wordpress-117342-0.cloudclusters.net Open in urlscan Pro
172.106.0.47 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://secure.h-da.be/
Effective URL:
https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
Submission: On March 26 via api (March 26th 2023, 9:25:16 am UTC) from IE — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 172.106.0.47, located in Dallas, United States and belongs to AS40676, US. The main domain is wordpress-117342-0.cloudclusters.net.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on March 13th 2023. Valid for: a year.

This is the only time wordpress-117342-0.cloudclusters.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Correos (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	217.19.237.54 217.19.237.54	34762 (COMBELL-AS) (COMBELL-AS)
1 1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:440... 2606:4700:4400::ac40:944b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	172.106.0.47 172.106.0.47	40676 (AS40676) (AS40676)
15	1

1 217.19.237.54 (Belgium) 1 redirects

ASN34762 (COMBELL-AS, BE)
PTR: 217.19.237.54.static.hosted.by.combell.com

secure.h-da.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

itsssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:944b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

klientelv1.myclickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.106.0.47 (Dallas, United States)

ASN40676 (AS40676, US)
PTR: unassigned.psychz.net

wordpress-117342-0.cloudclusters.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	cloudclusters.net wordpress-117342-0.cloudclusters.net	370 KB
1	myclickfunnels.com 1 redirects klientelv1.myclickfunnels.com	2 KB
1	itsssl.com 1 redirects itsssl.com	651 B
1	h-da.be 1 redirects secure.h-da.be	254 B
15	4

	Domain	Requested by
15	wordpress-117342-0.cloudclusters.net	wordpress-117342-0.cloudclusters.net
1	klientelv1.myclickfunnels.com	1 redirects
1	itsssl.com	1 redirects
1	secure.h-da.be	1 redirects
15	4

This site contains no links.

Subject Issuer	Validity	Valid
*.cloudclusters.net RapidSSL TLS RSA CA G1	`2023-03-13` - `2024-04-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
Frame ID: CC1C6BEBE2C66BE2726D3A425EA5FAC6
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Métodos de pago

Page URL History Show full URLs

http://secure.h-da.be/ HTTP 301
https://itsssl.com/DjAgA HTTP 301
https://klientelv1.myclickfunnels.com/nickel HTTP 302
https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/ Page URL

Detected technologies

Ahoy (Analytics) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

15
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

1
IPs

2
Countries

370 kB
Transfer

370 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://secure.h-da.be/ HTTP 301
https://itsssl.com/DjAgA HTTP 301
https://klientelv1.myclickfunnels.com/nickel HTTP 302
https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
Redirect Chain

http://secure.h-da.be/
https://itsssl.com/DjAgA
https://klientelv1.myclickfunnels.com/nickel
https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

4 KB
1 KB

745ms
167ms

Document
text/html

172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

cdab3425753f5e8757d1966327b6fe2fe94860c2168d04dd040520fa01e83135

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache='set-cookie'
cf-cache-status: DYNAMIC
cf-railgun: 1e89e5e653 stream 0.000000 0200 57da
cf-ray: 7ade582f8e96bb73-FRA
content-security-policy: frame-ancestors 'self' *.marketing.ai *.myclickfunnels.com;
content-type: text/html; charset=utf-8
date: Sun, 26 Mar 2023 09:25:07 GMT
location: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin, Accept-Encoding
x-cf-header: 2.0
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: f403a6178456bec8088d5e1f798a6542
x-runtime: 0.261534
x-xss-protection: 1; mode=block

GET
H2 200 head.css
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/ 882 B
1 KB 159ms
158ms Stylesheet
text/css 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/head.css

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

555fb6d723203f6feda4f9834849fbada17a316fbb07e80f000996cd391258ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-372"
content-length: 882
content-type: text/css

GET
H2 200 main.css
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/ 5 KB
5 KB 159ms
159ms Stylesheet
text/css 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/main.css

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

9412fa88bd00b693e3899e98cf9ed2cec119236572f0bf8d257c777115fcb41f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-1523"
content-length: 5411
content-type: text/css

GET
H2 200 corr.css
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/ 4 KB
4 KB 315ms
314ms Stylesheet
text/css 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/corr.css

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

504f97f068a0abd89a9c7b18f7133415655763a1a8df67ca8f753a4869ae3352

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-ee9"
content-length: 3817
content-type: text/css

GET
H2 200 responsive.css
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/ 2 KB
2 KB 315ms
315ms Stylesheet
text/css 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/responsive.css

