sasstopankl.cc - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is sasstopankl.cc.
TLS certificate: Issued by WE1 on August 27th 2024. Valid for: 3 months.

This is the only time sasstopankl.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Säästöpankki (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	185.251.48.79 185.251.48.79	28883 (SAMLINK-AS) (SAMLINK-AS)
5	2

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

sasstopankl.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.251.48.79 (Finland)

ASN28883 (SAMLINK-AS, FI)

verkkopankki.saastopankki.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	saastopankki.fi verkkopankki.saastopankki.fi	453 KB
1	sasstopankl.cc sasstopankl.cc	2 KB
5	2

	Domain	Requested by
4	verkkopankki.saastopankki.fi	sasstopankl.cc
1	sasstopankl.cc
5	2

This site contains no links.

Subject Issuer	Validity	Valid
sasstopankl.cc WE1	`2024-08-27` - `2024-11-25`	3 months	crt.sh
verkkopankki.saastopankki.fi Entrust Certification Authority - L1M	`2024-04-10` - `2025-04-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sasstopankl.cc/
Frame ID: 62F35763B3FE131ECF2EF932B7380C04
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Kirjaudu Säästöpankin verkkopankkiin / Logga in i Sparbankens nätbank

Page Statistics

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

455 kB
Transfer

451 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
sasstopankl.cc/ 4 KB
2 KB 634ms
557ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sasstopankl.cc/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acc4406ba7a28724e92b949fa31c4fd7338d03fa4ff42b718f56d44ee26044e3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8bb300319e9b3a67-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 30 Aug 2024 07:17:23 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
last-modified: Friday, 30-Aug-2024 07:17:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b2%2BpvN8qZSwv2BhLHFb65fbpI%2Bx0O3%2BWgpPi5EiQlZ3fvS0NcaZ6%2Bw0BLcEre0cWw2de%2BbosqAM5GSW%2BfPn4%2Fp8sLylCkDm%2FVofriWbsG7W7%2BNX3atj3T2FkkjQViZR6oN%2FatI8zHL7uC0vKfA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H/1.1 200
OK image
verkkopankki.saastopankki.fi/pankki/cms/ 221 KB
223 KB 528ms
186ms Image
image/jpeg 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://verkkopankki.saastopankki.fi/pankki/cms/image?t=1698044720296&uuid=f15a2f0d-f069-72b8-a706-6337d6b85200&groupId=10475

Requested by

Host: sasstopankl.cc
URL: https://sasstopankl.cc/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

/

Resource Hash

44beb06b6d01e280121858c7cbe52f92029f8640adc1619afd283be8e7c56aa6

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https://.aim.front.ai/ https://.boost.ai/;style-src 'unsafe-inline' 'self' https://.aim.front.ai/ https://fonts.googleapis.com/;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://.aim.front.ai/ https://www.googletagmanager.com https://.boost.ai/ https://www.google-analytics.com;img-src 'self' data: https://www.google-analytics.com https://.aim.front.ai/;default-src 'none';font-src 'self' https://fonts.gstatic.com/;frame-src https://verkkopankki.saastopankki.fi;object-src 'self';
Strict-Transport-Security	max-age=31536000, max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sasstopankl.cc/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 07:17:23 GMT
Strict-Transport-Security: max-age=31536000, max-age=31536000;
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self' https://*.aim.front.ai/ https://*.boost.ai/;style-src 'unsafe-inline' 'self' https://*.aim.front.ai/ https://fonts.googleapis.com/;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.aim.front.ai/ https://www.googletagmanager.com https://*.boost.ai/ https://www.google-analytics.com;img-src 'self' data: https://www.google-analytics.com https://*.aim.front.ai/;default-src 'none';font-src 'self' https://fonts.gstatic.com/;frame-src https://verkkopankki.saastopankki.fi;object-src 'self';
X-Frame-Options: DENY
Transfer-Encoding: chunked
Content-Type: image/jpeg
Cache-Control: max-age=7200, public
Connection: Keep-Alive
Keep-Alive: timeout=15, max=77
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK image
verkkopankki.saastopankki.fi/pankki/cms/ 14 KB
15 KB 1292ms
950ms Image
image/png 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://verkkopankki.saastopankki.fi/pankki/cms/image?uuid=444c17be-356f-4f7b-a201-a88a9d10c4e0&groupId=10475&t=1528786107912

Requested by

Host: sasstopankl.cc
URL: https://sasstopankl.cc/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

