20-254-66-215.cprapid.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 20.254.66.215, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is 20-254-66-215.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 1st 2022. Valid for: 3 months.

This is the only time 20-254-66-215.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	162.0.209.119 162.0.209.119	22612 (NAMECHEAP...) (NAMECHEAP-NET)
6	20.254.66.215 20.254.66.215	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2

1 162.0.209.119 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium172-3.web-hosting.com

unioni.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 20.254.66.215 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

20-254-66-215.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	cprapid.com 20-254-66-215.cprapid.com	183 KB
1	unioni.org unioni.org	237 B
7	2

	Domain	Requested by
6	20-254-66-215.cprapid.com	20-254-66-215.cprapid.com
1	unioni.org
7	2

This site contains no links.

Subject Issuer	Validity	Valid
unioni.org Sectigo RSA Domain Validation Secure Server CA	`2021-11-19` - `2022-11-19`	a year	crt.sh
20-254-66-215.cprapid.com cPanel, Inc. Certification Authority	`2022-08-01` - `2022-10-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCGUbyLpZGXt
Frame ID: A6357AE0F2AA9DA47A82734CF0ECB6BB
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Start - Apply for Reactivation

Page URL History Show full URLs

https://unioni.org/api/v2/index.html Page URL
https://20-254-66-215.cprapid.com/.nin/index.php Page URL
https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBT... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

GOV.UK Frontend (UI frameworks) Expand

Overall confidence: 80%
Detected patterns

<body[^>]+govuk-template__body
<a[^>]+govuk-link

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

183 kB
Transfer

181 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://unioni.org/api/v2/index.html Page URL
https://20-254-66-215.cprapid.com/.nin/index.php Page URL
https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCGUbyLpZGXt Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	index.html Show response unioni.org/api/v2/	93 B 237 B	1669ms 1012ms	Document text/html	162.0.209.119 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://unioni.org/api/v2/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.209.119 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium172-3.web-hosting.com Software LiteSpeed / Resource Hash `7360847a23bc3a56c2d4d35b40768ee80586223086d2252f5fa65ab3da112930` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers accept-ranges bytes content-length 93 content-type text/html date Wed, 03 Aug 2022 16:07:50 GMT last-modified Mon, 23 Dec 2019 04:44:40 GMT server LiteSpeed x-turbo-charged-by LiteSpeed
GET H/1.1	200 OK	index.php 20-254-66-215.cprapid.com/.nin/	280 B 662 B	304ms 118ms	Document text/html	20.254.66.215 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://20-254-66-215.cprapid.com/.nin/index.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.254.66.215 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash Request headers Referer https://unioni.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Wed, 03 Aug 2022 16:07:51 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	Primary Request apply-reactivation.php Show response 20-254-66-215.cprapid.com/.nin/	12 KB 13 KB	84ms 84ms	Document text/html	20.254.66.215 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCGUbyLpZGXt Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.254.66.215 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash `f37585159f864204faa67c4d0095b70fb4f3ae9a8fb336b7cf26e736643d2afa` Request headers Referer https://20-254-66-215.cprapid.com/.nin/index.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Wed, 03 Aug 2022 16:07:51 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	apply-citizen-ui.css 20-254-66-215.cprapid.com/.nin/view/	101 KB 102 KB	61ms 59ms	Stylesheet text/css	20.254.66.215 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://20-254-66-215.cprapid.com/.nin/view/apply-citizen-ui.css Requested by Host: 20-254-66-215.cprapid.com URL: https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCGUbyLpZGXt Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.254.66.215 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash `3d627cf76ffbdf8047eef04399e5dac94c05d5db4e2e4ff44d0bfd3584db2534` Request headers accept-language en-GB,en;q=0.9 Referer https://20-254-66-215.cprapid.com/.nin/apply-reactivation.php?applicationTime=PMvxmgFTLPN&appID=bkJQQUTFZHPWBTqIsSKxyqBRKAVWRtRgCGUbyLpZGXt User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Date Wed, 03 Aug 2022 16:07:51 GMT Last-Modified Fri, 16 Apr 2021 10:15:36 GMT Server Apache Content-Type text/css Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 103765 Expires 0
GET H/1.1	200 OK	a8fbd50a.png 20-254-66-215.cprapid.com/.nin/view/	4 KB 4 KB	59ms 58ms	Image image/png	20.254.66.215 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://20-254-66-215.cprapid.com/.nin/view/a8fbd50a.png Requested by Host: 20-254-66-215.cprapid.com URL: https://20-254-66-215.cprapid.com/.nin/view/apply-citizen-ui.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.254.66.215 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers accept-language en-GB,en;q=0.9 Referer https://20-254-66-215.cprapid.com/.nin/view/apply-citizen-ui.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Date Wed, 03 Aug 2022 16:07:51 GMT Last-Modified Fri, 16 Apr 2021 09:26:10 GMT Server Apache Content-Type image/png Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 3584 Expires 0
GET H/1.1	200 OK	f1b9f64a.woff2 20-254-66-215.cprapid.com/.nin/view/	33 KB 33 KB	57ms 56ms	Font font/woff2	20.254.66.215 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://20-254-66-215.cprapid.com/.nin/view/f1b9f64a.woff2 Requested by Host: 20-254-66-215.cprapid.com URL: https://20-254-66-215.cprapid.com/.nin/view/apply-citizen-ui.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.254.66.215 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash `eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0` Request headers Referer https://20-254-66-215.cprapid.com/.nin/view/apply-citizen-ui.css Origin https://20-254-66-215.cprapid.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Date Wed, 03 Aug 2022 16:07:51 GMT Last-Modified Fri, 16 Apr 2021 09:26:08 GMT Server Apache Content-Type font/woff2 Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33382 Expires 0
GET H/1.1	200 OK	d452ad21.woff2 20-254-66-215.cprapid.com/.nin/view/	31 KB 31 KB	119ms 57ms	Font font/woff2	20.254.66.215 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://20-254-66-215.cprapid.com/.nin/view/d452ad21.woff2 Requested by Host: 20-254-66-215.cprapid.com URL: https://20-254-66-215.cprapid.com/.nin/view/apply-citizen-ui.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 20.254.66.215 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache / Resource Hash `06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47` Request headers Referer https://20-254-66-215.cprapid.com/.nin/view/apply-citizen-ui.css Origin https://20-254-66-215.cprapid.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Date Wed, 03 Aug 2022 16:07:51 GMT Last-Modified Fri, 16 Apr 2021 09:26:08 GMT Server Apache Content-Type font/woff2 Cache-Control no-cache, no-store, must-revalidate Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 31480 Expires 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			20-254-66-215.cprapid.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: c11d69770f27185a29393f8c7a0db81e

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20-254-66-215.cprapid.com
unioni.org
162.0.209.119
20.254.66.215
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
3d627cf76ffbdf8047eef04399e5dac94c05d5db4e2e4ff44d0bfd3584db2534
7360847a23bc3a56c2d4d35b40768ee80586223086d2252f5fa65ab3da112930
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f37585159f864204faa67c4d0095b70fb4f3ae9a8fb336b7cf26e736643d2afa

20-254-66-215.cprapid.com Open in urlscan Pro 20.254.66.215 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

183 kBTransfer

181 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

20-254-66-215.cprapid.com Open in urlscan Pro
20.254.66.215 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

183 kB
Transfer

181 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!