css socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/	14 KB 3 KB	169ms 168ms	Stylesheet text/css	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/te.css Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `6175664d8d2e9b3d669844e4ffe144ff31f9e6c272f5f528892cb397780086c7` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:34 GMT content-encoding gzip last-modified Thu, 22 Feb 2018 10:48:14 GMT server Apache etag "7ce3f8f-368d-565cac7d55780-gzip" vary Accept-Encoding,User-Agent content-type text/css status 200 accept-ranges bytes content-length 2620
GET H2	200	fonts.css socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/	267 KB 197 KB	175ms 175ms	Stylesheet text/css	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/fonts.css Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:34 GMT content-encoding gzip last-modified Thu, 22 Feb 2018 10:34:22 GMT server Apache etag "7ce3ed6-42ad9-565ca963e0780-gzip" vary Accept-Encoding,User-Agent content-type text/css status 200 accept-ranges bytes
GET H2	200	app.css socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/	178 KB 41 KB	176ms 175ms	Stylesheet text/css	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/app.css Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `b36f87c8630fd5750869fdaa271b798627d60943a098500454f469a3a362069b` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:34 GMT content-encoding gzip last-modified Thu, 22 Feb 2018 10:54:20 GMT server Apache etag "7ce3de0-2c7d3-565cadda60f00-gzip" vary Accept-Encoding,User-Agent content-type text/css status 200 accept-ranges bytes content-length 41365
GET H2	200	gv.png socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/	1 KB 1 KB	168ms 167ms	Image image/png	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/gv.png Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:34 GMT last-modified Thu, 22 Feb 2018 10:34:20 GMT server Apache etag "7ce3f2f-419-565ca961f8300" content-type image/png status 200 accept-ranges bytes content-length 1049
GET H2	200	tep.css socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/	1 KB 615 B	168ms 168ms	Stylesheet text/css	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/tep.css Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `b99a918c9ce507d734764555d5708c1c0439ac8a41cfcec57200c019fcb7f9c1` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:34 GMT content-encoding gzip last-modified Thu, 22 Feb 2018 10:34:22 GMT server Apache etag "7ce3f90-442-565ca963e0780-gzip" vary Accept-Encoding,User-Agent content-type text/css status 200 accept-ranges bytes content-length 526
GET H2	200	gvlc.png socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/	1 KB 1 KB	168ms 167ms	Image image/png	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/gvlc.png Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/te.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:35 GMT last-modified Thu, 22 Feb 2018 10:34:56 GMT server Apache etag "7ce3f84-587-565ca9844d400" content-type image/png status 200 accept-ranges bytes content-length 1415
GET H2	200	hm18.png socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/	2 KB 2 KB	175ms 175ms	Image image/png	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/hm18.png Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/app.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:35 GMT last-modified Thu, 22 Feb 2018 10:53:08 GMT server Apache etag "7ce3f88-665-565cad95b6d00" content-type image/png status 200 accept-ranges bytes content-length 1637
GET DATA	200 OK	truncated /	94 KB 94 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Origin https://socalprep.us Response headers Content-Type application/font-woff
GET H2	200	opgl.png socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/	761 B 815 B	172ms 172ms	Image image/png	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/opgl.png Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/te.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:35 GMT last-modified Thu, 22 Feb 2018 10:34:56 GMT server Apache etag "7ce3f8c-2f9-565ca9844d400" content-type image/png status 200 accept-ranges bytes content-length 761
GET H2	200	gvct.png socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/	4 KB 4 KB	172ms 172ms	Image image/png	160.153.90.131 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/outer/gvct.png Requested by Host: socalprep.us URL: https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/select-category.php?origin=hmc_claim&continue=details&id_c=lZtBLhEbVfiPNJIVfVqPRbalzFHwAvrlUkngSrInWrDkALFggwwxYWjYbrU Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.90.131 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-160-153-90-131.ip.secureserver.net Software Apache / Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers Sec-Fetch-Mode no-cors Referer https://socalprep.us/.ssl/.49f4d31/HMCUSTOMTSTAX/game/te.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 11 Sep 2019 11:00:35 GMT last-modified Thu, 22 Feb 2018 10:34:56 GMT server Apache etag "7ce3f81-e00-565ca9844d400" content-type image/png status 200 accept-ranges bytes content-length 3584
GET DATA	200 OK	truncated /	71 KB 71 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Origin https://socalprep.us Response headers Content-Type application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gvumjmUFitvl

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			socalprep.us/	1969-12-31 23:59:59	Name: PHPSESSID Value: rebcubjoti2q198j8j1iskaag0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

socalprep.us
waust.at
whos.amung.us
160.153.90.131
185.225.208.133
67.202.94.93
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c
47ca49c81a066fd72d7f96e727fd38b63ffbad9586731a5d1373c62f8a93a0f4
5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745
6175664d8d2e9b3d669844e4ffe144ff31f9e6c272f5f528892cb397780086c7
9aef19b23a01bd96033bc1f1acb3da5e38dc54bcc4aa1972919c7b2b2a71e4aa
b36f87c8630fd5750869fdaa271b798627d60943a098500454f469a3a362069b
b99a918c9ce507d734764555d5708c1c0439ac8a41cfcec57200c019fcb7f9c1
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e
fdac6f8dd37ba36e7e34783aceaf52549fc691f3c0139a9c2a2bc3b252f803e0

socalprep.us Open in urlscan Pro 160.153.90.131 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

425 kBTransfer

658 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

socalprep.us Open in urlscan Pro
160.153.90.131 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

425 kB
Transfer

658 kB
Size

1
Cookies

13 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!