20-254-66-215.cprapid.com
Open in
urlscan Pro
20.254.66.215
Malicious Activity!
Public Scan
Effective URL: https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCG...
Submission: On August 03 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 1st 2022. Valid for: 3 months.
This is the only time 20-254-66-215.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 162.0.209.119 162.0.209.119 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
6 | 20.254.66.215 20.254.66.215 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
7 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium172-3.web-hosting.com
unioni.org |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
20-254-66-215.cprapid.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cprapid.com
20-254-66-215.cprapid.com |
183 KB |
1 |
unioni.org
unioni.org |
237 B |
7 | 2 |
Domain | Requested by | |
---|---|---|
6 | 20-254-66-215.cprapid.com |
20-254-66-215.cprapid.com
|
1 | unioni.org | |
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
unioni.org Sectigo RSA Domain Validation Secure Server CA |
2021-11-19 - 2022-11-19 |
a year | crt.sh |
20-254-66-215.cprapid.com cPanel, Inc. Certification Authority |
2022-08-01 - 2022-10-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCGUbyLpZGXt
Frame ID: A6357AE0F2AA9DA47A82734CF0ECB6BB
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Start - Apply for ReactivationPage URL History Show full URLs
- https://unioni.org/api/v2/index.html Page URL
- https://20-254-66-215.cprapid.com/.nin/index.php Page URL
- https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBT... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
GOV.UK Frontend (UI frameworks) Expand
Detected patterns
- <body[^>]+govuk-template__body
- <a[^>]+govuk-link
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://unioni.org/api/v2/index.html Page URL
- https://20-254-66-215.cprapid.com/.nin/index.php Page URL
- https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCGUbyLpZGXt Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.html
unioni.org/api/v2/ |
93 B 237 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
20-254-66-215.cprapid.com/.nin/ |
280 B 662 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
apply-reactivation.php
20-254-66-215.cprapid.com/.nin/ |
12 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apply-citizen-ui.css
20-254-66-215.cprapid.com/.nin/view/ |
101 KB 102 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a8fbd50a.png
20-254-66-215.cprapid.com/.nin/view/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f1b9f64a.woff2
20-254-66-215.cprapid.com/.nin/view/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d452ad21.woff2
20-254-66-215.cprapid.com/.nin/view/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
20-254-66-215.cprapid.com/ | Name: PHPSESSID Value: c11d69770f27185a29393f8c7a0db81e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
20-254-66-215.cprapid.com
unioni.org
162.0.209.119
20.254.66.215
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
3d627cf76ffbdf8047eef04399e5dac94c05d5db4e2e4ff44d0bfd3584db2534
7360847a23bc3a56c2d4d35b40768ee80586223086d2252f5fa65ab3da112930
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f37585159f864204faa67c4d0095b70fb4f3ae9a8fb336b7cf26e736643d2afa