urlscan.io logo urlscan.io
SecurityTrails logo

wordpress-62904-0.cloudclusters.net Open in urlscan Pro
163.123.183.70  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Submission: On December 21 via manual from NO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 163.123.183.70, located in United States and belongs to WII, US. The main domain is wordpress-62904-0.cloudclusters.net.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on March 5th 2021. Valid for: a year.
This is the only time wordpress-62904-0.cloudclusters.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Visa (Financial)

Domain & IP information

IP Address AS Autonomous System
5 163.123.183.70 32097 (WII)
1 2620:0:862:ed... 14907 (WIKIMEDIA)
6 3
Domain Requested by
5 wordpress-62904-0.cloudclusters.net wordpress-62904-0.cloudclusters.net
1 upload.wikimedia.org wordpress-62904-0.cloudclusters.net
6 2

This site contains no links.

Subject Issuer Validity Valid
*.cloudclusters.net
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-05 -
2022-03-05		 a year crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-10-19 -
2022-11-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Frame ID: FF28F85F7B7ED78144AC43D07D22ED49
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sikker nettbetaling

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

88 kB
Transfer

157 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/ 		22 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
4dbbca6c4747526eff3ad07e944467d4846794c20a0e68d4d5bf120d64c4cc38
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx/1.15.10
date
Tue, 21 Dec 2021 14:33:14 GMT
content-type
text/html; charset=UTF-8
content-length
7404
vary
Accept-Encoding
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
common_auth.css
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/common_auth.css
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
5d4ff4117e8f7f9da541cba635327a05770499b79e51e32e679c2923a4bc27b2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:33:14 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"22d0-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
2186
bidm.css
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		42 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/bidm.css
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
31412635ed02fd2c9a9ac4c4d9093c0601a687cfe305aba0dea75c1943d7dd72
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:33:14 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"a782-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
4392
3625.css
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/3625.css
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
304c378b4700d25f783a2a7d6142c0b4d9dd9df890722064788eee96a12999d8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:33:14 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"f64-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
882
vbm_blu01r.png
wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/src/vbm_blu01r.png
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.123.183.70 , United States, ASN32097 (WII, US),
Reverse DNS
Software
nginx/1.15.10 /
Resource Hash
6d1a13547d41b9e611e6ca654d8f475b821050539e2bb0714973ac35d67db02f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 14:33:14 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 23:35:58 GMT
server
nginx/1.15.10
etag
"1a72-5c9dde5729380-gzip"
vary
Accept-Encoding
content-type
image/png
strict-transport-security
max-age=15724800; includeSubDomains
accept-ranges
bytes
content-length
6793
1024px-MasterCard_Logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b7/MasterCard_Logo.svg/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.wikimedia.org/wikipedia/commons/thumb/b/b7/MasterCard_Logo.svg/1024px-MasterCard_Logo.svg.png
Requested by
Host: wordpress-62904-0.cloudclusters.net
URL: https://wordpress-62904-0.cloudclusters.net/skatteetaten/skatteetaten/manage/id/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/8.0.8 /
Resource Hash
7c5a6f7b4871e4b23931232cae5e169c29f224dbb309c3ef881e29aff5d6fbe5
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://wordpress-62904-0.cloudclusters.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 20 Dec 2021 17:36:01 GMT
nel
{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age
75433
x-cache-status
hit-front
x-cache
cp3057 miss, cp3065 hit/40
content-disposition
inline;filename*=UTF-8''MasterCard_Logo.svg.png
server-timing
cache;desc="hit-front", host;desc="cp3065"
content-length
65941
x-client-ip
2001:ac8:36:6:207::1
x-object-meta-sha1base36
d672jpczk8s5jixl3x5wx03hsbwtrd6
last-modified
Tue, 15 Jul 2014 08:52:46 GMT
server
ATS/8.0.8
etag
e1db8d7dd587f0f399803a399d7472d1
strict-transport-security
max-age=106384710; includeSubDomains; preload
report-to
{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy
interest-cohort=()
accept-ranges
bytes
timing-allow-origin
*
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4eb244555324863a9067686a9e08c9bd7db827ed8dd9a0de8a3cdbc32b66437

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		240 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
254868d92f9456d518064051d29f9ff0532bf9a5da291b06f8accb0900e40072

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		172 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Visa (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains