20-214-179-20.cprapid.com Open in urlscan Pro
20.214.179.20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://semsearch.isca.ac.ir/app/Helpers/metid/redirect.html
Effective URL:
https://20-214-179-20.cprapid.com/legion/login.php
Submission: On September 20 via manual (September 20th 2022, 1:33:13 pm UTC) from DK — Scanned from DK

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 20.214.179.20, located in and belongs to . The main domain is 20-214-179-20.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 20th 2022. Valid for: 3 months.

This is the only time 20-214-179-20.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	185.213.9.61 185.213.9.61	205588 (DAFTARE-T...) (DAFTARE-TABLIGHATE-ESLAMI)
1	108.179.246.105 108.179.246.105	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 10	20.214.179.20 20.214.179.20	() ()
1	2a00:1450:400... 2a00:1450:4001:802::2003	() ()
20	5

1 185.213.9.61 (Iran, Islamic Republic Of)

ASN205588 (DAFTARE-TABLIGHATE-ESLAMI, IR)

semsearch.isca.ac.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.179.246.105 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 108-179-246-105.unifiedlayer.com

www.vrsiddhartha.ac.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 20.214.179.20 (None, ) 1 redirects

ASN- ()

20-214-179-20.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cprapid.com 1 redirects 20-214-179-20.cprapid.com	92 KB
1	gstatic.com www.gstatic.com	2 KB
1	vrsiddhartha.ac.in www.vrsiddhartha.ac.in	217 B
1	isca.ac.ir semsearch.isca.ac.ir	378 B
20	4

	Domain	Requested by
10	20-214-179-20.cprapid.com	1 redirects www.vrsiddhartha.ac.in 20-214-179-20.cprapid.com
1	www.gstatic.com	20-214-179-20.cprapid.com
1	www.vrsiddhartha.ac.in
1	semsearch.isca.ac.ir
20	4

This site contains no links.

Subject Issuer	Validity	Valid
*.isca.ac.ir Certum Domain Validation CA SHA2	`2022-04-17` - `2023-04-17`	a year	crt.sh
vrsiddhartha.ac.in R3	`2022-08-29` - `2022-11-27`	3 months	crt.sh
20-214-179-20.cprapid.com cPanel, Inc. Certification Authority	`2022-09-20` - `2022-12-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://20-214-179-20.cprapid.com/legion/login.php
Frame ID: 690431934C271FB4047842EFDF840C53
Requests: 17 HTTP requests in this frame

Frame: https://20-214-179-20.cprapid.com/legion/frame/login2.php
Frame ID: 16522EF72642A2D40CE5F9D1E77EB694
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://semsearch.isca.ac.ir/app/Helpers/metid/redirect.html Page URL
https://www.vrsiddhartha.ac.in/.quarantine/ Page URL
https://20-214-179-20.cprapid.com/legion/ HTTP 302
https://20-214-179-20.cprapid.com/legion/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

20
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

94 kB
Transfer

100 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://semsearch.isca.ac.ir/app/Helpers/metid/redirect.html Page URL
https://www.vrsiddhartha.ac.in/.quarantine/ Page URL
https://20-214-179-20.cprapid.com/legion/ HTTP 302
https://20-214-179-20.cprapid.com/legion/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK redirect.html Show response
semsearch.isca.ac.ir/app/Helpers/metid/ 90 B
378 B 697ms
136ms Document
text/html 185.213.9.61
DAFTARE-TABLIGHAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://abcnews.go.com.@semsearch.isca.ac.ir/app/Helpers/metid/redirect.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.213.9.61 , Iran, Islamic Republic Of, ASN205588 (DAFTARE-TABLIGHATE-ESLAMI, IR),
Reverse DNS
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: ac2fb38f92c26ad02cba800c80be26dd97bf71c33705c50144b99530b7527074

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 99
Content-Type: text/html
Date: Tue, 20 Sep 2022 13:33:07 GMT
ETag: "5a-5e91a176d16c0-gzip"
Last-Modified: Tue, 20 Sep 2022 11:25:55 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding

