xero-login.fjordvejr.dk
Open in
urlscan Pro
46.30.215.31
Malicious Activity!
Public Scan
Effective URL: https://xero-login.fjordvejr.dk/
Submission: On April 25 via manual from IE
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on September 3rd 2017. Valid for: a year.
This is the only time xero-login.fjordvejr.dk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xero (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 64.62.211.142 64.62.211.142 | 6939 (HURRICANE) (HURRICANE - Hurricane Electric LLC) | |
5 | 46.30.215.31 46.30.215.31 | 51468 (ONECOM) (ONECOM) | |
4 | 104.108.47.116 104.108.47.116 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
11 | 3 |
ASN6939 (HURRICANE - Hurricane Electric LLC, US)
dmanalytics2.com |
ASN51468 (ONECOM, DK)
PTR: webcluster-ssl1.webpod5-cph3.one.com
xero-login.fjordvejr.dk |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-47-116.deploy.static.akamaitechnologies.com
login.xero.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
fjordvejr.dk
xero-login.fjordvejr.dk |
29 KB |
4 |
xero.com
login.xero.com |
46 KB |
1 |
dmanalytics2.com
1 redirects
dmanalytics2.com |
210 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
5 | xero-login.fjordvejr.dk |
xero-login.fjordvejr.dk
|
4 | login.xero.com |
xero-login.fjordvejr.dk
|
1 | dmanalytics2.com | 1 redirects |
11 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.xero.com |
www.facebook.com |
twitter.com |
plus.google.com |
www.linkedin.com |
www.xero.com |
status.xero.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.fjordvejr.dk COMODO RSA Domain Validation Secure Server CA |
2017-09-03 - 2018-09-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://xero-login.fjordvejr.dk/
Frame ID: AA21F0D7746C3A80A8780EF22BE4B046
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLG...
HTTP 302
https://xero-login.fjordvejr.dk/ Page URL
Detected technologies
Varnish (Cache Tools) ExpandDetected patterns
- headers via /.*Varnish/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Google+
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: Try Xero for free
Search URL Search Domain Scan URL
Title: System status
Search URL Search Domain Scan URL
Title: Security noticeboard
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLGw&e=cfasdfas.afdsaf%40bofadfk.co.uk&a=t0ZHQK5nSVSerArFOBXYRw
HTTP 302
https://xero-login.fjordvejr.dk/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
xero-login.fjordvejr.dk/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all-63ec3168.css
xero-login.fjordvejr.dk/index_files/ |
161 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-e7fe2437.js
xero-login.fjordvejr.dk/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spinner-5ada83ae.gif
xero-login.fjordvejr.dk/index_files/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-e7fe2437.js
xero-login.fjordvejr.dk/index_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msg-orange-668607f3.png
login.xero.com/content/shared/img/messages/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header-330b898e.png
login.xero.com/content/local/img/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NationalWeb-Regular.woff
login.xero.com/content/local/fonts/woff/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
envelope-51933199.png
login.xero.com/Content/images/marketing/ |
424 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
padlock-ccc3dff1.png
login.xero.com/Content/images/marketing/ |
233 B 979 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NationalWeb-Regular.ttf
login.xero.com/content/local/fonts/ttf/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.xero.com
- URL
- https://login.xero.com/content/local/fonts/woff/NationalWeb-Regular.woff
- Domain
- login.xero.com
- URL
- https://login.xero.com/content/local/fonts/ttf/NationalWeb-Regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xero (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| userFocus2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.demdex.net/ | Name: demdex Value: 68711519969639985312948521168062618433 |
|
.xero.com/ | Name: AMCV_C593280E560020957F000101%40AdobeOrg Value: 1406116232%7CMCIDTS%7C17647%7CMCMID%7C68692991337514650772946720976910500983%7CMCAAMLH-1525244583%7C9%7CMCAAMB-1525244583%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1524646983s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17654%7CvVersion%7C2.5.0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dmanalytics2.com
login.xero.com
xero-login.fjordvejr.dk
login.xero.com
104.108.47.116
46.30.215.31
64.62.211.142
0191319a6ddffa6a98ea231a6fb62d1fe1028737382349626780fceb7030f7c0
065ca7e0516e91f8d87d340fc38c5a9fe3bd4fbc19d98b3a243a7bdb7524b6fc
0a88045b745908668639dd623b754e2aa04a1f4f832951c95f4046fb10634539
522e5aaa8ec1d267f176ad04719aae97d1925b2bbb291fcfd98d7f1d7c76eae8
596719d8f25ddd1cc8d82184e2482f2a906690625500e631668310cbcd6993da
5fa3211953ccf7f586218cf30890e10d5087d6888258a1a43af47b2dd2e8bc69
c7a714db31948bdfe27054dd5abded6f3435dd71bd362a231c07a7d3a38e1161