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

e8dd42f6deace38cd1fae720b398765001207aadccc3cc324da0a4cbbdb8f3e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-6dc"
content-length: 1756
content-type: text/css

GET
H2 200 LogoCornamusa.svg
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/ 3 KB
4 KB 450ms
449ms Image
image/svg+xml 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/LogoCornamusa.svg

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

9ca4b4430d80704711911dfc8604b4c12f6697c462cdfa1a52c0ed47c09f99da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-d50"
content-length: 3408
content-type: image/svg+xml

GET
H2 200 background-login.jpg
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/ 129 KB
130 KB 451ms
450ms Image
image/jpeg 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/background-login.jpg

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

642875617fb72743a219e89d09dca1ebb4c226cf3549c85f5d29d498e5add3c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-205ab"
content-length: 132523
content-type: image/jpeg

GET
H2 200 pac.png
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/ 96 KB
96 KB 921ms
920ms Image
image/png 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/pac.png

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

0516986b26b3680d0c6bc2db5efdd48cbf55ddd4283cd8ea2108ebeec960dadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-17fa5"
content-length: 98213
content-type: image/png

GET
H2 200 apple_store.webp
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/ 9 KB
9 KB 2374ms
2373ms Image
image/webp 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/apple_store.webp

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

80d4aee7ef373cfc1bd320cac178b064766202d21b314b4e8d667c805c1e3e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-2222"
content-length: 8738
content-type: image/webp

GET
H2 200 google-pay.webp
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/ 9 KB
9 KB 2472ms
2471ms Image
image/webp 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/google-pay.webp

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

9c4ce6d29c0c321c89f3729b67ca0bf38f725cecd5349e761196de74aeaf1a16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-235e"
content-length: 9054
content-type: image/webp

GET
H2 200 galery.svg
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/ 25 KB
25 KB 2528ms
2527ms Image
image/svg+xml 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/galery.svg

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

11bea3ea4d9c77c655fdbb5a8b3001c8656247fd727650429fc80a90674c6acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-645c"
content-length: 25692
content-type: image/svg+xml

GET
H2 200 footer-logo.svg
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/ 1 KB
2 KB 2669ms
2669ms Image
image/svg+xml 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/images/footer-logo.svg

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

dae58e3a35038fe1508d4ce16805960f8722fef2f68de4da845b9f48b9e969df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-5d8"
content-length: 1496
content-type: image/svg+xml

GET
H2 200 login.js Show response
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/javascript/ 8 KB
8 KB 297ms
296ms Script
application/javascript 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/javascript/login.js

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

caf62e099969496a17b3d88c040407597c048f31eb5d09333b33301cdee8695e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-1e9f"
content-length: 7839
content-type: application/javascript

GET
H2 200 CarteroRegular.otf
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/fonts/ 37 KB
37 KB 2383ms
2383ms Font
application/octet-stream 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/fonts/CarteroRegular.otf

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/head.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

e3226d13f953e1ce196cf91fec6bbc878bc91eb65a768491ef90f3495e391fa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/head.css
Origin: https://wordpress-117342-0.cloudclusters.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-937c"
content-length: 37756
content-type: application/octet-stream

GET
H2 200 CarteroLight.otf
wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/fonts/ 37 KB
37 KB 2539ms
2539ms Font
application/octet-stream 172.106.0.47
AS40676

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/fonts/CarteroLight.otf

Requested by

Host: wordpress-117342-0.cloudclusters.net
URL: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.106.0.47 Dallas, United States, ASN40676 (AS40676, US),

Reverse DNS

unassigned.psychz.net

Software

Resource Hash

94ddea49ff5c70e8c9b9eeaf22d9ed72f96abd31f2a3124b222ab9bd1de64446

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wordpress-117342-0.cloudclusters.net/wp-admin/nia/reds/styles/main.css
Origin: https://wordpress-117342-0.cloudclusters.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:25:08 GMT
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Sat, 25 Mar 2023 17:08:02 GMT
accept-ranges: bytes
etag: "641f2a72-93ec"
content-length: 37868
content-type: application/octet-stream

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Correos (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| setCookie function| deleteCookie function| getCookie

