test-nemlog-in.dk
Open in
urlscan Pro
152.73.246.24
Malicious Activity!
Public Scan
Effective URL: https://test-nemlog-in.dk/login.aspx/noeglekort
Submission: On March 18 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on June 26th 2019. Valid for: 2 years.
This is the only time test-nemlog-in.dk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 46.36.211.228 46.36.211.228 | 207199 (ZITCOM) (ZITCOM) | |
2 22 | 152.73.246.24 152.73.246.24 | 15687 (AS15687) (AS15687) | |
6 | 184.31.83.126 184.31.83.126 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 152.73.246.21 152.73.246.21 | 15687 (AS15687) (AS15687) | |
27 | 4 |
ASN15687 (AS15687, DK)
login.test-nemlog-in.dk | |
test-nemlog-in.dk |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-31-83-126.deploy.static.akamaitechnologies.com
appletk.danid.dk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
test-nemlog-in.dk
2 redirects
login.test-nemlog-in.dk test-nemlog-in.dk |
148 KB |
6 |
danid.dk
appletk.danid.dk |
540 KB |
3 |
ditmer.zone
3 redirects
filmpuljen-nemlogin.ditmer.zone |
2 KB |
1 |
nemlog-in.dk
nemlog-in.dk |
|
27 | 4 |
Domain | Requested by | |
---|---|---|
21 | test-nemlog-in.dk |
1 redirects
test-nemlog-in.dk
|
6 | appletk.danid.dk |
test-nemlog-in.dk
appletk.danid.dk |
3 | filmpuljen-nemlogin.ditmer.zone | 3 redirects |
1 | nemlog-in.dk |
test-nemlog-in.dk
|
1 | login.test-nemlog-in.dk | 1 redirects |
27 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
adgangforalle.dk |
digst.dk |
www.nemid.nu |
www.was.digst.dk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.test-nemlog-in.dk GlobalSign RSA OV SSL CA 2018 |
2019-06-26 - 2021-08-21 |
2 years | crt.sh |
appletk.danid.dk GlobalSign Organization Validation CA - SHA256 - G2 |
2020-06-18 - 2022-06-19 |
2 years | crt.sh |
Nemlog-in.dk GlobalSign RSA OV SSL CA 2018 |
2021-02-15 - 2022-03-06 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://test-nemlog-in.dk/login.aspx/noeglekort
Frame ID: 2F010B81FCD09E6019313D4F0901D063
Requests: 21 HTTP requests in this frame
Frame:
https://appletk.danid.dk/launcher/lmt/63751657113609
Frame ID: E781B31BF6B712CA52E505BC49F83205
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://filmpuljen-nemlogin.ditmer.zone/
HTTP 302
https://filmpuljen-nemlogin.ditmer.zone/Security/Login/?ReturnUrl=%2f HTTP 302
https://filmpuljen-nemlogin.ditmer.zone/login.ashx HTTP 302
https://login.test-nemlog-in.dk/adfs/ls/?SAMLRequest=lZJfS8MwFMXfBb9DyHubZB1rG9qN4V4GCjLFB9%2ByNnXRNNl60yF%2... HTTP 307
https://test-nemlog-in.dk/IDP.ashx?SAMLRequest=lZJfS8MwFMXfBb9DyHubZB1rG9qN4V4GCjLFB9%2ByNnXRNNl60yF%2... HTTP 302
https://test-nemlog-in.dk/login.aspx/noeglekort Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- html /<input[^>]+name="__VIEWSTATE/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- html /<input[^>]+name="__VIEWSTATE/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Read more about the use of your personal information and your rights here
Search URL Search Domain Scan URL
Title: Order NemID
Search URL Search Domain Scan URL
Title: Renew NemID
Search URL Search Domain Scan URL
Title: - Accessibility statement (new window)
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://filmpuljen-nemlogin.ditmer.zone/
HTTP 302
https://filmpuljen-nemlogin.ditmer.zone/Security/Login/?ReturnUrl=%2f HTTP 302
https://filmpuljen-nemlogin.ditmer.zone/login.ashx HTTP 302
https://login.test-nemlog-in.dk/adfs/ls/?SAMLRequest=lZJfS8MwFMXfBb9DyHubZB1rG9qN4V4GCjLFB9%2ByNnXRNNl60yF%2Bem%2F3R0VQ9DE5Oef8brjF7LW1ZK87MN6VVMSczqaXF8VOyHkfNm6ld72GQJaLkppaJKniWT5WgjdjXo3XeTZRKdd1xfNJuk4oeTgnjTCJLAF6vXQQlAt4xUci4kkksnueyySTSRLzUSqSPH2kZIE1xqlwcG9C2IJkzPon4%2BKAUuR0i6cIj%2FULU3UDzAIbKm4VgNnrkjbKgqYEB3Igd6KkfeekV2BAOtVqkKGSd%2FOba4lsctv54CtvKU5LSHEg7Y7e343YpruBkk7PlKBaGzfGttvePmsENKHVXfzmnWYFO0Yfa668QxHN8M%2BqwY3%2BeV8b7Sq9wh%2FpTDVoJ%2BmL%2BEeuj%2BenbPZTeME%2BsYfdYN%2BWY%2FoO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=al6SGKuJTBq3t3EsOr%2bJNDBNrDsDAXfMdTz93ldpHacrTSSR8mF87%2b9QaIbIgIMHpKswpD79Jua4mkd9Ao1LsfwXi8dK2hhXYdZcrejNSr77Xsu07U0D60vhyLuoBt01V0CCkm6HbATRhuu595dvY3m89E9DSI9iYGQYU5huZiMStXLwgsVR0udZshVskPUsFFspjn%2bF%2fzWtU%2biS%2f4HX2yGg4dEyE4tStjbg2Hq%2fRX62hiQCwogs771N4kfYbZ%2fFjUZMqYI79326HnAxBuQ7xYHzc5azUyKp%2fy%2flHHiBs2voa4OtJ6BFS6XeHYrR0XnWuND9bdfsbRftG9cnZMRDwQ%3d%3d HTTP 307
https://test-nemlog-in.dk/IDP.ashx?SAMLRequest=lZJfS8MwFMXfBb9DyHubZB1rG9qN4V4GCjLFB9%2ByNnXRNNl60yF%2Bem%2F3R0VQ9DE5Oef8brjF7LW1ZK87MN6VVMSczqaXF8VOyHkfNm6ld72GQJaLkppaJKniWT5WgjdjXo3XeTZRKdd1xfNJuk4oeTgnjTCJLAF6vXQQlAt4xUci4kkksnueyySTSRLzUSqSPH2kZIE1xqlwcG9C2IJkzPon4%2BKAUuR0i6cIj%2FULU3UDzAIbKm4VgNnrkjbKgqYEB3Igd6KkfeekV2BAOtVqkKGSd%2FOba4lsctv54CtvKU5LSHEg7Y7e343YpruBkk7PlKBaGzfGttvePmsENKHVXfzmnWYFO0Yfa668QxHN8M%2BqwY3%2BeV8b7Sq9wh%2FpTDVoJ%2BmL%2BEeuj%2BenbPZTeME%2BsYfdYN%2BWY%2FoO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=al6SGKuJTBq3t3EsOr%2bJNDBNrDsDAXfMdTz93ldpHacrTSSR8mF87%2b9QaIbIgIMHpKswpD79Jua4mkd9Ao1LsfwXi8dK2hhXYdZcrejNSr77Xsu07U0D60vhyLuoBt01V0CCkm6HbATRhuu595dvY3m89E9DSI9iYGQYU5huZiMStXLwgsVR0udZshVskPUsFFspjn%2bF%2fzWtU%2biS%2f4HX2yGg4dEyE4tStjbg2Hq%2fRX62hiQCwogs771N4kfYbZ%2fFjUZMqYI79326HnAxBuQ7xYHzc5azUyKp%2fy%2flHHiBs2voa4OtJ6BFS6XeHYrR0XnWuND9bdfsbRftG9cnZMRDwQ%3d%3d HTTP 302
https://test-nemlog-in.dk/login.aspx/noeglekort Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
noeglekort
test-nemlog-in.dk/login.aspx/ Redirect Chain
|
20 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.css
test-nemlog-in.dk/resources/css/ |
21 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-theme.css
test-nemlog-in.dk/resources/css/ |
20 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
test-nemlog-in.dk/resources/css/ |
136 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.0.min.js
test-nemlog-in.dk/Scripts/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
test-nemlog-in.dk/Scripts/ |
31 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.cookie.js
test-nemlog-in.dk/Scripts/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
test-nemlog-in.dk/Scripts/ |
574 B 465 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
test-nemlog-in.dk/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nemlogin.png
test-nemlog-in.dk/resources/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print.css
test-nemlog-in.dk/resources/css/ |
1 KB 653 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum.js
test-nemlog-in.dk/resources/js/ |
68 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
speaker.png
test-nemlog-in.dk/resources/images/icons/ |
358 B 418 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print.png
test-nemlog-in.dk/resources/images/icons/ |
179 B 223 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabSelectedLeft.png
test-nemlog-in.dk/resources/images/ |
629 B 696 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabSelectedRight.png
test-nemlog-in.dk/resources/images/ |
623 B 667 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
noeglekort.png
test-nemlog-in.dk/resources/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabLeft.png
test-nemlog-in.dk/resources/images/ |
479 B 539 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabRight.png
test-nemlog-in.dk/resources/images/ |
504 B 548 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
noeglefilhvid.png
test-nemlog-in.dk/resources/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
63751657113609
appletk.danid.dk/launcher/lmt/ Frame E781 |
9 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KAAAAAKPA0bDbeniVuI27fyk7sYl4LmT926cS7jsKY7wqC_rRpUcBSTMrhmAKwg3NATLhVVF
appletk.danid.dk/init/ Frame E781 |
130 KB 64 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
28150nemid_responsive.css
appletk.danid.dk/resources/ Frame E781 |
159 KB 86 KB |
XHR
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E781 |
4 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js
nemlog-in.dk/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KAAAAHOfDJYDQci2Xs_zyxE99b5C-m25vOaG7_KFW6qr-xq26U8L3RXFcJaPwIGteFQ80Nw51OgH5Un0_QhX9H8FIbj9PauN7IDW3uH-x31wm-8QceL_Dw
appletk.danid.dk/init/ Frame E781 |
368 KB 368 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
KAAAAF7ieZsAkZdT3r0aJJCa2___0lfDQ7WA_oCm
appletk.danid.dk/init/ Frame E781 |
2 KB 3 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
auth2
appletk.danid.dk/ Frame E781 |
12 KB 13 KB |
XHR
application/binary |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DK Government (Government)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| jQuery19009964909910581858 number| adrum-start-time object| adrum-config object| ADRUM function| resizeIframe function| deletecookies object| theForm function| __doPostBack function| disableControls function| setCookie function| getCookie function| checkCookieExists function| onNemIDMessage2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
test-nemlog-in.dk/ | Name: cookieCheck Value: Test |
|
test-nemlog-in.dk/ | Name: Challenge Value: 6A-84-57-0E-59-73-69-9A-6A-06-65-73-32-CC-F3-B5-72-E3-57-C0 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appletk.danid.dk
filmpuljen-nemlogin.ditmer.zone
login.test-nemlog-in.dk
nemlog-in.dk
test-nemlog-in.dk
152.73.246.21
152.73.246.24
184.31.83.126
46.36.211.228
0c779ae95a8b1f10dcec474f7d89e001dfc1d27816dfe9e92542efdee4c6dc76
0f2a44821be6c16ff204533da3a89755bfe8b9faa7744f0fa0f98ade2708e50f
19555a10f79654126191eeff5630a514f49cab22798204845e7cea3fa7d5b84f
20719d5458ca61b80d85d70c25b831c77ad999499190d1f45844c2a0dca909dd
3362a32d70c857fbf14b734b2f9416ed9ade6a2bcad748474724afe26642e3f0
36a326c783a12f72498d41fb32371da87fe0cbd1595248f3f154fd939f07f10c
45775fb7360e57c0baa886c358def0cd3ee665250b87d25e953310bf3ce08675
54730aaaa453471eba5637dd8ae6a230ff4bb44ac5e5c000437388130935d914
599618ce22be8768f7782c2f1e0bdcff2ae749df86bfbda40001893b5da290fe
5e059751ab87f8dee995c02586c7b10d60c6db51f45f5ef5f80156840a4290b2
6b2e84bcb222d95297ac131463b39151ffebc2c976dd49df0dc0199465a28360
77ea24eeb37e7c76e18805e93c84baee078956f2e87fb7ae7e5651f0a3aafc6a
7bed83db4c77418ae53d97c3bbba3e372f564fb49beb16be0f43154e0440c1ae
81269b8905b34e9ba70fc251848d793ed102bba362321f02ced34e075b2372c3
854b9980fb40850baa918354af20767f12d0f237350a1e0beb69f38a8fb9ac37
914ed297ade263a91ce76baa8233a8ad407a228d4632035eb67360045c0d1010
97a364c95a82db802d73854ca438182de729f0ce6fa831665e0c78fde7f54519
a18ecb8ca1faf9fcf977282cbf4646ea79e793a054d2c94e312bf9aa38176f8a
a3e51396959431fa429558f6a37df0665eb2286044bcb53ec0869ad3726fbcb2
ae9e4e38128ce99c320cb14442663879c5fcb39864710b0551c6be326d3503b2
b75466549ff0ff83cfe2664fdc6ce56af56d2f06a967b885a3291ee6dd5b5cca
c29fa121e8a672d2ee1cb0378578cb25af7346aab9322eaec632a8cbe2bac24d
ceac810cb7e98a4e0acf5ca0644b882bc3a364dbfa2f76258616598ed422b3ac
ceb3546bf17ea471197d321e4bb1b474d58b62d25f3e0978c33a31e05f748870
d58f26fe261f344fdd3d203db827c1d1033a688617cdb6a6445e8e6fe256d200
df9f7432ac851bd6cb48f3722a4637df7a018923d6188e19428d31c194937fe1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee1967763b7cfe534f6d2bca6fa32106215ba68f47029edec8fe15b879fa8079