urlscan.io logo urlscan.io
SecurityTrails logo

wordpress-133295-0.cloudclusters.net Open in urlscan Pro
68.64.164.89  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Submission: On July 02 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 68.64.164.89, located in United States and belongs to NETRANGE, US. The main domain is wordpress-133295-0.cloudclusters.net.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on March 13th 2023. Valid for: a year.
This is the only time wordpress-133295-0.cloudclusters.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

IP Address AS Autonomous System
5 68.64.164.89 17139 (NETRANGE)
1 2a00:1450:400... 15169 (GOOGLE)
6 3
Apex Domain
Subdomains		 Transfer
5 cloudclusters.net
wordpress-133295-0.cloudclusters.net
24 KB
1 googleusercontent.com
play-lh.googleusercontent.com — Cisco Umbrella Rank: 514
19 KB
6 2
Domain Requested by
5 wordpress-133295-0.cloudclusters.net wordpress-133295-0.cloudclusters.net
1 play-lh.googleusercontent.com wordpress-133295-0.cloudclusters.net
6 2

This site contains no links.

Subject Issuer Validity Valid
*.cloudclusters.net
RapidSSL TLS RSA CA G1		 2023-03-13 -
2024-04-12		 a year crt.sh
edgestatic.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Frame ID: D7A2D1B4D48E943161426D9FAE8DC5B7
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BankID

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

43 kB
Transfer

115 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/ 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
4919b10bca3dd61e0dfbcdb0bc1c0b55ab0424be2975ba1403b5967cc1ed1c68
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
7083
content-type
text/html
date
Sun, 02 Jul 2023 10:33:40 GMT
etag
"5491-5fefe2aa29680-gzip"
last-modified
Mon, 26 Jun 2023 01:21:14 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
common_auth.css
wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/common_auth.css
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 02 Jul 2023 10:33:40 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 26 Jun 2023 01:21:16 GMT
etag
"22d0-5fefe2ac11b00-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
2186
bidm.css
wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/ 		42 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/bidm.css
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 02 Jul 2023 10:33:40 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 26 Jun 2023 01:21:16 GMT
etag
"a782-5fefe2ac11b00-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
4392
3625.css
wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/3625.css
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 02 Jul 2023 10:33:40 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 26 Jun 2023 01:21:16 GMT
etag
"f64-5fefe2ac11b00-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
882
a3eIUKbG9nMGWyMQv8shAoHFlba37ahvRdcZV2iU9s0InKSMFcKLNSaKkxx-H3qfeffl
play-lh.googleusercontent.com/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://play-lh.googleusercontent.com/a3eIUKbG9nMGWyMQv8shAoHFlba37ahvRdcZV2iU9s0InKSMFcKLNSaKkxx-H3qfeffl
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5cdb50c93d89fe67edda0d84109eacc05505e11917afe0660c577e2ca0e42887
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 02 Jul 2023 09:31:25 GMT
x-content-type-options
nosniff
age
3736
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18821
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 03 Jul 2023 09:31:25 GMT
logo1.png
wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/ 		12 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/index_fichiers/logo1.png
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
7fbcb3628e9d79d89e9350ee5d075818cf0f6763d5fa8763ea78c13902d6691b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/plugins/spwise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 02 Jul 2023 10:33:40 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 26 Jun 2023 01:21:16 GMT
etag
"2e84-5fefe2ac11b00-gzip"
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
content-length
8725
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		240 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		172 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains