coronaviruspodning.com Open in urlscan Pro
96.127.186.10  Malicious Activity! Public Scan

URL: http://coronaviruspodning.com/index2.php
Submission: On April 13 via manual from DK

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 96.127.186.10, located in United States and belongs to SINGLEHOP-LLC, US. The main domain is coronaviruspodning.com.
This is the only time coronaviruspodning.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NemID (Banking)

Domain & IP information

IP Address AS Autonomous System
7 96.127.186.10 32475 (SINGLEHOP...)
7 1
Apex Domain
Subdomains
Transfer
7 coronaviruspodning.com
coronaviruspodning.com
286 KB
7 1
Domain Requested by
7 coronaviruspodning.com coronaviruspodning.com
7 1

This site contains links to these domains. Also see Links.

Domain
www.skat.dk
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://coronaviruspodning.com/index2.php
Frame ID: B84F7132A1762BC6CE2B2881C20AAF47
Requests: 7 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

286 kB
Transfer

285 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index2.php
coronaviruspodning.com/
3 KB
3 KB
Document
General
Full URL
http://coronaviruspodning.com/index2.php
Protocol
HTTP/1.1
Server
96.127.186.10 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
am6.fcomet.com
Software
Apache / PHP/7.2.34
Resource Hash
5ab42cb178507c428d5565e395b74dce66526e1d1d5ca484f6bd6fda9d60d538

Request headers

Host
coronaviruspodning.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 13 Apr 2021 07:46:11 GMT
Server
Apache
X-Powered-By
PHP/7.2.34
Upgrade
h2,h2c
Connection
Upgrade, close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
skat-2.png
coronaviruspodning.com/
11 KB
11 KB
Image
General
Full URL
http://coronaviruspodning.com/skat-2.png
Requested by
Host: coronaviruspodning.com
URL: http://coronaviruspodning.com/index2.php
Protocol
HTTP/1.1
Server
96.127.186.10 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
am6.fcomet.com
Software
Apache /
Resource Hash
3015d4df8777ecb8be7fee7e0b790a5438cc02e732abc5dd57114c389f3920b1

Request headers

Referer
http://coronaviruspodning.com/index2.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 13 Apr 2021 07:46:12 GMT
Last-Modified
Mon, 12 Apr 2021 09:38:26 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, close
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
11017
noglekort.png
coronaviruspodning.com/
134 KB
134 KB
Image
General
Full URL
http://coronaviruspodning.com/noglekort.png
Requested by
Host: coronaviruspodning.com
URL: http://coronaviruspodning.com/index2.php
Protocol
HTTP/1.1
Server
96.127.186.10 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
am6.fcomet.com
Software
Apache /
Resource Hash
1fa17b7354d98c31478bccef4b3d27e617de97a9f2ee4bd5a96d438cf6110630

Request headers

Referer
http://coronaviruspodning.com/index2.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 13 Apr 2021 07:46:12 GMT
Last-Modified
Mon, 12 Apr 2021 09:38:26 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, close
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
136919
scan-billede21.png
coronaviruspodning.com/
8 KB
8 KB
Image
General
Full URL
http://coronaviruspodning.com/scan-billede21.png
Requested by
Host: coronaviruspodning.com
URL: http://coronaviruspodning.com/index2.php
Protocol
HTTP/1.1
Server
96.127.186.10 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
am6.fcomet.com
Software
Apache /
Resource Hash
4658d5c56cfcc84a68e88810e0502f5870e57836e7ff71d066aa58cd881f125c

Request headers

Referer
http://coronaviruspodning.com/index2.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 13 Apr 2021 07:46:12 GMT
Last-Modified
Mon, 12 Apr 2021 09:38:26 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, close
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
7986
submit.png
coronaviruspodning.com/
11 KB
12 KB
Image
General
Full URL
http://coronaviruspodning.com/submit.png
Requested by
Host: coronaviruspodning.com
URL: http://coronaviruspodning.com/index2.php
Protocol
HTTP/1.1
Server
96.127.186.10 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
am6.fcomet.com
Software
Apache /
Resource Hash
09142161fae6de997c515cf8390ac1170b1924379aee5a19798e60178c50dd6b

Request headers

Referer
http://coronaviruspodning.com/index2.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 13 Apr 2021 07:46:12 GMT
Last-Modified
Mon, 12 Apr 2021 09:38:27 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, close
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
11657
skat-3.png
coronaviruspodning.com/
95 KB
95 KB
Image
General
Full URL
http://coronaviruspodning.com/skat-3.png
Requested by
Host: coronaviruspodning.com
URL: http://coronaviruspodning.com/index2.php
Protocol
HTTP/1.1
Server
96.127.186.10 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
am6.fcomet.com
Software
Apache /
Resource Hash
7972778ab4cdf7c5e9776bc482e99e9b4f95a914b6952f85e9061634660e80d6

Request headers

Referer
http://coronaviruspodning.com/index2.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 13 Apr 2021 07:46:12 GMT
Last-Modified
Mon, 12 Apr 2021 09:38:26 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, close
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
97441
skat-box2.png
coronaviruspodning.com/
23 KB
23 KB
Image
General
Full URL
http://coronaviruspodning.com/skat-box2.png
Requested by
Host: coronaviruspodning.com
URL: http://coronaviruspodning.com/index2.php
Protocol
HTTP/1.1
Server
96.127.186.10 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
am6.fcomet.com
Software
Apache /
Resource Hash
7353e1bbb074e9a00adc95fb17603fad8823a3d13af60060d69446bf4bed80c7

Request headers

Referer
http://coronaviruspodning.com/index2.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 13 Apr 2021 07:46:12 GMT
Last-Modified
Mon, 12 Apr 2021 09:38:26 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, close
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
23824

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NemID (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated

0 Cookies