www.nordea.securetransactions.info
Open in
urlscan Pro
198.251.88.188
Malicious Activity!
Public Scan
Submission: On May 14 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 29th 2024. Valid for: 3 months.
This is the only time www.nordea.securetransactions.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 198.251.88.188 198.251.88.188 | 53667 (PONYNET) (PONYNET) | |
12 | 2 |
ASN53667 (PONYNET, US)
PTR: c4.my-control-panel.com
www.nordea.securetransactions.info |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
securetransactions.info
www.nordea.securetransactions.info |
369 KB |
0 |
herokuapp.com
Failed
api-world-d8c5917b0a3d.herokuapp.com Failed |
|
12 | 2 |
Domain | Requested by | |
---|---|---|
9 | www.nordea.securetransactions.info |
www.nordea.securetransactions.info
|
0 | api-world-d8c5917b0a3d.herokuapp.com Failed |
www.nordea.securetransactions.info
|
12 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nordea.se |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.seb.securetransactions.info R3 |
2024-04-29 - 2024-07-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.nordea.securetransactions.info/
Frame ID: 58517FD056EB50EC732604861352F429
Requests: 12 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title: Behandling av personuppgifter
Search URL Search Domain Scan URL
Title: Läs mer om säkerhetÖppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Läs mer om cookiesÖppnas i nytt fönster
Search URL Search Domain Scan URL
Title: nordea.se/nätbankstips.
Search URL Search Domain Scan URL
Title: nordea.se/mobiltbankid.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.nordea.securetransactions.info/ |
606 B 518 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.c03286be.js
www.nordea.securetransactions.info/static/js/ |
380 KB 117 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.47459b6e.css
www.nordea.securetransactions.info/static/css/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
new_customer_bg.75cd8f7c2084b0ddbee54d2f22aa7f86.svg
www.nordea.securetransactions.info/static/media/ |
250 B 345 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
new_customer.59298dbaf0ddc1bcd1c6a716c9a7a33c.svg
www.nordea.securetransactions.info/static/media/ |
6 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background.ff0f06dcf7f966cd4bbd.jpg
www.nordea.securetransactions.info/static/media/ |
176 KB 177 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nordea-sans.1273415d7fcec00621e0.ttf
www.nordea.securetransactions.info/static/media/ |
71 KB 34 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
NordeaSansSmall.b445af4a13e10c94e7d3.ttf
www.nordea.securetransactions.info/static/media/ |
68 KB 33 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
www.nordea.securetransactions.info/ |
1 KB 203 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api-world-d8c5917b0a3d.herokuapp.com
- URL
- https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=OzsaVf9
- Domain
- api-world-d8c5917b0a3d.herokuapp.com
- URL
- https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=OzsaW1f
- Domain
- api-world-d8c5917b0a3d.herokuapp.com
- URL
- https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=OzsaWNB
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| platform1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.nordea.securetransactions.info/ | Name: nord_session_id Value: 2939b9c8-09e2-49f2-8ccd-678dfe3760d3 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-world-d8c5917b0a3d.herokuapp.com
www.nordea.securetransactions.info
api-world-d8c5917b0a3d.herokuapp.com
198.251.88.188
1803077f02945c4a89476392df4246048e2a18b2e46e11978fdad93db5ace4ca
4dbb9685031dd1b2fe96aa9df394949d406c3ca938cf489919f977f7d4da4b27
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb
9b12e3243dee7aff04d6aa5ced578138352aa5df08a74d6c656b3bd4ef09c9f3
9d37394dbeca75299e77738f7cb0304bbcd30a229e806fe21d4d58eb61231c68
a4a6b4fe5e9321578d4b1df41108c3eee18554bbb5ed6b8ec4d98d3d4076f905
b3b71a6cc4563e96c5ea22d44fdab6389bef2b9a0b52e64e5793ada7e0fd2c06
b66d265f010f8c27f0640042b44c99c6fb3ee5325f0dd4c8187042132396428b
bdf9cd9c908916a8cfc5169a3fcb1585f79e7629ef100b4cbc46f81c08d94aa2