Report - thinkingsoftware.com/no/vbv/eng.html

Report Overview

Visited public
2025-05-17 14:31:08
Tags
bankid authentication
URL
thinkingsoftware.com/no/vbv/eng.html
Finishing URL
thinkingsoftware.com/no/vbv/eng.html
IP / ASN
66.235.200.147
#13335 CLOUDFLARENET
Title
BankID
Phishing - BankID

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
thinkingsoftware.com	unknown	1999-09-17	2025-05-17	2025-05-17	11 kB	443 kB	66.235.200.147
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-05-14	531 B	20 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	thinkingsoftware.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.5 kB	2025-05-17	2025-05-17
Pretty URL thinkingsoftware.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 66.235.200.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-17 14:31 Last Seen2025-05-17 14:31 Times Seen1 Hash 6144b18267f15b76eb9a974ced456b60 24d49d30bcf47010f73ffca737beba03f17d5f5d 1664af12bf6c83c19e00dbdbb1313676820213d83afe20591d8422d89b790208 Loading...

	thinkingsoftware.com/no/vbv/eng.html	ScriptElement	142 B	2024-03-12	2025-06-10
Pretty URL thinkingsoftware.com/no/vbv/eng.html IP 66.235.200.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-12 04:53 Last Seen2025-06-10 17:10 Times Seen60 Hash d97f6de88741f84ddcfd79b5593854d3 4784f0bfaee43f439f0ca8ca227f05ea97229dcf 99566ce9452362e62fe5ebfb73bd5dcff0df21d5be5fa27e2a727fc23b6fb40c Loading...

	thinkingsoftware.com/no/vbv/eng.html	ScriptElement	143 B	2024-06-16	2025-06-10
Pretty URL thinkingsoftware.com/no/vbv/eng.html IP 66.235.200.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-16 22:09 Last Seen2025-06-10 17:10 Times Seen17 Hash 4b8b8d19776969b1fc08330f8c6d9980 e5d2d039224e9c69e44f1462e9df24bdedafac0f 0c0413546eb59ed74011af9c4dfc2d497425516608ef035b5509863ed01b80e3 Loading...

	thinkingsoftware.com/no/vbv/eng.html	ScriptElement	921 B	2025-05-17	2025-05-17
Pretty URL thinkingsoftware.com/no/vbv/eng.html IP 66.235.200.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-17 14:31 Last Seen2025-05-17 14:31 Times Seen1 Hash b8d183381d881f149a66c68aebdda8de 2c7519d9d60d1c2420a45a6aaf617820a47d2711 d9345439fd2c8f8d71c2528c5664efb93be0f9a79cec5c3e2a464057c5200e66 Loading...

	thinkingsoftware.com/no/vbv/js/jquery.mask.js	ScriptElement	23 kB	2023-03-07	2025-06-20
Pretty URL thinkingsoftware.com/no/vbv/js/jquery.mask.js IP 66.235.200.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19 Last Seen2025-06-20 12:00 Times Seen1809 Hash 24992f1ed62baf9393609f3c6c2ad20e 34716cf70f7f7a9cd072e7796c34ce987f85d18c a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8 Loading...

	thinkingsoftware.com/no/vbv/js/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-06-21
Pretty URL thinkingsoftware.com/no/vbv/js/jquery-3.5.1.min.js IP 66.235.200.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-21 04:13 Times Seen115210 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	about:blank	ScriptElement	236 B	2025-05-17	2025-05-17
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-17 14:31 Last Seen2025-05-17 14:31 Times Seen1 Hash 37c00fd105c7fc09f36c28b325c824d8 5b7124a60760ba3001378a37078c22665531f179 91e98ed23930607100b375afc95e84411a65b1dc67451f684d92c049612287a7 Loading...

