urlscan.io logo urlscan.io
SecurityTrails logo

xero-login.fjordvejr.dk Open in urlscan Pro
46.30.215.31  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLGw&e=philippa.green%4...
Effective URL: https://xero-login.fjordvejr.dk/
Submission: On April 24 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 46.30.215.31, located in Copenhagen, Denmark and belongs to ONECOM, DK. The main domain is xero-login.fjordvejr.dk.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on September 3rd 2017. Valid for: a year.
This is the only time xero-login.fjordvejr.dk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xero (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 64.62.211.142 6939 (HURRICANE)
5 46.30.215.31 51468 (ONECOM)
4 104.108.47.116 16625 (AKAMAI-AS)
11 3
Apex Domain
Subdomains		 Transfer
5 fjordvejr.dk
xero-login.fjordvejr.dk
29 KB
4 xero.com
login.xero.com
45 KB
1 dmanalytics2.com
dmanalytics2.com
210 B
11 3
Domain Requested by
5 xero-login.fjordvejr.dk xero-login.fjordvejr.dk
4 login.xero.com xero-login.fjordvejr.dk
1 dmanalytics2.com 1 redirects
11 3
Subject Issuer Validity Valid
*.fjordvejr.dk
COMODO RSA Domain Validation Secure Server CA		 2017-09-03 -
2018-09-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://xero-login.fjordvejr.dk/
Frame ID: B526DE2E07FE26C05A48E7D7469C16E6
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLG... HTTP 302
    https://xero-login.fjordvejr.dk/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /.*Varnish/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

11
Requests

45 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

74 kB
Transfer

213 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLGw&e=philippa.green%40cgi.com&a=uC4gxklNS4uFWWA9uzgmLA HTTP 302
    https://xero-login.fjordvejr.dk/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
xero-login.fjordvejr.dk/
Redirect Chain
  • https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLGw&e=philippa.green%40cgi.com&a=uC4gxklNS4uFWWA9uzgmLA
  • https://xero-login.fjordvejr.dk/
8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xero-login.fjordvejr.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS
webcluster-ssl1.webpod5-cph3.one.com
Software
Apache /
Resource Hash
5fa3211953ccf7f586218cf30890e10d5087d6888258a1a43af47b2dd2e8bc69

Request headers

:path
/
pragma
no-cache
accept-encoding
gzip, deflate
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control
no-cache
:authority
xero-login.fjordvejr.dk
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Tue, 24 Apr 2018 16:07:17 GMT
content-encoding
gzip
last-modified
Tue, 24 Apr 2018 16:05:13 GMT
server
Apache
age
2112
etag
"b3c1c4ff-20ed-56a9a51d4d402"
vary
Accept-Encoding
content-type
text/html
status
200
x-varnish
329121963 289054195
accept-ranges
bytes
content-length
2811
via
1.1 varnish (Varnish/6.0)

Redirect headers

Location
https://xero-login.fjordvejr.dk/
Date
Tue, 24 Apr 2018 16:42:30 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
all-63ec3168.css
xero-login.fjordvejr.dk/index_files/ 		161 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS
webcluster-ssl1.webpod5-cph3.one.com
Software
Apache /
Resource Hash
522e5aaa8ec1d267f176ad04719aae97d1925b2bbb291fcfd98d7f1d7c76eae8

Request headers

:path
/index_files/all-63ec3168.css
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
xero-login.fjordvejr.dk
referer
https://xero-login.fjordvejr.dk/
:scheme
https
:method
GET
Referer
https://xero-login.fjordvejr.dk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Tue, 24 Apr 2018 16:07:17 GMT
content-encoding
gzip
last-modified
Tue, 24 Apr 2018 16:05:20 GMT
server
Apache
age
2112
etag
"b2333149-28555-56a9a523c57ac"
vary
Accept-Encoding
content-type
text/css
status
200
x-varnish
329121964 195844110
accept-ranges
bytes
content-length
25272
via
1.1 varnish (Varnish/6.0)
login-e7fe2437.js
xero-login.fjordvejr.dk/index_files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://xero-login.fjordvejr.dk/index_files/login-e7fe2437.js
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS
webcluster-ssl1.webpod5-cph3.one.com
Software
Apache /
Resource Hash

Request headers

:path
/index_files/login-e7fe2437.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
xero-login.fjordvejr.dk
referer
https://xero-login.fjordvejr.dk/
:scheme
https
:method
GET
Referer
https://xero-login.fjordvejr.dk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Tue, 24 Apr 2018 16:42:30 GMT
content-encoding
gzip
server
Apache
age
0
vary
Accept-Encoding
x-varnish
329121965
status
404
content-type
text/html; charset=iso-8859-1
content-length
198
via
1.1 varnish (Varnish/6.0)
spinner-5ada83ae.gif
xero-login.fjordvejr.dk/index_files/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xero-login.fjordvejr.dk/index_files/spinner-5ada83ae.gif
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS
webcluster-ssl1.webpod5-cph3.one.com
Software
Apache /
Resource Hash
596719d8f25ddd1cc8d82184e2482f2a906690625500e631668310cbcd6993da

Request headers

:path
/index_files/spinner-5ada83ae.gif
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
xero-login.fjordvejr.dk
referer
https://xero-login.fjordvejr.dk/
:scheme
https
:method
GET
Referer
https://xero-login.fjordvejr.dk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Tue, 24 Apr 2018 16:07:17 GMT
via
1.1 varnish (Varnish/6.0)
last-modified
Tue, 24 Apr 2018 16:05:20 GMT
server
Apache
age
2112
etag
"b310dd8a-451-56a9a523f8bad"
x-varnish
329121966 304252914
status
200
accept-ranges
bytes
content-type
image/gif
content-length
1105
login-e7fe2437.js
xero-login.fjordvejr.dk/index_files/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://xero-login.fjordvejr.dk/index_files/login-e7fe2437.js
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS
webcluster-ssl1.webpod5-cph3.one.com
Software
Apache /
Resource Hash

Request headers

:path
/index_files/login-e7fe2437.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
xero-login.fjordvejr.dk
referer
https://xero-login.fjordvejr.dk/
:scheme
https
:method
GET
Referer
https://xero-login.fjordvejr.dk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Tue, 24 Apr 2018 16:42:30 GMT
content-encoding
gzip
server
Apache
age
0
vary
Accept-Encoding
x-varnish
329121967 303568321
status
404
content-type
text/html; charset=iso-8859-1
content-length
198
via
1.1 varnish (Varnish/6.0)
msg-orange-668607f3.png
login.xero.com/content/shared/img/messages/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.xero.com/content/shared/img/messages/msg-orange-668607f3.png
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
SPDY
Server
104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-47-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0191319a6ddffa6a98ea231a6fb62d1fe1028737382349626780fceb7030f7c0
Security Headers
Name Value
Content-Security-Policy report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy
report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
last-modified
Mon, 19 Feb 2018 15:11:10 GMT
etag
"03b91df93a9d31:0"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
public, max-age=3418851
date
Tue, 24 Apr 2018 16:42:31 GMT
accept-ranges
bytes
content-length
1686
x-client-ip
42649, 44902, 60062
x-ua-compatible
IE=edge
header-330b898e.png
login.xero.com/content/local/img/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.xero.com/content/local/img/header-330b898e.png
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
SPDY
Server
104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-47-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
065ca7e0516e91f8d87d340fc38c5a9fe3bd4fbc19d98b3a243a7bdb7524b6fc
Security Headers
Name Value
Content-Security-Policy report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy
report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
last-modified
Mon, 19 Feb 2018 15:11:10 GMT
etag
"03b91df93a9d31:0"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
public, max-age=3346032
date
Tue, 24 Apr 2018 16:42:31 GMT
accept-ranges
bytes
content-length
41518
x-client-ip
40394, 60062
x-ua-compatible
IE=edge
NationalWeb-Regular.woff
login.xero.com/content/local/fonts/woff/ 		0
0
envelope-51933199.png
login.xero.com/Content/images/marketing/ 		424 B
955 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.xero.com/Content/images/marketing/envelope-51933199.png
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
SPDY
Server
104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-47-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c7a714db31948bdfe27054dd5abded6f3435dd71bd362a231c07a7d3a38e1161
Security Headers
Name Value
Content-Security-Policy report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy
report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
last-modified
Mon, 19 Feb 2018 15:11:08 GMT
etag
"0e60de93a9d31:0"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
public, max-age=3285455
date
Tue, 24 Apr 2018 16:42:31 GMT
accept-ranges
bytes
content-length
424
x-client-ip
46598, 40905, 45235, 50138, 58911, 58045, 60062
x-ua-compatible
IE=edge
padlock-ccc3dff1.png
login.xero.com/Content/images/marketing/ 		233 B
719 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.xero.com/Content/images/marketing/padlock-ccc3dff1.png
Requested by
Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol
SPDY
Server
104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-47-116.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0a88045b745908668639dd623b754e2aa04a1f4f832951c95f4046fb10634539
Security Headers
Name Value
Content-Security-Policy report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy
report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
last-modified
Mon, 19 Feb 2018 15:11:08 GMT
etag
"0e60de93a9d31:0"
strict-transport-security
max-age=31536000
content-type
image/png
status
200
cache-control
public, max-age=3417361
date
Tue, 24 Apr 2018 16:42:31 GMT
accept-ranges
bytes
content-length
233
x-client-ip
46107, 38266, 55147, 60062
x-ua-compatible
IE=edge
NationalWeb-Regular.ttf
login.xero.com/content/local/fonts/ttf/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login.xero.com
URL
https://login.xero.com/content/local/fonts/woff/NationalWeb-Regular.woff
Domain
login.xero.com
URL
https://login.xero.com/content/local/fonts/ttf/NationalWeb-Regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xero (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| userFocus

16 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 66470648068330812450352101648059971694
.xero.com/ Name: AMCV_C593280E560020957F000101%40AdobeOrg
Value: 1406116232%7CMCIDTS%7C17646%7CMCMID%7C66429559848860110510355065193364416344%7CMCAAMLH-1525192951%7C9%7CMCAAMB-1525192951%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1524595351s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17653%7CvVersion%7C2.5.0
www.xero.com/ Name: AKA_A2
Value: 1
.xero.com/ Name: aam_uuid
Value: 66470648068330812450352101648059971694
.xero.com/ Name: check
Value: true
.xero.com/ Name: AMCVS_C593280E560020957F000101%40AdobeOrg
Value: 1
.xero.com/ Name: _gat_UA-3776042-30
Value: 1
www.xero.com/ Name: visitorStatus
Value: new
.xero.com/ Name: _dc_gtm_UA-3776042-30
Value: 1
.xero.com/ Name: XeroLocation
Value: int
.xero.com/ Name: _gid
Value: GA1.2.1530684144.1524588152
.xero.com/ Name: mbox
Value: session#4b450e9b316f4d3ebcdb689846726233#1524590012
.xero.com/ Name: _ga
Value: GA1.2.928882696.1524588152
.xero.com/ Name: aam_xero
Value: seg%3D10071566
.xero.com/ Name: _uetsid
Value: _uet7f7fef6e
.xero.com/ Name: _mkto_trk
Value: id:109-RSD-113&token:_mch-xero.com-1524588151205-92981