{"report_id":"02dd6621-ebcf-4070-b79e-776aaca3110a","version":6,"status":"done","tags":["bankid","authentication"],"date":"2026-03-15T12:48:43Z","url":{"schema":"http","addr":"loweii.org","fqdn":"loweii.org","domain":"loweii.org","tld":"org"},"ip":{"addr":"80.71.235.199","port":0,"asn":3320,"as":"Deutsche Telekom AG","country":"Italy","country_code":"IT"},"final":{"url":{"schema":"https","addr":"loweii.org/","fqdn":"loweii.org","domain":"loweii.org","tld":"org"},"title":"BankID","dom":{"size":11545,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"985159f7e4284f027936852f9406fdc0","sha1":"821b4d8631bd695db0ca49377a2bf6f34836459e","sha256":"687d1b15d5dedfbd9ffad4cee894fb695e6db88a37ebe591430215e0b0b327f3","sha512":"263199cbda89cc0fab7969a58447cb93837048241aebeca4b5d7da26f49becf55c9aafacfe15fb9c682bfcee1ae3ea071cbba65c98a161994dcd7461d3bd2e85","ssdeep":"192:vrICt0jzrps3CqPP8WaI9iqCWeRK5NZikyJwx/4gvE4gtYpHQet3lAg7fuICf4qg:VFb4g84gChQet3egDur4xJv","tlshash":"7932825761b61d229547a17c3be39b063a618003aa07c8583eec6a548fd7ec086b778d","dom_hash":"domhash1bc50f2e787ed1ad362d6d0ee132fdc4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"loweii.org","fqdn":"loweii.org","domain":"loweii.org","tld":"org"},"ip":{"addr":"80.71.235.199","port":0,"asn":3320,"as":"Deutsche Telekom AG","country":"Italy","country_code":"IT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-19T12:48:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"summary":[{"fqdn":"loweii.org","ip":{"addr":"80.71.235.199","port":443,"asn":3320,"as":"Deutsche Telekom AG","country":"Italy","country_code":"IT"},"domain_registered":"2026-03-13","domain_rank":0,"first_seen":"2026-03-15T04:59:17.030839Z","last_seen":"2026-03-15T04:59:17.03084Z","alert_count":2,"request_count":2,"received_data":10978,"sent_data":876,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"loweii.org/","fqdn":"loweii.org","domain":"loweii.org","tld":"org"},"ip":{"addr":"80.71.235.199","port":443,"asn":3320,"as":"Deutsche Telekom AG","country":"Italy","country_code":"IT"},"introduction_type":"scriptElement","is_inline":true,"md5":"4cd97815ae812de307066336b9599853","sha1":"c19a16c889cd9c6add0ee89f23c5d870fb707dc4","sha256":"15967979f51ea715a6352c62355a22ec74c3acc9fc7079ffc4ef52218b71ab1f","sha512":"982a33893a12d9f594a68b289dae75f75fdb79145c187584f6829c38369e9d7ef02ff231ea54a82a7da000ce1facbaee88f43513b1b53a8476dd97c024a859a1","ssdeep":"96:13Eqv3v4G8IT71nrDH/4et3lk5g7fuIMtf4q4xJ6n:1E4gtYpHQet3lAg7fuICf4q4xJ6n","tlshash":"cbc163a771b60d31869b62b92be7db46393180076e4298047eac5b455fd3f80c53b7cd","size":6077,"data":"","first_seen":"2026-03-15T04:59:20.725082Z","last_seen":"2026-03-15T12:59:48.103799Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"loweii.org/","fqdn":"loweii.org","domain":"loweii.org","tld":"org"},"ip":{"addr":"80.71.235.199","port":443,"asn":3320,"as":"Deutsche Telekom AG","country":"Italy","country_code":"IT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-15T12:48:22.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loweii.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:02:59 GMT","end":"Fri, 12 Jun 2026 22:02:58 GMT"},"fingerprint":{"sha1":"C8:B7:FD:9C:3E:26:98:AC:7A:1B:1A:D8:07:6B:8A:D7:BB:1E:47:9D","sha256":"6D:17:C9:89:CC:DC:29:4C:98:A9:FC:4F:52:FF:CA:F2:A5:BA:01:76:33:AF:B1:4D:58:B6:3F:7C:82:B5:41:87"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: loweii.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 15 Mar 2026 12:48:19 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none'\r\nCross-Origin-Resource-Policy: same-origin\r\nReferrer-Policy: no-referrer\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nCache-Control: public, max-age=0\r\nLast-Modified: Sat, 14 Mar 2026 22:13:04 GMT\r\nETag: W/\"2502-19cee690017\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9474,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"1af7add43df2adf756c9cb77672fc522","sha1":"373cf1f350a5da68438ab07108481e2f23527078","sha256":"c1cb37bad18dc13a51aae31aceecc9fd437cac1ff3b14c71f4046380ff6a1cf1","sha512":"a6d153d32871008f4cd8c99289f6b64cf33005b067ee6fd62a75860d7e632bf9b644b98df5cad8ae28837d5d06649b30caf401c1e236e4e5a943c912d4537eb0","ssdeep":"192:5rICt0jzrps3CqPP8WaI9iqCWeRK5NZikyJw5E4gtYpHQet3lAg7fuICf4q4xJ6e:HFo4gChQet3egDur4xJT","tlshash":"8d12839762b70931954ba17c3be39b4636318003aa06cd683eec5654cfdbe8096b77cc","first_seen":"2026-03-15T04:59:20.721356Z","last_seen":"2026-03-15T12:59:48.101493Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1025,"timings":{"blocked":451,"dns":402,"connect":19,"send":0,"wait":122,"receive":1,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"loweii.org/favicon.ico","fqdn":"loweii.org","domain":"loweii.org","tld":"org"},"ip":{"addr":"80.71.235.199","port":443,"asn":3320,"as":"Deutsche Telekom AG","country":"Italy","country_code":"IT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://loweii.org/","date":"2026-03-15T12:48:22.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loweii.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:02:59 GMT","end":"Fri, 12 Jun 2026 22:02:58 GMT"},"fingerprint":{"sha1":"C8:B7:FD:9C:3E:26:98:AC:7A:1B:1A:D8:07:6B:8A:D7:BB:1E:47:9D","sha256":"6D:17:C9:89:CC:DC:29:4C:98:A9:FC:4F:52:FF:CA:F2:A5:BA:01:76:33:AF:B1:4D:58:B6:3F:7C:82:B5:41:87"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: loweii.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 15 Mar 2026 12:48:20 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Security-Policy: default-src 'none'\r\nCross-Origin-Resource-Policy: same-origin\r\nReferrer-Policy: no-referrer\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":150,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"84241342d84ac29592a5d9516f8edf7f","sha1":"03c53980e18e17625f439c20e7d438f066202428","sha256":"6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c","sha512":"7509483335c7a30365f7f403098491ac0b44fffcc68a5cdacb86ec191f02dbda5b16a20a09e924b6a29ac938578d43bacb9a50115db5c5668ea27fe1811bd530","ssdeep":"","tlshash":"34c08c9e140012010b2087042ac1326464973b992de685006a87e027ece8a1ad987288","first_seen":"2023-04-05T13:59:49Z","last_seen":"2026-06-10T12:06:58.221029Z","times_seen":7323,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}}]}