{"report_id":"74ad6716-ce98-4274-bc8b-b84e0c2130b7","version":6,"status":"done","tags":["bankid","authentication"],"date":"2026-03-03T15:19:37Z","url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/login.php?sessionID=62fc85460e663375bb0c02ed6e9d61a57fac196488d8202aa451ed9939f259e6","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":0,"asn":0,"as":"","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"title":"BankID","dom":{"size":40281,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1741)","md5":"09ee3f9b20dceb7e32e9757e9bb69ae4","sha1":"08349cf1529cc70c27799a9c8534be8c3bb99771","sha256":"6f066b64e5838b02c988be56602407c7fd9427df08456ab6a6329b31bc591e1d","sha512":"c159d416fa596ba5a6ad011bcd80349b583a90450c1c086a5e6afbd03d8a0c87ee1fabb269e4345c8ab3c66a6dc00809908c8523108d372fd464adc082175a45","ssdeep":"384:RaM0nwpJS3WEzonaojsNw+1I97NL2RgzwpZS3GEsKwpJS3WEu5w:8wpI8dpzwpIwp/5w","tlshash":"5f03a6e6b2f891c16453c7a69d7a64362e2734b79a44c64432bc1fe0ef49cec8d43998","dom_hash":"domhash19af06fd50ec2ab6f44c11ca34a604f5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/login.php?sessionID=62fc85460e663375bb0c02ed6e9d61a57fac196488d8202aa451ed9939f259e6","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":0,"asn":0,"as":"","country":"Russia","country_code":"RU"},"tags":["soteria"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T15:19:37Z","useragent":"Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36","referer":"soteria","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"summary":[{"fqdn":"www.info-digital-direktoratet.com","ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"domain_registered":"2026-03-03","domain_rank":0,"first_seen":"2026-03-03T15:10:49.704477Z","last_seen":"2026-03-03T15:10:49.704477Z","alert_count":14,"request_count":14,"received_data":781495,"sent_data":9686,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Cleave.js","description":"JavaScript library for formatting input text content when you are typing.","website":"https://nosir.github.io/cleave.js/","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/script.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9badf8d7e86bbc77b73c44cb2ec6e6d","sha1":"f0ee9bba5b51a925f7286553dff2f423e11d223e","sha256":"c2bf5955f581a7b23299e80fc1c24d4dae89218358bb04f2ac63fff3048012eb","sha512":"d34ea86f71f1e33f03a64e54e30f370efb0388ae2e1d2d8c57b52990def8a1177ade516b1483e8799fd722e04cc0286c1a34f74fb60b5da94b54c4efc296e7c2","ssdeep":"","tlshash":"ff51126929132a744277ab39970fc048ee71451726059255b8cc44f13fb3f74b2e6edd","size":2675,"data":"","first_seen":"2025-08-26T07:16:25.277937Z","last_seen":"2026-04-02T06:23:41.155378Z","times_seen":3450,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/realtime.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"580f35e0841bbf3541df48ccdc59e188","sha1":"036eddf802f5b3edd2dfa4260e12044239780c0b","sha256":"5b5c81dd022b063e686ee6691a6b06e12b2a9a909b4c85ec591856cd11a1d564","sha512":"2f2dc3e2d10f7125b8058360c8951918d5c489dee36b784d1c43a27b4550287eaafdea39953ddab4281738661ac5079571d028e46f6f08c9195dfa14542153ac","ssdeep":"192:HTWvhTydlTgXZTAy/TQ8vZTPmOWT5E9TTcwENTf4WKT1h9Tv0pTPmdrz/:HiJ27UpEiThrOFu/rENL4xpXru7WX","tlshash":"0a12204b6d9744758eb7a3b961f2e30ffc2562232992a3c63e9c02504f3d8991192fd8","size":9591,"data":"","first_seen":"2026-02-28T21:24:29.524657Z","last_seen":"2026-04-02T06:23:41.145302Z","times_seen":3425,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/jquery-ui.min.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e2047978946a1d271356d0b557a84a3","sha1":"5f29a324c8affb1fdb26ad4564b1e044372beed2","sha256":"9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd","sha512":"e7ba19fef5bc00d32347f290e817bdbfffbf87a6eaf7f9777f439ceef9faa8cab286f3ddd5cbca051596a73bb44289de226aabd929263b8312a94f91a47a26dd","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:uNdIVWjNS9cdzAV","tlshash":"8944f84d72403a3295dfa265103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","size":255084,"data":"","first_seen":"2023-03-07T18:39:57Z","last_seen":"2026-04-04T13:52:23.547269Z","times_seen":24399,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/additional-methods.min.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"b936628b76ec2b247a939d678faa0828","sha1":"71a2a5f94ceb732a307ccf86ba765d416f870bf0","sha256":"20797d15c703dc90580b4a49c83baaebe51eed191d43d927fa28b52210ba65f4","sha512":"ae7c87f016a75799b6f6138c192c1ef22697c75fd44156df336db87225f715dd57cca5ea5f06b66050b70343facf24d154761dab27d9e446c29ca440d122f6ef","ssdeep":"192:QcrK7fJSXhbKk9sjs280QenUjWDDB+PpVv5ZBqr+UiKsvyc1cXOk+OUZppUU7zrZ:QcrK7fJSoyo7rQeapRkrTOKc1c7Ts","tlshash":"6982964c6f46a181afa13ce80cebd18e55f5faf0e0490d9da5c042c27ee5fc521e2e1a","size":17804,"data":"","first_seen":"2023-05-26T21:21:44Z","last_seen":"2026-04-02T06:23:41.143158Z","times_seen":3650,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/cleave.min.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"57e2edc1bdc89c92a9f36f722eb42324","sha1":"4613d910f8dbacbb97ca60259840c4b77ebaac12","sha256":"8c19df008761d9cc188b1afd83fe87b2be79965d0141f04e76626ca4896fcdd2","sha512":"6e6f82197db746bf465826288e1945cd1df535b9c86a399824890c0798964724d99056239376bd72ec297fd0cdc24d24f208b37a7bc8e4b8aa569c1864fb1e94","ssdeep":"384:yYp7yiq/ApivD5RIjdMVV6qsPHzdhPQzOmSKt4ZIfUugRdEWS+1igMr:yqOIHHZBYjbNqEWegMr","tlshash":"e592b65976aab57503fb306f544b5004a63b6c68688a4181f621e083ec3efc7a1a7f67","size":21134,"data":"","first_seen":"2025-02-16T23:44:47.676345Z","last_seen":"2026-04-02T06:23:41.151958Z","times_seen":3612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/jquery.validate2.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"863868cafb5a4e14057bb31c8ca0ad1a","sha1":"458f111a9d54e33a38521d8bf1eee94803926c50","sha256":"9888bf5fe2d7fd016045a14ae3269ba1782a9756eaf38e11721212f2506d5730","sha512":"8b4957159fb8295aa4c2cf626f06ebdc91963e3b491a8510c26978d56a97a6e95ff03c747a25c44192266553789b76568e63e3cf8d96405e6f90e9ab7b9d7504","ssdeep":"768:QOwVbmh4BvF1vI/V8c6UO17/p9bVgXM0em4HVDkgs230XXXxI9YbM23GGK1t6QSy:Ubmh4BvFxI/V8c6N17/p9bVgXMr31m2x","tlshash":"c1035388378f005f4e8933baa87e518deafdc0759101a07db8de14a465f8da853e5fb4","size":41271,"data":"","first_seen":"2025-02-16T23:44:47.74872Z","last_seen":"2026-04-02T06:23:41.151348Z","times_seen":3636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/jquery.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ac898daf1837381b1264cdb792319ba","sha1":"532496df4622a43699ee57b612180a21aedad065","sha256":"84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff","sha512":"f76767b86456a59400e0c01aca45bb8048870d3c3f345024020bdc7395e95a7dcf429a014781d1d386eef45830a8b454c51bfc1f94ea71f03d81fdfabc0186d0","ssdeep":"6144:nCfa6/j7/KDT1krl+xFbP8s+JgOO/p89lPuY1BHpkYpHeGEbM5AeQz:npbxFbPuhY89RJjHe3bM57Qz","tlshash":"6044c4d9734f115f4ba233aae43b5249ff7dd1b0520551acb58d986c24a081883fafbe","size":272153,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-04T00:10:37.157307Z","times_seen":4820,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"33595d14e912e483af4d7e2bc2ce2773","sha1":"005a8661917b97255909862c8ed3f59f14d15e26","sha256":"73b9198a74d5e58ac45ca6f68e1aae2232d345c5747f13a064f46ec6c62bc685","sha512":"7ebf0a50782438a2e12c5828cee013bd56449c3e660c24d5c1af3eb687db374efd277566f0aebe19542d5575c13d641862cd01ceb44f1e94eab31c4dff219cad","ssdeep":"","tlshash":"759000288a3380202000800a8a8880002a00003b00808028300c00c02f8280a22e02c3","size":42,"data":"","first_seen":"2025-02-16T23:44:47.751217Z","last_seen":"2026-04-02T06:23:41.160551Z","times_seen":3614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"a05ec3da1c3c5c1c36ea45a48f46113f","sha1":"5af9394ef12f91a8cf46bc052ed15a851759f832","sha256":"e7bc5bf79f8535cb3db862574f1ab060a04d6f9cac62fefcbe46bce2ab9ea984","sha512":"45c37be63a7b109adff72414cd686557a2940e4191f965b376f57ac9f03c6ee424059c61ad1f35c80ad7a556d7a48d6a97aa63a315a741f083668afe25cbe371","ssdeep":"96:UBChxRjuzE0ary7yEvimwRjuzE0aryZ5y49SLiT:UqiyuiRs5yCSLiT","tlshash":"6af1625bb2f1ca9111b75777a9bf25407937087b1419de8078bc3ed8df888adca4aa04","size":7559,"data":"","first_seen":"2026-02-28T21:24:29.549577Z","last_seen":"2026-04-02T06:23:41.161075Z","times_seen":3425,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/index.php","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T15:19:15.