www.spv.kortsikkerhet.site
Open in
urlscan Pro
198.251.88.188
Malicious Activity!
Public Scan
Submission: On May 15 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 15th 2024. Valid for: 3 months.
This is the only time www.spv.kortsikkerhet.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparebanken West (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 198.251.88.188 198.251.88.188 | 53667 (PONYNET) (PONYNET) | |
11 | 2 |
ASN53667 (PONYNET, US)
PTR: c4.my-control-panel.com
www.spv.kortsikkerhet.site |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
kortsikkerhet.site
www.spv.kortsikkerhet.site |
203 KB |
0 |
herokuapp.com
Failed
api-world-d8c5917b0a3d.herokuapp.com Failed |
|
11 | 2 |
Domain | Requested by | |
---|---|---|
8 | www.spv.kortsikkerhet.site |
www.spv.kortsikkerhet.site
|
0 | api-world-d8c5917b0a3d.herokuapp.com Failed |
www.spv.kortsikkerhet.site
|
11 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
spv.kortsikkerhet.site R3 |
2024-05-15 - 2024-08-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.spv.kortsikkerhet.site/
Frame ID: 053D9602EB20C6CE0E8002EC30E21E38
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.spv.kortsikkerhet.site/ |
474 B 468 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-DoH5sIGx.js
www.spv.kortsikkerhet.site/assets/ |
373 KB 119 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-Ni2dw7nG.css
www.spv.kortsikkerhet.site/assets/ |
20 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
spv-logo-BCZ1PDPz.svg
www.spv.kortsikkerhet.site/assets/ |
12 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bank-id-DeIFcszL.png
www.spv.kortsikkerhet.site/assets/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
kod-BaabsuxC.png
www.spv.kortsikkerhet.site/assets/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Tobias-Bold-DH4yldRD.ttf
www.spv.kortsikkerhet.site/assets/ |
154 KB 59 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
spv.ico
www.spv.kortsikkerhet.site/ |
15 KB 3 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api-world-d8c5917b0a3d.herokuapp.com
- URL
- https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76Tg
- Domain
- api-world-d8c5917b0a3d.herokuapp.com
- URL
- https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx76kx
- Domain
- api-world-d8c5917b0a3d.herokuapp.com
- URL
- https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozx77O0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparebanken West (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| __reactRouterVersion1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.spv.kortsikkerhet.site/ | Name: spv_session_id Value: 83e7dd33-d40b-4d20-9d42-a1d4c91f1f87 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-world-d8c5917b0a3d.herokuapp.com
www.spv.kortsikkerhet.site
api-world-d8c5917b0a3d.herokuapp.com
198.251.88.188
0501b73d5dbef8cc1b328d092ceedea42f828fec2d4efca7cd428458e242f99c
06ad9feee3b0d3d90e7a32676874850d1853e17a8ee86c4a96434a16ebc62305
47117f612d3c21beca17d8e19bc0eb37c755bbb64d50659d00dc271ede623fcb
5e55419211ec9700965d180203c6b3b5ccd07d23f7d46cf87c845ac58921a950
b3323cb40f5179a0ecdacc9318f82bf310b033443ab65db42ffed10675be1b52
e3e864830ae01c66ea77376482d8048b6ba1cb21c02e12209e36ad06e80a018b
eaea1e75bf55fed038911fd694d222230a7cfb026ab18f0f235b101aa5d5cdbf
f85a3723bc5f555106bd9d064d4171f65a34bff98368e36c5ee993da52fcedf5