danske.serveirc.com Open in urlscan Pro
159.65.61.149 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rf9yn5ns.r.us-east-1.awstrack.me/L0/https:%2F%2Ffhbiifj.r.bh.d.sendibt3.com%2Ftr%2Fcl%2FQXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82A...
Effective URL:
https://danske.serveirc.com/id/dd/DN/Login.php
Submission: On April 25 via manual (April 25th 2024, 3:07:37 pm UTC) from FI — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 6 domains to perform 14 HTTP transactions. The main IP is 159.65.61.149, located in Slough, United Kingdom and belongs to DIGITALOCEAN-ASN, US. The main domain is danske.serveirc.com.
TLS certificate: Issued by R3 on April 25th 2024. Valid for: 3 months.

This is the only time danske.serveirc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Danske Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.159.128.235 54.159.128.235	14618 (AMAZON-AES) (AMAZON-AES)
1 1	1.179.112.197 1.179.112.197	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	68.178.145.131 68.178.145.131	398791 (GO-DADDY-...) (GO-DADDY-COM-LLC)
1 12	159.65.61.149 159.65.61.149	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2607:f8b0:400... 2607:f8b0:4004:c08::5f	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c06::5e	15169 (GOOGLE) (GOOGLE)
14	3

1 54.159.128.235 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-128-235.compute-1.amazonaws.com

rf9yn5ns.r.us-east-1.awstrack.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 1.179.112.197 (France) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: m1179112197.mailinblue.me

fhbiifj.r.bh.d.sendibt3.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.178.145.131 (Mumbai, India) 1 redirects

ASN398791 (GO-DADDY-COM-LLC, US)
PTR: 131.145.178.68.host.secureserver.net

vvntechnologies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 159.65.61.149 (Slough, United Kingdom) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

danske.serveirc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	serveirc.com 1 redirects danske.serveirc.com	430 KB
2	gstatic.com fonts.gstatic.com	40 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
1	vvntechnologies.com 1 redirects vvntechnologies.com	106 B
1	sendibt3.com 1 redirects fhbiifj.r.bh.d.sendibt3.com	163 B
1	awstrack.me 1 redirects rf9yn5ns.r.us-east-1.awstrack.me	439 B
14	6

	Domain	Requested by
12	danske.serveirc.com	1 redirects danske.serveirc.com
2	fonts.gstatic.com	danske.serveirc.com
1	fonts.googleapis.com	danske.serveirc.com
1	vvntechnologies.com	1 redirects
1	fhbiifj.r.bh.d.sendibt3.com	1 redirects
1	rf9yn5ns.r.us-east-1.awstrack.me	1 redirects
14	6

This site contains no links.

Subject Issuer	Validity	Valid
danske.serveirc.com R3	`2024-04-25` - `2024-07-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-08` - `2024-07-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://danske.serveirc.com/id/dd/DN/Login.php
Frame ID: 39EF3A6F26625FED110B59FE9DE1D204
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

home-Brand

Page URL History Show full URLs

https://rf9yn5ns.r.us-east-1.awstrack.me/L0/https:%2F%2Ffhbiifj.r.bh.d.sendibt3.com%2Ftr%2Fcl%2FQXh0xF-1sEfHdTL9u1IF4... HTTP 302
https://fhbiifj.r.bh.d.sendibt3.com/tr/cl/QXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4C... HTTP 302
https://vvntechnologies.com/ HTTP 301
https://danske.serveirc.com/id/dd/DN/ HTTP 302
https://danske.serveirc.com/id/dd/DN/Login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

3
IPs

4
Countries

471 kB
Transfer

651 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rf9yn5ns.r.us-east-1.awstrack.me/L0/https:%2F%2Ffhbiifj.r.bh.d.sendibt3.com%2Ftr%2Fcl%2FQXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4CYKFSXs9Pu-h6IOKiaUEI31SFVeldZJhLKpyXzeUWKHW8ix1CqeYPV-95xXBhG6lqEewpVVk0PEGQm5bBQiZ9_QXSfO8CndEVWrYp11l9hrVA2JcSJLfSj2ZjnKejKVolSAO3mPkBgjLLjw97dJdoD-0XH8ZXcw_GbkKOcS4hMI4kQ5O4xuF45NhwMB79-GStWwyfnmbV4om0mU9v3cp0w/1/0100018f158940d3-d866fff5-0aca-434f-845e-9d72aa5975d8-000000/4sqgOPsT6pqcxuH27dKEi4eOWRE=371 HTTP 302
https://fhbiifj.r.bh.d.sendibt3.com/tr/cl/QXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4CYKFSXs9Pu-h6IOKiaUEI31SFVeldZJhLKpyXzeUWKHW8ix1CqeYPV-95xXBhG6lqEewpVVk0PEGQm5bBQiZ9_QXSfO8CndEVWrYp11l9hrVA2JcSJLfSj2ZjnKejKVolSAO3mPkBgjLLjw97dJdoD-0XH8ZXcw_GbkKOcS4hMI4kQ5O4xuF45NhwMB79-GStWwyfnmbV4om0mU9v3cp0w HTTP 302
https://vvntechnologies.com/ HTTP 301
https://danske.serveirc.com/id/dd/DN/ HTTP 302
https://danske.serveirc.com/id/dd/DN/Login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request Login.php Show response
danske.serveirc.com/id/dd/DN/
Redirect Chain

https://rf9yn5ns.r.us-east-1.awstrack.me/L0/https:%2F%2Ffhbiifj.r.bh.d.sendibt3.com%2Ftr%2Fcl%2FQXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4CYKFSXs9Pu-h6IOKiaUEI31SFVeldZJh...
https://fhbiifj.r.bh.d.sendibt3.com/tr/cl/QXh0xF-1sEfHdTL9u1IF48xCbleFWLhWKjZI9u82AAI1aV0v28pEbp9L25jTlHQe_aZy4CYKFSXs9Pu-h6IOKiaUEI31SFVeldZJhLKpyXzeUWKHW8ix1CqeYPV-95xXBhG6lqEewpVVk0PEGQm5bBQiZ9_...
https://vvntechnologies.com/
https://danske.serveirc.com/id/dd/DN/
https://danske.serveirc.com/id/dd/DN/Login.php

6 KB
2 KB

449ms
448ms

Document
text/html

159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/8.2.18 PleskLin
Resource Hash: b280c8c7a7ecaa9d798c499d7b6b7d390a250b603b206a9fd9fcf66f2d2c73cc

Request headers

Accept-Language: en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-length: 1514
content-type: text/html; charset=UTF-8
date: Thu, 25 Apr 2024 15:07:31 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.18 PleskLin

Redirect headers

content-length: 1
content-type: text/html; charset=UTF-8
date: Thu, 25 Apr 2024 15:07:31 GMT
location: ./Login.php
server: nginx
x-powered-by: PHP/8.2.18 PleskLin

GET
H2 200 bootstrap.css
danske.serveirc.com/id/dd/DN/style/ 182 KB
24 KB 302ms
299ms Stylesheet
text/css 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://danske.serveirc.com/id/dd/DN/style/bootstrap.css
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 61fcaf60ecdf8d6b29bdc104701cdedfe094c6341c96b3a7d676fdc2bfd1db06

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
content-encoding: br
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
etag: W/"618c476e-2d968"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 css.css
danske.serveirc.com/id/dd/DN/style/ 10 KB
776 B 339ms
337ms Stylesheet
text/css 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://danske.serveirc.com/id/dd/DN/style/css.css
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 1fa53992ba85ec211855680d90ddd7dec6b10e6a0d48eea4a4b40055cbf41d56

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
content-encoding: br
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
etag: W/"618c476e-2612"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 baguetteBox.css
danske.serveirc.com/id/dd/DN/style/ 4 KB
972 B 985ms
983ms Stylesheet
text/css 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://danske.serveirc.com/id/dd/DN/style/baguetteBox.css
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 16a0b33679f25e5e47c4731d6fe450fd157f5fb7ea7cf710632f86da014bdd79

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
content-encoding: br
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
etag: W/"618c476e-e19"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 styles.css
danske.serveirc.com/id/dd/DN/style/ 500 B
443 B 984ms
982ms Stylesheet
text/css 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://danske.serveirc.com/id/dd/DN/style/styles.css
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: ea7d0e26556f5b72b0223547446bafc52347ec0b29cd27ea254cb0e37542e962

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
content-encoding: gzip
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
x-accel-version: 0.01
etag: "1f4-5d076bcee3780-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 236

GET
H2 200 logo.png
danske.serveirc.com/id/dd/DN/style/ 8 KB
9 KB 983ms
982ms Image
image/png 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://danske.serveirc.com/id/dd/DN/style/logo.png
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 660c5b2f29f876267f130d0cf33a26bf2ea85c7bbaa450609b0027ef372c542d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
last-modified: Wed, 10 Nov 2021 22:46:26 GMT
server: nginx
etag: "618c4bc2-2193"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 8595

GET
H2 200 ImageRender.jpg
danske.serveirc.com/id/dd/DN/style/ 23 KB
23 KB 340ms
339ms Image
image/jpeg 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://danske.serveirc.com/id/dd/DN/style/ImageRender.jpg
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 683f5b803aec9e336fa2e847c10b4c52e241e08cf1b39c48f51ad8cf29abc6f4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
etag: "618c476e-5a6e"
x-powered-by: PleskLin
content-type: image/jpeg
accept-ranges: bytes
content-length: 23150