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /index.php HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nlocation: Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":40260,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":311,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/assets/oidc-client.css","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/assets/oidc-client.css HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 10 Mar 2026 15:19:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 25 May 2025 01:04:48 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6057\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":35571,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (35571), with no line terminators","md5":"4038453b05ddd8f1a9d7f7a122b70142","sha1":"fd8fed00c1302832f88e8d5352425da320c79fb9","sha256":"30e36504d49aad07726dda3f5d227a0d912c40c19b9fbef1cf93e34659d499da","sha512":"e2d46bf80188ffad4c4cf69bd9e4cafa249d5f236aeb2181a83ba21dccdc21edf1246352df3bb2e2a2e9eb965a29786fe092d3f30d76f3a72a5a637a6b0dfb97","ssdeep":"384:SExmza6TpMttGtISPBuHqbJpntGqC4EP+ZamTn9B:SExUpMySYDGq7ac","tlshash":"6df298e6e710b2246e378d399bdcad798217f02388111eedb786140b93c3ad7176578b","first_seen":"2025-06-13T17:20:58.688777Z","last_seen":"2026-04-02T06:23:41.148264Z","times_seen":3584,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/jquery.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/js/jquery.js HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 20 Aug 2023 07:16:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 74427\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":272153,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"2ac898daf1837381b1264cdb792319ba","sha1":"532496df4622a43699ee57b612180a21aedad065","sha256":"84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff","sha512":"f76767b86456a59400e0c01aca45bb8048870d3c3f345024020bdc7395e95a7dcf429a014781d1d386eef45830a8b454c51bfc1f94ea71f03d81fdfabc0186d0","ssdeep":"6144:nCfa6/j7/KDT1krl+xFbP8s+JgOO/p89lPuY1BHpkYpHeGEbM5AeQz:npbxFbPuhY89RJjHe3bM57Qz","tlshash":"6044c4d9734f115f4ba233aae43b5249ff7dd1b0520551acb58d986c24a081883fafbe","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-04T00:10:37.157307Z","times_seen":4820,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/action.php?type=activity","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/action.php?type=activity HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 54\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":54,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"e216e50f5363836b64da1bf14efae81b","sha1":"947615f2b447af044246aa79d649902c050dc471","sha256":"f9a469bc403df7285c1ac9729d9d97287b7930b56ec8c55a1bcb18d062081c9d","sha512":"6a6b8bb489bf4697236bfc2989b0f34525b1c869033f52815e7970215d729a43592f6ba15404abfa160aa797614f8041eececddcf7b0238bb12aa61599e24ebd","ssdeep":"","tlshash":"9c90028886965e945440455291297cd9565d3dc784574b91158c0e5806900a25596126","first_seen":"2026-03-03T15:19:38.549756Z","last_seen":"2026-03-03T15:19:38.71849Z","times_seen":2,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/favicon.ico","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-04-04T13:49:37.596003Z","times_seen":115707,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/action.php?type=activity","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:26.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/action.php?type=activity HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 54\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 03 Mar 2026 15:19:26 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":54,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"566fa4ef1ee853b405a54ed4f1d9fc28","sha1":"e6869ff888b2ca249446461c4636a6ce460b42c5","sha256":"f02051908946d5664cc8c81d1e18f2b69a44adac0dd319d94f3cd2d644ca340e","sha512":"1f628b10cf8b5b0daa8b5f32bd777e4a4f9d4d487f867dd8ae223e0e6a8b1443c3525d7c3eca405ef32d24ce6f57067ecb106deb3a348b7086952aba03757671","ssdeep":"","tlshash":"2b9002c845965e955840455292157cd8565d3d8344575b90258c4e5816900a25596126","first_seen":"2026-03-03T15:19:38.551149Z","last_seen":"2026-03-03T15:19:38.719123Z","times_seen":2,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":73,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/login.php?sessionID=62fc85460e663375bb0c02ed6e9d61a57fac196488d8202aa451ed9939f259e6","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T15:19:15.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/login.php?sessionID=62fc85460e663375bb0c02ed6e9d61a57fac196488d8202aa451ed9939f259e6 HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nset-cookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f; path=/; secure\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nlocation: /index.php\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Tue, 03 Mar 2026 15:19:15 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":40260,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":361,"timings":{"blocked":142,"dns":1,"connect":69,"send":0,"wait":72,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T15:19:16.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 6293\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Cleave.js","description":"JavaScript library for formatting input text content when you are typing.","website":"https://nosir.github.io/cleave.js/","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]}],"data":{"size":40260,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1741)","md5":"fcc6adef028a842acc324463e7dad44f","sha1":"f6c75552da087b08a4819a1bf5ec9eb9784dbfe6","sha256":"f8188ecca537888b9e260b548e297f90fcb0479233de63d3492dccd87d0811a2","sha512":"9f05c4f1ffcfddb30217b22e91ecca644400d344156e32126b6b406fca31e724005896f8253633ed0cd6f02253fcfd78c6613a7f45c1b1f1dbde6348f6f6f9b2","ssdeep":"384:1aM0nwpJS3WESonaojsqC+1I9KwL2RgzwpZS3GEsKwpJS3WEu5O:4wpbxdpzwpIwp/5O","tlshash":"d503a6e6b2f891c16453c7a69d7b64362e2734b79a44c64432bc1fe0ef45cec8d83998","first_seen":"2026-03-03T15:19:38.552024Z","last_seen":"2026-03-03T15:19:38.552024Z","times_seen":1,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/jquery-ui.min.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.535Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/js/jquery-ui.min.js HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Mon, 11 Dec 2023 07:55:14 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 64566\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":255084,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64399)","md5":"1e2047978946a1d271356d0b557a84a3","sha1":"5f29a324c8affb1fdb26ad4564b1e044372beed2","sha256":"9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd","sha512":"e7ba19fef5bc00d32347f290e817bdbfffbf87a6eaf7f9777f439ceef9faa8cab286f3ddd5cbca051596a73bb44289de226aabd929263b8312a94f91a47a26dd","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:uNdIVWjNS9cdzAV","tlshash":"8944f84d72403a3295dfa265103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","first_seen":"2023-03-07T18:39:57Z","last_seen":"2026-04-04T13:52:23.547269Z","times_seen":24399,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/jquery.validate2.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/js/jquery.validate2.js HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 20 Aug 2023 07:16:18 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 10239\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":41272,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (511), with CRLF line terminators","md5":"863868cafb5a4e14057bb31c8ca0ad1a","sha1":"458f111a9d54e33a38521d8bf1eee94803926c50","sha256":"9888bf5fe2d7fd016045a14ae3269ba1782a9756eaf38e11721212f2506d5730","sha512":"8b4957159fb8295aa4c2cf626f06ebdc91963e3b491a8510c26978d56a97a6e95ff03c747a25c44192266553789b76568e63e3cf8d96405e6f90e9ab7b9d7504","ssdeep":"768:QOwVbmh4BvF1vI/V8c6UO17/p9bVgXM0em4HVDkgs230XXXxI9YbM23GGK1t6QSy:Ubmh4BvFxI/V8c6N17/p9bVgXMr31m2x","tlshash":"c1035388378f005f4e8933baa87e518deafdc0759101a07db8de14a465f8da853e5fb4","first_seen":"2025-02-16T23:44:47.74872Z","last_seen":"2026-04-02T06:23:41.151348Z","times_seen":3636,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/additional-methods.min.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.538Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/js/additional-methods.min.js HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 20 Aug 2023 07:16:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 5154\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17819,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17646), with CRLF line terminators","md5":"b936628b76ec2b247a939d678faa0828","sha1":"71a2a5f94ceb732a307ccf86ba765d416f870bf0","sha256":"20797d15c703dc90580b4a49c83baaebe51eed191d43d927fa28b52210ba65f4","sha512":"ae7c87f016a75799b6f6138c192c1ef22697c75fd44156df336db87225f715dd57cca5ea5f06b66050b70343facf24d154761dab27d9e446c29ca440d122f6ef","ssdeep":"192:QcrK7fJSXhbKk9sjs280QenUjWDDB+PpVv5ZBqr+UiKsvyc1cXOk+OUZppUU7zrZ:QcrK7fJSoyo7rQeapRkrTOKc1c7Ts","tlshash":"6982964c6f46a181afa13ce80cebd18e55f5faf0e0490d9da5c042c27ee5fc521e2e1a","first_seen":"2023-05-26T21:21:44Z","last_seen":"2026-04-02T06:23:41.143158Z","times_seen":3650,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/cleave.min.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/js/cleave.min.js HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Wed, 07 Feb 2024 15:22:12 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6071\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":21134,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (20970)","md5":"57e2edc1bdc89c92a9f36f722eb42324","sha1":"4613d910f8dbacbb97ca60259840c4b77ebaac12","sha256":"8c19df008761d9cc188b1afd83fe87b2be79965d0141f04e76626ca4896fcdd2","sha512":"6e6f82197db746bf465826288e1945cd1df535b9c86a399824890c0798964724d99056239376bd72ec297fd0cdc24d24f208b37a7bc8e4b8aa569c1864fb1e94","ssdeep":"384:yYp7yiq/ApivD5RIjdMVV6qsPHzdhPQzOmSKt4ZIfUugRdEWS+1igMr:yqOIHHZBYjbNqEWegMr","tlshash":"e592b65976aab57503fb306f544b5004a63b6c68688a4181f621e083ec3efc7a1a7f67","first_seen":"2025-02-16T23:44:47.676345Z","last_seen":"2026-04-02T06:23:41.151958Z","times_seen":3612,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/script.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/js/script.js HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Mon, 26 May 2025 14:00:58 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 908\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2675,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with CRLF line terminators","md5":"f9badf8d7e86bbc77b73c44cb2ec6e6d","sha1":"f0ee9bba5b51a925f7286553dff2f423e11d223e","sha256":"c2bf5955f581a7b23299e80fc1c24d4dae89218358bb04f2ac63fff3048012eb","sha512":"d34ea86f71f1e33f03a64e54e30f370efb0388ae2e1d2d8c57b52990def8a1177ade516b1483e8799fd722e04cc0286c1a34f74fb60b5da94b54c4efc296e7c2","ssdeep":"","tlshash":"ff51126929132a744277ab39970fc048ee71451726059255b8cc44f13fb3f74b2e6edd","first_seen":"2025-08-26T07:16:25.277937Z","last_seen":"2026-04-02T06:23:41.155378Z","times_seen":3450,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"www.info-digital-direktoratet.com/Client/files/js/realtime.js","fqdn":"www.info-digital-direktoratet.com","domain":"info-digital-direktoratet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c","date":"2026-03-03T15:19:16.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.info-digital-direktoratet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 13:42:42 GMT","end":"Mon, 01 Jun 2026 13:42:41 GMT"},"fingerprint":{"sha1":"5E:D5:A8:AA:8F:A5:B2:F3:00:00:22:45:45:8F:D6:52:6E:5D:0D:E5","sha256":"F3:CC:69:DF:3F:3E:F5:1F:0F:6E:19:7E:CF:76:7B:13:9D:03:29:CE:A2:48:E5:89:7B:15:17:DA:C1:D8:E4:FA"}}},"request":{"raw":"GET /Client/files/js/realtime.js HTTP/1.1\r\nHost: www.info-digital-direktoratet.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.info-digital-direktoratet.com/Client/login.php?sessionID=9b5f1ea1e0756ce357a282ed1f37d682aa8baf3606eb1ac03be02ffab1f2550c\r\nCookie: PHPSESSID=fa5c613f87a275c5fac513bb9af9f19f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Mon, 26 May 2025 22:17:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 778\r\ndate: Tue, 03 Mar 2026 15:19:16 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9591,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"580f35e0841bbf3541df48ccdc59e188","sha1":"036eddf802f5b3edd2dfa4260e12044239780c0b","sha256":"5b5c81dd022b063e686ee6691a6b06e12b2a9a909b4c85ec591856cd11a1d564","sha512":"2f2dc3e2d10f7125b8058360c8951918d5c489dee36b784d1c43a27b4550287eaafdea39953ddab4281738661ac5079571d028e46f6f08c9195dfa14542153ac","ssdeep":"192:HTWvhTydlTgXZTAy/TQ8vZTPmOWT5E9TTcwENTf4WKT1h9Tv0pTPmdrz/:HiJ27UpEiThrOFu/rENL4xpXru7WX","tlshash":"0a12204b6d9744758eb7a3b961f2e30ffc2562232992a3c63e9c02504f3d8991192fd8","first_seen":"2026-02-28T21:24:29.524657Z","last_seen":"2026-04-02T06:23:41.145302Z","times_seen":3425,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}}]}