bankid-no.com Open in urlscan Pro
2606:4700:3037::ac43:b946 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bankid-no.com/
Effective URL:
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/
Submission: On September 25 via api (September 25th 2023, 1:22:53 pm UTC) from DK — Scanned from NO

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3037::ac43:b946, located in United States and belongs to CLOUDFLARENET, US. The main domain is bankid-no.com.
TLS certificate: Issued by GTS CA 1P5 on September 24th 2023. Valid for: 3 months.

This is the only time bankid-no.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address		AS Autonomous System
4 21	2606:4700:303... 2606:4700:3037::ac43:b946		13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2

21 2606:4700:3037::ac43:b946 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

bankid-no.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	bankid-no.com 4 redirects bankid-no.com	152 KB
17	1

	Domain	Requested by
21	bankid-no.com	4 redirects bankid-no.com
17	1

This site contains no links.

Subject Issuer	Validity	Valid
bankid-no.com GTS CA 1P5	`2023-09-24` - `2023-12-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/
Frame ID: F40BDFAC7FFE9B970E85C5BEB60F6DF7
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OIDC Client

Page URL History Show full URLs

http://bankid-no.com/ HTTP 301
https://bankid-no.com/ Page URL
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2 HTTP 301
http://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 301
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 302
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/ Page URL

Detected technologies

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

150 kB
Transfer

462 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bankid-no.com/ HTTP 301
https://bankid-no.com/ Page URL
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2 HTTP 301
http://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 301
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 302
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://bankid-no.com/ HTTP 301
https://bankid-no.com/

