Report - nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php

Report Overview

Submitted URL
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
IP
104.21.57.158
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 22:47:05
Access
public
Website Title
Nordea - Identifisering
Final URL
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Tags
suspicious
urlquery detections
Suspicious - Suspicious Javascript code
Suspicious - Anti-debugging code

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nordea-no.xyz	unknown	2024-04-13	2024-04-15	2024-04-16	5.9 kB	41 kB	172.67.191.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php	822 B	2024-04-24	2024-04-25
Pretty URL nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php IP 172.67.191.30 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 16:48:54 Last Seen2024-04-25 00:47:06 Times Seen6 Hash 3ca8bbc74b1a8279e5c03a231e2308a8 5ab62aef8af58a9f9f16dc35f96e165a412103de 3786d0881850774b28b0ebc834c73c2e3df1a5e9a49fe27e58c3ca7576fcd0df Loading...

	nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php	4.9 kB	2024-04-24	2024-04-25
Pretty URL nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php IP 172.67.191.30 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 16:48:54 Last Seen2024-04-25 00:47:06 Times Seen4 Hash 2f8001169fd37d7548399ada295ef806 bfc04b706daf07e78a7f9c3eef95928b8fbbe526 0f7078453d2f1ea248216fb0b8808539124098ded6ad0a9f1a2ef54b231b573e Loading...

HTTP Transactions (11)

URL IP Response Size

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/svg/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: f3464808118d65381a82aa97725c80a5
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xOiGi6VUGns6RhWiX15U7SQU3w82cBDv722mlwfWstE8wVutuv5opz2HQPqflYRaXiGCg4eIUKJsSKB43V%2Bm2PrETevNl4iTwK0itsp1DsE8as08lhghQlg6jKYFZh3w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b4f569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/no-connection-83f79e2367a313b468986e12a237c346.svg

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/no-connection-83f79e2367a313b468986e12a237c346.svg
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/svg/no-connection-83f79e2367a313b468986e12a237c346.svg HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: eb222a3e0df6788b97bce8836bb3ff6f
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z6Ku2Jx9x4ed5i5JyoUajI%2B0vjhZ%2FS8vde4uy4fuzFYavcTneg1AOy2HpD6Lb9B73qAlFsAa8hcEcOOuczwvjAMHBr08bctY4r%2FIIkPkUwQ36xSayH%2FZTfL7dRl4Iv5b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b51569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/svg/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: 1f4853963b1379ccb588b8227a4e704f
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M6s0da6%2BiXeFyMgoE0kM7i2%2FxGyzRgJN%2FdN2%2F2ZIxzD4lDSjk37uG9njvNzABQC630I7UJbfv1f22D2554mlzm8LYv9gI%2FOAT%2FQlqJXANfS4vVW4qU7NEIkux03s%2B1pF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b54569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/jquery.min.js

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/jquery.min.js
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/jquery.min.js HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: 9ea10fdc2ff7524bacaf79699792cfea
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1L2W%2B3c2oo0QP%2BSYD%2FHTc0i6Lw2EtVHO5Bf%2BAEFdeFgQlY3QuQRzkw4WRaYpXye0oBRQUJeePNGrMLEkp3laN8ujjlUAbknZlTyc9S2M9bUXEENGU818XHpaec4IcD%2Fd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b8b55569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php

172.67.191.30

200 OK

30 kB

URL User Request GET HTTP/2
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type

Size
30 kB (29797 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/login.php HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 22:46:40 GMT
content-type: text/html; charset=UTF-8
edge-cache-engine: varnish
edge-request-id: 3912f49ca33348c58c7cb351d74177c1
vary: Accept-Encoding
edge-cache-engine-mode: ACTIVE
age: 7
x-request-id: 3912f49ca33348c58c7cb351d74177c1
edge-cache-engine-hit: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mckRR6Avhs%2B1r9cPTgSGgmfOk41h8v%2BoMAeKABdqukT29aDWMfiv%2FcoVY9zGfR7%2BJivKKFfo5k9snLHzoxKLRONUkwEvLH2jzagD%2BO7gcu1Ng0J54eK7t1j8EvdmBOaT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a178cfb65687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/svg/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: b6574db7571bf81c2cb26c9de586b428
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IwsbOIIriMmtCwv6UkdrehBwvuqR7BCzKbAYQeYZh2jsRdLBVpS%2B%2FVBblXetO5h%2FHo8Mz6lG1Cw51h7Fiop4LKMuOcawNJN%2BsojzdidQ3EdXM9Ckgjb3CvVH9dY2q%2BqC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b4c569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/svg/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: c3ffbaaa82f4698a0bb6ae5ec4d1f9ca
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9XNTJ4rtIMZ6o2D0KS3kXDD5EkfaWMHsqP8KpyZnrv%2F1gOqGEwyDo7T3rfgtH44ypCbtU5NmzIe%2BG%2BG0kV%2BEFoT8Yy%2BTQf0NNOPYWcYo9E910qtro4WoJq6q8huqp6lh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b50569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/empty-3857ebe69f653487f8c9d99adde4657f.svg

