{"report_id":"b050a04b-811c-4363-ac3e-8cc64a3b3206","version":0,"status":"done","tags":["bankid","authentication"],"date":"2026-07-14T12:56:34Z","url":{"schema":"http","addr":"wordpress-213341-0.cloudclusters.net/hokl/index.html","fqdn":"wordpress-213341-0.cloudclusters.net","domain":"cloudclusters.net","tld":"net"},"ip":{"addr":"69.30.235.154","port":0,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"wordpress-213341-0.cloudclusters.net/hokl/index.html","fqdn":"wordpress-213341-0.cloudclusters.net","domain":"cloudclusters.net","tld":"net"},"title":"BankID","dom":{"size":2412913,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (62382)","md5":"5a6990c8dc6dd781e0daca5b5c918cd6","sha1":"ccf90fe3a5ddff8ebc1d70be6ccc0009ac7fd9e4","sha256":"20ae2a4636ab326361b2fe109c32ffa161a6da8e4a3575b8fcae902325dbe017","sha512":"6f6c1225c5594daba6519516e34060410ecdab23822f999c3d0b35de633c0e05d70d55af83c16cb293571c5c540aa9f9fc2b0e1316251a3ee859a4c521ba0b53","ssdeep":"24576:rX7reykpdTL6YuLK1pchx3E+7/BDUcEnZlgMWoe0qwqFmeFJcx4NqjE42Y7V9i5H:rXXc6YUhx3E+j4ZWMWb060nehgJA2+1P","tlshash":"23b57d72124afdd61fad0e8085053e840c7d5c67b2acd5acfbc91ae271e8424de7e8b5","dom_hash":"domhash20f728cd90b43a92c2541d5132fb27bc","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"wordpress-213341-0.cloudclusters.net/hokl/index.html","fqdn":"wordpress-213341-0.cloudclusters.net","domain":"cloudclusters.net","tld":"net"},"ip":{"addr":"69.30.235.154","port":0,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-18T12:56:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"wordpress-213341-0.cloudclusters.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-14","alert":"Phishing Block","trigger":"wordpress-213341-0.cloudclusters.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"wordpress-213341-0.cloudclusters.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"summary":[{"fqdn":"wordpress-213341-0.cloudclusters.net","ip":{"addr":"69.30.235.154","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"domain_registered":"2018-11-30","domain_rank":0,"first_seen":"2026-07-13T07:17:10.488412Z","last_seen":"2026-07-13T07:17:10.488413Z","alert_count":4,"request_count":1,"received_data":2412888,"sent_data":520,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"wordpress-213341-0.cloudclusters.net/hokl/index.html","fqdn":"wordpress-213341-0.cloudclusters.net","domain":"cloudclusters.net","tld":"net"},"ip":{"addr":"69.30.235.154","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-14T12:56:04.873Z","timestamp":1784033764873,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudclusters.net","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 19 Jan 2026 00:00:00 GMT","end":"Mon, 18 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"DC:50:81:B7:BB:22:38:4F:4B:9B:ED:80:17:7B:0D:10:5D:12:14:E0","sha256":"39:2C:99:47:7A:17:2B:DC:AA:CF:16:E3:7F:72:85:54:36:11:31:A4:D1:72:5D:DF:C6:B9:F9:40:AC:84:B8:46"}}},"request":{"raw":"GET /hokl/index.html HTTP/1.1\r\nHost: wordpress-213341-0.cloudclusters.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 14 Jul 2026 12:56:05 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 13 Jul 2026 11:35:32 GMT\r\netag: W/\"6a54cd84-24d056\"\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2412630,"size_decoded":1270510,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (62368)","md5":"cf19329937c63a04fb8308af9810208e","sha1":"1dc43517571f89b36aeb4dfbca012a900bc4db4a","sha256":"723d590fb8605047985e874b84cdc8ed2e2326d77934984753c5cbffc618096f","sha512":"ad355a74a288dc11064c7187613f7352347489527b0a56a49831e12106b908e8f7b4c2e420ec043d37b1b7b4289658b2a55a2ed668e00c7b93e9c1753b013959","ssdeep":"24576:dX7reykpdTL6YuLK1pchx3E+7/BDUcEnZlgMWoe0qwqFmE:dXXc6YUhx3E+j4ZWMWb0E","tlshash":"50256b71024abdc62fad4e4486053d844d3d4ca7b26cd1acfbca16a7b0e9434de7e8b5","first_seen":"2026-02-01T17:41:05.790704Z","last_seen":"2026-07-17T19:29:04.187159Z","times_seen":71,"resource_available":true,"data":null}},"time_used":611,"timings":{"blocked":0,"dns":132,"connect":116,"send":0,"wait":122,"receive":0,"ssl":241},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"wordpress-213341-0.cloudclusters.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-14","alert":"Phishing Block","trigger":"wordpress-213341-0.cloudclusters.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-14","alert":"Sinkholed","trigger":"wordpress-213341-0.cloudclusters.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}}]}
