urlscan.io logo urlscan.io
SecurityTrails logo

wordpress-62904-0.cloudclusters.net Open in urlscan Pro
163.123.183.70  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/send/id.php
Effective URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Submission: On December 21 via manual from NO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 163.123.183.70, located in United States and belongs to WII, US. The main domain is wordpress-62904-0.cloudclusters.net.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on March 5th 2021. Valid for: a year.
This is the only time wordpress-62904-0.cloudclusters.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Visa (Financial)

Domain & IP information

IP Address AS Autonomous System
1 6 163.123.183.70 32097 (WII)
1 2620:0:862:ed... 14907 (WIKIMEDIA)
6 3
Apex Domain
Subdomains		 Transfer
6 cloudclusters.net
wordpress-62904-0.cloudclusters.net
24 KB
1 wikimedia.org
upload.wikimedia.org
65 KB
6 2
Domain Requested by
6 wordpress-62904-0.cloudclusters.net 1 redirects wordpress-62904-0.cloudclusters.net
1 upload.wikimedia.org wordpress-62904-0.cloudclusters.net
6 2

This site contains no links.

Subject Issuer Validity Valid
*.cloudclusters.net
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-05 -
2022-03-05		 a year crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-10-19 -
2022-11-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Frame ID: 887E53104D7E9390DE6CC4C8E79A1DB2
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sikker nettbetaling

Page URL History Show full URLs

  1. https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/send/id.php HTTP 302
    https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

89 kB
Transfer

160 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/send/id.php HTTP 302
    https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request load.php
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/
Redirect Chain
  • https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/send/id.php
  • https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
23 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
15c69981015b55158233c5dd1997031a964bb999a26c63bcfb0c9f146e8d25cc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx/1.15.10
date
Tue, 21 Dec 2021 14:36:04 GMT
content-type
text/html; charset=UTF-8
content-length
8736
vary
Accept-Encoding
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains

Redirect headers

server
nginx/1.15.10
date
Tue, 21 Dec 2021 14:36:04 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
../id/load.php
strict-transport-security
max-age=15724800; includeSubDomains
common_auth.css
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/common_auth.css
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:36:04 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"22d0-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
2186
bidm.css
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		42 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/bidm.css
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:36:04 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"a782-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
4392
3625.css
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/3625.css
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:36:04 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"f64-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
882
vbm_blu01r.png
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/vbm_blu01r.png
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
6d1a13547d41b9e611e6ca654d8f475b821050539e2bb0714973ac35d67db02f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:36:04 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"1a72-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
image/png
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
6793
1024px-MasterCard_Logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b7/MasterCard_Logo.svg/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/b/b7/MasterCard_Logo.svg/1024px-MasterCard_Logo.svg.png
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/load.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/8.0.8 /
Resource Hash
7c5a6f7b4871e4b23931232cae5e169c29f224dbb309c3ef881e29aff5d6fbe5
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 20 Dec 2021 17:36:01 GMT
nel
{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age
75603
x-cache-status
hit-front
x-cache
cp3057 miss, cp3065 hit/42
content-disposition
inline;filename*=UTF-8''MasterCard_Logo.svg.png
server-timing
cache;desc="hit-front", host;desc="cp3065"
content-length
65941
x-client-ip
2001:ac8:36:6:207::1
x-object-meta-sha1base36
d672jpczk8s5jixl3x5wx03hsbwtrd6
last-modified
Tue, 15 Jul 2014 08:52:46 GMT
server
ATS/8.0.8
etag
e1db8d7dd587f0f399803a399d7472d1
strict-transport-security
max-age=106384710; includeSubDomains; preload
report-to
{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy
interest-cohort=()
accept-ranges
bytes
timing-allow-origin
*
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		760 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7f766030e9de9c68acdacfc671963f8cd00ba8783fc9c25e1d3f3319ebbecbd1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		287 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
747312e0c4caebec5e356cb9de4a170632c78f10e784c644e0fd3b4d48faaac0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		338 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9f665238e94d159d8b439ac29f6c644dfd1e1e3843e4f1425943986e1136693

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		898 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7e2036b1455c31bd42d2ad4334698ff9108f7eae94274fa6700df6f13656813f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		240 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Visa (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains