danskebank-fi-sinulle.morena-radio.nl Open in urlscan Pro
5.22.249.133 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://danskebank-fi-sinulle.morena-radio.nl/danskebank/
Effective URL:
https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access=
Submission: On February 26 via manual (February 26th 2024, 5:49:29 pm UTC) from FI — Scanned from FI

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 5.22.249.133, located in Netherlands and belongs to CJ2-AS, NL. The main domain is danskebank-fi-sinulle.morena-radio.nl.
TLS certificate: Issued by R3 on February 20th 2024. Valid for: 3 months.

This is the only time danskebank-fi-sinulle.morena-radio.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Danske Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 14	5.22.249.133 5.22.249.133		39704 (CJ2-AS) (CJ2-AS)
13	1

14 5.22.249.133 (Netherlands) 1 redirects

ASN39704 (CJ2-AS, NL)
PTR: cl03.keurigonline.nl

danskebank-fi-sinulle.morena-radio.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	morena-radio.nl 1 redirects danskebank-fi-sinulle.morena-radio.nl	88 KB
13	1

	Domain	Requested by
14	danskebank-fi-sinulle.morena-radio.nl	1 redirects danskebank-fi-sinulle.morena-radio.nl
13	1

This site contains no links.

Subject Issuer	Validity	Valid
morena-radio.nl R3	`2024-02-20` - `2024-05-20`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access=
Frame ID: 6ED8979CF3DC3B64AA9A0355EEA0A0AD
Requests: 7 HTTP requests in this frame

Frame: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606
Frame ID: 1DFF89B02CEDB37AC372C650812994DF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Asiakaspalvelu - Danske Bank

Page URL History Show full URLs

https://danskebank-fi-sinulle.morena-radio.nl/danskebank/ HTTP 302
https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

