wordpress-133295-0.cloudclusters.net
Open in
urlscan Pro
68.64.164.89
Malicious Activity!
Public Scan
Submission: On July 07 via manual from PL — Scanned from PL
Summary
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on March 13th 2023. Valid for: a year.
This is the only time wordpress-133295-0.cloudclusters.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 68.64.164.89 68.64.164.89 | 17139 (NETRANGE) (NETRANGE) | |
6 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cloudclusters.net
wordpress-133295-0.cloudclusters.net |
25 KB |
6 | 1 |
Domain | Requested by | |
---|---|---|
6 | wordpress-133295-0.cloudclusters.net |
wordpress-133295-0.cloudclusters.net
|
6 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.cloudclusters.net RapidSSL TLS RSA CA G1 |
2023-03-13 - 2024-04-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/
Frame ID: 4961F573A1DDFE292C6432874629FEE8
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/ |
21 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_auth.css
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bidm.css
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ |
42 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3625.css
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo2.svg
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo1.png
wordpress-133295-0.cloudclusters.net/wp-content/cache/tmp/vipps/no/index_fichiers/ |
12 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
240 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
172 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15724800; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
wordpress-133295-0.cloudclusters.net
68.64.164.89
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072
304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8
31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72
3d74e2403dabcb5f98cbbeb9c8a808a15488b46eb2d7698396924015f66e4e6f
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2
7fbcb3628e9d79d89e9350ee5d075818cf0f6763d5fa8763ea78c13902d6691b
ed26bb550b9c5d5a9550a73fab2e5fc6820659a3119c6cba0a81eb7720392d64
f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437