lntrumbetal.org Open in urlscan Pro
191.96.56.207 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://lntrumbetal.org/
Effective URL:
https://lntrumbetal.org/pages
Submission: On November 21 via manual (November 21st 2022, 8:54:06 am UTC) from NO — Scanned from NO

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 191.96.56.207, located in Phoenix, United States and belongs to AS-HOSTINGER, CY. The main domain is lntrumbetal.org.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on November 20th 2022. Valid for: 3 months.

This is the only time lntrumbetal.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 11	191.96.56.207 191.96.56.207	47583 (AS-HOSTINGER) (AS-HOSTINGER)
3	193.26.146.36 193.26.146.36	207674 (VIPPS-AS) (VIPPS-AS)
12	3

11 191.96.56.207 (Phoenix, United States) 2 redirects

ASN47583 (AS-HOSTINGER, CY)

lntrumbetal.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.26.146.36 (Norway)

ASN207674 (VIPPS-AS, NO)

csfe.bankid.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	lntrumbetal.org 2 redirects lntrumbetal.org	78 KB
3	bankid.no csfe.bankid.no — Cisco Umbrella Rank: 852936	1 KB
12	2

	Domain	Requested by
11	lntrumbetal.org	2 redirects lntrumbetal.org
3	csfe.bankid.no	lntrumbetal.org
12	2

This site contains no links.

Subject Issuer	Validity	Valid
lntrumbetal.org ZeroSSL RSA Domain Secure Site CA	`2022-11-20` - `2023-02-18`	3 months	crt.sh
csfe.bankid.no GlobalSign RSA OV SSL CA 2018	`2022-03-04` - `2023-04-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://lntrumbetal.org/pages
Frame ID: C843DD9FA3AE6125FF6B29FE43F98C95
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OIDC ClientBankID - Identifisering

Page URL History Show full URLs

http://lntrumbetal.org/ HTTP 301
https://lntrumbetal.org/ HTTP 302
https://lntrumbetal.org/pages Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

79 kB
Transfer

354 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lntrumbetal.org/ HTTP 301
https://lntrumbetal.org/ HTTP 302
https://lntrumbetal.org/pages Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request pages Show response
lntrumbetal.org/
Redirect Chain

http://lntrumbetal.org/
https://lntrumbetal.org/
https://lntrumbetal.org/pages

54 KB
15 KB

180ms
180ms

Document
text/html

191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.4.33

Resource Hash

eb31c290922e0febafc423e2364d0548317717b03034536cda06e5eb345ac078

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-length: 15316
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 21 Nov 2022 08:53:58 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
platform: hostinger
pragma: no-cache
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 0
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 21 Nov 2022 08:53:58 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://lntrumbetal.org/pages
platform: hostinger
pragma: no-cache
server: LiteSpeed
x-powered-by: PHP/7.4.33

GET
H2 404 oidc-client.min.js
lntrumbetal.org/static/bifrost/js/ 0
0 179ms
178ms Script
text/html 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/static/bifrost/js/oidc-client.min.js?1.1.0-7+274bc17a

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Nov 2022 08:53:58 GMT
content-security-policy: upgrade-insecure-requests
server: LiteSpeed
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
platform: hostinger
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 oidc-client.min.css
lntrumbetal.org/front_end/front_end_files/ 51 KB
9 KB 177ms
177ms Stylesheet
text/css 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/front_end/front_end_files/oidc-client.min.css?1.1.0-7+274bc17a

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

0f701714eca75339b36fb25a551ab035e6ac88cbf1854fa3c5e4c794d43a3fb7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 08:53:58 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 20 Nov 2022 14:37:08 GMT
server: LiteSpeed
etag: "cab2-637a3b94-baf9988d5b567bf0;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 8592
expires: Mon, 28 Nov 2022 08:53:58 GMT

GET
H2 200 jquery.js Show response
lntrumbetal.org/js/cntdjs/ 87 KB
29 KB 181ms
175ms Script
application/x-javascript 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/js/cntdjs/jquery.js