17 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response bankid-no.com/ Redirect Chain http://bankid-no.com/ https://bankid-no.com/	728 B 877 B	234ms 147ms	Document text/html	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f80b0a9f552f18eab69cdc4369bc68ef106db9d7889712653fc72b7edb124ee9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 accept-language no-NO,no;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 80c393fdaf6eb52d-OSL content-encoding br content-type text/html; charset=UTF-8 date Mon, 25 Sep 2023 13:22:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FtLs6sxJ1KrUyjDboGyefftczzb80%2BvA%2FFZrjqeuc6nZUKKXdSK1lwaVI30x7pSDRzq3fF6Zn4mcopNcSR5ry%2FvVkiFj59%2BgzW9Kp71uoD%2FlC%2FDiQgcG76TVPOZUaJpABYYhq1alDpXezhcE"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers CF-RAY 80c393fcd9f60b41-OSL Cache-Control max-age=3600 Connection keep-alive Date Mon, 25 Sep 2023 13:22:48 GMT Expires Mon, 25 Sep 2023 14:22:48 GMT Location https://bankid-no.com/ NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWaqwqE2T6JJdnLbDuoMR8RT%2F8juJUn9IiLAYb%2BIf2CLJ5EBmfoPXcTBmsnEc44FR%2B%2Fg0FDddJEICVyzAIhwMbWc1RfKq8oDwify5spqd97ZmBmjPCL2oylux8nSftRKqdlxjkkpurgpga6t"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400
GET H3	200	Primary Request / Show response bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/ Redirect Chain https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2? http://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/? https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/? https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/?	92 KB 24 KB	118ms 117ms	Document text/html	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Requested by Host: bankid-no.com URL: https://bankid-no.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1f057d717f9337c78ee9ef5ebfbb5d7a4880ad67aa7ee523efcc02e31df67305` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 accept-language no-NO,no;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 80c394065be1b512-OSL content-encoding br content-type text/html; charset=UTF-8 date Mon, 25 Sep 2023 13:22:50 GMT expires 0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MmPBVqUhiLT3pvivr2sQmGZAAWuE4xXid6567iBbdPoANR%2BiY0fm58dJWawgdR13YtyYjyjiRNaQfNMzvH5WClpGTL8VSopGuoqefDEV9XhbMyxM9zsenGI3WlVOLBCCBATAUM6fgXd7Z6Kk"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 80c39405bb33b512-OSL content-type text/html; charset=UTF-8 date Mon, 25 Sep 2023 13:22:49 GMT location login/? nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2lKWzyBsZ9%2FLSy92nz2CPBUAT3Fz8sGc%2BHKq8jTMuFU43iDXbG4NGAZZC51puhOwYilXXd%2BnBqyEWPMon7BLcCVjrqPmNW0pQZqB15TE02%2Bbr%2B1cB3arqfEVg7%2F8r6Q98wsFaxbvlX1fVqZ"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	404	index.ec33b587.css bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/assets/	0 0	99ms 99ms	Stylesheet text/html	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/assets/index.ec33b587.css Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iuWSIXpIZqrB4ggFUaDqotPNY%2BVZHZy%2FB3isV3o6JJVJQx5shfwuiQy5a0n2SsR%2BsO%2FdvYH6VP2aRGWZLphoXBWNPmuiFc0vYyzsMh5zbsXUMEPw445BmeBysVO46n9Vi3fsFzo0%2B9GHY3pS"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 80c394072ca6b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	jquery.min.js Show response bankid-no.com/bower_components/jquery/dist/	85 KB 31 KB	147ms 146ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/bower_components/jquery/dist/jquery.min.js Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15283-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRCVKg3UHgprE%2BKnbiJ90RI9KOyXvHne3a3gB9CSFxNQZYiXWH6h0G41wEm4VdL%2F%2BIMTqL5EHhWN4TeACFIGnYX7Nae3QUOwRop4hvf4BxegKAPXqDl2xODjd5rE9cxaoHOmIeeJy%2BNbGWTC"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394072ca7b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	ua-parser.min.js Show response bankid-no.com/bower_components/ua-parser-js/dist/	17 KB 7 KB	107ms 106ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4298-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RifETXt1%2BQQlwQkS%2BwFOiaOXP3cybq6p5vWQ6trGKYCrChBDvDMHjhoFMZd4qlSrd1cDER9hLNlJ6n4O98IlJWtHoBe5P3d2WXm8HaakwRN6lF1vyHbbFGE4Sl3ziuSVgBsPBCdalAt%2FNQY5"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394072ca9b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	font-awesome.min.css bankid-no.com/bower_components/font-awesome/css/	30 KB 7 KB	111ms 110ms	Stylesheet text/css	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"7918-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PixQt8w4OgRJ9NNfJx38xyXpRepduPRfnvgsQqFDl3FXzCQ2b5vSgb0%2BD%2F6U0l1W9PFk8RAivwEcPxsTYG9W6Qa0JxBbd64BFHY%2FKaSNmYFXTDdTwdoFpnDxibZ4HoczpUuQc00ZElUmM4Il"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 80c394072cabb512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	core_form.js Show response bankid-no.com/core/form/	19 KB 5 KB	101ms 100ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/core/form/core_form.js Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `16d11bf341fa3783a8cc493aedfa340510b273cd3087346dda577f390dcab9ac` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status EXPIRED last-modified Sun, 24 Sep 2023 