xero-login.fjordvejr.dk Open in urlscan Pro
46.30.215.31 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLGw&e=cfasdfas.afdsaf%...
Effective URL:
https://xero-login.fjordvejr.dk/
Submission: On April 25 via manual (April 25th 2018, 7:03:13 am UTC) from IE

Summary HTTP 11 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 11 HTTP transactions. The main IP is 46.30.215.31, located in Copenhagen, Denmark and belongs to ONECOM, DK. The main domain is xero-login.fjordvejr.dk.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on September 3rd 2017. Valid for: a year.

This is the only time xero-login.fjordvejr.dk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xero (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	64.62.211.142 64.62.211.142	6939 (HURRICANE) (HURRICANE - Hurricane Electric LLC)
5	46.30.215.31 46.30.215.31	51468 (ONECOM) (ONECOM)
4	104.108.47.116 104.108.47.116	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
11	3

1 64.62.211.142 (Fremont, United States) 1 redirects

ASN6939 (HURRICANE - Hurricane Electric LLC, US)

dmanalytics2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 46.30.215.31 (Copenhagen, Denmark)

ASN51468 (ONECOM, DK)
PTR: webcluster-ssl1.webpod5-cph3.one.com

xero-login.fjordvejr.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.108.47.116 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-47-116.deploy.static.akamaitechnologies.com

login.xero.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	fjordvejr.dk xero-login.fjordvejr.dk	29 KB
4	xero.com login.xero.com	46 KB
1	dmanalytics2.com 1 redirects dmanalytics2.com	210 B
11	3

	Domain	Requested by
5	xero-login.fjordvejr.dk	xero-login.fjordvejr.dk
4	login.xero.com	xero-login.fjordvejr.dk
1	dmanalytics2.com	1 redirects
11	3

This site contains links to these domains. Also see Links.

Domain
login.xero.com
www.facebook.com
twitter.com
plus.google.com
www.linkedin.com
www.xero.com
status.xero.com

Subject Issuer	Validity	Valid
*.fjordvejr.dk COMODO RSA Domain Validation Secure Server CA	`2017-09-03` - `2018-09-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://xero-login.fjordvejr.dk/
Frame ID: AA21F0D7746C3A80A8780EF22BE4B046
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLG... HTTP 302
https://xero-login.fjordvejr.dk/ Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

11
Requests

45 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

75 kB
Transfer

213 kB
Size

2
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://login.xero.com/ForgottenPassword
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Xero.Accounting
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/Xero
Title: Twitter

Search URL Search Domain Scan URL

URL: https://plus.google.com/+xero
Title: Google+

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/xero
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.xero.com/signup/
Title: Try Xero for free

Search URL Search Domain Scan URL

URL: https://status.xero.com/
Title: System status

Search URL Search Domain Scan URL

URL: https://www.xero.com/blog/security-noticeboard/
Title: Security noticeboard

Search URL Search Domain Scan URL

URL: https://www.xero.com/about/terms
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://www.xero.com/about/privacy
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLGw&e=cfasdfas.afdsaf%40bofadfk.co.uk&a=t0ZHQK5nSVSerArFOBXYRw HTTP 302
https://xero-login.fjordvejr.dk/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
xero-login.fjordvejr.dk/
Redirect Chain

https://dmanalytics2.com/click?u=https%3A%2F%2Fxero-login.fjordvejr.dk%2F&i=2&d=EWILhZm-TOWF9UzuDScLGw&e=cfasdfas.afdsaf%40bofadfk.co.uk&a=t0ZHQK5nSVSerArFOBXYRw
https://xero-login.fjordvejr.dk/

8 KB
3 KB

170ms
34ms

Document
text/html

46.30.215.31
ONECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://xero-login.fjordvejr.dk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster-ssl1.webpod5-cph3.one.com
Software: Apache /
Resource Hash: 5fa3211953ccf7f586218cf30890e10d5087d6888258a1a43af47b2dd2e8bc69