87 kB
Transfer

224 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://danskebank-fi-sinulle.morena-radio.nl/danskebank/ HTTP 302
https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/ Redirect Chain https://danskebank-fi-sinulle.morena-radio.nl/danskebank/ https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access=	1 KB 508 B	231ms 230ms	Document text/html	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / PHP/7.3.33 Resource Hash `9e7d3d1efa22c2c3b6d70d46b432f8ad382c987ff01d62b43670b3122592f1ae` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 394 content-type text/html; charset-UTF-8;charset=UTF-8 date Mon, 26 Feb 2024 17:49:25 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding,User-Agent x-powered-by PHP/7.3.33 Redirect headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-cache, no-store, must-revalidate, max-age=0 content-length 0 content-type text/html; charset-UTF-8;charset=UTF-8 date Mon, 26 Feb 2024 17:49:24 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= pragma no-cache server LiteSpeed vary User-Agent x-powered-by PHP/7.3.33
GET H2	200	mm.css danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/	1 KB 540 B	118ms 116ms	Stylesheet text/css	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/mm.css Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `636ca8b07f5d3db52d8d21010bde4e3f715f10fdc28eb12f85fc8cb0a2b8cc13` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "5e3-65dc5615-3a35e7b7504bb25a;br" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 404 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	jquery.js Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/	82 KB 28 KB	118ms 117ms	Script application/javascript	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/jquery.js Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `e176dc8d5da626a295961c495ff00c67ac6dd9295677410f6e211537dfb3a1e0` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "14917-65dc5615-37f7fe06cc67448e;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 28764 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	main.js Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/	8 KB 880 B	120ms 119ms	Script application/javascript	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/main.js Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `fbc3f016751626866c70cadd68960c1eb5552c21ae799fed2f909d5b95882837` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "1eed-65dc5615-e1d24c39a71e01c9;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 820 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	dib.js Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/	3 KB 689 B	121ms 120ms	Script application/javascript	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/dib.js Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `3e4047610f1dfa0029e195b36848e679707df60a7999522615c95346d1ecb594` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "d13-65dc5615-c7f8ec90df121a7;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 629 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	page2.php Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/ Frame 1DFF	6 KB 2 KB	269ms 268ms	Document text/html	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606 Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / PHP/7.3.33 Resource Hash `1ef1004be33f76b03d8081ab6aac92fe21e389b1f946e156631513f5db097d96` Request headers Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 1676 content-type text/html; charset-UTF-8;charset=UTF-8 date Mon, 26 Feb 2024 17:49:25 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding,User-Agent x-powered-by PHP/7.3.33
GET H2	200	danske-bank-logo.svg danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/img/	4 KB 2 KB	79ms 76ms	Image image/svg+xml	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Show image Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/img/danske-bank-logo.svg Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/mm.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `2566dcb0230f1ae2412d24ade3f940e3e6a6b3b6ee40501711bf53abc19386a7` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/mm.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "10e2-65dc5615-c86b3aa9179d8ca5;br" vary Accept-Encoding,User-Agent content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes content-length 1797 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	main.css danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/ Frame 1DFF	5 KB 1 KB	84ms 84ms	Stylesheet text/css	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/main.css Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `1b60db1a345adc64ba08ffecc97aea1e33f9c7dddd0df9b995642e0c8888052c` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "1404-65dc5615-81153835fd345102;br" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 1096 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	jquery.js Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/ Frame 1DFF	82 KB 28 KB	86ms 86ms	Script application/javascript	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/jquery.js Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `e176dc8d5da626a295961c495ff00c67ac6dd9295677410f6e211537dfb3a1e0` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "14917-65dc5615-37f7fe06cc67448e;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 28764 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	main.js Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/ Frame 1DFF	8 KB 850 B	89ms 89ms	Script application/javascript	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/main.js Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `fbc3f016751626866c70cadd68960c1eb5552c21ae799fed2f909d5b95882837` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/page2.php?cheking=pass&id=32218606 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT content-encoding br last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "1eed-65dc5615-e1d24c39a71e01c9;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 820 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	ImageRender_fi.ashx.jpg danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/img/ Frame 1DFF	23 KB 23 KB	79ms 78ms	Image image/jpeg	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Show image Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/img/ImageRender_fi.ashx.jpg Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `683f5b803aec9e336fa2e847c10b4c52e241e08cf1b39c48f51ad8cf29abc6f4` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "5a6e-65dc5615-b97d98fa1c8e46e;;;" vary User-Agent content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 23150 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	arrow-blue.png danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/img/ Frame 1DFF	246 B 314 B	80ms 80ms	Image image/png	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Show image Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/img/arrow-blue.png Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / Resource Hash `c7ef27f269def932ae27e77389113bc69fc8fbcbc2476bc8722e196d52b20c23` Request headers accept-language fi-FI,fi;q=0.9 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 26 Feb 2024 17:49:25 GMT last-modified Mon, 26 Feb 2024 09:12:53 GMT server LiteSpeed etag "f6-65dc5615-a0dd4e613e6a5ba3;;;" vary User-Agent content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 246 expires Mon, 04 Mar 2024 17:49:25 GMT
GET H2	200	data.php Show response danskebank-fi-sinulle.morena-radio.nl/danskebank/html/	0 51 B	1247ms 1246ms	XHR text/html	5.22.249.133 CJ2-AS
General Check archive.org Show headers Download Go to Full URL https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/data.php Requested by Host: danskebank-fi-sinulle.morena-radio.nl URL: https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/layout/js/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 5.22.249.133 , Netherlands, ASN39704 (CJ2-AS, NL), Reverse DNS cl03.keurigonline.nl Software LiteSpeed / PHP/7.3.33 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept application/json, text/javascript, /; q=0.01 Referer https://danskebank-fi-sinulle.morena-radio.nl/danskebank/html/index.php?pwd=GHOST&cheking=pass&id=74758928&access= X-Requested-With XMLHttpRequest accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Mon, 26 Feb 2024 17:49:29 GMT server LiteSpeed x-powered-by PHP/7.3.33 vary User-Agent content-type text/html; charset-UTF-8;charset=UTF-8 cache-control no-store, no-cache, must-revalidate content-length 0 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Danske Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			danskebank-fi-sinulle.morena-radio.nl/	1969-12-31 23:59:59	Name: PHPSESSID Value: c417547d96964ae20b021186f51e4538

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

danskebank-fi-sinulle.morena-radio.nl
5.22.249.133
1b60db1a345adc64ba08ffecc97aea1e33f9c7dddd0df9b995642e0c8888052c
1ef1004be33f76b03d8081ab6aac92fe21e389b1f946e156631513f5db097d96
2566dcb0230f1ae2412d24ade3f940e3e6a6b3b6ee40501711bf53abc19386a7
3e4047610f1dfa0029e195b36848e679707df60a7999522615c95346d1ecb594
636ca8b07f5d3db52d8d21010bde4e3f715f10fdc28eb12f85fc8cb0a2b8cc13
683f5b803aec9e336fa2e847c10b4c52e241e08cf1b39c48f51ad8cf29abc6f4
9e7d3d1efa22c2c3b6d70d46b432f8ad382c987ff01d62b43670b3122592f1ae
c7ef27f269def932ae27e77389113bc69fc8fbcbc2476bc8722e196d52b20c23
e176dc8d5da626a295961c495ff00c67ac6dd9295677410f6e211537dfb3a1e0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fbc3f016751626866c70cadd68960c1eb5552c21ae799fed2f909d5b95882837

danskebank-fi-sinulle.morena-radio.nl Open in urlscan Pro 5.22.249.133 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

87 kBTransfer

224 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

danskebank-fi-sinulle.morena-radio.nl Open in urlscan Pro
5.22.249.133 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

87 kB
Transfer

224 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!