culturalhomestay.org Open in urlscan Pro
185.119.173.126 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/a.html
Submission: On November 25 via manual (November 25th 2021, 10:10:46 am UTC) from DK — Scanned from GB

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 185.119.173.126, located in Slough, United Kingdom and belongs to UKWEB-EQX, DE. The main domain is culturalhomestay.org.
TLS certificate: Issued by R3 on October 27th 2021. Valid for: 3 months.

This is the only time culturalhomestay.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2	185.119.173.126 185.119.173.126		198047 (UKWEB-EQX) (UKWEB-EQX)
2	2

2 185.119.173.126 (Slough, United Kingdom)

ASN198047 (UKWEB-EQX, DE)

culturalhomestay.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	culturalhomestay.org culturalhomestay.org	180 KB
2	1

	Domain	Requested by
2	culturalhomestay.org	culturalhomestay.org
2	1

This site contains no links.

Subject Issuer	Validity	Valid
culturalhomestay.org R3	`2021-10-27` - `2022-01-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/a.html
Frame ID: 8798E6E0835ECB032EF8088A3B7818E2
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BankID - Identifisering

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

180 kB
Transfer

184 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request a.html Show response culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/	22 KB 23 KB	143ms 47ms	Document text/html	185.119.173.126 UKWEB-EQX
General Check archive.org Show headers Download Go to Full URL https://culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/a.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.119.173.126 Slough, United Kingdom, ASN198047 (UKWEB-EQX, DE), Reverse DNS Software Apache / Resource Hash `cee731a838bd8ce2c22bed7577eadd178c0892b39c7148f07fb2337984c42e4e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language en-GB,en;q=0.9 Response headers Date Thu, 25 Nov 2021 10:10:41 GMT Server Apache Last-Modified Sat, 13 Nov 2021 02:49:22 GMT ETag "3e1d612-5948-5d0a29f73d080" Accept-Ranges bytes Content-Length 22856 Content-Type text/html X-Cache MISS from lin-10-170-0-113.gridhost.co.uk X-Cache-Lookup MISS from lin-10-170-0-113.gridhost.co.uk:3128 Connection close
GET H/1.1	200 OK	bid_201910240825.css culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/	157 KB 157 KB	94ms 34ms	Stylesheet text/css	185.119.173.126 UKWEB-EQX
General Check archive.org Show headers Download Go to Full URL https://culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/bid_201910240825.css Requested by Host: culturalhomestay.org URL: https://culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/a.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 185.119.173.126 Slough, United Kingdom, ASN198047 (UKWEB-EQX, DE), Reverse DNS Software Apache / Resource Hash `2020a87eac20868292ed2224cd0ce3142862fd19b2530b63431c7d9122cf6511` Request headers Accept-Language en-GB,en;q=0.9 Referer https://culturalhomestay.org/wp-includes/assets/santan/bankid//bankid_files/a.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Thu, 25 Nov 2021 10:10:42 GMT X-Cache-Lookup MISS from lin-10-170-0-113.gridhost.co.uk:3128 Last-Modified Tue, 05 Oct 2021 22:00:10 GMT Server Apache ETag "3e1d610-27408-5cda227390e80" X-Cache MISS from lin-10-170-0-113.gridhost.co.uk Content-Type text/css Connection close Accept-Ranges bytes Content-Length 160776
GET DATA	200 OK	truncated Show response /	0 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type text/javascript
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	172 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	167 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	192 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `347026e609df7b4c783cbb5af4b7e65d899b71bdfd9b99de75fbf63a033ea74f` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	760 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7f766030e9de9c68acdacfc671963f8cd00ba8783fc9c25e1d3f3319ebbecbd1` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	207 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `74d9f62c29cb35ce1ab07d9e61e05c31d7533bc43e756d6b849de1eddec2b8ce` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	172 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	296 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	310 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c575ff79d199955e3aba19296142cf49cd7bcdcf7317f8a17bed8d349f9a7388` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	200 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dc197b30cca0477fd82b1c175af0ed1008687e12d9dff7f75c417f959c1830ae` Request headers Accept-Language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			culturalhomestay.org/	1969-12-31 23:59:59	Name: DYNSRV Value: lin-10-170-0-113

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

culturalhomestay.org
185.119.173.126
2020a87eac20868292ed2224cd0ce3142862fd19b2530b63431c7d9122cf6511
296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
347026e609df7b4c783cbb5af4b7e65d899b71bdfd9b99de75fbf63a033ea74f
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2
74d9f62c29cb35ce1ab07d9e61e05c31d7533bc43e756d6b849de1eddec2b8ce
7f766030e9de9c68acdacfc671963f8cd00ba8783fc9c25e1d3f3319ebbecbd1
c575ff79d199955e3aba19296142cf49cd7bcdcf7317f8a17bed8d349f9a7388
cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de
cee731a838bd8ce2c22bed7577eadd178c0892b39c7148f07fb2337984c42e4e
dc197b30cca0477fd82b1c175af0ed1008687e12d9dff7f75c417f959c1830ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

culturalhomestay.org Open in urlscan Pro 185.119.173.126 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

180 kBTransfer

184 kBSize

1 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Indicators

culturalhomestay.org Open in urlscan Pro
185.119.173.126 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

180 kB
Transfer

184 kB
Size

1
Cookies

2 HTTP transactions
11 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!