shared-logon.danskebank.com
Open in
urlscan Pro
212.93.38.8
Malicious Activity!
Public Scan
Effective URL: https://shared-logon.danskebank.com/logon/default/index.html?clientId=eBanking-DK
Submission: On December 26 via api from DK — Scanned from DK
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on March 26th 2023. Valid for: a year.
This is the only time shared-logon.danskebank.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MitID (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a00:18e0:5:3... 2a00:18e0:5:3:dfe2:c743:85aa:61bc | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 212.93.59.104 212.93.59.104 | 12483 (DANSKEBAN...) (DANSKEBANK-AS Aarhus Denmark) | |
1 1 | 212.93.61.104 212.93.61.104 | 12483 (DANSKEBAN...) (DANSKEBANK-AS Aarhus Denmark) | |
1 1 | 212.93.61.70 212.93.61.70 | 12483 (DANSKEBAN...) (DANSKEBANK-AS Aarhus Denmark) | |
2 11 | 212.93.59.221 212.93.59.221 | 12483 (DANSKEBAN...) (DANSKEBANK-AS Aarhus Denmark) | |
12 | 212.93.38.8 212.93.38.8 | 12483 (DANSKEBAN...) (DANSKEBANK-AS Aarhus Denmark) | |
22 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
danskebank.com
2 redirects
userapi2.danskebank.com — Cisco Umbrella Rank: 391172 shared-logon.danskebank.com — Cisco Umbrella Rank: 403300 |
707 KB |
3 |
danskebank.dk
3 redirects
www.danskebank.dk danskebank.dk — Cisco Umbrella Rank: 734717 netbank2.danskebank.dk |
3 KB |
1 |
danskeebanking.com
1 redirects
danskeebanking.com |
191 B |
22 | 3 |
Domain | Requested by | |
---|---|---|
12 | shared-logon.danskebank.com |
shared-logon.danskebank.com
|
11 | userapi2.danskebank.com |
2 redirects
shared-logon.danskebank.com
|
1 | netbank2.danskebank.dk | 1 redirects |
1 | danskebank.dk | 1 redirects |
1 | www.danskebank.dk | 1 redirects |
1 | danskeebanking.com | 1 redirects |
22 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.danskebank.se |
danskebank.se |
Subject Issuer | Validity | Valid | |
---|---|---|---|
shared-logon.danskebank.com GlobalSign RSA OV SSL CA 2018 |
2023-03-26 - 2024-04-26 |
a year | crt.sh |
userapi2.danskebank.com GlobalSign RSA OV SSL CA 2018 |
2023-03-07 - 2024-04-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://shared-logon.danskebank.com/logon/default/index.html?clientId=eBanking-DK
Frame ID: AA3E8E1426C0224C0584270630A37698
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://danskeebanking.com/
HTTP 301
https://www.danskebank.dk/netbank HTTP 301
https://danskebank.dk/netbank HTTP 302
https://netbank2.danskebank.dk/pub/logon/logon.aspx?ss=OI&site=DBNB HTTP 302
https://userapi2.danskebank.com/prod/external/default-ashe/connect/authorize?response_type=code&client_Id=eB... HTTP 302
https://userapi2.danskebank.com/prod/external/default-ashe/account/login?ReturnUrl=%2Fprod%2Fexternal%2Fdefa... HTTP 302
https://shared-logon.danskebank.com/logon/default/index.html?clientId=eBanking-DK Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Læs om sikkerhed
Search URL Search Domain Scan URL
Title: Læs om falske e-mails
Search URL Search Domain Scan URL
Title: Har du brug for hjælp til at logge på?
