sparebank-auth.com
Open in
urlscan Pro
185.61.154.7
Malicious Activity!
Public Scan
Effective URL: https://sparebank-auth.com/Login.php?id=8ea52bb215374551ce90216a5fd80e518ea52bb215374551ce90216a5fd80e51&session=8ea52bb215...
Submission: On July 05 via api from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 3rd 2021. Valid for: a year.
This is the only time sparebank-auth.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparebanken West (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 185.61.154.7 185.61.154.7 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
10 | 62.148.39.40 62.148.39.40 | 13243 (AS13243) (AS13243) | |
1 | 62.148.39.41 62.148.39.41 | 13243 (AS13243) (AS13243) | |
1 | 91.102.25.100 91.102.25.100 | 41741 (BBS-AS) (BBS-AS) | |
14 | 62.148.39.51 62.148.39.51 | 13243 (AS13243) (AS13243) | |
3 | 2620:1ec:bdf::42 2620:1ec:bdf::42 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
34 | 7 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server248-4.web-hosting.com
sparebank-auth.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
spv.no
security.spv.no stats.spv.no www.spv.no cdn.spv.no |
579 KB |
3 |
sparebank-auth.com
2 redirects
sparebank-auth.com |
3 KB |
1 |
bankid.no
services.bankid.no |
32 KB |
34 | 3 |
Domain | Requested by | |
---|---|---|
14 | www.spv.no |
sparebank-auth.com
www.spv.no |
10 | security.spv.no |
sparebank-auth.com
security.spv.no |
3 | cdn.spv.no |
security.spv.no
|
3 | sparebank-auth.com | 2 redirects |
1 | services.bankid.no |
sparebank-auth.com
|
1 | stats.spv.no |
sparebank-auth.com
stats.spv.no |
34 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.spv.no |
security.spv.no |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sparebank-auth.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-03 - 2022-07-03 |
a year | crt.sh |
security.spv.no Buypass Class 3 CA 2 |
2020-11-16 - 2021-12-06 |
a year | crt.sh |
stats.spv.no Sectigo RSA Domain Validation Secure Server CA |
2020-04-14 - 2022-04-14 |
2 years | crt.sh |
services.bankid.no DigiCert SHA2 Secure Server CA |
2020-10-09 - 2021-11-03 |
a year | crt.sh |
spv.no Buypass Class 3 CA 2 |
2020-11-25 - 2021-12-24 |
a year | crt.sh |
cdn.spv.no DigiCert SHA2 Secure Server CA |
2020-11-02 - 2021-11-01 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://sparebank-auth.com/Login.php?id=8ea52bb215374551ce90216a5fd80e518ea52bb215374551ce90216a5fd80e51&session=8ea52bb215374551ce90216a5fd80e518ea52bb215374551ce90216a5fd80e51
Frame ID: 3348154273667915D9D855B8A814AE01
Requests: 18 HTTP requests in this frame
Frame:
https://www.spv.no/Applikasjoner/innlogging/bank_id_2/step1/top
Frame ID: C45A190BCB877A4FED238D2E06919C28
Requests: 4 HTTP requests in this frame
Frame:
https://www.spv.no/Applikasjoner/innlogging/bank_id_2/step1/bottom
Frame ID: DBB35E1CA929E9000384846A4ED1B614
Requests: 4 HTTP requests in this frame
Frame:
https://www.spv.no/Applikasjoner/innlogging/bank_id_2/step1/right
Frame ID: 97B820D91527F018CF2AC705C3723CDD
Requests: 6 HTTP requests in this frame
Frame:
https://security.spv.no/STS/privat-web/RpLogout.aspx
Frame ID: 1B45446854EB9AC7E6E6AE140085184E
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://sparebank-auth.com/
HTTP 301
https://sparebank-auth.com/ HTTP 302
https://sparebank-auth.com/Login.php?id=8ea52bb215374551ce90216a5fd80e518ea52bb215374551ce90216a5fd80e5... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Velg en annen innlogging
Search URL Search Domain Scan URL
Title: Glemt passordet? Bestill et nytt
Search URL Search Domain Scan URL
Title: Personvern
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://sparebank-auth.com/
HTTP 301
https://sparebank-auth.com/ HTTP 302
https://sparebank-auth.com/Login.php?id=8ea52bb215374551ce90216a5fd80e518ea52bb215374551ce90216a5fd80e51&session=8ea52bb215374551ce90216a5fd80e518ea52bb215374551ce90216a5fd80e51 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login.php
sparebank-auth.com/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spvcss
security.spv.no/Innlogging/privat-web/Autentisering/bundles/ |
190 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
security.spv.no/Innlogging/privat-web/Autentisering/bundles/ |
101 KB 46 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
behavioweb
security.spv.no/Innlogging/privat-web/Autentisering/bundles/ |
1 KB 977 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form
security.spv.no/Innlogging/privat-web/Autentisering/bundles/ |
30 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statsScript.js
stats.spv.no/Scripts/ |
1 KB 774 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bid-browser-test.js
services.bankid.no/test/precheck/ |
32 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BankIDFeatureDetection
security.spv.no/Innlogging/privat-web/Autentisering/bundles/ |
845 B 820 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spv-logo.png
security.spv.no/Innlogging/privat-web/Autentisering/Content/common/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BID.svg
security.spv.no/Innlogging/privat-web/Autentisering/Content/spv/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RpLogout.aspx
