www.identity.kundenorwegian-no.wingman.se Open in urlscan Pro
85.118.206.135 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.identity.kundenorwegian-no.wingman.se/
Effective URL:
https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5
Submission: On February 28 via automatic, source certstream-suspicious (February 28th 2023, 2:43:37 pm UTC) — Scanned from NO

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 85.118.206.135, located in Furulund, Sweden and belongs to CYBERCOM-AS, SE. The main domain is www.identity.kundenorwegian-no.wingman.se.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 28th 2023. Valid for: 3 months.

This is the only time www.identity.kundenorwegian-no.wingman.se was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
4 11	85.118.206.135 85.118.206.135		34941 (CYBERCOM-AS) (CYBERCOM-AS)
10	2

11 85.118.206.135 (Furulund, Sweden) 4 redirects

ASN34941 (CYBERCOM-AS, SE)
PTR: web05-new.wopsa.se

www.identity.kundenorwegian-no.wingman.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	wingman.se 4 redirects www.identity.kundenorwegian-no.wingman.se	216 KB
10	1

	Domain	Requested by
11	www.identity.kundenorwegian-no.wingman.se	4 redirects www.identity.kundenorwegian-no.wingman.se
10	1

This site contains no links.

Subject Issuer	Validity	Valid
identity.kundenorwegian-no.wingman.se cPanel, Inc. Certification Authority	`2023-02-28` - `2023-05-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5
Frame ID: 9F07C92372292EACFF91D07CCB42CAD5
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.identity.kundenorwegian-no.wingman.se/ HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw?f31bc4fe18fa37f114b901005a0614dd HTTP 301
https://www.identity.kundenorwegian-no.wingman.se/nrw/?f31bc4fe18fa37f114b901005a0614dd HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6 Page URL
https://www.identity.kundenorwegian-no.wingman.se/nrw/rd1.php HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

10
Requests

70 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

215 kB
Transfer

343 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.identity.kundenorwegian-no.wingman.se/ HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw?f31bc4fe18fa37f114b901005a0614dd HTTP 301
https://www.identity.kundenorwegian-no.wingman.se/nrw/?f31bc4fe18fa37f114b901005a0614dd HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6 Page URL
https://www.identity.kundenorwegian-no.wingman.se/nrw/rd1.php HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.identity.kundenorwegian-no.wingman.se/ HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw?f31bc4fe18fa37f114b901005a0614dd HTTP 301
https://www.identity.kundenorwegian-no.wingman.se/nrw/?f31bc4fe18fa37f114b901005a0614dd HTTP 302
https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6

10 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

ldn1.php Show response
www.identity.kundenorwegian-no.wingman.se/nrw/
Redirect Chain

https://www.identity.kundenorwegian-no.wingman.se/
https://www.identity.kundenorwegian-no.wingman.se/nrw?f31bc4fe18fa37f114b901005a0614dd
https://www.identity.kundenorwegian-no.wingman.se/nrw/?f31bc4fe18fa37f114b901005a0614dd
https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6

2 KB
2 KB

111ms
111ms

Document
text/html

85.118.206.135
CYBERCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.118.206.135 Furulund, Sweden, ASN34941 (CYBERCOM-AS, SE),

Reverse DNS

web05-new.wopsa.se

Software

Apache / PHP/5.6.40

Resource Hash

17b588c0562f89eb7ddb24f435d1cee285fbfff92e060028bf0b1d158b0fe568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 28 Feb 2023 14:43:33 GMT
server: Apache
x-content-type-options: nosniff
x-powered-by: PHP/5.6.40
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 28 Feb 2023 14:43:33 GMT
location: ./ldn1.php?6fb7456893c60ce21581be558d65aed6
server: Apache
x-content-type-options: nosniff
x-powered-by: PHP/5.6.40
x-xss-protection: 1; mode=block

GET
H2 200 bid_202208220130.css
www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/ 131 KB
131 KB 190ms
190ms Stylesheet
text/css 85.118.206.135
CYBERCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/bid_202208220130.css

Requested by

Host: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.118.206.135 Furulund, Sweden, ASN34941 (CYBERCOM-AS, SE),

Reverse DNS

web05-new.wopsa.se

Software

Apache /

Resource Hash

b7172d740e1c8d9e1f955ffdc9c597ac4e6b9b96a15218a434a8c40146cd15ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:43:33 GMT
x-content-type-options: nosniff
last-modified: Fri, 24 Feb 2023 18:19:44 GMT
server: Apache
content-type: text/css
accept-ranges: bytes
content-length: 134389
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 366 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

Primary Request ktros.php Show response
www.identity.kundenorwegian-no.wingman.se/nrw/
Redirect Chain

https://www.identity.kundenorwegian-no.wingman.se/nrw/rd1.php
https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5

38 KB
38 KB

194ms
193ms

Document
text/html

85.118.206.135
CYBERCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.118.206.135 Furulund, Sweden, ASN34941 (CYBERCOM-AS, SE),

Reverse DNS

web05-new.wopsa.se

Software

Apache / PHP/5.6.40

Resource Hash

3b25b227d544d12d2a88ec262083b592b09f6b5833d88eadc7a9b5f08287a2f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.identity.kundenorwegian-no.wingman.se/nrw/ldn1.php?6fb7456893c60ce21581be558d65aed6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 28 Feb 2023 14:43:37 GMT
server: Apache
x-content-type-options: nosniff
x-powered-by: PHP/5.6.40
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 28 Feb 2023 14:43:37 GMT
location: ./ktros.php?82808029c455c3c7a13b98a8fefe41e5
server: Apache
x-content-type-options: nosniff
x-powered-by: PHP/5.6.40
x-xss-protection: 1; mode=block

GET
H2 200 imask.min.js Show response
www.identity.kundenorwegian-no.wingman.se/nrw/js/ 45 KB
45 KB 135ms
134ms Script
application/javascript 85.118.206.135
CYBERCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.identity.kundenorwegian-no.wingman.se/nrw/js/imask.min.js

Requested by

Host: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.118.206.135 Furulund, Sweden, ASN34941 (CYBERCOM-AS, SE),

Reverse DNS

web05-new.wopsa.se

Software

Apache /

Resource Hash

03990a41a168d5868c1d5a8a810529247506b2e0e3c0621643398002e96661e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:43:37 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Dec 2022 20:07:14 GMT
server: Apache
content-type: application/javascript
accept-ranges: bytes
content-length: 45593
x-xss-protection: 1; mode=block

GET
H2 200 script.js
www.identity.kundenorwegian-no.wingman.se/nrw/js/ 0
0 198ms
197ms Script
application/javascript 85.118.206.135
CYBERCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.identity.kundenorwegian-no.wingman.se/nrw/js/script.js

Requested by

Host: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.118.206.135 Furulund, Sweden, ASN34941 (CYBERCOM-AS, SE),

Reverse DNS

web05-new.wopsa.se

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:43:37 GMT
x-content-type-options: nosniff
last-modified: Thu, 06 Aug 2020 05:02:12 GMT
server: Apache
content-type: application/javascript
accept-ranges: bytes
content-length: 97851
x-xss-protection: 1; mode=block

GET
H2 200 reboot.css
www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/ 128 KB
0 197ms
196ms Stylesheet
text/css 85.118.206.135
CYBERCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/reboot.css

Requested by

Host: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.118.206.135 Furulund, Sweden, ASN34941 (CYBERCOM-AS, SE),

Reverse DNS

web05-new.wopsa.se

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:43:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 26 Feb 2023 22:36:36 GMT
server: Apache
content-type: text/css
accept-ranges: bytes
content-length: 161266
x-xss-protection: 1; mode=block

GET
H2 200 server.8df08e9b0d340ad32314.css
www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/ 0
0 195ms
195ms Stylesheet
text/css 85.118.206.135
CYBERCOM-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/server.8df08e9b0d340ad32314.css

Requested by

Host: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

85.118.206.135 Furulund, Sweden, ASN34941 (CYBERCOM-AS, SE),

Reverse DNS

web05-new.wopsa.se

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.identity.kundenorwegian-no.wingman.se/nrw/ktros.php?82808029c455c3c7a13b98a8fefe41e5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:43:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 26 Feb 2023 22:19:44 GMT
server: Apache
content-type: text/css
accept-ranges: bytes
content-length: 7898
x-xss-protection: 1; mode=block

GET f.txt
www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/ 0
0

GET login.svg
www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/ 0
0

GET bank-norwegian-kredittkort-betaler-i-butikk.webp
www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/f.txt

Domain: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/login.svg

Domain: www.identity.kundenorwegian-no.wingman.se
URL: https://www.identity.kundenorwegian-no.wingman.se/nrw/index_fichiers/bank-norwegian-kredittkort-betaler-i-butikk.webp

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.identity.kundenorwegian-no.wingman.se
www.identity.kundenorwegian-no.wingman.se
85.118.206.135
03990a41a168d5868c1d5a8a810529247506b2e0e3c0621643398002e96661e9
17b588c0562f89eb7ddb24f435d1cee285fbfff92e060028bf0b1d158b0fe568
3b25b227d544d12d2a88ec262083b592b09f6b5833d88eadc7a9b5f08287a2f4
b7172d740e1c8d9e1f955ffdc9c597ac4e6b9b96a15218a434a8c40146cd15ca
bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822

www.identity.kundenorwegian-no.wingman.se Open in urlscan Pro 85.118.206.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

70 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

215 kBTransfer

343 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.identity.kundenorwegian-no.wingman.se Open in urlscan Pro
85.118.206.135 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

70 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

215 kB
Transfer

343 kB
Size

0
Cookies

10 HTTP transactions
1 data transactions