GET
H2 200 s1.png
danske.serveirc.com/id/dd/DN/style/ 22 KB
22 KB 308ms
307ms Image
image/png 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://danske.serveirc.com/id/dd/DN/style/s1.png
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 881057bedbfb41fc0d4a695c7cf69363c791f4e4c186807e1579af956a417d34

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
etag: "618c476e-591b"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 22811

GET
H2 200 s2.png
danske.serveirc.com/id/dd/DN/style/ 27 KB
27 KB 953ms
953ms Image
image/png 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://danske.serveirc.com/id/dd/DN/style/s2.png
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: d564ebadd34678ed4bbfb820d23fc4518d8e8e7e04253d0019413ff02d963c80

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
etag: "618c476e-6a1e"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 27166

GET
H2 200 underlog.png
danske.serveirc.com/id/dd/DN/style/ 320 KB
321 KB 318ms
317ms Image
image/png 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://danske.serveirc.com/id/dd/DN/style/underlog.png
Requested by: Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/Login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: bcfb8521f8f3a41426b3e075e44391f1d09c3ca8ec33b250da9d2b4593d3e457

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:32 GMT
last-modified: Wed, 10 Nov 2021 22:27:58 GMT
server: nginx
etag: "618c476e-50132"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 327986

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 2572ms
57ms Stylesheet
text/css 2607:f8b0:4004:c08::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,400i,700,700i,600,600i

Requested by

Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/style/bootstrap.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b4478e68f43f1e8875fdd39be0970a1ffbf78934c4b31f63f3c4a84fbdeea315

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Thu, 25 Apr 2024 15:07:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 25 Apr 2024 15:07:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 25 Apr 2024 15:07:34 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
20 KB 149ms
49ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/style/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/
Origin: https://danske.serveirc.com
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 14:02:26 GMT
x-content-type-options: nosniff
age: 263109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Apr 2025 14:02:26 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 141ms
41ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: danske.serveirc.com
URL: https://danske.serveirc.com/id/dd/DN/style/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/
Origin: https://danske.serveirc.com
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 13:51:11 GMT
x-content-type-options: nosniff
age: 177384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Apr 2025 13:51:11 GMT

GET
H2 404 favicon.ico
danske.serveirc.com/ 808 B
500 B 103ms
102ms Other
text/html 159.65.61.149
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://danske.serveirc.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.65.61.149 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://danske.serveirc.com/id/dd/DN/Login.php
Accept-Language: en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 25 Apr 2024 15:07:34 GMT
content-encoding: br
last-modified: Thu, 25 Apr 2024 11:49:16 GMT
server: nginx
etag: W/"328-616ea606af7dc"
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Danske Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://danske.serveirc.com/id/dd/DN/Login.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://danske.serveirc.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

danske.serveirc.com
fhbiifj.r.bh.d.sendibt3.com
fonts.googleapis.com
fonts.gstatic.com
rf9yn5ns.r.us-east-1.awstrack.me
vvntechnologies.com
1.179.112.197
159.65.61.149
2607:f8b0:4004:c06::5e
2607:f8b0:4004:c08::5f
54.159.128.235
68.178.145.131
16a0b33679f25e5e47c4731d6fe450fd157f5fb7ea7cf710632f86da014bdd79
1fa53992ba85ec211855680d90ddd7dec6b10e6a0d48eea4a4b40055cbf41d56
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
61fcaf60ecdf8d6b29bdc104701cdedfe094c6341c96b3a7d676fdc2bfd1db06
660c5b2f29f876267f130d0cf33a26bf2ea85c7bbaa450609b0027ef372c542d
683f5b803aec9e336fa2e847c10b4c52e241e08cf1b39c48f51ad8cf29abc6f4
881057bedbfb41fc0d4a695c7cf69363c791f4e4c186807e1579af956a417d34
b280c8c7a7ecaa9d798c499d7b6b7d390a250b603b206a9fd9fcf66f2d2c73cc
b4478e68f43f1e8875fdd39be0970a1ffbf78934c4b31f63f3c4a84fbdeea315
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
bcfb8521f8f3a41426b3e075e44391f1d09c3ca8ec33b250da9d2b4593d3e457
d564ebadd34678ed4bbfb820d23fc4518d8e8e7e04253d0019413ff02d963c80
ea7d0e26556f5b72b0223547446bafc52347ec0b29cd27ea254cb0e37542e962
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

danske.serveirc.com Open in urlscan Pro 159.65.61.149 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

3 IPs

4 Countries

471 kBTransfer

651 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

danske.serveirc.com Open in urlscan Pro
159.65.61.149 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

3
IPs

4
Countries

471 kB
Transfer

651 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!