Search URL Search Domain Scan URL
Title: Kontakt Support Direkte
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://danskeebanking.com/
HTTP 301
https://www.danskebank.dk/netbank HTTP 301
https://danskebank.dk/netbank HTTP 302
https://netbank2.danskebank.dk/pub/logon/logon.aspx?ss=OI&site=DBNB HTTP 302
https://userapi2.danskebank.com/prod/external/default-ashe/connect/authorize?response_type=code&client_Id=eBanking-DK&scope=openid%20profile%20offline_access&redirect_uri=https%3a%2f%2fnetbank2.danskebank.dk%2fpub%2flogon%2flogonstep2.aspx%3fss%3dOI%26site%3dDBNB&nonce=C5Xedi8qsCfgWfktMKkk0OOT0qiiU3MI&state=YjFjZDU4NjItNWUwMy00M2VmLTgyNmMtY2U1ODU1MWE1YzZh&max_age=86400&response_mode=query HTTP 302
https://userapi2.danskebank.com/prod/external/default-ashe/account/login?ReturnUrl=%2Fprod%2Fexternal%2Fdefault-ashe%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_Id%3DeBanking-DK%26scope%3Dopenid%2520profile%2520offline_access%26redirect_uri%3Dhttps%253A%252F%252Fnetbank2.danskebank.dk%252Fpub%252Flogon%252Flogonstep2.aspx%253Fss%253DOI%2526site%253DDBNB%26nonce%3DC5Xedi8qsCfgWfktMKkk0OOT0qiiU3MI%26state%3DYjFjZDU4NjItNWUwMy00M2VmLTgyNmMtY2U1ODU1MWE1YzZh%26max_age%3D86400%26response_mode%3Dquery HTTP 302
https://shared-logon.danskebank.com/logon/default/index.html?clientId=eBanking-DK Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
shared-logon.danskebank.com/logon/default/ Redirect Chain
|
758 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.ad678162.js
shared-logon.danskebank.com/logon/default/static/js/ |
1 MB 384 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.2b901aef.css
shared-logon.danskebank.com/logon/default/static/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spinner.f08d8e958f2fb8c7f0bb3914c6511a11.svg
shared-logon.danskebank.com/logon/default/static/media/ |
1 KB 983 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
environment.json
shared-logon.danskebank.com/logon/default/ |
372 B 726 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
handshake
userapi2.danskebank.com/prod/external/default-ashe/api/session/ |
2 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
handshake
userapi2.danskebank.com/prod/external/default-ashe/api/session/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
uisettings
userapi2.danskebank.com/prod/external/default-ashe/api/relyingparties/eBanking-DK/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uisettings
userapi2.danskebank.com/prod/external/default-ashe/api/relyingparties/eBanking-DK/ |
143 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
settings
userapi2.danskebank.com/prod/external/default-ashe/api/session/ |
146 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
settings
userapi2.danskebank.com/prod/external/default-ashe/api/session/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
environment.json
shared-logon.danskebank.com/logon/default/ |
372 B 726 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
danske-bank-logo.154c05a78e04009347ecddb918b16561.svg
shared-logon.danskebank.com/logon/default/static/media/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.751d4bcfcc1aeb857f0d.png
shared-logon.danskebank.com/logon/default/static/media/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spinner.f08d8e958f2fb8c7f0bb3914c6511a11.svg
shared-logon.danskebank.com/logon/default/static/media/ |
1 KB 983 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dk_text-webfont.50529db33ac4e983017c.woff2
shared-logon.danskebank.com/logon/default/static/media/ |
35 KB 36 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DanskeHuman-MediumItalic.05085c8434ef42dd71dc.woff
shared-logon.danskebank.com/logon/default/static/media/ |
83 KB 84 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
init
userapi2.danskebank.com/prod/external/default-ashe/api/mitid/v2/ |
460 KB 173 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
init
userapi2.danskebank.com/prod/external/default-ashe/api/mitid/v2/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
logon
userapi2.danskebank.com/prod/external/default-ashe/api/mitid/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spinner.f08d8e958f2fb8c7f0bb3914c6511a11.svg