HTTP Transactions (16)

URL IP Response Size

GET thinkingsoftware.com/no/vbv/image/sahm.svg

66.235.200.147

200 OK

172 B

URL GET
thinkingsoftware.com/no/vbv/image/sahm.svg
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
SVG Scalable Vector Graphics image
Size
172 B (172 bytes)
Hash
acfa1315930ab586c8153f06d4853206
611207fc3f53a8f4097d859a9668e5be1def5668
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/image/sahm.svg HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: image/svg+xml
last-modified: Fri, 16 May 2025 21:49:48 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: REVALIDATED
vary: Accept-Encoding
server: cloudflare
cf-ray: 9413d0960a9da0c8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Wix+Madefor+Text:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&display=swap

142.250.74.10

200 OK

20 kB

URL GET
fonts.googleapis.com/css2?family=Wix+Madefor+Text:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
ASCII text
Size
20 kB (19615 bytes)
Hash
69b2a7f429e53b06d707da2675e331fb
897fbc75e820db99a6bdcc74052ab4a0753a4bc6
69cfabcb140f25925268256eb12d20a2bfb2a0f2c91580e0ef251d453766a974

HTTP Headers

GET /css2?family=Wix+Madefor+Text:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&amp;display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 17 May 2025 14:30:48 GMT
date: Sat, 17 May 2025 14:30:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET thinkingsoftware.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

66.235.200.147

302 Found

8.5 kB

URL GET
thinkingsoftware.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type

Size
8.5 kB (8461 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 17 May 2025 14:30:48 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 9413d099a91ca0c8-CPH
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/eng.html

66.235.200.147

200 OK

4.4 kB

URL User Request GET
thinkingsoftware.com/no/vbv/eng.html
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (945), with CRLF line terminators
Size
4.4 kB (4424 bytes)
Hash
30377b28d357c9131afc9e5915662168
aafc6a45e90921ea813533171681c9c151c67cfe
f86d05cd296a630b9f8a053e8397cdb74d8155a17e895d45dbba62341800da74

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/eng.html HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:47 GMT
content-type: text/html
last-modified: Fri, 16 May 2025 21:49:48 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: HIT
set-cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; path=/; expires=Sat, 17-May-25 15:00:47 GMT; domain=.thinkingsoftware.com; HttpOnly; Secure; SameSite=None
_cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000; path=/; domain=.thinkingsoftware.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 9413d0940adaa0c8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/js/jquery.mask.js

66.235.200.147

200 OK

23 kB

URL GET
thinkingsoftware.com/no/vbv/js/jquery.mask.js
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
JavaScript source, ASCII text
Size
23 kB (23176 bytes)
Hash
24992f1ed62baf9393609f3c6c2ad20e
34716cf70f7f7a9cd072e7796c34ce987f85d18c
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/js/jquery.mask.js HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/javascript
content-length: 6846
last-modified: Fri, 16 May 2025 21:49:48 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 9413d0960ab5a0c8-CPH
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/css/bootstrap.css

66.235.200.147

200 OK

193 kB

URL GET
thinkingsoftware.com/no/vbv/css/bootstrap.css
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
Unicode text, UTF-8 text, with very long lines (560)
Size
193 kB (193066 bytes)
Hash
eb16f7065446e1a2ec8878916c6f603c
dbfc30e4a0982dc7067902d293bcf3b024943f05
823d30ccfd5ba5d3e5c1efbd67b15390d49d8e0b4cfb36335057821778686917

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/css/bootstrap.css HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/css
last-modified: Fri, 16 May 2025 21:49:48 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 9413d095fa5da0c8-CPH
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/js/jquery-3.5.1.min.js

66.235.200.147

200 OK

90 kB

URL GET
thinkingsoftware.com/no/vbv/js/jquery-3.5.1.min.js
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/js/jquery-3.5.1.min.js HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/javascript
last-modified: Fri, 16 May 2025 21:49:48 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: HIT
server: cloudflare
cf-ray: 9413d0960ab0a0c8-CPH
X-Firefox-Spdy: h2

POST thinkingsoftware.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.28605469160427294:1747491009:We3_vSOsBGVWZ-LEoIeMvNa8MlFdpHwi1fMx_2PmV6M/9413d0940adaa0c8

