vitusapotek.home.dyndns.org
Open in
urlscan Pro
79.133.46.147
Malicious Activity!
Public Scan
Submitted URL: http://utdanningsforb.wpenginepowered.com/eika
Effective URL: https://vitusapotek.home.dyndns.org/eika/no/no/users/?unlock=code&appIdKey=1305d236f5b22fe1305d236f5b22fe&country=NO
Submission: On July 09 via manual from NO — Scanned from NO
Effective URL: https://vitusapotek.home.dyndns.org/eika/no/no/users/?unlock=code&appIdKey=1305d236f5b22fe1305d236f5b22fe&country=NO
Submission: On July 09 via manual from NO — Scanned from NO
Summary
This website contacted 2 IPs
in 2 countries
across 3 domains to perform 19 HTTP transactions.
The main IP is 79.133.46.147, located in
Germany and
belongs to DE-FIRSTCOLO firstcolo.net, DE.
The main domain is vitusapotek.home.dyndns.org.
TLS certificate: Issued by R11 on June 26th 2024. Valid for: 3 months.
This is the only time vitusapotek.home.dyndns.org was scanned on urlscan.io!
TLS certificate: Issued by R11 on June 26th 2024. Valid for: 3 months.
This is the only time vitusapotek.home.dyndns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Eika Gruppen (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 3 | 141.193.213.10 141.193.213.10 | 209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare) | |
| 2 19 | 79.133.46.147 79.133.46.147 | 44066 (DE-FIRSTC...) (DE-FIRSTCOLO firstcolo.net) | |
| 19 | 2 |
3
141.193.213.10
(United States)
ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
| utdanningsforb.wpenginepowered.com |
19
79.133.46.147
(Germany)
ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
| vectismarketingdigital.is-slick.com | |
| vitusapotek.home.dyndns.org |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
dyndns.org
1 redirects
vitusapotek.home.dyndns.org |
297 KB |
| 3 |
wpenginepowered.com
1 redirects
utdanningsforb.wpenginepowered.com |
778 B |
| 1 |
is-slick.com
1 redirects
vectismarketingdigital.is-slick.com |
370 B |
| 19 | 3 |
| Domain | Requested by | |
|---|---|---|
| 18 | vitusapotek.home.dyndns.org |
1 redirects
vitusapotek.home.dyndns.org
|
| 3 | utdanningsforb.wpenginepowered.com | 1 redirects |
| 1 | vectismarketingdigital.is-slick.com | 1 redirects |
| 19 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| wpenginepowered.com E1 |
2024-05-23 - 2024-08-21 |
3 months | crt.sh |
| vitusapotek.home.dyndns.org R11 |
2024-06-26 - 2024-09-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://vitusapotek.home.dyndns.org/eika/no/no/users/?unlock=code&appIdKey=1305d236f5b22fe1305d236f5b22fe&country=NO
Frame ID: B2F4F67B4DEACCE824546CF80BC2D917
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
BankIDPage URL History Show full URLs
-
http://utdanningsforb.wpenginepowered.com/eika
HTTP 307
https://utdanningsforb.wpenginepowered.com/eika HTTP 301
http://utdanningsforb.wpenginepowered.com/eika/ HTTP 307
https://utdanningsforb.wpenginepowered.com/eika/ Page URL
-
https://vectismarketingdigital.is-slick.com/no/www/?p=KDQvd
HTTP 302
https://vitusapotek.home.dyndns.org/eika/no/?token= Page URL
-
https://vitusapotek.home.dyndns.org/eika/no/no/index.php?pwd=eika
HTTP 302
https://vitusapotek.home.dyndns.org/eika/no/no/users/?unlock=code&appIdKey=1305d236f5b22fe1305d236f5b22fe&countr... Page URL
Detected technologies
AngularJS
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \bangular.{0,32}\.js
Ionicons
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+ionicons(?:\.min)?\.css
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://utdanningsforb.wpenginepowered.com/eika
HTTP 307
https://utdanningsforb.wpenginepowered.com/eika HTTP 301
http://utdanningsforb.wpenginepowered.com/eika/ HTTP 307
https://utdanningsforb.wpenginepowered.com/eika/ Page URL
-
https://vectismarketingdigital.is-slick.com/no/www/?p=KDQvd
HTTP 302
https://vitusapotek.home.dyndns.org/eika/no/?token= Page URL
-
https://vitusapotek.home.dyndns.org/eika/no/no/index.php?pwd=eika
HTTP 302
https://vitusapotek.home.dyndns.org/eika/no/no/users/?unlock=code&appIdKey=1305d236f5b22fe1305d236f5b22fe&country=NO Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://utdanningsforb.wpenginepowered.com/eika HTTP 307
