sperret.me
Open in
urlscan Pro
93.158.239.22
Malicious Activity!
Public Scan
Effective URL: http://sperret.me/info/index.html
Submission: On December 06 via manual from NO — Scanned from NL
Summary
This is the only time sperret.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 8 | 93.158.239.22 93.158.239.22 | 60503 (FNXTEC) (FNXTEC) | |
6 | 1 |
ASN60503 (FNXTEC, BR)
PTR: protected.hyperfilter.com
sperret.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
sperret.me
2 redirects
sperret.me |
437 KB |
6 | 1 |
Domain | Requested by | |
---|---|---|
8 | sperret.me |
2 redirects
sperret.me
|
6 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://sperret.me/info/index.html
Frame ID: CB3B1C190FA4AC32D23C383CE79DC25F
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
BankID SikkerhetPage URL History Show full URLs
-
http://sperret.me/saveBank.php
HTTP 302
http://sperret.me/info/ HTTP 302
http://sperret.me/info/index.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://sperret.me/saveBank.php
HTTP 302
http://sperret.me/info/ HTTP 302
http://sperret.me/info/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
sperret.me/info/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
sperret.me/info/build/ |
155 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
sperret.me/info/build/ |
246 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BankID.png
sperret.me/ |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FedraSansAltPro-Book.1fdabbe5.woff
sperret.me/info/build/fonts/ |
166 KB 166 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FedraSansAltPro-Bold.6ef1b20c.woff
sperret.me/info/build/fonts/ |
162 KB 162 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| YouAreGay0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sperret.me
93.158.239.22
23f6f00861492126a9b706ebb5195ea5e94292677b3ef2e456c853db923730b7
7f929b626a86338ac1541137d66552559b5d954757b1de7602202d4b5a772311
80cb47cff4575f9c39c8311f84204ec478e15b467c133171b378f555668fcb5e
8f023482f6539d96e63bcf40c59539fe29edbb4dc6739edb947c8018fb829aff
93f69ae23fcb7420470d67fc915dabdb0f477f89e2b6f911fd1d946aa67bc30b
bb4db96fc6343802be44e82b7160c51de4097869aec007d662d6fc37895b6106