bisai.love
Open in
urlscan Pro
157.7.189.53
Malicious Activity!
Public Scan
Effective URL: https://bisai.love/wp-themes/id-no/siffer.html
Submission: On May 30 via api from US — Scanned from NO
Summary
TLS certificate: Issued by R3 on April 14th 2023. Valid for: 3 months.
This is the only time bisai.love was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::6816:e8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 16 | 157.7.189.53 157.7.189.53 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
15 | 1 |
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: users225.vip.heteml.jp
bisai.love |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
bisai.love
1 redirects
bisai.love |
384 KB |
1 |
cutt.ly
1 redirects
cutt.ly — Cisco Umbrella Rank: 77221 |
410 B |
15 | 2 |
Domain | Requested by | |
---|---|---|
16 | bisai.love |
1 redirects
bisai.love
|
1 | cutt.ly | 1 redirects |
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bisai.love R3 |
2023-04-14 - 2023-07-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bisai.love/wp-themes/id-no/siffer.html
Frame ID: 350ACA0CECC81DD6459EC0703B311E83
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
BankIDPage URL History Show full URLs
-
https://cutt.ly/kwqHtCsO
HTTP 301
https://bisai.love/wp-themes/id-no/ HTTP 302
https://bisai.love/wp-themes/id-no/siffer.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cutt.ly/kwqHtCsO
HTTP 301
https://bisai.love/wp-themes/id-no/ HTTP 302
https://bisai.love/wp-themes/id-no/siffer.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
siffer.html
bisai.love/wp-themes/id-no/ Redirect Chain
|
22 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
730.b65b407e.js
bisai.love/wp-themes/id-no/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authorization.fd5ca072.js
bisai.love/wp-themes/id-no/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a.css
bisai.love/wp-themes/id-no/style/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bankid-logo.28f35de5.svg
bisai.love/wp-themes/id-no/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
x.45f41414.svg
bisai.love/wp-themes/id-no/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bankid-symbol-animated.ee3b536a.svg
bisai.love/wp-themes/id-no/ |
3 KB 852 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helper-text-error.b85af04c.svg
bisai.love/wp-themes/id-no/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polling-animation.bdad460a.svg
bisai.love/wp-themes/id-no/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spinner.5e60a438.svg
bisai.love/wp-themes/id-no/ |
866 B 465 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
x-red.8665253e.svg
bisai.love/wp-themes/id-no/ |
60 KB 60 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkmark.c5e73030.svg
bisai.love/wp-themes/id-no/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exclamation-mark.e46cfb1d.svg
bisai.love/wp-themes/id-no/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bankid-dna.dc1ccc43.svg
bisai.love/wp-themes/id-no/ |
2 KB 763 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
no-image.c3b3f789.svg
bisai.love/wp-themes/id-no/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless boolean| doesNotUseCsp1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cutt.ly/ | Name: PHPSESSID Value: a3blpnbo3fp998cj0ompq4cet9 |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bisai.love
cutt.ly
157.7.189.53
2606:4700:10::6816:e8
163d1c8dca23e6ac895c4305cbf52d2c1cae2048f078158c6cea93d10c92697f
2b359eb8551d76761f71a08a1cef93b2ba3242712c48d5afccff8ceadad2ea13
377bc04828d1fcd903182b78f9070848f44dd8e8d773c303bd14950319c0b134
3db851762f78000b5450283db1f2dfb6e231194d14722c72fa956a140f1bf72e
484e8282229f40d3e277f96ca4584b7d6c863f4270f5294bc52c365f5e6473fc
52b6c6215cd8ff9ccbbab3118579ae46f69b11db719832c2b81d95110be8353c
56bc91e331062d44a937383b053bac40f23f26bccafbc28639a4d1c5fbbd2012
63ae6b51179b67355bde7713c47e2f1037daa3a299eb0c97941480a2c83c91da
b99e7f4616132b311b9b44d63b5de4fe065a534de07c393647baadef452ca964
da1da86fbacdc53796a0959efbf09827cad122474ccd331efe4fa7aaf2c2e02a
e002b66ac6944c7cd8da89e15ab83c36b431f925677371c611c07ec4d4f95bfb
eb506afafefc86a9446640ead966acf9ee91d07ba2605983af2e71c9acc5971b
fd4987d3c28600002249d858a9033cf5a15178b0a366dac7fa081fbeef106ce3