sperret.me - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 93.158.239.22, located in Amsterdam, Netherlands and belongs to FNXTEC, BR. The main domain is sperret.me.

This is the only time sperret.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2 8	93.158.239.22 93.158.239.22		60503 (FNXTEC) (FNXTEC)
6	1

8 93.158.239.22 (Amsterdam, Netherlands) 2 redirects

ASN60503 (FNXTEC, BR)
PTR: protected.hyperfilter.com

sperret.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	sperret.me 2 redirects sperret.me	437 KB
6	1

	Domain	Requested by
8	sperret.me	2 redirects sperret.me
6	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://sperret.me/info/index.html
Frame ID: CB3B1C190FA4AC32D23C383CE79DC25F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BankID Sikkerhet

Page URL History Show full URLs

http://sperret.me/saveBank.php HTTP 302
http://sperret.me/info/ HTTP 302
http://sperret.me/info/index.html Page URL

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

436 kB
Transfer

772 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sperret.me/saveBank.php HTTP 302
http://sperret.me/info/ HTTP 302
http://sperret.me/info/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response sperret.me/info/ Redirect Chain http://sperret.me/saveBank.php http://sperret.me/info/ http://sperret.me/info/index.html	2 KB 1 KB	12ms 12ms	Document text/html	93.158.239.22 FNXTEC
General Check archive.org Show headers Download Go to Full URL http://sperret.me/info/index.html Protocol HTTP/1.1 Server 93.158.239.22 Amsterdam, Netherlands, ASN60503 (FNXTEC, BR), Reverse DNS protected.hyperfilter.com Software nginx / Resource Hash `8f023482f6539d96e63bcf40c59539fe29edbb4dc6739edb947c8018fb829aff` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language nl-NL,nl;q=0.9 Response headers Server nginx Date Mon, 06 Dec 2021 08:02:42 GMT Content-Type text/html Last-Modified Sun, 05 Dec 2021 07:06:11 GMT Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60 Vary Accept-Encoding ETag W/"61ac64e3-6da" Expires Thu, 31 Dec 2037 23:55:55 GMT Cache-Control max-age=315360000 Content-Encoding gzip Redirect headers Server nginx Date Mon, 06 Dec 2021 08:02:42 GMT Content-Type text/html; charset=UTF-8 Content-Length 0 Connection keep-alive Keep-Alive timeout=60 X-Powered-By PHP/7.1.33 Location ./index.html
GET H/1.1	200 OK	login.css sperret.me/info/build/	155 KB 26 KB	21ms 20ms	Stylesheet text/css	93.158.239.22 FNXTEC
General Check archive.org Show headers Download Go to Full URL http://sperret.me/info/build/login.css Requested by Host: sperret.me URL: http://sperret.me/info/index.html Protocol HTTP/1.1 Server 93.158.239.22 Amsterdam, Netherlands, ASN60503 (FNXTEC, BR), Reverse DNS protected.hyperfilter.com Software nginx / Resource Hash `80cb47cff4575f9c39c8311f84204ec478e15b467c133171b378f555668fcb5e` Request headers Accept-Language nl-NL,nl;q=0.9 Referer http://sperret.me/info/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Mon, 06 Dec 2021 08:02:42 GMT Content-Encoding gzip Last-Modified Sun, 05 Dec 2021 07:06:14 GMT Server nginx ETag W/"61ac64e6-26b81" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	layout.css sperret.me/info/build/	246 KB 39 KB	38ms 26ms	Stylesheet text/css	93.158.239.22 FNXTEC
General Check archive.org Show headers Download Go to Full URL http://sperret.me/info/build/layout.css Requested by Host: sperret.me URL: http://sperret.me/info/index.html Protocol HTTP/1.1 Server 93.158.239.22 Amsterdam, Netherlands, ASN60503 (FNXTEC, BR), Reverse DNS protected.hyperfilter.com Software nginx / Resource Hash `93f69ae23fcb7420470d67fc915dabdb0f477f89e2b6f911fd1d946aa67bc30b` Request headers Accept-Language nl-NL,nl;q=0.9 Referer http://sperret.me/info/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Mon, 06 Dec 2021 08:02:42 GMT Content-Encoding gzip Last-Modified Sun, 05 Dec 2021 07:06:13 GMT Server nginx ETag W/"61ac64e5-3d8ce" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Transfer-Encoding chunked Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	BankID.png sperret.me/	42 KB 42 KB	13ms 13ms	Image image/png	93.158.239.22 FNXTEC
