urlscan.io logo urlscan.io
SecurityTrails logo

irontech.no Open in urlscan Pro
149.202.72.186  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&ra...
Effective URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&ra...
Submission: On November 07 via automatic, source phishtank — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 9 domains to perform 18 HTTP transactions. The main IP is 149.202.72.186, located in France and belongs to OVH, FR. The main domain is irontech.no.
TLS certificate: Issued by R3 on October 3rd 2021. Valid for: 3 months.
This is the only time irontech.no was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

5    149.202.72.186 (France)

ASN16276 (OVH, FR)
PTR: vhost3.aleo.no
irontech.no
1    2a00:1288:84:800::1002 (Amsterdam, Netherlands)

ASN203219 (YAHOO-AMA, GB)
mail.yahoo.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
1    2606:4700::6811:490e (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
4    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
translate.googleapis.com
3    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Domain Requested by
5 irontech.no 1 redirects irontech.no
4 translate.googleapis.com irontech.no
translate.googleapis.com
srcdoc
3 www.gstatic.com irontech.no
translate.googleapis.com
1 ajax.cloudflare.com irontech.no
1 ssl.gstatic.com irontech.no
1 mail.yahoo.com irontech.no
0 mail.yeah.net Failed irontech.no
0 mxmail.optimumelectronics.com Failed irontech.no
0 a.gfx.ms Failed irontech.no
0 bankofamerica.com Failed irontech.no
18 10

This site contains links to these domains. Also see Links.

Domain
translate.google.com
Subject Issuer Validity Valid
irontech.no
R3		 2021-10-03 -
2022-01-01		 3 months crt.sh
*.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-25 -
2021-11-17		 24 days crt.sh
*.gstatic.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
ajax.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-11 -
2022-08-16		 2 years crt.sh
upload.video.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Frame ID: CE085E5A518A2EFC2B2C21D3582B18B1
Requests: 17 HTTP requests in this frame

Frame: https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Frame ID: 0A92EA9564456479C04B1E92F9514097
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Email Service Provider

Page URL History Show full URLs

  1. http://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid... HTTP 301
    https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid... Page URL

Page Statistics

18
Requests

78 %
HTTPS

83 %
IPv6

9
Domains

10
Subdomains

7
IPs

4
Countries

244 kB
Transfer

425 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx?n=1774256418 HTTP 301
    https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://irontech.no/sidee/navbar.css HTTP 0
  • http://bankofamerica.com/

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ii.php
irontech.no/sidee/
Redirect Chain
  • http://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&a...
  • https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&...
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.202.72.186 , France, ASN16276 (OVH, FR),
Reverse DNS
vhost3.aleo.no
Software
Apache / PHP/7.3.2 PleskLin
Resource Hash
ac81afcf15ce9ca0590f191d2cf83ac785631956f97ad189c299b30bb6d2e9d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
fr-FR,fr;q=0.9

Response headers

Date
Sun, 07 Nov 2021 04:12:49 GMT
Server
Apache
X-Powered-By
PHP/7.3.2 PleskLin
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sun, 07 Nov 2021 04:12:49 GMT
Server
Apache
Location
https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Content-Length
479
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
bootstrap.css
irontech.no/sidee/files/ 		120 KB
120 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://irontech.no/sidee/files/bootstrap.css
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.202.72.186 , France, ASN16276 (OVH, FR),
Reverse DNS
vhost3.aleo.no
Software
Apache / PleskLin
Resource Hash
a7240089193e066e346d5c5081d5db305ac931a9079a133e47bf22940e946143

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sun, 07 Nov 2021 04:12:49 GMT
Last-Modified
Mon, 22 Oct 2018 20:47:17 GMT
Server
Apache
X-Powered-By
PleskLin
ETag
"1e0ad-578d75bd7005d"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
123053
/
bankofamerica.com/
Redirect Chain
  • https://irontech.no/sidee/navbar.css
  • http://bankofamerica.com/
0
0
signin.css
irontech.no/sidee/files/ 		791 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://irontech.no/sidee/files/signin.css
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.202.72.186 , France, ASN16276 (OVH, FR),
Reverse DNS
vhost3.aleo.no
Software
Apache / PleskLin
Resource Hash
3332fec379c1fa3fa83e8de48b7dc9c408360b4e62bab4bf0e355310108969cb