security.spv.no/STS/privat-web/ |
143 B 315 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
statsService
stats.spv.no/api/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
top
www.spv.no/Applikasjoner/innlogging/bank_id_2/step1/ Frame C45A |
826 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
bottom
www.spv.no/Applikasjoner/innlogging/bank_id_2/step1/ Frame DBB3 |
829 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
right
www.spv.no/Applikasjoner/innlogging/bank_id_2/step1/ Frame 97B8 |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RpLogout.aspx
security.spv.no/STS/privat-web/ Frame 1B45 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toolbar_bottom_bg.png
security.spv.no/Innlogging/privat-web/Autentisering/Content/Packages/images/ |
116 B 165 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Tobias-Bold.woff2
cdn.spv.no/static/assets/fonts/1.1.0/ |
48 KB 49 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FannGrotesque-Regular.woff2
cdn.spv.no/static/assets/fonts/1.1.0/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FannGrotesque-SemiBold.woff2
cdn.spv.no/static/assets/fonts/1.1.0/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autsigniframecss
www.spv.no/bundles/ Frame C45A |
99 KB 100 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
VisitorIdentification.js
www.spv.no/layouts/system/ Frame C45A |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postmessage
www.spv.no/bundles/ Frame C45A |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autsigniframecss
www.spv.no/bundles/ Frame 97B8 |
99 KB 100 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
VisitorIdentification.js
www.spv.no/layouts/system/ Frame 97B8 |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postmessage
www.spv.no/bundles/ Frame 97B8 |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autsigniframecss
www.spv.no/bundles/ Frame DBB3 |
99 KB 100 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
VisitorIdentification.js
www.spv.no/layouts/system/ Frame DBB3 |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postmessage
www.spv.no/bundles/ Frame DBB3 |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oswald-regular-webfont.woff
www.spv.no/fonts/ Frame 97B8 |
25 KB 26 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Regular-webfont.woff
www.spv.no/fonts/ Frame 97B8 |
20 KB 20 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
statsService
stats.spv.no/api/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
statsService
stats.spv.no/api/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- stats.spv.no
- URL
- https://stats.spv.no/api/statsService
- Domain
- stats.spv.no
- URL
- https://stats.spv.no/api/statsService
- Domain
- stats.spv.no
- URL
- https://stats.spv.no/api/statsService
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparebanken West (Banking)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| IFrameResizer function| $ function| jQuery object| html5 object| Modernizr object| respond object| bid20upbw string| x object| bidBrowserTest2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sparebank-auth.com/ | Name: BankID_Cookie_Test Value: BankID_Cookie_Test |
|
sparebank-auth.com/ | Name: PHPSESSID Value: fa9b14ccf0ed937e34331ec96c3b69f2 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.spv.no
security.spv.no
services.bankid.no
sparebank-auth.com
stats.spv.no
www.spv.no
stats.spv.no
185.61.154.7
2620:1ec:bdf::42
62.148.39.40
62.148.39.41
62.148.39.51
91.102.25.100
005e1df65898630b1c067dc1f102e75a5ca1aad6c2d6f609b7eadd20e36da309
0f9cab61466cd99a35557f4760e0babf55831822886fece887bade99028869a5
1e0cddefc5d27359cc9d6cbebd050858db837bc3a0162a4b2fbc8ad62dbb2607
1e5552c8cd9ab29f3effc709ce828d767d89c85c2e67fd3b09476ac0e4b810d7
3a420fc1bdc5658c500b509801007e21b41855a42b63bd9f64f4a710ac899e06
563d1d0e3b7b2251d1f18f21e3cd7cb6aa0e3c4c0f484b531b48855b55c45ac6
5d9f56a9df89ee63062a24e3ca2916acce245dee698654664ba20781debcff2f
67520e54627c889885736018122d1dd0924abf843b4547e59a6bb9e304778afb
74d3537e3c1ae777beddebef4504ca68db730a15af4dada6b887b0c40acf706a
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce
7b957f6db3da09ada8011061e60a043c93bf6ac978200aef7639b508e5205872
7dfe4ba7c56822488049303f5a45967b412a09fb05323608ff1b8786c201f226
83d06f7446d9529a39dfdf0bf9267f66663cdcb5cc10e706d996fc4d95aa84f9
8c14feadea93cbf1e1c695db9a17d183311db25ef0bd1f74dd2619ac3ce57d37
8c31941286a996c00b3cabfe36947fc2d80aef01195fb69fd7c0ce8fa0b7cc94
9b3f4f7b98265c9380eb01e7597bb05d5b99999792286325fde9d03bbd5ff07a
a12c4e4cbb9af399d79c11afde85153d003e7e05858f8a5978d309a33c5d5df1
a2df8faca11ffba95a730b0c88e53b986209c9020888bd70a2a28b6e0280f090
a2eda1a3ad2e233256f54b9763b9e4b807a73d159777ce1fddd5187640d46595
bb160f87c96ea6c655fa1d2af6b929420576414f9fc1c82f6287314d97877701
c76455516174d7457a68eefdb2371cb441060951de9eb412f1f34adbea6c5c15
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7c7425b4fd034437c2ea877580cc9656e6651567ec69422a14bfd89fd4321d4
fe2631185ccba5c77fed094680e429f6f3f311efdb77963357e27c6ecea5dc8c