culturalhomestay.org
Open in
urlscan Pro
185.119.173.126
Malicious Activity!
Public Scan
Submission: On November 25 via manual from DK — Scanned from GB
Summary
TLS certificate: Issued by R3 on October 27th 2021. Valid for: 3 months.
This is the only time culturalhomestay.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 185.119.173.126 185.119.173.126 | 198047 (UKWEB-EQX) (UKWEB-EQX) | |
2 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
culturalhomestay.org
culturalhomestay.org |
180 KB |
2 | 1 |
Domain | Requested by | |
---|---|---|
2 | culturalhomestay.org |
culturalhomestay.org
|
2 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
culturalhomestay.org R3 |
2021-10-27 - 2022-01-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/a.html
Frame ID: 8798E6E0835ECB032EF8088A3B7818E2
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
a.html
culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/ |
22 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bid_201910240825.css
culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/ |
157 KB 157 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
0 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
172 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
167 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
192 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
760 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
207 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
172 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
296 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
310 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
200 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler boolean| MXeaflQvnkVptirDYnHi_11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
culturalhomestay.org/ | Name: DYNSRV Value: lin-10-170-0-113 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
culturalhomestay.org
185.119.173.126
2020a87eac20868292ed2224cd0ce3142862fd19b2530b63431c7d9122cf6511
296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
347026e609df7b4c783cbb5af4b7e65d899b71bdfd9b99de75fbf63a033ea74f
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2
74d9f62c29cb35ce1ab07d9e61e05c31d7533bc43e756d6b849de1eddec2b8ce
7f766030e9de9c68acdacfc671963f8cd00ba8783fc9c25e1d3f3319ebbecbd1
c575ff79d199955e3aba19296142cf49cd7bcdcf7317f8a17bed8d349f9a7388
cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de
cee731a838bd8ce2c22bed7577eadd178c0892b39c7148f07fb2337984c42e4e
dc197b30cca0477fd82b1c175af0ed1008687e12d9dff7f75c417f959c1830ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855