GET
H2 200 /
www.vrsiddhartha.ac.in/.quarantine/ 82 B
217 B 1411ms
951ms Document
text/html 108.179.246.105
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.vrsiddhartha.ac.in/.quarantine/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.246.105 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 108-179-246-105.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

Referer: https://semsearch.isca.ac.ir/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

content-encoding: gzip
content-length: 96
content-type: text/html; charset=UTF-8
date: Tue, 20 Sep 2022 13:33:10 GMT
server: Apache
vary: Accept-Encoding,User-Agent
x-server-cache: false

GET
H/1.1

200
OK

Primary Request login.php Show response
20-214-179-20.cprapid.com/legion/
Redirect Chain

https://20-214-179-20.cprapid.com/legion/
https://20-214-179-20.cprapid.com/legion/login.php

17 KB
17 KB

318ms
318ms

Document
text/html

20.214.179.20

General

Check archive.org

Show headers Download Go to

Full URL: https://20-214-179-20.cprapid.com/legion/login.php
Requested by: Host: www.vrsiddhartha.ac.in
URL: https://www.vrsiddhartha.ac.in/.quarantine/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: bd1b95b6ef95db8da074fd8b1c0e0b600ea4f288d389042e600ba63a94f36388

Request headers

Referer: https://www.vrsiddhartha.ac.in/.quarantine/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Sep 2022 13:33:12 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Sep 2022 13:33:12 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked
location: login.php

GET
H/1.1 200
OK styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
20-214-179-20.cprapid.com/legion/all/ 45 KB
45 KB 271ms
270ms Stylesheet
text/css 20.214.179.20

General

Check archive.org

Show headers Download Go to

Full URL: https://20-214-179-20.cprapid.com/legion/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 068ee6c88c6d2629f9a797dac9288490b736f0c944d9a46d566da7cd8f913a1b

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://20-214-179-20.cprapid.com/legion/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Sep 2022 13:33:12 GMT
Last-Modified: Sat, 06 Aug 2022 13:29:08 GMT
Server: Apache
Content-Type: text/css
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 46070
Expires: 0

GET
H/1.1 200
OK translateelement.css
20-214-179-20.cprapid.com/legion/all/ 18 KB
19 KB 531ms
266ms Stylesheet
text/css 20.214.179.20

General

Check archive.org

Show headers Download Go to

Full URL: https://20-214-179-20.cprapid.com/legion/all/translateelement.css
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://20-214-179-20.cprapid.com/legion/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Sep 2022 13:33:13 GMT
Last-Modified: Fri, 14 May 2021 01:23:30 GMT
Server: Apache
Content-Type: text/css
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18724
Expires: 0

GET
H/1.1 200
OK banner.png
20-214-179-20.cprapid.com/legion/all/ 8 KB
0 791ms
267ms Image
image/png 20.214.179.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://20-214-179-20.cprapid.com/legion/all/banner.png
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://20-214-179-20.cprapid.com/legion/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Sep 2022 13:33:13 GMT
Last-Modified: Sat, 06 Aug 2022 12:35:04 GMT
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 40339
Expires: 0

GET
H/1.1 200
OK nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
20-214-179-20.cprapid.com/legion/all/ 2 KB
3 KB 813ms
269ms Image
image/svg+xml 20.214.179.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://20-214-179-20.cprapid.com/legion/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://20-214-179-20.cprapid.com/legion/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Sep 2022 13:33:13 GMT
Last-Modified: Fri, 14 May 2021 01:23:30 GMT
Server: Apache
Content-Type: image/svg+xml
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2285
Expires: 0

GET
H/1.1 200
OK login2.php Show response
20-214-179-20.cprapid.com/legion/frame/ Frame 1652 8 KB
8 KB 804ms
292ms Document
text/html 20.214.179.20

General

Check archive.org

Show headers Download Go to

Full URL: https://20-214-179-20.cprapid.com/legion/frame/login2.php
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 44033666f5c126b84c800760511ab3328404110b704b1846b352412e8a425caf