General Check archive.org Show headers Download Go to Show image Full URL http://sperret.me/BankID.png Requested by Host: sperret.me URL: http://sperret.me/info/index.html Protocol HTTP/1.1 Server 93.158.239.22 Amsterdam, Netherlands, ASN60503 (FNXTEC, BR), Reverse DNS protected.hyperfilter.com Software nginx / Resource Hash `23f6f00861492126a9b706ebb5195ea5e94292677b3ef2e456c853db923730b7` Request headers Accept-Language nl-NL,nl;q=0.9 Referer http://sperret.me/info/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Mon, 06 Dec 2021 08:02:42 GMT Last-Modified Sun, 05 Dec 2021 07:04:58 GMT Server nginx ETag "61ac649a-a78c" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 42892 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	FedraSansAltPro-Book.1fdabbe5.woff sperret.me/info/build/fonts/	166 KB 166 KB	12ms 12ms	Font font/woff	93.158.239.22 FNXTEC
General Check archive.org Show headers Download Go to Full URL http://sperret.me/info/build/fonts/FedraSansAltPro-Book.1fdabbe5.woff Requested by Host: sperret.me URL: http://sperret.me/info/build/login.css Protocol HTTP/1.1 Server 93.158.239.22 Amsterdam, Netherlands, ASN60503 (FNXTEC, BR), Reverse DNS protected.hyperfilter.com Software nginx / Resource Hash `7f929b626a86338ac1541137d66552559b5d954757b1de7602202d4b5a772311` Request headers Referer http://sperret.me/info/build/login.css Origin http://sperret.me Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Mon, 06 Dec 2021 08:02:42 GMT Last-Modified Sun, 05 Dec 2021 07:06:15 GMT Server nginx ETag "61ac64e7-29630" Content-Type font/woff Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 169520 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	FedraSansAltPro-Bold.6ef1b20c.woff sperret.me/info/build/fonts/	162 KB 162 KB	13ms 13ms	Font font/woff	93.158.239.22 FNXTEC
General Check archive.org Show headers Download Go to Full URL http://sperret.me/info/build/fonts/FedraSansAltPro-Bold.6ef1b20c.woff Requested by Host: sperret.me URL: http://sperret.me/info/build/login.css Protocol HTTP/1.1 Server 93.158.239.22 Amsterdam, Netherlands, ASN60503 (FNXTEC, BR), Reverse DNS protected.hyperfilter.com Software nginx / Resource Hash `bb4db96fc6343802be44e82b7160c51de4097869aec007d662d6fc37895b6106` Request headers Referer http://sperret.me/info/build/login.css Origin http://sperret.me Accept-Language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Mon, 06 Dec 2021 08:02:42 GMT Last-Modified Sun, 05 Dec 2021 07:06:15 GMT Server nginx ETag "61ac64e7-286f8" Content-Type font/woff Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 165624 Expires Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BankID (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sperret.me
93.158.239.22
23f6f00861492126a9b706ebb5195ea5e94292677b3ef2e456c853db923730b7
7f929b626a86338ac1541137d66552559b5d954757b1de7602202d4b5a772311
80cb47cff4575f9c39c8311f84204ec478e15b467c133171b378f555668fcb5e
8f023482f6539d96e63bcf40c59539fe29edbb4dc6739edb947c8018fb829aff
93f69ae23fcb7420470d67fc915dabdb0f477f89e2b6f911fd1d946aa67bc30b
bb4db96fc6343802be44e82b7160c51de4097869aec007d662d6fc37895b6106

sperret.me Open in urlscan Pro 93.158.239.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

436 kBTransfer

772 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

sperret.me Open in urlscan Pro
93.158.239.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

436 kB
Transfer

772 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!