www.spv.kortsikkerhet.site Open in urlscan Pro
198.251.88.188 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.spv.kortsikkerhet.site/
Submission: On May 15 via automatic, source certstream-suspicious (May 15th 2024, 7:16:54 am UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 198.251.88.188, located in Luxembourg, Luxembourg and belongs to PONYNET, US. The main domain is www.spv.kortsikkerhet.site.
TLS certificate: Issued by R3 on May 15th 2024. Valid for: 3 months.

This is the only time www.spv.kortsikkerhet.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sparebanken West (Banking)

Domain & IP information

	IP Address		AS Autonomous System
8	198.251.88.188 198.251.88.188		53667 (PONYNET) (PONYNET)
11	2

8 198.251.88.188 (Luxembourg, Luxembourg)

ASN53667 (PONYNET, US)
PTR: c4.my-control-panel.com

www.spv.kortsikkerhet.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	kortsikkerhet.site www.spv.kortsikkerhet.site	203 KB
0	herokuapp.com Failed api-world-d8c5917b0a3d.herokuapp.com Failed
11	2

	Domain	Requested by
8	www.spv.kortsikkerhet.site	www.spv.kortsikkerhet.site
0	api-world-d8c5917b0a3d.herokuapp.com Failed	www.spv.kortsikkerhet.site
11	2

This site contains no links.

Subject Issuer	Validity	Valid
spv.kortsikkerhet.site R3	`2024-05-15` - `2024-08-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.spv.kortsikkerhet.site/
Frame ID: 053D9602EB20C6CE0E8002EC30E21E38
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Innlogging - Sparebanken Vest

Page Statistics

11
Requests

73 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

203 kB
Transfer

587 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.spv.kortsikkerhet.site/	474 B 468 B	247ms 58ms	Document text/html	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://www.spv.kortsikkerhet.site/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `e3e864830ae01c66ea77376482d8048b6ba1cb21c02e12209e36ad06e80a018b` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 215 content-type text/html date Wed, 15 May 2024 07:16:49 GMT last-modified Fri, 10 May 2024 20:03:00 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	index-DoH5sIGx.js Show response www.spv.kortsikkerhet.site/assets/	373 KB 119 KB	101ms 100ms	Script text/javascript	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://www.spv.kortsikkerhet.site/assets/index-DoH5sIGx.js Requested by Host: www.spv.kortsikkerhet.site URL: https://www.spv.kortsikkerhet.site/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `eaea1e75bf55fed038911fd694d222230a7cfb026ab18f0f235b101aa5d5cdbf` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.spv.kortsikkerhet.site/ Origin https://www.spv.kortsikkerhet.site Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 07:16:49 GMT content-encoding br last-modified Fri, 10 May 2024 20:03:00 GMT server LiteSpeed vary Accept-Encoding content-type text/javascript accept-ranges bytes content-length 122002
GET H2	200	index-Ni2dw7nG.css www.spv.kortsikkerhet.site/assets/	20 KB 4 KB	201ms 200ms	Stylesheet text/css	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://www.spv.kortsikkerhet.site/assets/index-Ni2dw7nG.css Requested by Host: www.spv.kortsikkerhet.site URL: https://www.spv.kortsikkerhet.site/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `f85a3723bc5f555106bd9d064d4171f65a34bff98368e36c5ee993da52fcedf5` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.spv.kortsikkerhet.site/ Origin https://www.spv.kortsikkerhet.site Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 07:16:49 GMT content-encoding br last-modified Fri, 10 May 2024 20:03:00 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 4336 expires Wed, 22 May 2024 07:16:49 GMT
GET H3	200	spv-logo-BCZ1PDPz.svg www.spv.kortsikkerhet.site/assets/	12 KB 5 KB	65ms 65ms	Image image/svg+xml	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://www.spv.kortsikkerhet.site/assets/spv-logo-BCZ1PDPz.svg Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `b3323cb40f5179a0ecdacc9318f82bf310b033443ab65db42ffed10675be1b52` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.spv.kortsikkerhet.site/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 07:16:50 GMT content-encoding br last-modified Fri, 10 May 2024 20:03:00 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 4794 expires Wed, 22 May 2024 07:16:50 GMT
GET H3	200	bank-id-DeIFcszL.png www.spv.kortsikkerhet.site/assets/	5 KB 5 KB	64ms 64ms	Image image/png	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://www.spv.kortsikkerhet.site/assets/bank-id-DeIFcszL.png Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `06ad9feee3b0d3d90e7a32676874850d1853e17a8ee86c4a96434a16ebc62305` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.spv.kortsikkerhet.site/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 07:16:50 GMT last-modified Fri, 10 May 2024 20:03:00 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 4950 expires Wed, 22 May 2024 07:16:50 GMT
GET H3	200	kod-BaabsuxC.png www.spv.kortsikkerhet.site/assets/	7 KB 7 KB	66ms 66ms	Image image/png	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://www.spv.kortsikkerhet.site/assets/kod-BaabsuxC.png Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `0501b73d5dbef8cc1b328d092ceedea42f828fec2d4efca7cd428458e242f99c` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.spv.kortsikkerhet.site/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 07:16:50 GMT last-modified Fri, 10 May 2024 20:03:00 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 7112 expires Wed, 22 May 2024 07:16:50 GMT
GET H3	200	Tobias-Bold-DH4yldRD.ttf www.spv.kortsikkerhet.site/assets/	154 KB 59 KB	57ms 57ms	Font font/ttf	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://www.spv.kortsikkerhet.site/assets/Tobias-Bold-DH4yldRD.ttf Requested by Host: www.spv.kortsikkerhet.site URL: https://www.spv.kortsikkerhet.site/assets/index-Ni2dw7nG.css Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `47117f612d3c21beca17d8e19bc0eb37c755bbb64d50659d00dc271ede623fcb` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.spv.kortsikkerhet.site/assets/index-Ni2dw7nG.css Origin https://www.spv.kortsikkerhet.site Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 07:16:50 GMT content-encoding br last-modified Fri, 10 May 2024 20:03:00 GMT server LiteSpeed vary Accept-Encoding content-type font/ttf cache-control public, max-age=604800 accept-ranges bytes content-length 60257 expires Wed, 22 May 2024 07:16:50 GMT
GET		/ api-world-d8c5917b0a3d.herokuapp.com/socket.io/	0 0