Request headers

:path: /
pragma: no-cache
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control: no-cache
:authority: xero-login.fjordvejr.dk
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 25 Apr 2018 06:30:32 GMT
content-encoding: gzip
last-modified: Tue, 24 Apr 2018 16:05:13 GMT
server: Apache
age: 1949
etag: "b3c1c4ff-20ed-56a9a51d4d402"
vary: Accept-Encoding
content-type: text/html
status: 200
x-varnish: 1012892447 993428965
accept-ranges: bytes
content-length: 2811
via: 1.1 varnish (Varnish/6.0)

Redirect headers

Location: https://xero-login.fjordvejr.dk/
Date: Wed, 25 Apr 2018 07:03:01 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 all-63ec3168.css
xero-login.fjordvejr.dk/index_files/ 161 KB
25 KB 34ms
34ms Stylesheet
text/css 46.30.215.31
ONECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
Requested by: Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster-ssl1.webpod5-cph3.one.com
Software: Apache /
Resource Hash: 522e5aaa8ec1d267f176ad04719aae97d1925b2bbb291fcfd98d7f1d7c76eae8

Request headers

:path: /index_files/all-63ec3168.css
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: xero-login.fjordvejr.dk
referer: https://xero-login.fjordvejr.dk/
:scheme: https
:method: GET
Referer: https://xero-login.fjordvejr.dk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 25 Apr 2018 06:30:32 GMT
content-encoding: gzip
last-modified: Tue, 24 Apr 2018 16:05:20 GMT
server: Apache
age: 1949
etag: "b2333149-28555-56a9a523c57ac"
vary: Accept-Encoding
content-type: text/css
status: 200
x-varnish: 1012892448 990972072
accept-ranges: bytes
content-length: 25272
via: 1.1 varnish (Varnish/6.0)

GET
H2 404 login-e7fe2437.js
xero-login.fjordvejr.dk/index_files/ 0
0 68ms
67ms Script
text/html 46.30.215.31
ONECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://xero-login.fjordvejr.dk/index_files/login-e7fe2437.js
Requested by: Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster-ssl1.webpod5-cph3.one.com
Software: Apache /
Resource Hash

Request headers

:path: /index_files/login-e7fe2437.js
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: xero-login.fjordvejr.dk
referer: https://xero-login.fjordvejr.dk/
:scheme: https
:method: GET
Referer: https://xero-login.fjordvejr.dk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 25 Apr 2018 07:03:01 GMT
content-encoding: gzip
server: Apache
age: 0
vary: Accept-Encoding
x-varnish: 1012892449
status: 404
content-type: text/html; charset=iso-8859-1
content-length: 198
via: 1.1 varnish (Varnish/6.0)

GET
H2 200 spinner-5ada83ae.gif
xero-login.fjordvejr.dk/index_files/ 1 KB
1 KB 67ms
67ms Image
image/gif 46.30.215.31
ONECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xero-login.fjordvejr.dk/index_files/spinner-5ada83ae.gif
Requested by: Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster-ssl1.webpod5-cph3.one.com
Software: Apache /
Resource Hash: 596719d8f25ddd1cc8d82184e2482f2a906690625500e631668310cbcd6993da

Request headers

:path: /index_files/spinner-5ada83ae.gif
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: xero-login.fjordvejr.dk
referer: https://xero-login.fjordvejr.dk/
:scheme: https
:method: GET
Referer: https://xero-login.fjordvejr.dk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 25 Apr 2018 06:30:32 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Tue, 24 Apr 2018 16:05:20 GMT
server: Apache
age: 1949
etag: "b310dd8a-451-56a9a523f8bad"
x-varnish: 1012892450 1001718525
status: 200
accept-ranges: bytes
content-type: image/gif
content-length: 1105

GET
H2 404 login-e7fe2437.js
xero-login.fjordvejr.dk/index_files/ 0
0 34ms
33ms Script
text/html 46.30.215.31
ONECOM

General

Check archive.org

Show headers Download Go to

Full URL: https://xero-login.fjordvejr.dk/index_files/login-e7fe2437.js
Requested by: Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.30.215.31 Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS: webcluster-ssl1.webpod5-cph3.one.com
Software: Apache /
Resource Hash

Request headers

:path: /index_files/login-e7fe2437.js
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: xero-login.fjordvejr.dk
referer: https://xero-login.fjordvejr.dk/
:scheme: https
:method: GET
Referer: https://xero-login.fjordvejr.dk/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 25 Apr 2018 07:03:01 GMT
content-encoding: gzip
server: Apache
age: 0
vary: Accept-Encoding
x-varnish: 1012892451 961652775
status: 404
content-type: text/html; charset=iso-8859-1
content-length: 198
via: 1.1 varnish (Varnish/6.0)

GET
H/1.1 200
OK msg-orange-668607f3.png
login.xero.com/content/shared/img/messages/ 2 KB
2 KB 55ms
8ms Image
image/png 104.108.47.116
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xero.com/content/shared/img/messages/msg-orange-668607f3.png

Requested by

Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/

Protocol

HTTP/1.1

Server

104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-47-116.deploy.static.akamaitechnologies.com

Software

Resource Hash

0191319a6ddffa6a98ea231a6fb62d1fe1028737382349626780fceb7030f7c0

Security Headers

Name	Value
Content-Security-Policy	report-uri /cspreport; default-src 'self' https://.xero.com https://www.google.com; style-src 'self' https://.xero.com 'unsafe-inline' data: ; script-src 'self' https://.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors .xero.com;
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Content-Security-Policy: report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Last-Modified: Mon, 19 Feb 2018 15:11:10 GMT
ETag: "03b91df93a9d31:0"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: public, max-age=3367220
Date: Wed, 25 Apr 2018 07:03:02 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1686
X-Client-IP: 42649, 44902, 57920
X-UA-Compatible: IE=edge

GET
H/1.1 200
OK header-330b898e.png
login.xero.com/content/local/img/ 41 KB
41 KB 55ms
8ms Image
image/png 104.108.47.116
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xero.com/content/local/img/header-330b898e.png

Requested by

Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/

Protocol

HTTP/1.1

Server

104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-47-116.deploy.static.akamaitechnologies.com

Software

Resource Hash

065ca7e0516e91f8d87d340fc38c5a9fe3bd4fbc19d98b3a243a7bdb7524b6fc

Security Headers

Name	Value
Content-Security-Policy	report-uri /cspreport; default-src 'self' https://.xero.com https://www.google.com; style-src 'self' https://.xero.com 'unsafe-inline' data: ; script-src 'self' https://.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors .xero.com;
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Content-Security-Policy: report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Last-Modified: Mon, 19 Feb 2018 15:11:10 GMT
ETag: "03b91df93a9d31:0"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: public, max-age=3294401
Date: Wed, 25 Apr 2018 07:03:02 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 41518
X-Client-IP: 40394, 57912
X-UA-Compatible: IE=edge

GET NationalWeb-Regular.woff
login.xero.com/content/local/fonts/woff/ 0
0

GET
H/1.1 200
OK envelope-51933199.png
login.xero.com/Content/images/marketing/ 424 B
1 KB 55ms
8ms Image
image/png 104.108.47.116
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xero.com/Content/images/marketing/envelope-51933199.png

Requested by

Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/

Protocol

HTTP/1.1

Server

104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-47-116.deploy.static.akamaitechnologies.com

Software

Resource Hash

c7a714db31948bdfe27054dd5abded6f3435dd71bd362a231c07a7d3a38e1161

Security Headers

Name	Value
Content-Security-Policy	report-uri /cspreport; default-src 'self' https://.xero.com https://www.google.com; style-src 'self' https://.xero.com 'unsafe-inline' data: ; script-src 'self' https://.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors .xero.com;
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Content-Security-Policy: report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Last-Modified: Mon, 19 Feb 2018 15:11:08 GMT
ETag: "0e60de93a9d31:0"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: public, max-age=3233824
Date: Wed, 25 Apr 2018 07:03:02 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 424
X-Client-IP: 46598, 40905, 45235, 50138, 58911, 58045, 57914
X-UA-Compatible: IE=edge

GET
H/1.1 200
OK padlock-ccc3dff1.png
login.xero.com/Content/images/marketing/ 233 B
979 B 54ms
7ms Image
image/png 104.108.47.116
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xero.com/Content/images/marketing/padlock-ccc3dff1.png

Requested by

Host: xero-login.fjordvejr.dk
URL: https://xero-login.fjordvejr.dk/

Protocol

HTTP/1.1

Server

104.108.47.116 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-47-116.deploy.static.akamaitechnologies.com

Software

Resource Hash

0a88045b745908668639dd623b754e2aa04a1f4f832951c95f4046fb10634539

Security Headers

Name	Value
Content-Security-Policy	report-uri /cspreport; default-src 'self' https://.xero.com https://www.google.com; style-src 'self' https://.xero.com 'unsafe-inline' data: ; script-src 'self' https://.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors .xero.com;
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://xero-login.fjordvejr.dk/index_files/all-63ec3168.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Content-Security-Policy: report-uri /cspreport; default-src 'self' https://*.xero.com https://www.google.com; style-src 'self' https://*.xero.com 'unsafe-inline' data: ; script-src 'self' https://*.xero.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.xero.com;
Last-Modified: Mon, 19 Feb 2018 15:11:08 GMT
ETag: "0e60de93a9d31:0"
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: public, max-age=3365730
Date: Wed, 25 Apr 2018 07:03:02 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 233
X-Client-IP: 46107, 38266, 55147, 57918
X-UA-Compatible: IE=edge

GET NationalWeb-Regular.ttf
login.xero.com/content/local/fonts/ttf/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.xero.com
URL: https://login.xero.com/content/local/fonts/woff/NationalWeb-Regular.woff

Domain: login.xero.com
URL: https://login.xero.com/content/local/fonts/ttf/NationalWeb-Regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xero (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| userFocus

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.demdex.net/	1970-01-18 19:49:51	Name: demdex Value: 68711519969639985312948521168062618433
			.xero.com/	1970-01-19 09:03:18	Name: AMCV_C593280E560020957F000101%40AdobeOrg Value: 1406116232%7CMCIDTS%7C17647%7CMCMID%7C68692991337514650772946720976910500983%7CMCAAMLH-1525244583%7C9%7CMCAAMB-1525244583%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1524646983s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17654%7CvVersion%7C2.5.0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dmanalytics2.com
login.xero.com
xero-login.fjordvejr.dk
login.xero.com
104.108.47.116
46.30.215.31
64.62.211.142
0191319a6ddffa6a98ea231a6fb62d1fe1028737382349626780fceb7030f7c0
065ca7e0516e91f8d87d340fc38c5a9fe3bd4fbc19d98b3a243a7bdb7524b6fc
0a88045b745908668639dd623b754e2aa04a1f4f832951c95f4046fb10634539
522e5aaa8ec1d267f176ad04719aae97d1925b2bbb291fcfd98d7f1d7c76eae8
596719d8f25ddd1cc8d82184e2482f2a906690625500e631668310cbcd6993da
5fa3211953ccf7f586218cf30890e10d5087d6888258a1a43af47b2dd2e8bc69
c7a714db31948bdfe27054dd5abded6f3435dd71bd362a231c07a7d3a38e1161

xero-login.fjordvejr.dk Open in urlscan Pro 46.30.215.31 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

45 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

75 kBTransfer

213 kBSize

2 Cookies

10 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

Indicators

xero-login.fjordvejr.dk Open in urlscan Pro
46.30.215.31 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

45 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

75 kB
Transfer

213 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!