Request headers

Referer: https://20-214-179-20.cprapid.com/legion/login.php
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 20 Sep 2022 13:33:13 GMT
Keep-Alive: timeout=5, max=98
Server: Apache
Transfer-Encoding: chunked

GET something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
20-214-179-20.cprapid.com/legion/all/ 0
0

GET cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
20-214-179-20.cprapid.com/legion/all/ 0
0

GET no-connection-83f79e2367a313b468986e12a237c346.svg
20-214-179-20.cprapid.com/legion/all/ 0
0

GET empty-3857ebe69f653487f8c9d99adde4657f.svg
20-214-179-20.cprapid.com/legion/all/ 0
0

GET technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
20-214-179-20.cprapid.com/legion/all/ 0
0

GET
H/1.1 404
Not Found scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
20-214-179-20.cprapid.com/legion/all/ 0
0 535ms
264ms Script
text/html 20.214.179.20

General

Check archive.org

Show headers Download Go to

Full URL: https://20-214-179-20.cprapid.com/legion/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://20-214-179-20.cprapid.com/legion/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Sep 2022 13:33:13 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: 0

GET translate_24dp.png
20-214-179-20.cprapid.com/legion/all/ 0
0

GET
H/1.1 404
Not Found b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
20-214-179-20.cprapid.com/assets/ 0
0 271ms
267ms Font
text/html 20.214.179.20

General

Check archive.org

Show headers Download Go to

Full URL: https://20-214-179-20.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://20-214-179-20.cprapid.com/legion/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Origin: https://20-214-179-20.cprapid.com
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Sep 2022 13:33:13 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: 0

GET
H/1.1 404
Not Found aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
20-214-179-20.cprapid.com/assets/ 0
0 269ms
266ms Font
text/html 20.214.179.20

General

Check archive.org

Show headers Download Go to

Full URL: https://20-214-179-20.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
Requested by: Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.214.179.20 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://20-214-179-20.cprapid.com/legion/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Origin: https://20-214-179-20.cprapid.com
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Sep 2022 13:33:13 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: 0

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 207ms
65ms Image
image/png 2a00:1450:4001:802::2003

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/translateelement.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://20-214-179-20.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 13:20:36 GMT
x-content-type-options: nosniff
age: 757
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1842
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 20 Sep 2023 13:20:36 GMT

GET mitd.css
20-214-179-20.cprapid.com/legion/frame/ Frame 1652 0
0

GET jquery.js
20-214-179-20.cprapid.com/legion/partials/js/ Frame 1652 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/no-connection-83f79e2367a313b468986e12a237c346.svg

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/empty-3857ebe69f653487f8c9d99adde4657f.svg

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/all/translate_24dp.png

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/frame/mitd.css

Domain: 20-214-179-20.cprapid.com
URL: https://20-214-179-20.cprapid.com/legion/partials/js/jquery.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://20-214-179-20.cprapid.com/legion/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://20-214-179-20.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://20-214-179-20.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20-214-179-20.cprapid.com
semsearch.isca.ac.ir
www.gstatic.com
www.vrsiddhartha.ac.in
20-214-179-20.cprapid.com
108.179.246.105
185.213.9.61
20.214.179.20
2a00:1450:4001:802::2003
068ee6c88c6d2629f9a797dac9288490b736f0c944d9a46d566da7cd8f913a1b
44033666f5c126b84c800760511ab3328404110b704b1846b352412e8a425caf
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387
ac2fb38f92c26ad02cba800c80be26dd97bf71c33705c50144b99530b7527074
bd1b95b6ef95db8da074fd8b1c0e0b600ea4f288d389042e600ba63a94f36388

20-214-179-20.cprapid.com Open in urlscan Pro 20.214.179.20 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

60 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

94 kBTransfer

100 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

20-214-179-20.cprapid.com Open in urlscan Pro
20.214.179.20 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

94 kB
Transfer

100 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!