sheltercovefishinglodge.com Open in urlscan Pro
99.192.153.170 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://auth-redirect.amplitudo.co.uk/?2PViNlsBLEoWpiM
Effective URL:
https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwb...
Submission: On March 16 via manual (March 16th 2023, 7:48:01 am UTC) from FI — Scanned from FI

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 99.192.153.170, located in United States and belongs to MOJOHOST, US. The main domain is sheltercovefishinglodge.com.
TLS certificate: Issued by R3 on January 18th 2023. Valid for: 3 months.

This is the only time sheltercovefishinglodge.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	18.184.73.30 18.184.73.30	16509 (AMAZON-02) (AMAZON-02)
1 7	99.192.153.170 99.192.153.170	27589 (MOJOHOST) (MOJOHOST)
8	3

1 18.184.73.30 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-73-30.eu-central-1.compute.amazonaws.com

auth-redirect.amplitudo.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 99.192.153.170 (United States) 1 redirects

ASN27589 (MOJOHOST, US)
PTR: cs2190.mojohost.com

sheltercovefishinglodge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	sheltercovefishinglodge.com 1 redirects sheltercovefishinglodge.com	64 KB
1	amplitudo.co.uk auth-redirect.amplitudo.co.uk	395 B
0	ic3.gov Failed www.ic3.gov Failed
8	3

	Domain	Requested by
7	sheltercovefishinglodge.com	1 redirects sheltercovefishinglodge.com
1	auth-redirect.amplitudo.co.uk
0	www.ic3.gov Failed	sheltercovefishinglodge.com
8	3

This site contains no links.

Subject Issuer	Validity	Valid
auth-redirect.amplitudo.co.uk R3	`2023-03-15` - `2023-06-13`	3 months	crt.sh
sheltercovefishinglodge.com R3	`2023-01-18` - `2023-04-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ==
Frame ID: 1B4CAF655D405F91148087D2DDBBC038
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nordea - Tunnistautuminen

Page URL History Show full URLs

https://auth-redirect.amplitudo.co.uk/?2PViNlsBLEoWpiM Page URL
https://sheltercovefishinglodge.com/wp-content/FI/ HTTP 302
https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExO... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

64 kB
Transfer

96 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://auth-redirect.amplitudo.co.uk/?2PViNlsBLEoWpiM Page URL
https://sheltercovefishinglodge.com/wp-content/FI/ HTTP 302
https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://sheltercovefishinglodge.com/wp-content/FI/assets/564d0ff0f3578b7128a458ef269b286a.jpg HTTP 301
https://www.sheltercovefishinglodge.com/wp-content/FI/assets/564d0ff0f3578b7128a458ef269b286a.jpg HTTP 302
https://www.ic3.gov/complaint/default.aspx