19:27:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4b7c-6061fd49ddbc5-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwqsfWmtoXlcttbyuEL%2BD2OC8j5EXFTHZDSEtDxqLZngkxiX9MYbUP1j7qIi1Vyph4fRrjdnF6JbcfbWbYJhs2dVGomb4N27epHc7VZA0G%2Bet%2BVmr3Um8pM5uxxEHIOc2XD38boU271tOEKM"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394072cadb512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	core_token.js Show response bankid-no.com/core/token/	20 KB 2 KB	139ms 138ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/core/token/core_token.js?1695648170 Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `874a79e6068f2edf4dcde54d61b684fed222aa69eca86e04da8375926860e1ae` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status MISS last-modified Sun, 24 Sep 2023 19:26:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4f75-6061fd196d342-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPiHyPydr5%2BXqKOkv4%2BEPOtd4XfAuy0%2BV7puvgm6fBqQ81XhPqFtt5W9NKNAGkUxgNVSih13s0LERv4CeZ3UgskxyHWAIrG8NtNJlcMyT9CMDJuEZnNCj%2FqSe1V8ZgLMEJtXMR8DRsAExwxb"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394072caeb512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	angular.min.js Show response bankid-no.com/bower_components/angular/	165 KB 59 KB	183ms 182ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/bower_components/angular/angular.min.js Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2937c-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7FeOaim8JpYK%2BlpzeOOYtXyg1ffpUEwBS6eIfoO1ZyZyaeTeSkbHpyRqh8HZRaAAeNLgk2gyokNBB%2BIXaSS9tDxQpJCwsZoSG7uxHyiDVMBMUsEe0vbfxLZSpXWxCm%2BbFOjQBWxZ4FVtuoL"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394072cafb512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	jquery.maskedinput.min.js Show response bankid-no.com/bower_components/jquery.maskedinput/dist/	16 KB 4 KB	105ms 104ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/bower_components/jquery.maskedinput/dist/jquery.maskedinput.min.js Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4001-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROofJ9fy7%2FC%2BDZNAFuNjYLcgXJ2JKUPIMbm94LTNLr4yEbRr11SEIsk0XvzU2Q8eY3NbmlV7CL2CEMvyz%2BqDv%2B9Yw8Nb84i%2BNkqcL%2FGxFZZAEGmWT2SEC7Y3CwrD4MsWQNthJ8knarqfHVDk"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394072cb1b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	core_form.css bankid-no.com/core/form/	3 KB 1 KB	239ms 238ms	Stylesheet text/css	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/core/form/core_form.css Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `406a11c423ffe3d6c6c94df7fbe6eaf6f49a70086e9f82bbfa0cad51fbd31ad8` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:50 GMT content-encoding br cf-cache-status EXPIRED last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"adb-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1eD0YUYFZ9oY4ZwQN3B3bCTfHjbEA0pR5bdCjOrHZMI%2Bu9edAQoGdwMLZSfs8bz%2BMUoqWKa6ANwRPoS8foOOzc9Kvy4aSBkhElBbIFLlu3QjLsKbe6gjTNZRTyop3RnqVm%2FBNyrao1lUA1K"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 80c394072cb2b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	form.js Show response bankid-no.com/login/form/	3 KB 1 KB	1210ms 1208ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/login/form/form.js?v=651189aa0c543 Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:51 GMT content-encoding br cf-cache-status MISS last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"bf7-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6P9rEqjslKNbf4GrFoGGpFoz%2Bpw5o9THhemnkZ0ifCLcFBrrHo1Gk1r2C6NlI1SYgdxExXrop0LyB1%2Fc42sL2rFlGZittHMGs%2FpZR8sEXtEXLDP79QqaUTBJ4tqOkhV2Uk44UBQPONlqOQOM"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394075cd6b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	ng.js Show response bankid-no.com/login/ng/	6 KB 2 KB	1218ms 1216ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/login/ng/ng.js?v=651189aa0c555 Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c214695e0609b540ab0885b59787f76a0e0be8ccb2a333d8d2231ecae1825f4b` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:51 GMT content-encoding br cf-cache-status MISS last-modified Mon, 25 Oct 2021 23:59:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"16af-5cf3625dd5880-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZWRxAtuFNZSfmwY90CwBR9H2SFkExnlwMKf8ckAikdMVvmOo3G6S6l%2FMhmN3JrdlV4A7RxtdV8Ww94V3gljHXcKej3II7wAJxJ9icLEL0q4n4Sd94uGbDpy0ZZ%2FeNr76K3nuxNEqNRj3lg3"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394076cd7b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	token.js Show response bankid-no.com/login/token/	1 KB 1009 B	2216ms 2214ms	Script application/javascript	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/login/token/token.js?v=651189aa0c557 Requested by Host: bankid-no.com URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `372815d231f76cb0c399dcf538444e5fc3c4617679b3470a18934495b6e2c537` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:52 GMT content-encoding br cf-cache-status MISS last-modified Tue, 22 Aug 2023 07:43:26 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"53f-6037e26718380-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0y06kJo2gbYYzUrzUPsZ2RvwQvYa8bGfw7k%2FbUj2WKcDS4LyNIXxE9CxteSqywENmmKmqKI5U%2FnIZajiK9Ydt8JAzw%2BndxtCJq%2BOcRpLw4AJ7FkMHtaNCpOdFMjpmJpySL2tv4UtPQZtcmwT"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 80c394076cd8b512-OSL alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f9e8bdb5e8c3549c2e92046277170d3f03faf218373ffae1637f74816b682d09` Request headers accept-language no-NO,no;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers Content-Type image/svg+xml
GET H3	200	bankid.gif bankid-no.com/login/	4 KB 4 KB	96ms 95ms	Image image/gif	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bankid-no.com/login/bankid.gif Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ca17fdb01ac454718d8b11a3e395261724bc8120051ce2e42ff02825bb7eaa48` Request headers accept-language no-NO,no;q=0.9 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:52 GMT cf-cache-status REVALIDATED last-modified Sat, 16 Sep 2023 02:09:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "f07-6057067e80980" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2Fx8Wj8b81fPO8s7GcntSPUDnZeaiv8dyWHZp79EvaaoJxVuskbk9yzzrhjn%2FsuU0Nk2q%2BJEfupHyyCNuULjASQSS8uyUUVJe13y7rWzHNSZvf6rI%2FxlKnJESRYX354VvGDqHvs9bLEmUie2"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 80c394155c9ab512-OSL alt-svc h3=":443"; ma=86400 content-length 3847
GET H3	200	home.php Show response bankid-no.com/	57 B 455 B	293ms 291ms	XHR application/json	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/home.php?pl=token&link=Bank%20ID&bid=7208ac417ed1cdce0d23e1c58e71d2f2&callback=jQuery32107097467245805653_1695648170290&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1695648170291 Requested by Host: bankid-no.com URL: https://bankid-no.com/bower_components/jquery/dist/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a7fb0aad21d339d89ab6419bb48e0dd40e24d00f630357b0634cf9648811a558` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? X-Requested-With XMLHttpRequest accept-language no-NO,no;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:52 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QrGmnuNTFKYddbiI%2BPPW4MgmRq2rJn1dxcwx0Gk4Es0WeeuVg0U%2FWj9NuUIrsPovyTRe0%2Bs%2FbUW8maqZo95lal7rux1icghLkKvtYEdnl4tNpffTxhUewMw3oUmv%2F1KbLqn6%2FxvzC3wKs%2Fnr"}],"group":"cf-nel","max_age":604800} content-type application/json cf-ray 80c394159ce7b512-OSL alt-svc h3=":443"; ma=86400
GET H3	200	home.php Show response bankid-no.com/	57 B 450 B	250ms 250ms	XHR application/json	2606:4700:3037::ac43:b946 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bankid-no.com/home.php?pl=token&link=Bank%20ID&bid=7208ac417ed1cdce0d23e1c58e71d2f2&callback=jQuery32107097467245805653_1695648170292&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1695648170293 Requested by Host: bankid-no.com URL: https://bankid-no.com/bower_components/jquery/dist/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b946 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bfd4903d2567ee51acc423e35c5d169ea6a522d431b07689c49242d42f4a0139` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/? X-Requested-With XMLHttpRequest accept-language no-NO,no;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/36.0 Mobile/15E148 Safari/605.1.15 Response headers date Mon, 25 Sep 2023 13:22:52 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3E1bvLV87lwuCcprZCRa2bU6nvYgjiiSWOHpLzV1gpA8lY14S5Dnaaf92LooK1Ojxqz4PYKC3xK9QAXK8KyxFX3E4u%2BYaa8FGkQuaP4yB4E7SpT6k62mcomknRpMJb%2F5p7zbNhJWPWIqVVs"}],"group":"cf-nel","max_age":604800} content-type application/json cf-ray 80c394159ce9b512-OSL alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bankid-no.com/	1969-12-31 23:59:59	Name: real Value: OK
			bankid-no.com/	1970-01-20 15:44:00	Name: bid Value: 7208ac417ed1cdce0d23e1c58e71d2f2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/assets/index.ec33b587.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bankid-no.com
2606:4700:3037::ac43:b946
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
16d11bf341fa3783a8cc493aedfa340510b273cd3087346dda577f390dcab9ac
1f057d717f9337c78ee9ef5ebfbb5d7a4880ad67aa7ee523efcc02e31df67305
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
372815d231f76cb0c399dcf538444e5fc3c4617679b3470a18934495b6e2c537
406a11c423ffe3d6c6c94df7fbe6eaf6f49a70086e9f82bbfa0cad51fbd31ad8
6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
874a79e6068f2edf4dcde54d61b684fed222aa69eca86e04da8375926860e1ae
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
a7fb0aad21d339d89ab6419bb48e0dd40e24d00f630357b0634cf9648811a558
bfd4903d2567ee51acc423e35c5d169ea6a522d431b07689c49242d42f4a0139
c214695e0609b540ab0885b59787f76a0e0be8ccb2a333d8d2231ecae1825f4b
ca17fdb01ac454718d8b11a3e395261724bc8120051ce2e42ff02825bb7eaa48
f80b0a9f552f18eab69cdc4369bc68ef106db9d7889712653fc72b7edb124ee9
f9e8bdb5e8c3549c2e92046277170d3f03faf218373ffae1637f74816b682d09

bankid-no.com Open in urlscan Pro 2606:4700:3037::ac43:b946 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

150 kBTransfer

462 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

51 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

bankid-no.com Open in urlscan Pro
2606:4700:3037::ac43:b946 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

150 kB
Transfer

462 kB
Size

2
Cookies

17 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!