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
itsssl.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 81b71ad08cc05894a19a2562f0c11ef6
itsssl.com/	1970-01-20 10:37:04	Name: short_DjAgA Value: 1
klientelv1.myclickfunnels.com/	1969-12-31 23:59:59	Name: ahoy_visitor Value: ad26d262-e5e9-45ab-8c86-c480c71c26b9
klientelv1.myclickfunnels.com/	1970-01-20 10:37:17	Name: ahoy_visit Value: 9da1ddf8-e297-4090-a835-148daa9c92c4
klientelv1.myclickfunnels.com/	1969-12-31 23:59:59	Name: cfhoy_visitor Value: ad26d262-e5e9-45ab-8c86-c480c71c26b9
.myclickfunnels.com/	1970-01-20 10:54:33	Name: cfhoy_visitor Value: d544f4ef-c12d-421e-8c9c-2d34cbf67d92
.myclickfunnels.com/	1969-12-31 23:59:59	Name: _cf_session Value: YFBIH2i1NrpwU2xu7%2BfpFeKhLQNxMWDAlZ3BtANPR6Pwk5L3lq0AR2hAMBUdqF%2FS45X83PYEO4hMzhnZEoBJ%2BLoMkf61sZwosXvGALW1YyuaC%2BWdv0T%2FlmX72bDEvTY7xiM1qTtlT%2BNiYlb%2FteIT4wkcOXRcg6jEOnwYCUbIaXT2Noedq79NiYoN1wvR1o7zlBL7lWY5PkIJyoXsN11sEfxYe9qHCggj13uMBjroFibi92iKHGfJgnLEMsfsakcCGljGkfL0UlFLzUeOWrEA0wQ4gEmp5FCjPbDISCxlWsG7sWaanF4Try%2BIKbN78WCeFaCJqZn8G0w%3D--XjbtkjEZxB47dbSi--FVcyb1fpTaOTSzqDsONA3A%3D%3D
.myclickfunnels.com/	1970-01-20 10:37:04	Name: __cf_bm Value: d0.nJ052kta5xHf8Yhylu2RWCqFsfo0Ft6LFxyOaSBw-1679822707-0-AU/+cpadAIdyOc9QuesZ/W68fgqskILAMtz7dvaGmGZ9hYmrPHg0MyXIrqU8/TlFCT/NjYIEqjp5WcW9V4um5SE=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

itsssl.com
klientelv1.myclickfunnels.com
secure.h-da.be
wordpress-117342-0.cloudclusters.net
172.106.0.47
217.19.237.54
2606:4700:4400::ac40:944b
2a06:98c1:3120::3
0516986b26b3680d0c6bc2db5efdd48cbf55ddd4283cd8ea2108ebeec960dadc
11bea3ea4d9c77c655fdbb5a8b3001c8656247fd727650429fc80a90674c6acc
504f97f068a0abd89a9c7b18f7133415655763a1a8df67ca8f753a4869ae3352
555fb6d723203f6feda4f9834849fbada17a316fbb07e80f000996cd391258ec
642875617fb72743a219e89d09dca1ebb4c226cf3549c85f5d29d498e5add3c8
80d4aee7ef373cfc1bd320cac178b064766202d21b314b4e8d667c805c1e3e40
9412fa88bd00b693e3899e98cf9ed2cec119236572f0bf8d257c777115fcb41f
94ddea49ff5c70e8c9b9eeaf22d9ed72f96abd31f2a3124b222ab9bd1de64446
9c4ce6d29c0c321c89f3729b67ca0bf38f725cecd5349e761196de74aeaf1a16
9ca4b4430d80704711911dfc8604b4c12f6697c462cdfa1a52c0ed47c09f99da
caf62e099969496a17b3d88c040407597c048f31eb5d09333b33301cdee8695e
cdab3425753f5e8757d1966327b6fe2fe94860c2168d04dd040520fa01e83135
dae58e3a35038fe1508d4ce16805960f8722fef2f68de4da845b9f48b9e969df
e3226d13f953e1ce196cf91fec6bbc878bc91eb65a768491ef90f3495e391fa1
e8dd42f6deace38cd1fae720b398765001207aadccc3cc324da0a4cbbdb8f3e3

wordpress-117342-0.cloudclusters.net Open in urlscan Pro 172.106.0.47 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

1 IPs

2 Countries

370 kBTransfer

370 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

8 Cookies

Security Headers

Indicators

wordpress-117342-0.cloudclusters.net Open in urlscan Pro
172.106.0.47 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

1
IPs

2
Countries

370 kB
Transfer

370 kB
Size

8
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!