mobilepayopdateringer.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 190.97.162.167, located in Panama and belongs to Cyber Cast International, S.A., PA. The main domain is mobilepayopdateringer.com.
TLS certificate: Issued by R3 on January 23rd 2024. Valid for: 3 months.

This is the only time mobilepayopdateringer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MobilePay (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 7	190.97.162.167 190.97.162.167	27956 (Cyber Cas...) (Cyber Cast International)
1	212.88.64.12 212.88.64.12	9158 (TELENOR_D...) (TELENOR_DANMARK_AS)
7	2

7 190.97.162.167 (Panama) 1 redirects

ASN27956 (Cyber Cast International, S.A., PA)
PTR: vamoalaplayaentonces.com

mobilepayopdateringer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.88.64.12 (Denmark)

ASN9158 (TELENOR_DANMARK_AS, DK)
PTR: telenor.dk

cdn1.telenor.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	mobilepayopdateringer.com 1 redirects mobilepayopdateringer.com	250 KB
1	telenor.dk cdn1.telenor.dk	2 KB
7	2

	Domain	Requested by
7	mobilepayopdateringer.com	1 redirects mobilepayopdateringer.com
1	cdn1.telenor.dk	mobilepayopdateringer.com
7	2

This site contains links to these domains. Also see Links.

Domain
mobilepay.dk

Subject Issuer	Validity	Valid
mobilepayopdateringer.com R3	`2024-01-23` - `2024-04-22`	3 months	crt.sh
*.telenor.dk GlobalSign RSA OV SSL CA 2018	`2023-05-25` - `2024-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://mobilepayopdateringer.com/p1.php
Frame ID: AE4F1439EE9C7FFF6A96FD80FCA86C9A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Opdater oplysninger

Page URL History Show full URLs

http://mobilepayopdateringer.com/ HTTP 301
https://mobilepayopdateringer.com/p1.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

252 kB
Transfer

254 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://mobilepay.dk/hjaelp/mobilepay-til-private
Title: Hjælp

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mobilepayopdateringer.com/ HTTP 301
https://mobilepayopdateringer.com/p1.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request p1.php Show response
mobilepayopdateringer.com/
Redirect Chain

http://mobilepayopdateringer.com/
https://mobilepayopdateringer.com/p1.php

1 KB
957 B

622ms
211ms

Document
text/html

190.97.162.167
Cyber Cast Intern...

General

Check archive.org

Show headers Download Go to

Full URL: https://mobilepayopdateringer.com/p1.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.97.162.167 , Panama, ASN27956 (Cyber Cast International, S.A., PA),
Reverse DNS: vamoalaplayaentonces.com
Software: nginx /
Resource Hash: 2d03d638e4a40f4af2765f8f23c24699b798249c1c3a17d728b6fe907c614091

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.7.3 Mobile/15E148 Safari/604.1
accept-language: da-DK,da;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Jan 2024 01:17:25 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 24 Jan 2024 01:17:24 GMT
Location: https://mobilepayopdateringer.com/p1.php
Server: nginx

GET
H/1.1 200
OK p1.css
mobilepayopdateringer.com/ 1 KB
745 B 204ms
203ms Stylesheet
text/css 190.97.162.167
Cyber Cast Intern...

General

Check archive.org

Show headers Download Go to

Full URL: https://mobilepayopdateringer.com/p1.css
Requested by: Host: mobilepayopdateringer.com
URL: https://mobilepayopdateringer.com/p1.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.97.162.167 , Panama, ASN27956 (Cyber Cast International, S.A., PA),
Reverse DNS: vamoalaplayaentonces.com
Software: nginx /
Resource Hash: 5b739c378d55519c4235cf71610acd6e1614abf1f5eb2cdf706f90e8c00fcfc6

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://mobilepayopdateringer.com/p1.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.7.3 Mobile/15E148 Safari/604.1

Response headers

Date: Wed, 24 Jan 2024 01:17:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 23 Jan 2024 02:18:34 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK mplogo.svg
mobilepayopdateringer.com/images/ 5 KB
2 KB 408ms
203ms Image
image/svg+xml 190.97.162.167
Cyber Cast Intern...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobilepayopdateringer.com/images/mplogo.svg
Requested by: Host: mobilepayopdateringer.com
URL: https://mobilepayopdateringer.com/p1.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.97.162.167 , Panama, ASN27956 (Cyber Cast International, S.A., PA),
Reverse DNS: vamoalaplayaentonces.com
Software: nginx /
Resource Hash: f0b80135f81ae661b3f8fe74fa08a6e8622daf02d426f55f632b696414f04d97

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://mobilepayopdateringer.com/p1.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.7.3 Mobile/15E148 Safari/604.1

Response headers

Date: Wed, 24 Jan 2024 01:17:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 Jan 2024 04:23:00 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: image/svg+xml
Connection: keep-alive

GET
H/1.1 200
OK dkflag.svg
mobilepayopdateringer.com/images/ 425 B
534 B 618ms
210ms Image
image/svg+xml 190.97.162.167
Cyber Cast Intern...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mobilepayopdateringer.com/images/dkflag.svg
Requested by: Host: mobilepayopdateringer.com
URL: https://mobilepayopdateringer.com/p1.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.97.162.167 , Panama, ASN27956 (Cyber Cast International, S.A., PA),
Reverse DNS: vamoalaplayaentonces.com
Software: nginx /
Resource Hash: 2a4b7e21d35ae78fde0b2f8024a64188f69585e4d46e3515e19dc69442b85e3d