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sun, 07 Nov 2021 04:12:49 GMT
Last-Modified
Mon, 22 Oct 2018 20:47:15 GMT
Server
Apache
X-Powered-By
PleskLin
ETag
"317-578d75bb658fd"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
791
element.js
irontech.no/sidee/files/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://irontech.no/sidee/files/element.js?cb=googleTranslateElementInit
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.202.72.186 , France, ASN16276 (OVH, FR),
Reverse DNS
vhost3.aleo.no
Software
Apache / PleskLin
Resource Hash
26cc7eaf4fbf8bcd6eb99a36db09ce948e22e14e18a92423ef5d9065f81f808b

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Sun, 07 Nov 2021 04:12:49 GMT
Last-Modified
Mon, 22 Oct 2018 20:47:15 GMT
Server
Apache
X-Powered-By
PleskLin
ETag
"5c0-578d75bb4361d"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1472
favicon.ico
mail.yahoo.com/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mail.yahoo.com/favicon.ico
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:84:800::1002 Amsterdam, Netherlands, ASN203219 (YAHOO-AMA, GB),
Reverse DNS
Software
ATS /
Resource Hash
c6f7ee2cadae2e121342a8c4245141175bfe887776206deb17149d46cf3aa827
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 20:25:48 GMT
x-content-type-options
nosniff
age
28023
x-amz-server-side-encryption
AES256
content-length
2238
x-amz-id-2
0goLxUmZPkwtNZ49FWommdHCjHJjkxiAxl1kfbxT2lOS+E7veBBMMe1LPOv+13K0pX6SMFTcGVA=
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 30 Aug 2021 21:31:42 GMT
server
ATS
etag
"3a07174943f82046370997254100d870"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
ADGZGFDRZPM7V1D6
x-xss-protection
1; mode=block
cache-control
public,max-age=86400
accept-ranges
bytes
content-type
image/vnd.microsoft.icon
expires
Tue, 31 Aug 2021 23:00:00 GMT
OLFav.ico
a.gfx.ms/ 		0
0
logo_strip_2x.png
ssl.gstatic.com/accounts/ui/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/accounts/ui/logo_strip_2x.png
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b2d3305551055e5d28aea38f218ee6ff6006afb8c80cc4f206a206bcb758df7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Wed, 03 Nov 2021 10:40:37 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
322332
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10297
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 03 Nov 2022 10:40:37 GMT
favicon.ico
mxmail.optimumelectronics.com/mail/skins/default/images/ 		0
0
favicon.ico
mail.yeah.net/ 		0
0
cloudflare.min.js
ajax.cloudflare.com/cdn-cgi/nexp/dok8v=b064e16429/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/nexp/dok8v=b064e16429/cloudflare.min.js
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:490e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79d1744b3148a4b7265a9d2006eb1f6b72fda68490c398e380cb0692aeb8c5e5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 04:12:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
last-modified
Fri, 05 Nov 2021 13:27:57 GMT
server
cloudflare
x-frame-options
DENY
etag
W/"6185315d-c37"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUGb1Ca0E79JMSMww1ij9%2FFMJWai6t2bqUgkAygvWyMZhpyWvVPPEql03QoVrUgtWHvOBZj4FxWPjuSp2nJj2VCpvi2Gy%2Fd%2BFNCWhe9ZvfOpj0mq9xxltCSXZFNz4h51J4NNE0XvPT5hyrg3DFlWdtk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
6aa3b9bc692f5a37-MXP
expires
Tue, 09 Nov 2021 04:12:49 GMT
translateelement.css
translate.googleapis.com/translate_static/css/ 		18 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/translate_static/css/translateelement.css
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/files/element.js?cb=googleTranslateElementInit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 03:55:34 GMT
content-encoding
br
x-content-type-options
nosniff
age
1036
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3130
x-xss-protection
0
last-modified
Wed, 24 Feb 2021 19:45:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 07 Nov 2021 04:55:34 GMT
main.js
translate.googleapis.com/translate_static/js/element/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/translate_static/js/element/main.js
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/files/element.js?cb=googleTranslateElementInit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
251c607557e1302862934faeb35d7c9c20cbb64b4abb6a4faed721b71db501f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 03:33:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
2374
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2154
x-xss-protection
0
last-modified
Mon, 24 May 2021 18:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 07 Nov 2021 04:33:16 GMT
element_main.js
translate.googleapis.com/element/TE_20210503_00/e/js/element/ 		252 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/element/TE_20210503_00/e/js/element/element_main.js
Requested by
Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
09363cc7c668ce12683214a9877ae9c068a82dfb8f64111355933c24e7193a98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 18:47:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
33902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
91906
x-xss-protection
0
last-modified
Mon, 03 May 2021 09:56:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 06 Nov 2022 18:47:48 GMT
translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 		846 B
959 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/product/1x/translate_24dp.png
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 01:55:10 GMT
x-content-type-options
nosniff
age
8260
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
846
x-xss-protection
0
last-modified
Thu, 14 Oct 2021 09:08:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Mon, 07 Nov 2022 01:55:10 GMT
googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 		910 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
Requested by
Host: irontech.no
URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://irontech.no/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 02:45:05 GMT
x-content-type-options
nosniff
age
91665
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
910
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sun, 06 Nov 2022 02:45:05 GMT
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/product/2x/translate_24dp.png
Requested by
Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://translate.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Sun, 07 Nov 2021 03:53:35 GMT
x-content-type-options
nosniff
age
1155
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1842
x-xss-protection
0
last-modified
Thu, 14 Oct 2021 09:08:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Mon, 07 Nov 2022 03:53:35 GMT
l
translate.googleapis.com/translate_a/ Frame 0A92 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-l85c5QwOJa3kJ5dU4J8C3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-l85c5QwOJa3kJ5dU4J8C3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin; report-to="TranslateApiHttp"
date
Sun, 07 Nov 2021 04:12:50 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"TranslateApiHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/TranslateApiHttp/external"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bankofamerica.com
URL
http://bankofamerica.com/
Domain
a.gfx.ms
URL
https://a.gfx.ms/OLFav.ico
Domain
mxmail.optimumelectronics.com
URL
https://mxmail.optimumelectronics.com/mail/skins/default/images/favicon.ico
Domain
mail.yeah.net
URL
https://mail.yeah.net/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| CloudFlare object| a object| b function| googleTranslateElementInit object| google object| closure_lm_994365