GET H3	200	spv.ico www.spv.kortsikkerhet.site/	15 KB 3 KB	142ms 141ms	Other image/x-icon	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://www.spv.kortsikkerhet.site/spv.ico Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `5e55419211ec9700965d180203c6b3b5ccd07d23f7d46cf87c845ac58921a950` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.spv.kortsikkerhet.site/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 15 May 2024 07:16:50 GMT content-encoding br last-modified Fri, 10 May 2024 20:00:00 GMT server LiteSpeed vary Accept-Encoding content-type image/x-icon cache-control public, max-age=604800 accept-ranges bytes content-length 3288 expires Wed, 22 May 2024 07:16:50 GMT
GET		/ api-world-d8c5917b0a3d.herokuapp.com/socket.io/	0 0

GET		/ api-world-d8c5917b0a3d.herokuapp.com/socket.io/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api-world-d8c5917b0a3d.herokuapp.com
URL: https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76Tg

Domain: api-world-d8c5917b0a3d.herokuapp.com
URL: https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76kx

Domain: api-world-d8c5917b0a3d.herokuapp.com
URL: https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx77O0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sparebanken West (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| __reactRouterVersion

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.spv.kortsikkerhet.site/	1970-01-20 20:40:16	Name: spv_session_id Value: 83e7dd33-d40b-4d20-9d42-a1d4c91f1f87

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.spv.kortsikkerhet.site/ Message: Access to XMLHttpRequest at 'https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76Tg' from origin 'https://www.spv.kortsikkerhet.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76Tg Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.spv.kortsikkerhet.site/ Message: Access to XMLHttpRequest at 'https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76kx' from origin 'https://www.spv.kortsikkerhet.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76kx Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.spv.kortsikkerhet.site/ Message: Access to XMLHttpRequest at 'https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx77O0' from origin 'https://www.spv.kortsikkerhet.site' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx77O0 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-world-d8c5917b0a3d.herokuapp.com
www.spv.kortsikkerhet.site
api-world-d8c5917b0a3d.herokuapp.com
198.251.88.188
0501b73d5dbef8cc1b328d092ceedea42f828fec2d4efca7cd428458e242f99c
06ad9feee3b0d3d90e7a32676874850d1853e17a8ee86c4a96434a16ebc62305
47117f612d3c21beca17d8e19bc0eb37c755bbb64d50659d00dc271ede623fcb
5e55419211ec9700965d180203c6b3b5ccd07d23f7d46cf87c845ac58921a950
b3323cb40f5179a0ecdacc9318f82bf310b033443ab65db42ffed10675be1b52
e3e864830ae01c66ea77376482d8048b6ba1cb21c02e12209e36ad06e80a018b
eaea1e75bf55fed038911fd694d222230a7cfb026ab18f0f235b101aa5d5cdbf
f85a3723bc5f555106bd9d064d4171f65a34bff98368e36c5ee993da52fcedf5

www.spv.kortsikkerhet.site Open in urlscan Pro 198.251.88.188 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

73 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

203 kBTransfer

587 kBSize

1 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

6 Console Messages

Indicators

www.spv.kortsikkerhet.site Open in urlscan Pro
198.251.88.188 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

73 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

203 kB
Transfer

587 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!