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://mobilepayopdateringer.com/p1.php
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.7.3 Mobile/15E148 Safari/604.1

Response headers

Date: Wed, 24 Jan 2024 01:17:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 Jan 2024 04:31:10 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: image/svg+xml
Connection: keep-alive

GET
H/1.1 200
OK icon_mitid_logo-white.svg
cdn1.telenor.dk/ImageProxy/svg/ 2 KB
2 KB 268ms
104ms Image
image/svg+xml 212.88.64.12
TELENOR_DANMARK_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn1.telenor.dk/ImageProxy/svg/icon_mitid_logo-white.svg

Requested by

Host: mobilepayopdateringer.com
URL: https://mobilepayopdateringer.com/p1.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

212.88.64.12 , Denmark, ASN9158 (TELENOR_DANMARK_AS, DK),

Reverse DNS

telenor.dk

Software

/

Resource Hash

6aa02ed607880c8220e4227043dcb15f743ed739c617abca258633b140e4a2ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://mobilepayopdateringer.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.7.3 Mobile/15E148 Safari/604.1

Response headers

Date: Wed, 24 Jan 2024 01:17:25 GMT
Strict-Transport-Security: max-age=60; includeSubDomains
Last-Modified: Wed, 24 Jan 2024 01:17:25 GMT
ImageVaultUrl: /imagevault/publishedmedia/kpwgeyi7dshzmr7bt7os/icon_mitid_logo-white.svg
Vary: *, Host, Accept-Encoding
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
AbsoluteImageUrl: http://cdn1.telenor.dk/imagevault/publishedmedia/kpwgeyi7dshzmr7bt7os/icon_mitid_logo-white.svg
Cache-Control: private, max-age=86400
Access-Control-Allow-Origin: https://www.telenor.dk
Content-Disposition: inline; filename*=UTF-8''icon_mitid_logo-white.svg; filename="icon_mitid_logo-white.svg"
X-Vary: *
Content-Length: 1575
Expires: Thu, 25 Jan 2024 01:17:25 GMT

GET
H/1.1 200
OK Paytype-Bold.ttf
mobilepayopdateringer.com/fonts/ 121 KB
121 KB 565ms
386ms Font
font/ttf 190.97.162.167
Cyber Cast Intern...

General

Check archive.org

Show headers Download Go to

Full URL: https://mobilepayopdateringer.com/fonts/Paytype-Bold.ttf
Requested by: Host: mobilepayopdateringer.com
URL: https://mobilepayopdateringer.com/p1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.97.162.167 , Panama, ASN27956 (Cyber Cast International, S.A., PA),
Reverse DNS: vamoalaplayaentonces.com
Software: nginx /
Resource Hash: ee900b8a8ea08ec8105ec1556ff43445929ab90ba6c0632519d682ab97b4e3d3

Request headers

Referer: https://mobilepayopdateringer.com/p1.css
Origin: https://mobilepayopdateringer.com
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.7.3 Mobile/15E148 Safari/604.1

Response headers

Date: Wed, 24 Jan 2024 01:17:25 GMT
Last-Modified: Wed, 17 Jan 2024 20:34:38 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: font/ttf
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 123860

GET
H/1.1 200
OK Paytype.ttf
mobilepayopdateringer.com/fonts/ 123 KB
124 KB 604ms
405ms Font
font/ttf 190.97.162.167
Cyber Cast Intern...

General

Check archive.org

Show headers Download Go to

Full URL: https://mobilepayopdateringer.com/fonts/Paytype.ttf
Requested by: Host: mobilepayopdateringer.com
URL: https://mobilepayopdateringer.com/p1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 190.97.162.167 , Panama, ASN27956 (Cyber Cast International, S.A., PA),
Reverse DNS: vamoalaplayaentonces.com
Software: nginx /
Resource Hash: e1f382aba049d70ec0e0bedd9d818676211c62a520b2eaff0218cc769c1b3c38

Request headers

Referer: https://mobilepayopdateringer.com/p1.css
Origin: https://mobilepayopdateringer.com
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.7.3 Mobile/15E148 Safari/604.1

Response headers

Date: Wed, 24 Jan 2024 01:17:25 GMT
Last-Modified: Wed, 17 Jan 2024 20:35:10 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: font/ttf
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 126276

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MobilePay (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn1.telenor.dk
mobilepayopdateringer.com
190.97.162.167
212.88.64.12
2a4b7e21d35ae78fde0b2f8024a64188f69585e4d46e3515e19dc69442b85e3d
2d03d638e4a40f4af2765f8f23c24699b798249c1c3a17d728b6fe907c614091
5b739c378d55519c4235cf71610acd6e1614abf1f5eb2cdf706f90e8c00fcfc6
6aa02ed607880c8220e4227043dcb15f743ed739c617abca258633b140e4a2ee
e1f382aba049d70ec0e0bedd9d818676211c62a520b2eaff0218cc769c1b3c38
ee900b8a8ea08ec8105ec1556ff43445929ab90ba6c0632519d682ab97b4e3d3
f0b80135f81ae661b3f8fe74fa08a6e8622daf02d426f55f632b696414f04d97

mobilepayopdateringer.com Open in urlscan Pro 190.97.162.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

252 kBTransfer

254 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

mobilepayopdateringer.com Open in urlscan Pro
190.97.162.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

252 kB
Transfer

254 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!