/

Resource Hash

84e3fb667af0953e19e5cd538786e7c6fb238717bcec384c9c30601a401a7e80

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' https://.aim.front.ai/ https://.boost.ai/;style-src 'unsafe-inline' 'self' https://.aim.front.ai/ https://fonts.googleapis.com/;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://.aim.front.ai/ https://www.googletagmanager.com https://.boost.ai/ https://www.google-analytics.com;img-src 'self' data: https://www.google-analytics.com https://.aim.front.ai/;default-src 'none';font-src 'self' https://fonts.gstatic.com/;frame-src https://verkkopankki.saastopankki.fi;object-src 'self';
Strict-Transport-Security	max-age=31536000, max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sasstopankl.cc/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 07:17:23 GMT
Strict-Transport-Security: max-age=31536000, max-age=31536000;
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self' https://*.aim.front.ai/ https://*.boost.ai/;style-src 'unsafe-inline' 'self' https://*.aim.front.ai/ https://fonts.googleapis.com/;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.aim.front.ai/ https://www.googletagmanager.com https://*.boost.ai/ https://www.google-analytics.com;img-src 'self' data: https://www.google-analytics.com https://*.aim.front.ai/;default-src 'none';font-src 'self' https://fonts.gstatic.com/;frame-src https://verkkopankki.saastopankki.fi;object-src 'self';
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: Keep-Alive
Keep-Alive: timeout=15, max=71
Content-Length: 14024
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sp_sininen_tausta.png
verkkopankki.saastopankki.fi/pankki/assets/sp/img/ 211 KB
212 KB 1571ms
243ms Image
image/png 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://verkkopankki.saastopankki.fi/pankki/assets/sp/img/sp_sininen_tausta.png

Requested by

Host: sasstopankl.cc
URL: https://sasstopankl.cc/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

/

Resource Hash

abfd8de945b3ccfcb7459ee221441693326558025c8b04ae7f5f42a37d9de0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000, max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sasstopankl.cc/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 07:17:24 GMT
Strict-Transport-Security: max-age=31536000, max-age=31536000;
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Aug 2024 04:19:46 GMT
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: max-age=63072000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=2
Content-Length: 215950
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK favicon.ico
verkkopankki.saastopankki.fi/pankki/assets/sp/img/ 2 KB
3 KB 80ms
76ms Other
image/vnd.microsoft.icon 185.251.48.79
SAMLINK-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://verkkopankki.saastopankki.fi/pankki/assets/sp/img/favicon.ico?4.20.6-20240129143908

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.251.48.79 , Finland, ASN28883 (SAMLINK-AS, FI),

Reverse DNS

Software

/

Resource Hash

bef85940a1df8fbf9fb1f054482fcd76c31f3394c7568c828c97f1488e63b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000, max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sasstopankl.cc/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 30 Aug 2024 07:17:27 GMT
Strict-Transport-Security: max-age=31536000, max-age=31536000;
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Aug 2024 04:19:46 GMT
X-Frame-Options: DENY
Content-Type: image/vnd.microsoft.icon
Cache-Control: max-age=63072000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=48
Content-Length: 1574
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Säästöpankki (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
verkkopankki.saastopankki.fi/pankki	1970-01-20 23:10:03	Name: lbsession Value: !+pWnsBmUufxgv1TdFjU25L992+GG/yc4ZV203lQMCDsOxk5sJ68c+fI2W+9Bp3dRkib8R5wABP1EmEE=
sasstopankl.cc/	1969-12-31 23:59:59	Name: PHPSESSID Value: efjdsaa7u1bjplnitqvjru1u03
.verkkopankki.saastopankki.fi/	1970-01-20 23:10:03	Name: smlsession Value: f90e9a718146a67123aa55fab52b6b74

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://sasstopankl.cc/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sasstopankl.cc
verkkopankki.saastopankki.fi
185.251.48.79
2a06:98c1:3121::3
44beb06b6d01e280121858c7cbe52f92029f8640adc1619afd283be8e7c56aa6
84e3fb667af0953e19e5cd538786e7c6fb238717bcec384c9c30601a401a7e80
abfd8de945b3ccfcb7459ee221441693326558025c8b04ae7f5f42a37d9de0e1
acc4406ba7a28724e92b949fa31c4fd7338d03fa4ff42b718f56d44ee26044e3
bef85940a1df8fbf9fb1f054482fcd76c31f3394c7568c828c97f1488e63b875

sasstopankl.cc Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

455 kBTransfer

451 kBSize

3 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

sasstopankl.cc Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

455 kB
Transfer

451 kB
Size

3
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!