danske.serveirc.com
Open in
urlscan Pro
159.65.61.149
Malicious Activity!
Public Scan
Effective URL: https://danske.serveirc.com/id/dd/DN/Login.php
Submission: On April 25 via manual from FI — Scanned from US
Summary
TLS certificate: Issued by R3 on April 25th 2024. Valid for: 3 months.
This is the only time danske.serveirc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Danske Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.159.128.235 54.159.128.235 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 1 | 1.179.112.197 1.179.112.197 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 68.178.145.131 68.178.145.131 | 398791 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
1 12 | 159.65.61.149 159.65.61.149 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 2607:f8b0:400... 2607:f8b0:4004:c08::5f | 15169 (GOOGLE) (GOOGLE) | |
2 | 2607:f8b0:400... 2607:f8b0:4004:c06::5e | 15169 (GOOGLE) (GOOGLE) | |
14 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-128-235.compute-1.amazonaws.com
rf9yn5ns.r.us-east-1.awstrack.me |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: m1179112197.mailinblue.me
fhbiifj.r.bh.d.sendibt3.com |
ASN398791 (GO-DADDY-COM-LLC, US)
PTR: 131.145.178.68.host.secureserver.net
vvntechnologies.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
serveirc.com
1 redirects
danske.serveirc.com |
430 KB |
2 |
gstatic.com
fonts.gstatic.com |
40 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33 |
1 KB |
1 |
vvntechnologies.com
1 redirects
vvntechnologies.com |
106 B |
1 |
sendibt3.com
1 redirects
fhbiifj.r.bh.d.sendibt3.com |
163 B |
1 |
awstrack.me
1 redirects
rf9yn5ns.r.us-east-1.awstrack.me |
439 B |
14 | 6 |
Domain | Requested by | |
---|---|---|
12 | danske.serveirc.com |
1 redirects
danske.serveirc.com
|
2 | fonts.gstatic.com |
danske.serveirc.com
|
1 | fonts.googleapis.com |
danske.serveirc.com
|
1 | vvntechnologies.com | 1 redirects |
1 | fhbiifj.r.bh.d.sendibt3.com | 1 redirects |
1 | rf9yn5ns.r.us-east-1.awstrack.me | 1 redirects |
14 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
danske.serveirc.com R3 |
2024-04-25 - 2024-07-24 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-04-08 - 2024-07-01 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-04-08 - 2024-07-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://danske.serveirc.com/id/dd/DN/Login.php
Frame ID: 39EF3A6F26625FED110B59FE9DE1D204
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
home-BrandPage URL History Show full URLs
-
https://rf9yn5ns.r.us-east-1.awstrack.me/L0/https:%2F%2Ffhbiifj.r.bh.d.sendibt3.com%2Ftr%2Fcl%2FQXh0xF-1sEfHdTL9u1IF4...
HTTP 302
https://fhbiifj.r.bh.d.sendibt3.com/tr/cl/QXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4C... HTTP 302
https://vvntechnologies.com/ HTTP 301
https://danske.serveirc.com/id/dd/DN/ HTTP 302
https://danske.serveirc.com/id/dd/DN/Login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://rf9yn5ns.r.us-east-1.awstrack.me/L0/https:%2F%2Ffhbiifj.r.bh.d.sendibt3.com%2Ftr%2Fcl%2FQXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4CYKFSXs9Pu-h6IOKiaUEI31SFVeldZJhLKpyXzeUWKHW8ix1CqeYPV-95xXBhG6lqEewpVVk0PEGQm5bBQiZ9_QXSfO8CndEVWrYp11l9hrVA2JcSJLfSj2ZjnKejKVolSAO3mPkBgjLLjw97dJdoD-0XH8ZXcw_GbkKOcS4hMI4kQ5O4xuF45NhwMB79-GStWwyfnmbV4om0mU9v3cp0w/1/0100018f158940d3-d866fff5-0aca-434f-845e-9d72aa5975d8-000000/4sqgOPsT6pqcxuH27dKEi4eOWRE=371
HTTP 302
https://fhbiifj.r.bh.d.sendibt3.com/tr/cl/QXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4CYKFSXs9Pu-h6IOKiaUEI31SFVeldZJhLKpyXzeUWKHW8ix1CqeYPV-95xXBhG6lqEewpVVk0PEGQm5bBQiZ9_QXSfO8CndEVWrYp11l9hrVA2JcSJLfSj2ZjnKejKVolSAO3mPkBgjLLjw97dJdoD-0XH8ZXcw_GbkKOcS4hMI4kQ5O4xuF45NhwMB79-GStWwyfnmbV4om0mU9v3cp0w HTTP 302
https://vvntechnologies.com/ HTTP 301
https://danske.serveirc.com/id/dd/DN/ HTTP 302
https://danske.serveirc.com/id/dd/DN/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login.php
danske.serveirc.com/id/dd/DN/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
danske.serveirc.com/id/dd/DN/style/ |
182 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
danske.serveirc.com/id/dd/DN/style/ |
10 KB 776 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
baguetteBox.css
danske.serveirc.com/id/dd/DN/style/ |
4 KB 972 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
danske.serveirc.com/id/dd/DN/style/ |
500 B 443 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
danske.serveirc.com/id/dd/DN/style/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ImageRender.jpg
danske.serveirc.com/id/dd/DN/style/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s1.png
danske.serveirc.com/id/dd/DN/style/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s2.png
danske.serveirc.com/id/dd/DN/style/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
underlog.png
danske.serveirc.com/id/dd/DN/style/ |
320 KB 321 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
10 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ |
19 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ |
20 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
danske.serveirc.com/ |
808 B 500 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Danske Bank (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
danske.serveirc.com
fhbiifj.r.bh.d.sendibt3.com
fonts.googleapis.com
fonts.gstatic.com
rf9yn5ns.r.us-east-1.awstrack.me
vvntechnologies.com
1.179.112.197
159.65.61.149
2607:f8b0:4004:c06::5e
2607:f8b0:4004:c08::5f
54.159.128.235
68.178.145.131
16a0b33679f25e5e47c4731d6fe450fd157f5fb7ea7cf710632f86da014bdd79
1fa53992ba85ec211855680d90ddd7dec6b10e6a0d48eea4a4b40055cbf41d56
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
61fcaf60ecdf8d6b29bdc104701cdedfe094c6341c96b3a7d676fdc2bfd1db06
660c5b2f29f876267f130d0cf33a26bf2ea85c7bbaa450609b0027ef372c542d
683f5b803aec9e336fa2e847c10b4c52e241e08cf1b39c48f51ad8cf29abc6f4
881057bedbfb41fc0d4a695c7cf69363c791f4e4c186807e1579af956a417d34
b280c8c7a7ecaa9d798c499d7b6b7d390a250b603b206a9fd9fcf66f2d2c73cc
b4478e68f43f1e8875fdd39be0970a1ffbf78934c4b31f63f3c4a84fbdeea315
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
bcfb8521f8f3a41426b3e075e44391f1d09c3ca8ec33b250da9d2b4593d3e457
d564ebadd34678ed4bbfb820d23fc4518d8e8e7e04253d0019413ff02d963c80
ea7d0e26556f5b72b0223547446bafc52347ec0b29cd27ea254cb0e37542e962
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60