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ auth-redirect.amplitudo.co.uk/	218 B 395 B	198ms 61ms	Document text/html	18.184.73.30 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://auth-redirect.amplitudo.co.uk/?2PViNlsBLEoWpiM Protocol H2 Security TLS 1.3, , AES_256_GCM Server 18.184.73.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-184-73-30.eu-central-1.compute.amazonaws.com Software nginx / PleskLin Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers accept-ranges bytes content-encoding gzip content-length 186 content-type text/html date Thu, 16 Mar 2023 07:47:56 GMT etag "da-5f6f27a562d2a-gzip" last-modified Wed, 15 Mar 2023 16:02:58 GMT server nginx vary Accept-Encoding x-accel-version 0.01 x-powered-by PleskLin
GET H2	200	Primary Request Nordea-log.php Show response sheltercovefishinglodge.com/wp-content/FI/ Redirect Chain https://sheltercovefishinglodge.com/wp-content/FI/ https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuND...	12 KB 3 KB	401ms 400ms	Document text/html	99.192.153.170 MOJOHOST
General Check archive.org Show headers Download Go to Full URL https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 99.192.153.170 , United States, ASN27589 (MOJOHOST, US), Reverse DNS cs2190.mojohost.com Software Apache/2 / PHP/7.4.30 Resource Hash `3b6569e511b25d572b48997c1c9b1f4ce42e4418ced3112332fb5e0207fab2e8` Request headers Referer https://auth-redirect.amplitudo.co.uk/?2PViNlsBLEoWpiM Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers content-encoding gzip content-length 3267 content-type text/html; charset=UTF-8 date Thu, 16 Mar 2023 07:47:57 GMT server Apache/2 vary Accept-Encoding,User-Agent x-powered-by PHP/7.4.30 Redirect headers content-encoding gzip content-length 24 content-type text/html; charset=UTF-8 date Thu, 16 Mar 2023 07:47:56 GMT location Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== server Apache/2 vary Accept-Encoding,User-Agent x-powered-by PHP/7.4.30
GET H2	200	styles-6af237f07b117508ecc428f538073c25.css sheltercovefishinglodge.com/wp-content/FI/assets/	28 KB 6 KB	171ms 170ms	Stylesheet text/css	99.192.153.170 MOJOHOST
General Check archive.org Show headers Download Go to Full URL https://sheltercovefishinglodge.com/wp-content/FI/assets/styles-6af237f07b117508ecc428f538073c25.css Requested by Host: sheltercovefishinglodge.com URL: https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 99.192.153.170 , United States, ASN27589 (MOJOHOST, US), Reverse DNS cs2190.mojohost.com Software Apache/2 / Resource Hash `8eb4e6e7d53f792bf2dbc6c8e4377299884db4b427694d3d9857de4eb9aa0107` Request headers accept-language fi-FI,fi;q=0.9 Referer https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== User-Agent Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers date Thu, 16 Mar 2023 07:47:58 GMT content-encoding gzip last-modified Wed, 15 Mar 2023 16:00:54 GMT server Apache/2 etag "70b0-5f6f272eecfeb-gzip" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 5807
GET H2	200	service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg sheltercovefishinglodge.com/wp-content/FI/assets/images/	3 KB 1 KB	172ms 171ms	Image image/svg+xml	99.192.153.170 MOJOHOST
General Check archive.org Show headers Download Go to Show image Full URL https://sheltercovefishinglodge.com/wp-content/FI/assets/images/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg Requested by Host: sheltercovefishinglodge.com URL: https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 99.192.153.170 , United States, ASN27589 (MOJOHOST, US), Reverse DNS cs2190.mojohost.com Software Apache/2 / Resource Hash `037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf` Request headers accept-language fi-FI,fi;q=0.9 Referer https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== User-Agent Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers date Thu, 16 Mar 2023 07:47:58 GMT content-encoding gzip last-modified Wed, 15 Mar 2023 16:00:54 GMT server Apache/2 etag "af3-5f6f272eedba3-gzip" vary Accept-Encoding,User-Agent content-type image/svg+xml accept-ranges bytes content-length 1315
GET H2	200	code_calculator-6af4aa53625a02dcb8b5cfd7ac2d30bd.svg sheltercovefishinglodge.com/wp-content/FI/assets/images/	671 B 307 B	162ms 162ms	Image image/svg+xml	99.192.153.170 MOJOHOST
General Check archive.org Show headers Download Go to Show image Full URL https://sheltercovefishinglodge.com/wp-content/FI/assets/images/code_calculator-6af4aa53625a02dcb8b5cfd7ac2d30bd.svg Requested by Host: sheltercovefishinglodge.com URL: https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 99.192.153.170 , United States, ASN27589 (MOJOHOST, US), Reverse DNS cs2190.mojohost.com Software Apache/2 / Resource Hash `23c76e6a9df05e6f95e1384fbf5566300447cf8a2e658af4de19bb52c14eeadf` Request headers accept-language fi-FI,fi;q=0.9 Referer https://sheltercovefishinglodge.com/wp-content/FI/Nordea-log.php?token=TW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BMTAyVSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgTW9iaWxlIFNhZmFyaS81MzcuMzYxOTQuMzQuMTM0LjE0ODIwMjM6TWFyOlRodQ== User-Agent Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers date Thu, 16 Mar 2023 07:47:58 GMT content-encoding gzip last-modified Wed, 15 Mar 2023 16:00:54 GMT server Apache/2 etag "29f-5f6f272eed7bb-gzip" vary Accept-Encoding,User-Agent content-type image/svg+xml accept-ranges bytes content-length 253
GET		default.aspx www.ic3.gov/complaint/ Redirect Chain https://sheltercovefishinglodge.com/wp-content/FI/assets/564d0ff0f3578b7128a458ef269b286a.jpg https://www.sheltercovefishinglodge.com/wp-content/FI/assets/564d0ff0f3578b7128a458ef269b286a.jpg https://www.ic3.gov/complaint/default.aspx	0 0