66.235.200.147

200 OK

0 B

URL POST
thinkingsoftware.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.28605469160427294:1747491009:We3_vSOsBGVWZ-LEoIeMvNa8MlFdpHwi1fMx_2PmV6M/9413d0940adaa0c8
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/0.28605469160427294:1747491009:We3_vSOsBGVWZ-LEoIeMvNa8MlFdpHwi1fMx_2PmV6M/9413d0940adaa0c8 HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12087
Origin: https://thinkingsoftware.com
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=vbB_HzT_IWJ4atOBLA5x7yBQYqxN1IsMeUm35HqSTb8-1747492248-1.2.1.1-oAb1fuPPOrAJ2HNa9c8Yl3M6pLiabGZ.kfGSMnON2BL_1k5pcJ0jCPYH4NBv27jKneLgBNhl948sfOF9HnU00NAALA4VXlHNhW7guZ9hjDjI.M4p0ihWH3cCAHwBi1qdmsb0_drMd6xzHeW4crK8_U6aUOtyS6stDGANSaN0TrN2GrZBmGtwelaQrkcATndogPqdk3CysnBseHkHzNcwcpIzFxEdlheh_B.laNVrIwmIjimXar7JpXU8xzQftRXunG8VJpRdr7RN0rbjR7.ChhwMnj0bSqsth4wLe_0VBZffYdVGo5KMByam1TEiLgBnfWZEPlLhi16Bi7NC0TY2rNpDuOJ9R13o4HZG8n.3aEs; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=thinkingsoftware.com; Expires=Sun, 17 May 2026 14:30:48 GMT
server: cloudflare
cf-ray: 9413d09b4f9fa0c8-CPH
X-Firefox-Spdy: h2

GET thinkingsoftware.com/cdn.jsdelivr.net/npm/bootstrap-icons%401.5.0/font/bootstrap-icons.css

66.235.200.147

404 Not Found

33 kB

URL GET
thinkingsoftware.com/cdn.jsdelivr.net/npm/bootstrap-icons%401.5.0/font/bootstrap-icons.css
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators
Size
33 kB (33261 bytes)
Hash
6031a11196665b3638746c133cc41849
ffb236bc3f59a38533ae88e31d08176a6b1cf1a6
101f1252657c8397ed9022cdca211828e64d1e1fb246acca7c64609c08310b26

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /cdn.jsdelivr.net/npm/bootstrap-icons%401.5.0/font/bootstrap-icons.css HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
link: <https://thinkingsoftware.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: MISS
server: cloudflare
cf-ray: 9413d095fa47a0c8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET thinkingsoftware.com/stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

66.235.200.147

404 Not Found

33 kB

URL GET
thinkingsoftware.com/stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators
Size
33 kB (33261 bytes)
Hash
6031a11196665b3638746c133cc41849
ffb236bc3f59a38533ae88e31d08176a6b1cf1a6
101f1252657c8397ed9022cdca211828e64d1e1fb246acca7c64609c08310b26

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
link: <https://thinkingsoftware.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: MISS
server: cloudflare
cf-ray: 9413d095fa4ea0c8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/image/acc.svg

66.235.200.147

200 OK

2.1 kB

URL GET
thinkingsoftware.com/no/vbv/image/acc.svg
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
SVG Scalable Vector Graphics image
Size
2.1 kB (2084 bytes)
Hash
7e222700dc3e669eaa52288f27281cd4
6abe625226f5e12f9dfbaac8b0a6356142e1f317
2135db17253f889e03a392ec096f45b3a79cdb97b498841a698b2bf4a54e1bb4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/image/acc.svg HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: image/svg+xml
last-modified: Fri, 16 May 2025 21:49:48 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: REVALIDATED
vary: Accept-Encoding
server: cloudflare
cf-ray: 9413d0960a77a0c8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/image/x.html

66.235.200.147

200 OK

25 kB

URL GET
thinkingsoftware.com/no/vbv/image/x.html
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
HTML document, ASCII text, with very long lines (10676)
Size
25 kB (24938 bytes)
Hash
572f8cedd1bf1750725acc726436ff05
89e46a649b6109b76f01fdccd300333e65a9cc3b
d1e9186b8446b88944d9e45ae56ecc58eb366b332da391bf9e8084d407af4cc6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/image/x.html HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/html
last-modified: Fri, 16 May 2025 21:49:48 GMT
vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 9413d09988d8a0c8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET thinkingsoftware.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?