shared-logon.danskebank.com/logon/default/static/media/ |
1 KB 983 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
logon
userapi2.danskebank.com/prod/external/default-ashe/api/mitid/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- userapi2.danskebank.com
- URL
- https://userapi2.danskebank.com/prod/external/default-ashe/api/mitid/logon?client_id=eBanking-DK
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MitID (Government)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| loadCode function| clearImmediate function| setImmediate object| regeneratorRuntime function| Buffer object| process object| _E88DC0424C20D9072457E00449A70A64 function| SecurityLog string| SecurityBuild15 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.danskebank.dk/ | Name: NSC_JOfiucvudntlg1gc0xxueuejv10i3dQ Value: 4bb3a3d825b2de0aa8efc9a32d1ed68eb5588c1f3a0798a81cc70856f31c5a6cebf94e13 |
|
danskebank.dk/ | Name: NSC_JOfiucvudntlg1gc0xxueuejv10i3dQ Value: 4bb3a3d825b2de0aa8efc9a32d1ed68eb5588c1f3a0798a81cc70856f31c5a6cebf94e13 |
|
netbank2.danskebank.dk/ | Name: ASP.NET_SessionId Value: 5qbhqw1ybd3hahelzsyvuurx |
|
netbank2.danskebank.dk/ | Name: ADRUM_BTa Value: R:0|g:496c0377-9c3f-44bd-890b-8eef67e03ce4|n:customer1_e8a3e9b8-afa5-43c3-aa9c-461710224258 |
|
netbank2.danskebank.dk/ | Name: SameSite Value: None |
|
netbank2.danskebank.dk/ | Name: ADRUM_BT1 Value: R:0|i:271259|e:36 |
|
.danskebank.dk/ | Name: NSSID Value: XeHTPLRHSjTUx9IY4C1pS3Iyfhuir33iWzrTMNFqO7MUpoJZFw9LgJBM21s-DzZQUs3bHYzcVobwlh0V-SszVES5kQ5IXl5zfQfNWS7_SKF4bVitbOWQwsmbhLGUUvA2gxHBwdlBH9_ki2w5E7QQ1rihbXn5egnHio56OTyKmwu4Rw3z3pnMWY0qSTJhfNw0 |
|
.danskebank.dk/ | Name: netbank2-NSSID Value: XeHTPLRHSjTUx9IY4C1pS3Iyfhuir33iWzrTMNFqO7MUpoJZFw9LgJBM21s-DzZQUs3bHYzcVobwlh0V-SszVES5kQ5IXl5zfQfNWS7_SKF4bVitbOWQwsmbhLGUUvA2gxHBwdlBH9_ki2w5E7QQ1rihbXn5egnHio56OTyKmwu4Rw3z3pnMWY0qSTJhfNw0 |
|
netbank2.danskebank.dk/ | Name: NSC_JOxeuitkeq4t3emd31vcmobiyfid1bJ Value: 7ce2a3d9c50bdbaac48061d9413b124a5b19e46eb5c1a53e616a959b65e7f4c9b6acc2d6 |
|
userapi2.danskebank.com/ | Name: __Host-SID Value: 71836342-cd35-442e-b937-5510ff74e5ac |
|
userapi2.danskebank.com/ | Name: NSC_JOthsdcpcosvsgrbxassunczsycgzdT Value: 4bb3a3d8f7640bbe081ac30ee93f4871f7c7bb2e11b09586e548dc5d80e1a1a3ebbcbcaa |
|
userapi2.danskebank.com/ | Name: NSC_JOnnnq1xcc3wxsndb4nwnhbud3waadQ Value: 7ce2a3d915babb449bcd361bf51d5f47286e362a517dd99b112fc56b43cc3013a11163d2 |
|
userapi2.danskebank.com/ | Name: __Host-NSSID.nonce Value: 2222789661c5c318461ab13281af0e955a83d91faf9d5dee340385dae30a3aea |
|
shared-logon.danskebank.com/ | Name: NSC_JOtrmrfgeipxjfxecmfzv0dhuikjybT Value: 7ce2a3d9fb42816b14c5db90cadd2dd966c228f48ba66bcf6837dabd4ce3b85582657afb |
|
shared-logon.danskebank.com/ | Name: NSC_JOmx1ajnbos2halb04srsselaz4habT Value: 4bb3a3d8eca8ef53df52c2fb880097beb733a494797f7ee2474db5cd7bd83dea122cb70f |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=157680000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
danskebank.dk
danskeebanking.com
netbank2.danskebank.dk
shared-logon.danskebank.com
userapi2.danskebank.com
www.danskebank.dk
userapi2.danskebank.com
212.93.38.8
212.93.59.104
212.93.59.221
212.93.61.104
212.93.61.70
2a00:18e0:5:3:dfe2:c743:85aa:61bc
2566dcb0230f1ae2412d24ade3f940e3e6a6b3b6ee40501711bf53abc19386a7
38b735cf7fc0e56ce995f072f2495bede9335c9e7a26524dbe4d59f68cfd79fc
43a59badcbcdfb7b176ac091e7d8f07e8c6c5495a95a37cf672dd6aed54cfd5b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
52b80dbb822aa5d83fa8c41aa31e974880e370c9b92593d953af41f294e5b25a
6ecd6d2935e33daa088ee69ad75907857f734f6ca9eb7cfb87247a91296637c7
86309044e2ed4f4046f452e27010bb7fa4c6dc8792b48cc802c5d20a0c6340c3
8d6cdeba18e9cf9471451396bae61a34cfa57d829bcf414a3c7bffe08b18431e
a932afb16550a01e637669c4698818b99064f5772849923f2f62b5eb29dbca6f
ba0cac1c4d4f1a4695f5461dc6b0c8828c81532a060ae6a9b048b4dee7858d8a
cbebedd550f1d8ea6c9095f303d486b3afb97b0155a112e7104a514bfaa81a28
cfe07425c996cf31442d7c92130f0d095225807e476c3f87d7f2996f0abea120
f0228a65851c12b5da774f1ee2d931aa3fd2352914ef6de25c1c9d6dd1426627