GET H2	200	c233a817ad142919d728ebf4c8b3d54c.woff2 sheltercovefishinglodge.com/wp-content/FI/assets/	26 KB 27 KB	167ms 166ms	Font application/octet-stream	99.192.153.170 MOJOHOST
General Check archive.org Show headers Download Go to Full URL https://sheltercovefishinglodge.com/wp-content/FI/assets/c233a817ad142919d728ebf4c8b3d54c.woff2 Requested by Host: sheltercovefishinglodge.com URL: https://sheltercovefishinglodge.com/wp-content/FI/assets/styles-6af237f07b117508ecc428f538073c25.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 99.192.153.170 , United States, ASN27589 (MOJOHOST, US), Reverse DNS cs2190.mojohost.com Software Apache/2 / Resource Hash `443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03` Request headers Referer https://sheltercovefishinglodge.com/wp-content/FI/assets/styles-6af237f07b117508ecc428f538073c25.css Origin https://sheltercovefishinglodge.com accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers date Thu, 16 Mar 2023 07:47:58 GMT content-encoding gzip last-modified Wed, 15 Mar 2023 16:00:54 GMT server Apache/2 etag "6900-5f6f272eed3d3-gzip" vary Accept-Encoding,User-Agent accept-ranges bytes content-length 26903
GET H2	200	7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2 sheltercovefishinglodge.com/wp-content/FI/assets/	26 KB 26 KB	325ms 325ms	Font application/octet-stream	99.192.153.170 MOJOHOST
General Check archive.org Show headers Download Go to Full URL https://sheltercovefishinglodge.com/wp-content/FI/assets/7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2 Requested by Host: sheltercovefishinglodge.com URL: https://sheltercovefishinglodge.com/wp-content/FI/assets/styles-6af237f07b117508ecc428f538073c25.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 99.192.153.170 , United States, ASN27589 (MOJOHOST, US), Reverse DNS cs2190.mojohost.com Software Apache/2 / Resource Hash `a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff` Request headers Referer https://sheltercovefishinglodge.com/wp-content/FI/assets/styles-6af237f07b117508ecc428f538073c25.css Origin https://sheltercovefishinglodge.com accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers date Thu, 16 Mar 2023 07:47:58 GMT content-encoding gzip last-modified Wed, 15 Mar 2023 16:00:54 GMT server Apache/2 etag "6734-5f6f272eed3d3-gzip" vary Accept-Encoding,User-Agent accept-ranges bytes content-length 26443

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.ic3.gov
URL: https://www.ic3.gov/complaint/default.aspx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth-redirect.amplitudo.co.uk
sheltercovefishinglodge.com
www.ic3.gov
www.ic3.gov
18.184.73.30
99.192.153.170
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
23c76e6a9df05e6f95e1384fbf5566300447cf8a2e658af4de19bb52c14eeadf
3b6569e511b25d572b48997c1c9b1f4ce42e4418ced3112332fb5e0207fab2e8
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
8eb4e6e7d53f792bf2dbc6c8e4377299884db4b427694d3d9857de4eb9aa0107
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff

sheltercovefishinglodge.com Open in urlscan Pro 99.192.153.170 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

88 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

64 kBTransfer

96 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

sheltercovefishinglodge.com Open in urlscan Pro
99.192.153.170 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

64 kB
Transfer

96 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!