spv.kortsikkerhet.site
Open in
urlscan Pro
198.251.88.188
Malicious Activity!
Public Scan
Submission: On May 15 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 15th 2024. Valid for: 3 months.
This is the only time spv.kortsikkerhet.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparebanken West (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 198.251.88.188 198.251.88.188 | 53667 (PONYNET) (PONYNET) | |
4 | 46.137.15.86 46.137.15.86 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 2 |
ASN53667 (PONYNET, US)
PTR: c4.my-control-panel.com
spv.kortsikkerhet.site |
ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-15-86.eu-west-1.compute.amazonaws.com
api-world-d8c5917b0a3d.herokuapp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
kortsikkerhet.site
spv.kortsikkerhet.site |
203 KB |
4 |
herokuapp.com
api-world-d8c5917b0a3d.herokuapp.com |
3 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
8 | spv.kortsikkerhet.site |
spv.kortsikkerhet.site
|
4 | api-world-d8c5917b0a3d.herokuapp.com |
spv.kortsikkerhet.site
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
spv.kortsikkerhet.site R3 |
2024-05-15 - 2024-08-13 |
3 months | crt.sh |
*.herokuapp.com Amazon RSA 2048 M03 |
2024-03-02 - 2025-03-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://spv.kortsikkerhet.site/
Frame ID: D5EB614597588D53CC1B4F6E6662B1E9
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
spv.kortsikkerhet.site/ |
474 B 468 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-DoH5sIGx.js
spv.kortsikkerhet.site/assets/ |
373 KB 119 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-Ni2dw7nG.css
spv.kortsikkerhet.site/assets/ |
20 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
spv-logo-BCZ1PDPz.svg
spv.kortsikkerhet.site/assets/ |
12 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bank-id-DeIFcszL.png
spv.kortsikkerhet.site/assets/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
kod-BaabsuxC.png
spv.kortsikkerhet.site/assets/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Tobias-Bold-DH4yldRD.ttf
spv.kortsikkerhet.site/assets/ |
154 KB 59 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
118 B 901 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
spv.ico
spv.kortsikkerhet.site/ |
15 KB 3 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
2 B 767 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
32 B 814 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
1 B 782 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparebanken West (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| __reactRouterVersion1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
spv.kortsikkerhet.site/ | Name: spv_session_id Value: f90f7606-eb41-4d51-a9e9-9e1382726347 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-world-d8c5917b0a3d.herokuapp.com
spv.kortsikkerhet.site
198.251.88.188
46.137.15.86
0501b73d5dbef8cc1b328d092ceedea42f828fec2d4efca7cd428458e242f99c
06ad9feee3b0d3d90e7a32676874850d1853e17a8ee86c4a96434a16ebc62305
1f2f989d9ead03eaafdb9bd800babd00aa0d281a963203ba18fa487e0c948962
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
47117f612d3c21beca17d8e19bc0eb37c755bbb64d50659d00dc271ede623fcb
5e55419211ec9700965d180203c6b3b5ccd07d23f7d46cf87c845ac58921a950
8a1637922b56447848d1767295d5385ea6e5f26edc38db5bdb2e2286c2de3c08
b3323cb40f5179a0ecdacc9318f82bf310b033443ab65db42ffed10675be1b52
e3e864830ae01c66ea77376482d8048b6ba1cb21c02e12209e36ad06e80a018b
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
eaea1e75bf55fed038911fd694d222230a7cfb026ab18f0f235b101aa5d5cdbf
f85a3723bc5f555106bd9d064d4171f65a34bff98368e36c5ee993da52fcedf5