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 08:53:58 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 20 Nov 2022 14:37:09 GMT
server: LiteSpeed
etag: "15d9d-637a3b95-7b1f81c0983c048a;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 30021
expires: Mon, 28 Nov 2022 08:53:58 GMT

GET
H2 200 jquery.mask.js Show response
lntrumbetal.org/js/cntdjs/ 23 KB
5 KB 360ms
354ms Script
application/x-javascript 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/js/cntdjs/jquery.mask.js

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 08:53:58 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 20 Nov 2022 14:37:09 GMT
server: LiteSpeed
etag: "5a88-637a3b95-e08e12b596bb7b9c;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 5534
expires: Mon, 28 Nov 2022 08:53:58 GMT

GET
H2 200 cntd.js Show response
lntrumbetal.org/js/cntdjs/ 3 KB
948 B 361ms
356ms Script
application/x-javascript 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/js/cntdjs/cntd.js

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 08:53:58 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 20 Nov 2022 14:37:09 GMT
server: LiteSpeed
etag: "abf-637a3b95-a3e20c5bd54d9997;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 885
expires: Mon, 28 Nov 2022 08:53:58 GMT

GET
H2 200 loading.js Show response
lntrumbetal.org/js/shared/ 2 KB
703 B 363ms
357ms Script
application/x-javascript 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/js/shared/loading.js

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 08:53:58 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 20 Nov 2022 14:37:09 GMT
server: LiteSpeed
etag: "7b5-637a3b95-38af95ad49c4cfd7;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 639
expires: Mon, 28 Nov 2022 08:53:58 GMT

GET
H2 200 online_status.js Show response
lntrumbetal.org/js/shared/ 998 B
469 B 364ms
359ms Script
application/x-javascript 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/js/shared/online_status.js

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 08:53:58 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 20 Nov 2022 14:37:10 GMT
server: LiteSpeed
etag: "3e6-637a3b96-aeeb44979a775c94;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 383
expires: Mon, 28 Nov 2022 08:53:58 GMT

GET
H2 200 bid_202201130932.css
lntrumbetal.org/front_end/front_end_files/ 129 KB
17 KB 357ms
352ms Stylesheet
text/css 191.96.56.207
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://lntrumbetal.org/front_end/front_end_files/bid_202201130932.css

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

191.96.56.207 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

68865208ac1cc3b9a6a8bf2e7a8c6e95d90be33bbfd73bb9c682034199f176a4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 08:53:58 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 20 Nov 2022 14:37:08 GMT
server: LiteSpeed
etag: "20297-637a3b94-8eea7a627b8ed6bb;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 17067
expires: Mon, 28 Nov 2022 08:53:58 GMT

GET
H/1.1 200
OK error.js Show response
csfe.bankid.no/jsclient21/ 250 B
611 B 185ms
44ms Script
application/javascript 193.26.146.36
VIPPS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://csfe.bankid.no/jsclient21/error.js
Requested by: Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 193.26.146.36 , Norway, ASN207674 (VIPPS-AS, NO),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 7316e9072940ab33ba3ae1ca8c24c073e6bb5fe85d47b247f2e7e6f8ec7645d3

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 08:53:58 GMT
Last-Modified: Mon, 22 Aug 2022 13:29:58 GMT
Server: Apache-Coyote/1.1
ETag: W/"250-1661174998000"
Content-Type: application/javascript
Cache-Control: max-age=0
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 250
Expires: Mon, 21 Nov 2022 08:53:58 GMT

GET
H/1.1 200
OK KgAAAL2f1cP3S6QFyW7LwEavA4n4LGmaqdgvDrFPGcgpsLJmzcPc2-8XCRQP7z3h_WM6i97fpSLPKwNZOyleBjyk0RCj9p95W2s Show response
csfe.bankid.no/CentralServerFEJS/b/ 108 B
512 B 184ms
45ms Script
application/javascript 193.26.146.36
VIPPS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://csfe.bankid.no/CentralServerFEJS/b/KgAAAL2f1cP3S6QFyW7LwEavA4n4LGmaqdgvDrFPGcgpsLJmzcPc2-8XCRQP7z3h_WM6i97fpSLPKwNZOyleBjyk0RCj9p95W2s

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.26.146.36 , Norway, ASN207674 (VIPPS-AS, NO),

Reverse DNS

Software

Apache-Coyote/1.1 /

Resource Hash

a1f96af0ff80beee233dd05a75843e48337554f85d93f5c533cb42bc8045220e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 08:53:58 GMT
X-Content-Type-Options: nosniff
Server: Apache-Coyote/1.1
X-Frame-Options: DENY
Content-Type: application/javascript;charset=UTF-8
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 108
X-XSS-Protection: 1; mode=block
Expires: Mon, 21 Nov 2022 08:53:58 GMT

GET
H/1.1 200
OK helper21.js Show response
csfe.bankid.no/CentralServerFEJS/Gateway/ 0
367 B 189ms
50ms Script
application/javascript 193.26.146.36
VIPPS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://csfe.bankid.no/CentralServerFEJS/Gateway/helper21.js?cid=1i2oCUMt56e3Xq8F

Requested by

Host: lntrumbetal.org
URL: https://lntrumbetal.org/pages

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

193.26.146.36 , Norway, ASN207674 (VIPPS-AS, NO),

Reverse DNS

Software

Apache-Coyote/1.1 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://lntrumbetal.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Nov 2022 08:53:58 GMT
X-Content-Type-Options: nosniff
Server: Apache-Coyote/1.1
X-Frame-Options: DENY
Content-Type: application/javascript
Cache-control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: 0

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 366 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 0
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: text/javascript

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 172 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 167 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 192 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 347026e609df7b4c783cbb5af4b7e65d899b71bdfd9b99de75fbf63a033ea74f

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 494 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e356f94cb14b1e3c53975eb33c18f36f0c9dd1b4866940d6e243d2063546fa30

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 172 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 296 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 310 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c575ff79d199955e3aba19296142cf49cd7bcdcf7317f8a17bed8d349f9a7388

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 200 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc197b30cca0477fd82b1c175af0ed1008687e12d9dff7f75c417f959c1830ae

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			lntrumbetal.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7a4608e993da584011b57a7798a6e1b0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://lntrumbetal.org/static/bifrost/js/oidc-client.min.js?1.1.0-7+274bc17a Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

csfe.bankid.no
lntrumbetal.org
191.96.56.207
193.26.146.36
0f701714eca75339b36fb25a551ab035e6ac88cbf1854fa3c5e4c794d43a3fb7
296d8f67dcf848a35385d138a46404f00c21f1a8eb22249473ddd9aab1f411ab
2fbbbda646f6c6004b2f3670d40a1ad4d5df6c8a0089943845aa5fe55a749e92
347026e609df7b4c783cbb5af4b7e65d899b71bdfd9b99de75fbf63a033ea74f
4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134
4dca530d4682ddf6f4b9053173c007f95875c2634a6b61c9573d93fc21483766
5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
68865208ac1cc3b9a6a8bf2e7a8c6e95d90be33bbfd73bb9c682034199f176a4
6a191c4d1f4adbef09018df519205cc8696e1f0f00a67196f0677e8484d949f2
7316e9072940ab33ba3ae1ca8c24c073e6bb5fe85d47b247f2e7e6f8ec7645d3
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
a1f96af0ff80beee233dd05a75843e48337554f85d93f5c533cb42bc8045220e
bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822
c575ff79d199955e3aba19296142cf49cd7bcdcf7317f8a17bed8d349f9a7388
cbee76f080a3f8638f8d1cc0e1457adf5588a5ca44b56c5bf719bb5f57f0f2de
dc197b30cca0477fd82b1c175af0ed1008687e12d9dff7f75c417f959c1830ae
e356f94cb14b1e3c53975eb33c18f36f0c9dd1b4866940d6e243d2063546fa30
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7
eb31c290922e0febafc423e2364d0548317717b03034536cda06e5eb345ac078
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

lntrumbetal.org Open in urlscan Pro 191.96.56.207 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

79 kBTransfer

354 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

lntrumbetal.org Open in urlscan Pro
191.96.56.207 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

79 kB
Transfer

354 kB
Size

1
Cookies

12 HTTP transactions
12 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!