- https://utdanningsforb.wpenginepowered.com/eika HTTP 301
- http://utdanningsforb.wpenginepowered.com/eika/ HTTP 307
- https://utdanningsforb.wpenginepowered.com/eika/
- https://vectismarketingdigital.is-slick.com/no/www/?p=KDQvd HTTP 302
- https://vitusapotek.home.dyndns.org/eika/no/?token=
19 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H3 |
/
utdanningsforb.wpenginepowered.com/eika/ Redirect Chain
|
106 B 334 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
vitusapotek.home.dyndns.org/eika/no/ Redirect Chain
|
119 B 448 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
favicon.ico
utdanningsforb.wpenginepowered.com/ |
0 171 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
vitusapotek.home.dyndns.org/eika/no/no/users/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eika-green.css
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
451 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ionicons.css
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
60 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spinner.css
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
angular.min.js
vitusapotek.home.dyndns.org/eika/no/no/users/css/js/ |
163 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
vitusapotek.home.dyndns.org/eika/no/no/users/css/js/ |
86 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.mask.js
vitusapotek.home.dyndns.org/eika/no/no/users/css/js/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.js
vitusapotek.home.dyndns.org/eika/no/no/users/css/js/ |
2 KB 941 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
small_logo.jpg
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Eika-Medium.woff2
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
34 KB 34 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Roboto-medium.woff2
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
10 KB 10 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Eika-Bold.woff2
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
38 KB 38 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Roboto-regular.woff2
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
10 KB 10 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Eika-Semibold.woff2
vitusapotek.home.dyndns.org/eika/no/no/users/css/ |
39 KB 39 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
vitusapotek.home.dyndns.org/eika/no/no/users/css/img/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Eika Gruppen (Financial)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| angular function| $ function| jQuery function| preventBack1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| vitusapotek.home.dyndns.org/ | Name: PHPSESSID Value: nnrg2hasuq0gqfd37mc384obdr |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
utdanningsforb.wpenginepowered.com
vectismarketingdigital.is-slick.com
vitusapotek.home.dyndns.org
141.193.213.10
79.133.46.147
06951624d80fdda468d7efffb27c4de747d0650055b488b326a701cb3fd697b8
097bd6e48fbf7c98162b9a8f68681739ed7452661866b047d5de3c206398b549
1365bdb7e8ae854a0b811c08b16b7f04d119aa4a8ea7498d74f1e7400882877e
147b6bf989cea9ccc6e00277c4e0bb28cb96eaa5f1908d4d6cd5ef1c923fdcd3
29145c80d09f3b9213d6bc30b8ffc0a98a6541fff03ae13e70bd7866b1f7f7ee
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
53ff8e25fd4202561b67b73bcf6245e6f8ecb1f4b45d5b3b92e1167428f7e479
6dc3f629aadebe180b1ff51294078a071c0ca7b57006a183b8270b21cd098808
6f79f64a58642bbf7c71fba9f42fcdd561da4749c204e1936e46507714762a87
71157c0cf1e8acd0528d4993700ef6a1e8ddef245367f805a91678adda2c7ca3
78d5ce6e7aa80b441ab7e6ede1d7240f6129a877a1b09ce3a11c3aa023b96a78
85cef8d4d6e9d449da4add1b20d3fd00a8aaef0e1925858e9dfa3c4adc6fda76
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
a52de7cbccf2c8372058316a2eec1f3686503a07c1cb96dda12f5bd4c6f89b87
b6cb334272988052b287ab0af9b48c6cd1a53d2d685712a3941e90f4e8ba2e46
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
d4f5368358d2e54b140a954491935efe87eedc09a896cd6e1171844946b7d533
f050012b033cb391112b37757113c73ff09884815ff73ce45592ee309ce87b3f