urlscan.io logo urlscan.io
SecurityTrails logo

wordpress-133295-0.cloudclusters.net Open in urlscan Pro
68.64.164.89  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Submission: On July 07 via manual from PL — Scanned from PL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 68.64.164.89, located in United States and belongs to NETRANGE, US. The main domain is wordpress-133295-0.cloudclusters.net.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on March 13th 2023. Valid for: a year.
This is the only time wordpress-133295-0.cloudclusters.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

IP Address AS Autonomous System
6 68.64.164.89 17139 (NETRANGE)
6 2
Apex Domain
Subdomains		 Transfer
6 cloudclusters.net
wordpress-133295-0.cloudclusters.net
25 KB
6 1
Domain Requested by
6 wordpress-133295-0.cloudclusters.net wordpress-133295-0.cloudclusters.net
6 1

This site contains no links.

Subject Issuer Validity Valid
*.cloudclusters.net
RapidSSL TLS RSA CA G1		 2023-03-13 -
2024-04-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Frame ID: 4961F573A1DDFE292C6432874629FEE8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BankID

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

25 kB
Transfer

98 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/ 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
3d74e2403dabcb5f98cbbeb9c8a808a15488b46eb2d7698396924015f66e4e6f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
pl-PL,pl;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
6992
content-type
text/html
date
Fri, 07 Jul 2023 21:25:02 GMT
etag
"542c-5ffea3084e840-gzip"
last-modified
Fri, 07 Jul 2023 18:56:25 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
common_auth.css
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/common_auth.css
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 07 Jul 2023 21:25:02 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 07 Jul 2023 18:56:18 GMT
etag
"22d0-5ffea301a1880-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
2186
bidm.css
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ 		42 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/bidm.css
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 07 Jul 2023 21:25:02 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 07 Jul 2023 18:56:18 GMT
etag
"a782-5ffea301a1880-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
4392
3625.css
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/3625.css
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 07 Jul 2023 21:25:02 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 07 Jul 2023 18:56:18 GMT
etag
"f64-5ffea301a1880-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
882
logo2.svg
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/logo2.svg
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
ed26bb550b9c5d5a9550a73fab2e5fc6820659a3119c6cba0a81eb7720392d64
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 07 Jul 2023 21:25:02 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 07 Jul 2023 18:56:25 GMT
etag
"7b6-5ffea3084e840-gzip"
vary
Accept-Encoding
content-type
image/svg+xml
accept-ranges
bytes
content-length
923
logo1.png
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ 		12 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/logo1.png
Requested by
Host: wordpress-133295-0.cloudclusters.net
URL: https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.64.164.89 , United States, ASN17139 (NETRANGE, US),
Reverse DNS
Software
/
Resource Hash
7fbcb3628e9d79d89e9350ee5d075818cf0f6763d5fa8763ea78c13902d6691b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 07 Jul 2023 21:25:02 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 07 Jul 2023 18:56:18 GMT
etag
"2e84-5ffea301a1880-gzip"
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
content-length
8725
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		240 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		172 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766

Request headers

accept-language
pl-PL,pl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains