test-nemlog-in.dk
Open in
urlscan Pro
152.73.246.24
Malicious Activity!
Public Scan
Effective URL: https://test-nemlog-in.dk/login.aspx/noeglekort
Submission: On May 06 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on June 26th 2019. Valid for: 2 years.
This is the only time test-nemlog-in.dk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 46.36.211.228 46.36.211.228 | 207199 (ZITCOM) (ZITCOM) | |
2 22 | 152.73.246.24 152.73.246.24 | 15687 (AS15687) (AS15687) | |
6 | 104.117.197.179 104.117.197.179 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 152.73.246.21 152.73.246.21 | 15687 (AS15687) (AS15687) | |
27 | 4 |
ASN207199 (ZITCOM, DK)
kulturtilskudsordning-nemlogin.ditmer.zone |
ASN16625 (AKAMAI-AS, US)
PTR: a104-117-197-179.deploy.static.akamaitechnologies.com
appletk.danid.dk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
test-nemlog-in.dk
2 redirects
login.test-nemlog-in.dk test-nemlog-in.dk |
148 KB |
6 |
danid.dk
appletk.danid.dk |
541 KB |
3 |
ditmer.zone
3 redirects
kulturtilskudsordning-nemlogin.ditmer.zone |
2 KB |
1 |
nemlog-in.dk
nemlog-in.dk |
|
27 | 4 |
Domain | Requested by | |
---|---|---|
21 | test-nemlog-in.dk |
1 redirects
test-nemlog-in.dk
|
6 | appletk.danid.dk |
test-nemlog-in.dk
appletk.danid.dk |
3 | kulturtilskudsordning-nemlogin.ditmer.zone | 3 redirects |
1 | nemlog-in.dk |
test-nemlog-in.dk
|
1 | login.test-nemlog-in.dk | 1 redirects |
27 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
adgangforalle.dk |
digst.dk |
www.nemid.nu |
www.was.digst.dk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.test-nemlog-in.dk GlobalSign RSA OV SSL CA 2018 |
2019-06-26 - 2021-08-21 |
2 years | crt.sh |
appletk.danid.dk GlobalSign Organization Validation CA - SHA256 - G2 |
2020-06-18 - 2022-06-19 |
2 years | crt.sh |
Nemlog-in.dk GlobalSign RSA OV SSL CA 2018 |
2021-02-15 - 2022-03-06 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://test-nemlog-in.dk/login.aspx/noeglekort
Frame ID: 655940968B5A6CA7A50278F0AB7ED347
Requests: 21 HTTP requests in this frame
Frame:
https://appletk.danid.dk/launcher/lmt/63755903669766
Frame ID: EDC310749C1A9C6EFD38E80BBDF6D188
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://kulturtilskudsordning-nemlogin.ditmer.zone/
HTTP 302
https://kulturtilskudsordning-nemlogin.ditmer.zone/Security/Login/?ReturnUrl=%2f HTTP 302
https://kulturtilskudsordning-nemlogin.ditmer.zone/login.ashx HTTP 302
https://login.test-nemlog-in.dk/adfs/ls/?SAMLRequest=lZJfS8MwFMXfBb9DyHubplvrFtqN4V4GCjLFB9%2ByJt3C0mTLTYb46... HTTP 307
https://test-nemlog-in.dk/IDP.ashx?SAMLRequest=lZJfS8MwFMXfBb9DyHubplvrFtqN4V4GCjLFB9%2ByJt3C0mTLTYb46... HTTP 302
https://test-nemlog-in.dk/login.aspx/noeglekort Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Read more about the use of your personal information and your rights here
Search URL Search Domain Scan URL
Title: Order NemID
Search URL Search Domain Scan URL
Title: Renew NemID
Search URL Search Domain Scan URL
Title: - Accessibility statement (new window)
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://kulturtilskudsordning-nemlogin.ditmer.zone/
HTTP 302
https://kulturtilskudsordning-nemlogin.ditmer.zone/Security/Login/?ReturnUrl=%2f HTTP 302
https://kulturtilskudsordning-nemlogin.ditmer.zone/login.ashx HTTP 302
https://login.test-nemlog-in.dk/adfs/ls/?SAMLRequest=lZJfS8MwFMXfBb9DyHubplvrFtqN4V4GCjLFB9%2ByJt3C0mTLTYb46U33R0VQ2OPN4dzfOeFW0%2FdOo4N0oKypMU0zPJ3c3lR7ymbBb8xS7oMEjxbzGisxznLRFDlt27IZjvmKNyUfjYbFqqQDwekAo9fLpjxuQguAIBcGPDc%2BPmU5TbIiycoXOmB0yPJxmhUFvaP0DaN5xCjD%2FdG98X4HjBBt18qkPkqJkV2ckjiKLeGiBaKB9IgnDqAOssYt1yAxioUMsD2tcXCGWQ4KmOGdBOYb9jx7fGAxG9s5621jNY5tEaqOSd3J%2B78x0qTrU%2BLJJSXwTqfboH2IgoZtEGCdMMqsU6F8J136YY0kFTlRTsR7a6IY98CV1N4d%2FbMglDSNXMbPcarptbP0Q7w%2B4pfzjCF%2FcSry3aC%2FGPLrZCaf&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Kcarq0%2fa2m8FVhyTKjt%2fiZTHptwPeWhuAYBn%2f5MsdMWGlcCkIaODf83UC26dy%2fayw%2bWFS6%2bsnMc%2bnjNUxz05ORQ16UT96jrWqOxrVt66i0lVTql3biczTc5wr0sgsoDIHt24W2gv6Lxjee8i9pJzDWp595jQkZbFd9jscqAXX8sWNhR5qNxglceXTQ3%2fmFVGfBmFF7QriRNwN93t9nM%2buRU9BAoJDBrqLBzyAQAKXgiamJDpLRPwmHDXc%2bclxIKKZaUiUmVq84%2fi5zEcXq9wRmFm0P7%2b00QyOwgyuwcG7fTIEHB26ZVrd7wi2PKzHqmYpZ6PGkwzks2izrVmzFaC4A%3d%3d HTTP 307
https://test-nemlog-in.dk/IDP.ashx?SAMLRequest=lZJfS8MwFMXfBb9DyHubplvrFtqN4V4GCjLFB9%2ByJt3C0mTLTYb46U33R0VQ2OPN4dzfOeFW0%2FdOo4N0oKypMU0zPJ3c3lR7ymbBb8xS7oMEjxbzGisxznLRFDlt27IZjvmKNyUfjYbFqqQDwekAo9fLpjxuQguAIBcGPDc%2BPmU5TbIiycoXOmB0yPJxmhUFvaP0DaN5xCjD%2FdG98X4HjBBt18qkPkqJkV2ckjiKLeGiBaKB9IgnDqAOssYt1yAxioUMsD2tcXCGWQ4KmOGdBOYb9jx7fGAxG9s5621jNY5tEaqOSd3J%2B78x0qTrU%2BLJJSXwTqfboH2IgoZtEGCdMMqsU6F8J136YY0kFTlRTsR7a6IY98CV1N4d%2FbMglDSNXMbPcarptbP0Q7w%2B4pfzjCF%2FcSry3aC%2FGPLrZCaf&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Kcarq0%2fa2m8FVhyTKjt%2fiZTHptwPeWhuAYBn%2f5MsdMWGlcCkIaODf83UC26dy%2fayw%2bWFS6%2bsnMc%2bnjNUxz05ORQ16UT96jrWqOxrVt66i0lVTql3biczTc5wr0sgsoDIHt24W2gv6Lxjee8i9pJzDWp595jQkZbFd9jscqAXX8sWNhR5qNxglceXTQ3%2fmFVGfBmFF7QriRNwN93t9nM%2buRU9BAoJDBrqLBzyAQAKXgiamJDpLRPwmHDXc%2bclxIKKZaUiUmVq84%2fi5zEcXq9wRmFm0P7%2b00QyOwgyuwcG7fTIEHB26ZVrd7wi2PKzHqmYpZ6PGkwzks2izrVmzFaC4A%3d%3d HTTP 302
https://test-nemlog-in.dk/login.aspx/noeglekort Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
noeglekort
test-nemlog-in.dk/login.aspx/ Redirect Chain
|
20 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.css
test-nemlog-in.dk/resources/css/ |
21 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-theme.css
test-nemlog-in.dk/resources/css/ |
20 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.css
test-nemlog-in.dk/resources/css/ |
136 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.0.min.js
test-nemlog-in.dk/Scripts/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
test-nemlog-in.dk/Scripts/ |
31 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.cookie.js
test-nemlog-in.dk/Scripts/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
test-nemlog-in.dk/Scripts/ |
574 B 465 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
test-nemlog-in.dk/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nemlogin.png
test-nemlog-in.dk/resources/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print.css
test-nemlog-in.dk/resources/css/ |
1 KB 653 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum.js
test-nemlog-in.dk/resources/js/ |
68 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
speaker.png
test-nemlog-in.dk/resources/images/icons/ |
358 B 418 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print.png
test-nemlog-in.dk/resources/images/icons/ |
179 B 223 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabSelectedLeft.png
test-nemlog-in.dk/resources/images/ |
629 B 696 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabSelectedRight.png
test-nemlog-in.dk/resources/images/ |
623 B 667 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
noeglekort.png
test-nemlog-in.dk/resources/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabLeft.png
test-nemlog-in.dk/resources/images/ |
479 B 539 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabRight.png
test-nemlog-in.dk/resources/images/ |
504 B 548 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
noeglefilhvid.png
test-nemlog-in.dk/resources/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
63755903669766
appletk.danid.dk/launcher/lmt/ Frame EDC3 |
9 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KAAAAMILwXTNW_7kTz3PH8V4y-1hMWNyOGEyEytC05TKGJRzHZ6-VDLygdQIAFCMx4wlZv9B
appletk.danid.dk/init/ Frame EDC3 |
133 KB 65 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
28150nemid_responsive.css
appletk.danid.dk/resources/ Frame EDC3 |
159 KB 86 KB |
XHR
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame EDC3 |
4 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js
nemlog-in.dk/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KAAAABda3iy_sEqH730ZCCW4CpWc5xOcpJJnSWaQ9Xk2Jwg_6-QJCMYaI4UOJtoQ2coWOjLbgxykx0xe6zCT98afLxEsW5icKdxjBNAG02fN6-zCVuBjQA
appletk.danid.dk/init/ Frame EDC3 |
368 KB 368 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
KAAAAJxNH-6VAF7V440qylPghe2LvMBIok5r9o2U
appletk.danid.dk/init/ Frame EDC3 |
2 KB 3 KB |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
auth2
appletk.danid.dk/ Frame EDC3 |
12 KB 13 KB |
XHR
application/binary |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DK Government (Government)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| jQuery190014203411861084492 number| adrum-start-time object| adrum-config object| ADRUM function| resizeIframe function| deletecookies object| theForm function| __doPostBack function| disableControls function| setCookie function| getCookie function| checkCookieExists function| onNemIDMessage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appletk.danid.dk
kulturtilskudsordning-nemlogin.ditmer.zone
login.test-nemlog-in.dk
nemlog-in.dk
test-nemlog-in.dk
104.117.197.179
152.73.246.21
152.73.246.24
46.36.211.228
082df0b4780aab38b943d63242142acd86ba5a6283e03f30f4dd1161189d4174
0c779ae95a8b1f10dcec474f7d89e001dfc1d27816dfe9e92542efdee4c6dc76
0f2a44821be6c16ff204533da3a89755bfe8b9faa7744f0fa0f98ade2708e50f
19555a10f79654126191eeff5630a514f49cab22798204845e7cea3fa7d5b84f
20719d5458ca61b80d85d70c25b831c77ad999499190d1f45844c2a0dca909dd
3362a32d70c857fbf14b734b2f9416ed9ade6a2bcad748474724afe26642e3f0
36a326c783a12f72498d41fb32371da87fe0cbd1595248f3f154fd939f07f10c
45775fb7360e57c0baa886c358def0cd3ee665250b87d25e953310bf3ce08675
46c8426c39e91e076a3124faa724a71593a8cb3b6ca4bd21394a1d72a24c9ec8
54730aaaa453471eba5637dd8ae6a230ff4bb44ac5e5c000437388130935d914
599618ce22be8768f7782c2f1e0bdcff2ae749df86bfbda40001893b5da290fe
5e059751ab87f8dee995c02586c7b10d60c6db51f45f5ef5f80156840a4290b2
77ea24eeb37e7c76e18805e93c84baee078956f2e87fb7ae7e5651f0a3aafc6a
81269b8905b34e9ba70fc251848d793ed102bba362321f02ced34e075b2372c3
854b9980fb40850baa918354af20767f12d0f237350a1e0beb69f38a8fb9ac37
914ed297ade263a91ce76baa8233a8ad407a228d4632035eb67360045c0d1010
97a364c95a82db802d73854ca438182de729f0ce6fa831665e0c78fde7f54519
a18ecb8ca1faf9fcf977282cbf4646ea79e793a054d2c94e312bf9aa38176f8a
ae9e4e38128ce99c320cb14442663879c5fcb39864710b0551c6be326d3503b2
ceac810cb7e98a4e0acf5ca0644b882bc3a364dbfa2f76258616598ed422b3ac
ceb3546bf17ea471197d321e4bb1b474d58b62d25f3e0978c33a31e05f748870
d77dba09823ed7901f612cd656de29c035cfc8e9ad67d82e5fdfa92c08768ddd
df9f7432ac851bd6cb48f3722a4637df7a018923d6188e19428d31c194937fe1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee1967763b7cfe534f6d2bca6fa32106215ba68f47029edec8fe15b879fa8079
f2c179c6e5033d479a395c05cccb61ed0bee4c9328c1d98ae148f1779703ffa4
f4b79886c4b8b66a2713b39b4c33aeaac2bef18e4a8f8e165c0861fd6f07e671
fa1e8bf9f622984e818135843f3c19a40edb33546401481d006c5cb7a8ae5e23