tthedayhascometoanend.xyz
Open in
urlscan Pro
45.89.66.110
Malicious Activity!
Public Scan
Submission Tags: 6749074
Submission: On August 29 via api from NL
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 27th 2020. Valid for: 3 months.
This is the only time tthedayhascometoanend.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Handelsbanken (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 45.89.66.110 45.89.66.110 | 35196 (IHOR-AS) (IHOR-AS) | |
1 | 192.176.124.131 192.176.124.131 | 3301 (TELIANET-...) (TELIANET-SWEDEN Telia Company) | |
1 | 194.240.69.206 194.240.69.206 | 28883 (SAMLINK-AS) (SAMLINK-AS) | |
7 | 4 |
ASN3301 (TELIANET-SWEDEN Telia Company, SE)
PTR: link01.handelsbanken.se
www.handelsbanken.fi |
ASN28883 (SAMLINK-AS, FI)
PTR: www4.handelsbanken.fi
www4.handelsbanken.fi |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
tthedayhascometoanend.xyz
tthedayhascometoanend.xyz |
719 KB |
2 |
handelsbanken.fi
www4.handelsbanken.fi Failed www.handelsbanken.fi |
644 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
4 | tthedayhascometoanend.xyz |
tthedayhascometoanend.xyz
|
1 | www.handelsbanken.fi |
tthedayhascometoanend.xyz
|
1 | www4.handelsbanken.fi |
tthedayhascometoanend.xyz
|
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tthedayhascometoanend.xyz cPanel, Inc. Certification Authority |
2020-08-27 - 2020-11-25 |
3 months | crt.sh |
www.handelsbanken.se DigiCert SHA2 Extended Validation Server CA |
2020-03-13 - 2021-03-18 |
a year | crt.sh |
www4.handelsbanken.fi DigiCert SHA2 Extended Validation Server CA |
2020-01-30 - 2021-02-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tthedayhascometoanend.xyz/Saturday/handelsbanken/validation/
Frame ID: A1308EE76E7552FF0C49464ADC65C8A9
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www4.handelsbanken.fi/pankki/assets20200607134119604/shb/css/shb_private.min.css HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0 HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen HTTP 302
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
tthedayhascometoanend.xyz/Saturday/handelsbanken/validation/ |
269 KB 269 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
kirjautuminen
www4.handelsbanken.fi/pankki/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shb-large-logo.svg
www.handelsbanken.fi/sv/sepu/img/jedi/base/kit/ |
13 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keycard-image.png
tthedayhascometoanend.xyz/Saturday/handelsbanken/validation/ |
450 KB 450 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image
www4.handelsbanken.fi/pankki/cms/ |
636 KB 638 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
StagWeb-Medium.woff
tthedayhascometoanend.xyz/Saturday/netbank/font/stagweb/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
StagWeb-Medium.ttf
tthedayhascometoanend.xyz/Saturday/netbank/font/stagweb/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www4.handelsbanken.fi
- URL
- https://www4.handelsbanken.fi/pankki/kirjautuminen?0
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Handelsbanken (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
tthedayhascometoanend.xyz
www.handelsbanken.fi
www4.handelsbanken.fi
www4.handelsbanken.fi
192.176.124.131
194.240.69.206
45.89.66.110
0c190b7ac47351e097e26239bac09899f1980464bf6499d0389084d7f390dc72
40597200640275a330720b90f639444969ef235df7aa8076c8a6bea9f3531ed4
6f1497ada6130f0621c0be65d76d578c5a85b1a72af6e1e8bd4cb93efab8d7ee
ada32374af61fcb53912c32935675bcf6e935f809caebb00833362c9df6c25f3