slbv.se
Open in
urlscan Pro
93.188.2.53
Malicious Activity!
Public Scan
Effective URL: https://slbv.se/kunde-service/rv/kertso.php?3f5544d0c681505278339c1edf5b65a4
Submission: On April 16 via manual from NO — Scanned from NO
Summary
TLS certificate: Issued by R3 on March 12th 2023. Valid for: 3 months.
This is the only time slbv.se was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DNB (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 93.188.2.51 93.188.2.51 | 39570 (LOOPIA) (LOOPIA) | |
5 29 | 93.188.2.53 93.188.2.53 | 39570 (LOOPIA) (LOOPIA) | |
24 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
slbv.se
5 redirects
slbv.se |
249 KB |
2 |
charlys.se
2 redirects
charlys.se |
401 B |
24 | 2 |
Domain | Requested by | |
---|---|---|
29 | slbv.se |
5 redirects
slbv.se
|
2 | charlys.se | 2 redirects |
24 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
slbv.se R3 |
2023-03-12 - 2023-06-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://slbv.se/kunde-service/rv/kertso.php?3f5544d0c681505278339c1edf5b65a4
Frame ID: C008559E588BFB83CAE277F7A3B01C37
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Kredittkort - DNBPage URL History Show full URLs
-
https://charlys.se/zhc
HTTP 301
http://charlys.se/zhc/ HTTP 302
https://slbv.se/kunde-service/?7d3b2411b99eab5275c614cb9672956e HTTP 302
https://slbv.se/kunde-service/rv?=&4fee71b13dbfe00e807bec26d50069df HTTP 301
http://slbv.se/kunde-service/rv/?=&4fee71b13dbfe00e807bec26d50069df HTTP 301
https://slbv.se/kunde-service/rv/?=&4fee71b13dbfe00e807bec26d50069df HTTP 302
https://slbv.se/kunde-service/rv/ldn1.php?2b0cb86521592909bcfa7ac436d786d2 Page URL
-
https://slbv.se/kunde-service/rv/rd1.php
HTTP 302
https://slbv.se/kunde-service/rv/kertso.php?3f5544d0c681505278339c1edf5b65a4 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://charlys.se/zhc
HTTP 301
http://charlys.se/zhc/ HTTP 302
https://slbv.se/kunde-service/?7d3b2411b99eab5275c614cb9672956e HTTP 302
https://slbv.se/kunde-service/rv?=&4fee71b13dbfe00e807bec26d50069df HTTP 301
http://slbv.se/kunde-service/rv/?=&4fee71b13dbfe00e807bec26d50069df HTTP 301
https://slbv.se/kunde-service/rv/?=&4fee71b13dbfe00e807bec26d50069df HTTP 302
https://slbv.se/kunde-service/rv/ldn1.php?2b0cb86521592909bcfa7ac436d786d2 Page URL
-
https://slbv.se/kunde-service/rv/rd1.php
HTTP 302
https://slbv.se/kunde-service/rv/kertso.php?3f5544d0c681505278339c1edf5b65a4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://charlys.se/zhc HTTP 301
- http://charlys.se/zhc/ HTTP 302
- https://slbv.se/kunde-service/?7d3b2411b99eab5275c614cb9672956e HTTP 302
- https://slbv.se/kunde-service/rv?=&4fee71b13dbfe00e807bec26d50069df HTTP 301
- http://slbv.se/kunde-service/rv/?=&4fee71b13dbfe00e807bec26d50069df HTTP 301
- https://slbv.se/kunde-service/rv/?=&4fee71b13dbfe00e807bec26d50069df HTTP 302
- https://slbv.se/kunde-service/rv/ldn1.php?2b0cb86521592909bcfa7ac436d786d2
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
ldn1.php
slbv.se/kunde-service/rv/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bid_202208220130.css
slbv.se/kunde-service/rv/index_fichiers/ |
131 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
366 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
kertso.php
slbv.se/kunde-service/rv/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cssLibrary_2014q2.css
slbv.se/kunde-service/rv/index_fichiers/ |
90 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iphone.css
slbv.se/kunde-service/rv/index_fichiers/ |
199 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mdnb.css
slbv.se/kunde-service/rv/index_fichiers/ |
55 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style_mob_login_20130525.css
slbv.se/kunde-service/rv/index_fichiers/ |
2 KB 898 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imask.min.js
slbv.se/kunde-service/rv/js/ |