66.235.200.147

200 OK

8.5 kB

URL GET
thinkingsoftware.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js?
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
JavaScript source, ASCII text, with very long lines (8461), with no line terminators
Size
8.5 kB (8461 bytes)
Hash
6144b18267f15b76eb9a974ced456b60
24d49d30bcf47010f73ffca737beba03f17d5f5d
1664af12bf6c83c19e00dbdbb1313676820213d83afe20591d8422d89b790208

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/6fab0cec561d/main.js? HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
cf-ray: 9413d099ea40a0c8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/css/lary.css

66.235.200.147

200 OK

10 kB

URL GET
thinkingsoftware.com/no/vbv/css/lary.css
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
ASCII text, with CRLF line terminators
Size
10 kB (10143 bytes)
Hash
991f279f7fcaf5794c18ea59517fb7b0
28635cc04ed2c4da0ff0b0b42fab6ba3f791df67
26b09af686038eff10a161b0e3b88d0c311b829aee42126ca1d915a48018d8c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/css/lary.css HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: text/css
content-length: 2230
last-modified: Fri, 16 May 2025 21:49:48 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 9413d0960a73a0c8-CPH
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/image/bar_lg.png

66.235.200.147

200 OK

884 B

URL GET
thinkingsoftware.com/no/vbv/image/bar_lg.png
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
PNG image data, 73 x 41, 8-bit/color RGBA, non-interlaced
Size
884 B (884 bytes)
Hash
09716caf35f0fe37ad6aecd397c1e06a
89db5789b5c8cc8ac8e25156af327b89b8e6bc78
c7c507bb71038107ffbef4f6b8f3e6b636ca8303e9221ea8322643443a929bf5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/image/bar_lg.png HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: image/png
content-length: 884
last-modified: Fri, 16 May 2025 21:49:48 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 9413d0960a7fa0c8-CPH
X-Firefox-Spdy: h2

GET thinkingsoftware.com/no/vbv/image/protege.png

66.235.200.147

200 OK

4.9 kB

URL GET
thinkingsoftware.com/no/vbv/image/protege.png
IP
66.235.200.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thinkingsoftware.com/no/vbv/eng.html
Certificate
IssuerGoogle Trust Services
Subjectthinkingsoftware.com
Fingerprint12:9C:6B:5D:A5:62:A5:B4:9D:59:F9:32:A8:2D:64:10:41:B2:43:1D
ValiditySat, 03 May 2025 17:07:46 GMT - Fri, 01 Aug 2025 18:07:43 GMT

File type
PNG image data, 258 x 55, 8-bit/color RGBA, non-interlaced
Size
4.9 kB (4853 bytes)
Hash
66e77690c3758948e083c6f91d3ff7cd
f271ae1a722d9aa0908a8505c0629f2cab036f75
cba05bfbcf9755ce28b86a2fca72718d2e821af148b7a856776edd8cca755c48

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - BankID

HTTP Headers

GET /no/vbv/image/protege.png HTTP/1.1
Host: thinkingsoftware.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thinkingsoftware.com/no/vbv/eng.html
Cookie: __cf_bm=AdhWD76FcbzZxUJPYjq1xly_s161kIUHsrR.YFfBr1c-1747492247-1.0.1.1-rBv0bkd6xUj5260PXJt7aeM4YCABT__NaA24GXoBHZxpwV06IYYYtSmpF5E6NA37DyuoSL.53W9z3cxkTVPcS_88.bFeDQSBeXpb1z2m6mc; _cfuvid=5cjZiLRr4JoWSESkXzbvc1WRjTQuEQ7WpfXGB3jlSPs-1747492247713-0.0.1.1-604800000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 14:30:48 GMT
content-type: image/png
content-length: 4853
last-modified: Fri, 16 May 2025 21:49:48 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 9413d0960aa9a0c8-CPH
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash