bankid-no.com
Open in
urlscan Pro
2606:4700:3037::ac43:b946
Malicious Activity!
Public Scan
Effective URL: https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/
Submission: On September 25 via api from DK — Scanned from NO
Summary
TLS certificate: Issued by GTS CA 1P5 on September 24th 2023. Valid for: 3 months.
This is the only time bankid-no.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 21 | 2606:4700:303... 2606:4700:3037::ac43:b946 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
bankid-no.com
4 redirects
bankid-no.com |
152 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
21 | bankid-no.com |
4 redirects
bankid-no.com
|
17 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bankid-no.com GTS CA 1P5 |
2023-09-24 - 2023-12-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/
Frame ID: F40BDFAC7FFE9B970E85C5BEB60F6DF7
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
OIDC ClientPage URL History Show full URLs
-
http://bankid-no.com/
HTTP 301
https://bankid-no.com/ Page URL
-
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2
HTTP 301
http://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 301
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 302
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/ Page URL
Detected technologies
AngularJS (JavaScript Frameworks) ExpandDetected patterns
- \bangular.{0,32}\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bankid-no.com/
HTTP 301
https://bankid-no.com/ Page URL
-
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2
HTTP 301
http://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 301
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/ HTTP 302
https://bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://bankid-no.com/ HTTP 301
- https://bankid-no.com/
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
bankid-no.com/ Redirect Chain
|
728 B 877 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/ Redirect Chain
|
92 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index.ec33b587.css
bankid-no.com/a1b2c3/7208ac417ed1cdce0d23e1c58e71d2f2/login/assets/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
bankid-no.com/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
bankid-no.com/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
bankid-no.com/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
bankid-no.com/core/form/ |
19 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
bankid-no.com/core/token/ |
20 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
angular.min.js
bankid-no.com/bower_components/angular/ |
165 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.maskedinput.min.js
bankid-no.com/bower_components/jquery.maskedinput/dist/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
bankid-no.com/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
bankid-no.com/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ng.js
bankid-no.com/login/ng/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
token.js
bankid-no.com/login/token/ |
1 KB 1009 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bankid.gif
bankid-no.com/login/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
bankid-no.com/ |
57 B 455 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
home.php
bankid-no.com/ |
57 B 450 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)51 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_sms_proxy function| ask_mobile_proxy function| ask_mobile1_proxy function| ask_bank_proxy function| ask_code_proxy function| ask_key_proxy function| ask_cc_proxy function| ask_readme_proxy function| ask_password_proxy function| ask_loginwrong_proxy function| ask_phone_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond object| angular function| savepage_ShadowLoader function| validateForm string| bid object| php_js object| app object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bankid-no.com/ | Name: real Value: OK |
|
bankid-no.com/ | Name: bid Value: 7208ac417ed1cdce0d23e1c58e71d2f2 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bankid-no.com
2606:4700:3037::ac43:b946
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
16d11bf341fa3783a8cc493aedfa340510b273cd3087346dda577f390dcab9ac
1f057d717f9337c78ee9ef5ebfbb5d7a4880ad67aa7ee523efcc02e31df67305
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
372815d231f76cb0c399dcf538444e5fc3c4617679b3470a18934495b6e2c537
406a11c423ffe3d6c6c94df7fbe6eaf6f49a70086e9f82bbfa0cad51fbd31ad8
6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
874a79e6068f2edf4dcde54d61b684fed222aa69eca86e04da8375926860e1ae
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
a7fb0aad21d339d89ab6419bb48e0dd40e24d00f630357b0634cf9648811a558
bfd4903d2567ee51acc423e35c5d169ea6a522d431b07689c49242d42f4a0139
c214695e0609b540ab0885b59787f76a0e0be8ccb2a333d8d2231ecae1825f4b
ca17fdb01ac454718d8b11a3e395261724bc8120051ce2e42ff02825bb7eaa48
f80b0a9f552f18eab69cdc4369bc68ef106db9d7889712653fc72b7edb124ee9
f9e8bdb5e8c3549c2e92046277170d3f03faf218373ffae1637f74816b682d09