45 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
slbv.se/kunde-service/rv/js/ |
96 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
steg.1_rod.gif
slbv.se/kunde-service/rv/index_fichiers/ |
13 KB 13 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
steg.2.gif
slbv.se/kunde-service/rv/index_fichiers/ |
13 KB 13 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
steg.3.gif
slbv.se/kunde-service/rv/index_fichiers/ |
13 KB 13 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iconBack.png
slbv.se/kunde-service/rv/index_fichiers/ |
833 B 989 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iconDNBLogo.png
slbv.se/kunde-service/rv/index_fichiers/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iconMenu.png
slbv.se/kunde-service/rv/index_fichiers/ |
443 B 599 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf.topMiddle.gif
slbv.se/kunde-service/rv/index_fichiers/ |
157 B 313 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf.topLeft.gif
slbv.se/kunde-service/rv/index_fichiers/ |
419 B 575 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf.topRight.gif
slbv.se/kunde-service/rv/index_fichiers/ |
419 B 575 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf.ProcessArrow.gif
slbv.se/kunde-service/rv/index_fichiers/ |
909 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s.svg
slbv.se/kunde-service/rv/index_fichiers/ |
1002 B 587 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cns.png
slbv.se/kunde-service/rv/index_fichiers/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iconMessage.png
slbv.se/kunde-service/rv/index_fichiers/ |
677 B 833 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application_footer_shadow.png
slbv.se/portalfront/dnb_mob/images/ |
298 B 298 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flags.png
slbv.se/kunde-service/rv/index_fichiers/ |
56 KB 57 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DNB (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| __core-js_shared__ object| core function| IMask1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
slbv.se/ | Name: PHPSESSID Value: d5b1df0c33dea23e474c1cc4f1587a41 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
charlys.se
slbv.se
93.188.2.51
93.188.2.53
037e578ec1a56d3e7dc31410ec07ecbd90c49892883d34cff52d0059a6d26c6a
03990a41a168d5868c1d5a8a810529247506b2e0e3c0621643398002e96661e9
0adddac41be895c886770fd6d108247e7990f8233c795f04c80572cd49f6c06c
10b58c8420120b059d8c7b2fbb26c324a397987cad31e144982a0c762d9d5c08
1d102e897e9d9c8c225674cf65c8f45c3812ff5870fcbfe59d7b6a272719c053
1d27415d9753198d78522950652dc62d6dd68903c9b52ac30fa6531e95293f08
333b27ae8653ef842b6933ccf006856e15fdf8b1d389cb468682ad991beaa40c
450970a2b64848fcd09d3ea26e0163f09b79ee1a24633c210a2571c0a76b2b49
4911b3cfbbf5f21221a404753053284d32f9f8e7014c9de1a42accffb6d9965b
4b29570ccd4eb182097a77750e4594c53b889aa7c606ffa0da191ea0bcc82fea
4deaf76f1d5f86c197afc0bcfea3f2b5b4667a349d4656d528b56080df5f1569
5f9077324653045e5bbbdb6eea61c37df5c398cc2debe992a79078a90ffa7b06
6e2bbaf2dddfe04e741748358a71f6897d97ba5a6702d9478d955ab682b8c553
6f58242619211232dcb9d16e458316e9f2f83b9aabf448330e9231a7f1a2c8de
85a578e072759618e03e0286ee09072b52e9497b59ebcfcc5c03284cea252b9e
a81dd78ab8e002d1eb4f0ecb557bedd52deb206304e8c9f1939f035226f93f16
b7172d740e1c8d9e1f955ffdc9c597ac4e6b9b96a15218a434a8c40146cd15ca
b80399d39fc6c2c3b996bc06648309123adf8c268f74806a325c550db59de378
b867f3c8a228543b699b4bdefb0009273a9aed1acea3447ba172b0dfd7023d1f
bc795cf00117d34096de8876731329301cb631c7cc5b33cd34d56ec87b917822
c532f1cd228e089c0ea8834eef7b78c616f5dbe4c16c019aaffe914a7b6fecd7
c8063bc3284ec079d3e74bd95c35ee1180b33385c65719cfe02042518b86f4ce
cf3e87518a9534e93bbdc2cc7ac7caece8c9daafbb02e6d804640c2707d7190c
d9c8330495b40fd3de84328667adb4a40231a0d78a870bfba50ddfab7bd90e40
e69105f8fde93d6ef6833c3e546a76099e99b049895e9d57a7eb8adac0b73ffd