vlpps-tjeneste.zapto.org
Open in
urlscan Pro
46.23.108.128
Malicious Activity!
Public Scan
Effective URL: http://vlpps-tjeneste.zapto.org/index.php
Submission: On September 18 via manual from NO — Scanned from NO
Summary
This is the only time vlpps-tjeneste.zapto.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.212.63.232 35.212.63.232 | 15169 (GOOGLE) (GOOGLE) | |
13 | 46.23.108.128 46.23.108.128 | 215762 (BULLETGROUP) (BULLETGROUP) | |
13 | 1 |
ASN15169 (GOOGLE, US)
PTR: 232.63.212.35.bc.googleusercontent.com
cl.gy |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
zapto.org
vlpps-tjeneste.zapto.org |
116 KB |
1 |
cl.gy
1 redirects
cl.gy |
414 B |
13 | 2 |
Domain | Requested by | |
---|---|---|
13 | vlpps-tjeneste.zapto.org |
vlpps-tjeneste.zapto.org
|
1 | cl.gy | 1 redirects |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://vlpps-tjeneste.zapto.org/index.php
Frame ID: 15F02B361C2B693814A98BE6C4807ABD
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://cl.gy/RWGYU
HTTP 301
http://vlpps-tjeneste.zapto.org/index.php HTTP 307
https://vlpps-tjeneste.zapto.org/index.php HTTP 307
http://vlpps-tjeneste.zapto.org/index.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cl.gy/RWGYU
HTTP 301
http://vlpps-tjeneste.zapto.org/index.php HTTP 307
https://vlpps-tjeneste.zapto.org/index.php HTTP 307
http://vlpps-tjeneste.zapto.org/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
vlpps-tjeneste.zapto.org/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.css
vlpps-tjeneste.zapto.org/assets/css/ |
1 KB 1009 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bid_202201130932.css
vlpps-tjeneste.zapto.org/assets/css/ |
129 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bidtools.css
vlpps-tjeneste.zapto.org/assets/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oidc-client.min.css
vlpps-tjeneste.zapto.org/assets/css/ |
54 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bid-browser-test.js
vlpps-tjeneste.zapto.org/assets/js/ |
31 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bid-client-test.js
vlpps-tjeneste.zapto.org/assets/js/ |
11 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga.js
vlpps-tjeneste.zapto.org/assets/js/ |
45 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
helper21.js
vlpps-tjeneste.zapto.org/assets/js/ |
32 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.1.min.js
vlpps-tjeneste.zapto.org/assets/js/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error.js
vlpps-tjeneste.zapto.org/assets/js/ |
305 B 623 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oidc-client.min.js
vlpps-tjeneste.zapto.org/assets/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
vlpps-tjeneste.zapto.org/ |
1 KB 1016 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| bidBrowserTest object| bidClientTest object| _gat object| _gaq object| bankidhelper function| $ function| jQuery function| eb2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cl.gy/ | Name: PHPSESSID Value: 847114ea4a42dc5102e169aaff81a5a0 |
|
cl.gy/ | Name: short_114597 Value: 1 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cl.gy
vlpps-tjeneste.zapto.org
35.212.63.232
46.23.108.128
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
39381ba5b010a9692b21305b2beb3907dfd3659f8313c48591cc8c5e160e4ec0
3db3e045bef9eaf0968fafde505e50b7c5e6baf939167de18fe998f5e3b414ca
4e76b2ab23fff0a37d67349a0bbfb4a0ddd56702bbdde245910ec4ff29da0f00
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
58073f65138e969cd72ffac48ab1c60152f60787cfc731db74fc650551068baf
632b66a7ac9ea99e8541b0cc5da49c7a1ec76b7edbfe7a5fd32cf35df87382e0
68865208ac1cc3b9a6a8bf2e7a8c6e95d90be33bbfd73bb9c682034199f176a4
8df5843326cbb863e1aa22c35ac28f63d1c8c3c832e53c81ceebd1b93ea55bb9
a63fb9da878b0ec21899ca5a9a208a28514577810e581a72643cdd4762113e39
bb1f2e4bbac40e08bcc5c46fe7875d5f780bf8351cd69736596316a40bb775a4
bbc602ae227241efa8806e1c610e4b23c921d9df835dcda76e878603727f053d