0 Cookies

8 Console Messages

Source Level URL
Text
security warning URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Message:
Mixed Content: The page at 'https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418' was loaded over HTTPS, but requested an insecure element 'http://mail.yahoo.com/favicon.ico'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Message:
Mixed Content: The page at 'https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418' was loaded over HTTPS, but requested an insecure element 'http://mxmail.optimumelectronics.com/mail/skins/default/images/favicon.ico'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Message:
Mixed Content: The page at 'https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418' was loaded over HTTPS, but requested an insecure element 'http://mail.yeah.net/favicon.ico'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Message:
Mixed Content: The page at 'https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418' was loaded over HTTPS, but requested an insecure stylesheet 'http://bankofamerica.com/'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Message:
Mixed Content: The page at 'https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418' was loaded over HTTPS, but requested an insecure element 'http://mail.yahoo.com/favicon.ico'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Message:
Mixed Content: The page at 'https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418' was loaded over HTTPS, but requested an insecure element 'http://mxmail.optimumelectronics.com/mail/skins/default/images/favicon.ico'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418
Message:
Mixed Content: The page at 'https://irontech.no/sidee/ii.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642=&fid=4&fav.1=&rand.13inboxlight.aspxn.1774256418=&fid.1252899642=&fid.1=&email=a@a.c&.rand=13inboxlight.aspx%3fn=1774256418' was loaded over HTTPS, but requested an insecure element 'http://mail.yeah.net/favicon.ico'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://mail.yeah.net/favicon.ico
Message:
Failed to load resource: net::ERR_CONNECTION_RESET