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/empty-3857ebe69f653487f8c9d99adde4657f.svg
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/svg/empty-3857ebe69f653487f8c9d99adde4657f.svg HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: 32d71556e497cdf9e3c39d76f94b8cfd
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVMBDeu1GT0Q8Pw5npn%2F76rAJq0lEji2%2Fd4cKCOnu83tq6C1pfDWzxTPQLm5hUdQI2OCpv42Vh8p8BC371H%2B%2BChqI3cqawKYAfr2yRwo8%2BUMDzxV2q7SlxMegAiR3uFk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b53569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/favicon.ico

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/favicon.ico
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/favicon.ico HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: 17f1560efd021ef072814400222f08e4
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6K%2Bs83%2Ftmo27sU3wQ6MGxd1NU40xqELocWPCEJ3xo1gmUOmsesHm0XkqRR0GBNNCiwXcAJNFPlAsWAYiV7OV%2FOAc0IrivHRXTv9ypDlc5bW8NEzE2tJ7fEIsN8L0ncMf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17c5bbb569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/styles.css

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/styles.css
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/styles.css HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: ddc0a1bbbca154f902dc2e6c9aca326b
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CR5mwJXtkloue3dSZcJfvvujtdv4ouAgtUDLNI1WfAaATYIefUzLZh2n2tyYhSIQaJPVPHUNg%2BwbnLinzn9KqzwoYZDTS3Ol%2BBVlTjf%2FrYXv3uzJ3Ttt2NzJcLAKsYu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b48569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/bankidnomobile-8bd2f3c1665c6c00eff2af6bd153e9f6.svg

172.67.191.30

403 Forbidden

318 B

URL GET HTTP/3
nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/res/svg/bankidnomobile-8bd2f3c1665c6c00eff2af6bd153e9f6.svg
IP
172.67.191.30:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectnordea-no.xyz
FingerprintC9:20:61:81:45:48:07:79:20:13:3D:94:BC:C9:32:A6:78:D2:F2:A6
ValidityMon, 15 Apr 2024 09:23:56 GMT - Sun, 14 Jul 2024 09:23:55 GMT

File type
HTML document, ASCII text, with very long lines (329), with no line terminators
Size
318 B (318 bytes)
Hash
a76e0e5ab2f70dec98377f906933120d
e8c746560f35a864b6eb16568c58c12127bb564d
72a08d90f531230bbdb3e582280b10246ab1f74c2afc3848a7645628c1365ed0

HTTP Headers

GET /auth/ffaef69cfe33696bd06b22612273a167/res/svg/bankidnomobile-8bd2f3c1665c6c00eff2af6bd153e9f6.svg HTTP/1.1
Host: nordea-no.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nordea-no.xyz/auth/ffaef69cfe33696bd06b22612273a167/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
date: Wed, 24 Apr 2024 22:46:41 GMT
content-type: text/html; charset=iso-8859-1
edge-cache-engine: varnish
edge-request-id: c8428d4e441c3a4b095f4af758971eae
edge-cache-engine-mode: ACTIVE
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQb%2Ftw%2B13%2FDHrPuZDAgpoNPRVSPIteiXCRuB7vXbfnyJooYcaiarVmxSccXxWfFhPGs7W9bvhPgBBNVyHm9GMLBjW9RgMjdip0bvbve5Kb3XIJlb0PcO2YgwsAMIRisw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799a17b7b4d569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN