Report - stage.account.postnord.com/oauth2/auth

Report Overview

Visited public
2023-12-05 07:30:46
Tags
fedex logistics phishing
URL
stage.account.postnord.com/oauth2/auth
Finishing URL
stage.account.postnord.com/oauth2/auth
IP / ASN
54.230.111.40
#16509 AMAZON-02
Title
Something went wrong
Phishing - FedEx

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
stage.account.postnord.com	unknown	2009-06-17	2020-01-27 14:25:07	2023-09-18 15:05:34	2.1 kB	14 kB	54.230.111.40
portal.postnord.com	884845	2009-06-17	2019-07-04 12:12:02	2023-12-04 08:57:28	987 B	38 kB	54.230.111.117

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

stage.account.postnord.com/oauth2/auth

54.230.111.40

500 Internal Server Error

4.8 kB

URL User Request GET HTTP/2
stage.account.postnord.com/oauth2/auth
IP
54.230.111.40:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectstage.account.postnord.com
Fingerprint8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC
ValiditySat, 26 Aug 2023 00:00:00 GMT - Tue, 24 Sep 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (511)
Size
4.8 kB (4818 bytes)
Hash
d755bbf2daf630b44a4aee3f9408a075
866af4b2fa8ef7021672439279e182972d35fadd
854fcce817f5b3ca852ff29b8a0969c9af4ef75685dfaa9553b56eea444262ff

HTTP Headers

GET /oauth2/auth HTTP/1.1
Host: stage.account.postnord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 400 Bad Request
content-type: text/html; charset=utf-8
content-length: 4818
date: Tue, 05 Dec 2023 07:30:28 GMT
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: language=en; Path=/
PN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd; Max-Age=15778800; Path=/; Expires=Tue, 04 Jun 2024 22:30:28 GMT; HttpOnly; Secure
cache-control: no-store
x-cache: Error from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5A70cGS5RMreKXs27HTDlxog2AQM9In2kDLBUcha4Dz5lTANyYACbw==
X-Firefox-Spdy: h2

stage.account.postnord.com/oauth2/auth

54.230.111.40

500 Internal Server Error

4.8 kB

URL User Request GET HTTP/2
stage.account.postnord.com/oauth2/auth
IP
54.230.111.40:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectstage.account.postnord.com
Fingerprint8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC
ValiditySat, 26 Aug 2023 00:00:00 GMT - Tue, 24 Sep 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (511)
Size
4.8 kB (4795 bytes)
Hash
b8284ba80fec1eda24ad66b2054fdb78
4fbcb0399881cfb35cf52902ce4f9f3ab9cb7aa2
99bf059043956bb195d6253191c9b6ef9bf7faaec12c4b0d913dacc41e5c585c

HTTP Headers

GET /oauth2/auth HTTP/1.1
Host: stage.account.postnord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: language=en; PN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-type: text/html; charset=utf-8
content-length: 4795
date: Tue, 05 Dec 2023 07:30:29 GMT
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: language=en; Path=/
cache-control: no-store
x-cache: Error from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VS0NwO6qgGBJX_U9gRG3geLC6GDWd3taFrpG1XptguGPFZmkK62kpg==
X-Firefox-Spdy: h2

portal.postnord.com/fonts/PostNordSans-Regular.woff2

54.230.111.117

200 OK

18 kB

URL GET HTTP/2
portal.postnord.com/fonts/PostNordSans-Regular.woff2
IP
54.230.111.117:443
ASN
#16509 AMAZON-02

Requested by
https://stage.account.postnord.com/oauth2/auth
Certificate
IssuerAmazon
Subjectportal.postnord.com
Fingerprint8C:F3:F1:3B:DB:EA:99:42:38:A4:85:CB:88:9E:15:9F:7E:B8:53:42
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18456, version 1.13107\012- data
Size
18 kB (18456 bytes)
Hash
6e27090a4c7ad65ab906ec97e02eb795
5818906b1e545626d81224a483ae11d11d0f86af
c3d6ac7c111917aa295e295cf90f5ab148f4b9b004bfcdfade7ad6ccca6da5cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FedEx

HTTP Headers

GET /fonts/PostNordSans-Regular.woff2 HTTP/1.1
Host: portal.postnord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stage.account.postnord.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 18456
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=604800
date: Tue, 05 Dec 2023 06:55:08 GMT
last-modified: Thu, 08 Jul 2021 12:32:44 GMT
server: nginx/1.18.0
x-amz-version-id: DU8VIksKPOst..z0Wg7e2Os6h3pdkbjS
x-ua-compatible: IE=Edge,chrome=1
etag: "6e27090a4c7ad65ab906ec97e02eb795"
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: GRyGVIVVA8IGwrT4lQgrPWKmN0vEhW8pv-sEE_p2TYgK1io6G59iPA==
age: 2121
X-Firefox-Spdy: h2

portal.postnord.com/fonts/PostNordSans-Bold.woff2

54.230.111.117

200 OK

19 kB

URL GET HTTP/2
portal.postnord.com/fonts/PostNordSans-Bold.woff2
IP
54.230.111.117:443
ASN
#16509 AMAZON-02

Requested by
https://stage.account.postnord.com/oauth2/auth
Certificate
IssuerAmazon
Subjectportal.postnord.com
Fingerprint8C:F3:F1:3B:DB:EA:99:42:38:A4:85:CB:88:9E:15:9F:7E:B8:53:42
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18684, version 1.13107\012- data
Size
19 kB (18684 bytes)
Hash
cdbb430eb8a959e54d03839a49c2f293
e4d1299f89c0e38ddd10f7c38efb62f558b0c2d5
925c29d9c349984b2c2fa129f9123515d42dddfb9c59fe08a6ac8eb85123d4e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FedEx

HTTP Headers

GET /fonts/PostNordSans-Bold.woff2 HTTP/1.1
Host: portal.postnord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stage.account.postnord.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 18684
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=604800
date: Mon, 04 Dec 2023 21:48:36 GMT
last-modified: Thu, 08 Jul 2021 12:32:44 GMT
server: nginx/1.18.0
x-amz-version-id: 6Ub5_ODE2ZbTSwAzMNj8rtAaTutdVb9E
x-ua-compatible: IE=Edge,chrome=1
etag: "cdbb430eb8a959e54d03839a49c2f293"
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: EU0XqOuwleIsbZCRLQBYg_EIMaNdY1dXUDCHUVBQfRBFwsYb5HKkmA==
age: 34913
X-Firefox-Spdy: h2

stage.account.postnord.com/favicon.ico

54.230.111.40

301 Moved Permanently

134 B

URL GET HTTP/2
stage.account.postnord.com/favicon.ico
IP
54.230.111.40:443
ASN
#16509 AMAZON-02

Requested by
https://stage.account.postnord.com/oauth2/auth
Certificate
IssuerAmazon
Subjectstage.account.postnord.com
Fingerprint8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC
ValiditySat, 26 Aug 2023 00:00:00 GMT - Tue, 24 Sep 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: stage.account.postnord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; PN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 134
location: https://stage.account.postnord.com:443/public/stage_favicon.ico
server: awselb/2.0
date: Tue, 05 Dec 2023 07:30:29 GMT
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KASyHcLutZAGV8hL8GPgCP6sQ6FwxyleAXHY_IFJ1Tbm-iUYtbjBNw==
X-Firefox-Spdy: h2

stage.account.postnord.com/public/stage_favicon.ico

54.230.111.40

200 OK

1.1 kB

URL GET HTTP/2
stage.account.postnord.com/public/stage_favicon.ico
IP
54.230.111.40:443
ASN
#16509 AMAZON-02

Requested by
https://stage.account.postnord.com/oauth2/auth
Certificate
IssuerAmazon
Subjectstage.account.postnord.com
Fingerprint8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC
ValiditySat, 26 Aug 2023 00:00:00 GMT - Tue, 24 Sep 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1205), with no line terminators
Size
1.1 kB (1135 bytes)
Hash
ad6cbbce0d0e20e441fe4ce0f515c43f
950f044bd269e0788c3df32122ab377613359125
2cc3aa2b317896e15027254c86f9bfdb46a3adc47dcad764ea70a3c0ae983c51

HTTP Headers

GET /public/stage_favicon.ico HTTP/1.1
Host: stage.account.postnord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; PN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Tue, 05 Dec 2023 07:30:29 GMT
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 04 Dec 2023 23:53:00 GMT
etag: W/"46f-18c373fda8c"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EuxTlsTaNtScLLNY2L_Qq0v13-EVhDNlA5c7gNGuZIWDv96WF3ZtqQ==
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers