wordpress-80667-0.cloudclusters.net Open in urlscan Pro
181.215.242.73 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cutt.ly/UKnQwhb
Effective URL:
https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=
Submission: On June 24 via manual (June 24th 2022, 8:01:52 am UTC) from NO — Scanned from NO

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 181.215.242.73, located in Bend, United States and belongs to TIER-NET, US. The main domain is wordpress-80667-0.cloudclusters.net.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on February 23rd 2022. Valid for: a year.

This is the only time wordpress-80667-0.cloudclusters.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.8.238 172.67.8.238	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	181.215.242.73 181.215.242.73	397423 (TIER-NET) (TIER-NET)
8	1

1 172.67.8.238 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 181.215.242.73 (Bend, United States)

ASN397423 (TIER-NET, US)

wordpress-80667-0.cloudclusters.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cloudclusters.net wordpress-80667-0.cloudclusters.net	26 KB
1	cutt.ly 1 redirects cutt.ly — Cisco Umbrella Rank: 60012	463 B
8	2

	Domain	Requested by
8	wordpress-80667-0.cloudclusters.net	wordpress-80667-0.cloudclusters.net
1	cutt.ly	1 redirects
8	2

This site contains no links.

Subject Issuer	Validity	Valid
*.cloudclusters.net RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-02-23` - `2023-03-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=
Frame ID: 0486F479CF5143B02104A19710FF6AE0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nordea - Identifisering

Page URL History Show full URLs

https://cutt.ly/UKnQwhb HTTP 301
https://wordpress-80667-0.cloudclusters.net/norde/bank-id/ Page URL
https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country= Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

26 kB
Transfer

68 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cutt.ly/UKnQwhb HTTP 301
https://wordpress-80667-0.cloudclusters.net/norde/bank-id/ Page URL
https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cutt.ly/UKnQwhb HTTP 301
https://wordpress-80667-0.cloudclusters.net/norde/bank-id/

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
wordpress-80667-0.cloudclusters.net/norde/bank-id/
Redirect Chain

https://cutt.ly/UKnQwhb
https://wordpress-80667-0.cloudclusters.net/norde/bank-id/

162 B
441 B

1238ms
565ms

Document
text/html

181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-80667-0.cloudclusters.net/norde/bank-id/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 157
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 08:01:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7203eff5bbbcb527-OSL
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 08:01:45 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 Primary Request / Show response
wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/ 8 KB
3 KB 211ms
211ms Document
text/html 181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=

Requested by

Host: wordpress-80667-0.cloudclusters.net
URL: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

14e9f5f6924db918e377823d0400baee88b90754dc4cf51de508dfe2d1c88631

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

content-encoding: gzip
content-length: 2499
content-type: text/html; charset=UTF-8
date: Fri, 24 Jun 2022 08:01:47 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding

GET
H2 200 styles.css
wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/ 42 KB
7 KB 217ms
217ms Stylesheet
text/css 181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/styles.css

Requested by

Host: wordpress-80667-0.cloudclusters.net
URL: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

7c5ae8847476fcfc9a76babd10425ffbedfe505a5064cab2c0bbb24215b5717b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 08:01:47 GMT
content-encoding: gzip
last-modified: Thu, 23 Jun 2022 07:00:43 GMT
etag: "a76c-5e21803200dd7-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
accept-ranges: bytes
content-length: 7354
expires: Sat, 24 Jun 2023 08:01:47 GMT

GET
H2 200 bankidno.svg
wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/ 3 KB
1 KB 216ms
216ms Image
image/svg+xml 181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/bankidno.svg

Requested by

Host: wordpress-80667-0.cloudclusters.net
URL: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

8e983af3546212ed1e62b9c26c00f0f3a4c6fa7c17c9b852cd2910f8b425f8d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 08:01:47 GMT
content-encoding: gzip
last-modified: Thu, 23 Jun 2022 07:00:43 GMT
etag: "b15-5e21803200dd7-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
accept-ranges: bytes
content-length: 937
expires: Sat, 24 Jun 2023 08:01:47 GMT

GET
H2 200 logo.svg
wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/ 1 KB
984 B 411ms
411ms Image
image/svg+xml 181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/logo.svg

Requested by

Host: wordpress-80667-0.cloudclusters.net
URL: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/?view=login&appIdKey=fcd00c0656cc490&country=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 08:01:47 GMT
content-encoding: gzip
last-modified: Thu, 23 Jun 2022 07:00:43 GMT
etag: "5a2-5e21803200dd7-gzip"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
accept-ranges: bytes
content-length: 705
expires: Sat, 24 Jun 2023 08:01:47 GMT

GET
H2 404 564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
wordpress-80667-0.cloudclusters.net/assets/ 14 KB
14 KB 805ms
805ms Image
text/html 181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordpress-80667-0.cloudclusters.net/assets/564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg

Requested by

Host: wordpress-80667-0.cloudclusters.net
URL: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/styles.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

d24ca91ad5070d81a21d13e979717afe3f0b8dc47ac3947165dc724f8c7fc793

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 08:01:47 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
link: <https://wordpress-80667-0.cloudclusters.net/wp-json/>; rel="https://api.w.org/"
content-length: 13104
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
wordpress-80667-0.cloudclusters.net/assets/ 0
0 387ms
387ms Font
text/html 181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-80667-0.cloudclusters.net/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff

Requested by

Host: wordpress-80667-0.cloudclusters.net
URL: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/styles.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/styles.css
Origin: https://wordpress-80667-0.cloudclusters.net
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 08:01:47 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
link: <https://wordpress-80667-0.cloudclusters.net/wp-json/>; rel="https://api.w.org/"
content-length: 13104
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
wordpress-80667-0.cloudclusters.net/assets/ 0
0 592ms
592ms Font
text/html 181.215.242.73
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://wordpress-80667-0.cloudclusters.net/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

Requested by

Host: wordpress-80667-0.cloudclusters.net
URL: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/styles.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

181.215.242.73 Bend, United States, ASN397423 (TIER-NET, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wordpress-80667-0.cloudclusters.net/norde/bank-id/betale/Nordea%20-%20Identifisering_files/styles.css
Origin: https://wordpress-80667-0.cloudclusters.net
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 08:01:47 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
link: <https://wordpress-80667-0.cloudclusters.net/wp-json/>; rel="https://api.w.org/"
content-length: 13104
expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cutt.ly/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9gkbmdlgse636fj7li3l31cbea
			wordpress-80667-0.cloudclusters.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: pauo92i1hb97t0id4efqk9n5f2

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wordpress-80667-0.cloudclusters.net/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wordpress-80667-0.cloudclusters.net/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wordpress-80667-0.cloudclusters.net/assets/564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cutt.ly
wordpress-80667-0.cloudclusters.net
172.67.8.238
181.215.242.73
14e9f5f6924db918e377823d0400baee88b90754dc4cf51de508dfe2d1c88631
7c5ae8847476fcfc9a76babd10425ffbedfe505a5064cab2c0bbb24215b5717b
8e983af3546212ed1e62b9c26c00f0f3a4c6fa7c17c9b852cd2910f8b425f8d3
b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9
d24ca91ad5070d81a21d13e979717afe3f0b8dc47ac3947165dc724f8c7fc793

wordpress-80667-0.cloudclusters.net Open in urlscan Pro 181.215.242.73 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

26 kBTransfer

68 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

2 Cookies

3 Console Messages

Security Headers

Indicators

wordpress-80667-0.cloudclusters.net Open in urlscan Pro
181.215.242.73 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

26 kB
Transfer

68 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!