nordea.securetransactions.info
Open in
urlscan Pro
198.251.88.188
Malicious Activity!
Public Scan
Effective URL: https://nordea.securetransactions.info/login
Submission: On May 14 via manual from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on April 29th 2024. Valid for: 3 months.
This is the only time nordea.securetransactions.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 198.251.88.188 198.251.88.188 | 53667 (PONYNET) (PONYNET) | |
4 | 54.220.192.176 54.220.192.176 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 2 |
ASN53667 (PONYNET, US)
PTR: c4.my-control-panel.com
nordea.securetransactions.info |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-192-176.eu-west-1.compute.amazonaws.com
api-world-d8c5917b0a3d.herokuapp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
securetransactions.info
nordea.securetransactions.info |
369 KB |
4 |
herokuapp.com
api-world-d8c5917b0a3d.herokuapp.com |
3 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
9 | nordea.securetransactions.info |
nordea.securetransactions.info
|
4 | api-world-d8c5917b0a3d.herokuapp.com |
nordea.securetransactions.info
|
13 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nordea.se |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.seb.securetransactions.info R3 |
2024-04-29 - 2024-07-28 |
3 months | crt.sh |
*.herokuapp.com Amazon RSA 2048 M03 |
2024-03-02 - 2025-03-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://nordea.securetransactions.info/login
Frame ID: 23C50FB6E27FFB7D019D17A6FAEFA58A
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
-
http://nordea.securetransactions.info/login
HTTP 307
https://nordea.securetransactions.info/login Page URL
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Behandling av personuppgifter
Search URL Search Domain Scan URL
Title: Läs mer om säkerhetÖppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Läs mer om cookiesÖppnas i nytt fönster
Search URL Search Domain Scan URL
Title: nordea.se/nätbankstips.
Search URL Search Domain Scan URL
Title: nordea.se/mobiltbankid.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nordea.securetransactions.info/login
HTTP 307
https://nordea.securetransactions.info/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login
nordea.securetransactions.info/ Redirect Chain
|
606 B 518 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.c03286be.js
nordea.securetransactions.info/static/js/ |
380 KB 117 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.47459b6e.css
nordea.securetransactions.info/static/css/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
new_customer_bg.75cd8f7c2084b0ddbee54d2f22aa7f86.svg
nordea.securetransactions.info/static/media/ |
250 B 332 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
new_customer.59298dbaf0ddc1bcd1c6a716c9a7a33c.svg
nordea.securetransactions.info/static/media/ |
6 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background.ff0f06dcf7f966cd4bbd.jpg
nordea.securetransactions.info/static/media/ |
176 KB 177 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nordea-sans.1273415d7fcec00621e0.ttf
nordea.securetransactions.info/static/media/ |
71 KB 34 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
NordeaSansSmall.b445af4a13e10c94e7d3.ttf
nordea.securetransactions.info/static/media/ |
68 KB 33 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
118 B 909 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
nordea.securetransactions.info/ |
1 KB 203 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
2 B 775 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
32 B 822 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api-world-d8c5917b0a3d.herokuapp.com/socket.io/ |
1 B 790 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| platform1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nordea.securetransactions.info/ | Name: nord_session_id Value: 9253efcc-f148-43c0-b652-c4378b759732 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-world-d8c5917b0a3d.herokuapp.com
nordea.securetransactions.info
198.251.88.188
54.220.192.176
1803077f02945c4a89476392df4246048e2a18b2e46e11978fdad93db5ace4ca
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29045d98b84f1c0f30429859e13000d20bbf3b8183f71a55bc6006e78f223e40
2d02aad99fc053ea44153712addcefdb70f8988a8749b447ac0b37cf42b94c5e
4dbb9685031dd1b2fe96aa9df394949d406c3ca938cf489919f977f7d4da4b27
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb
9b12e3243dee7aff04d6aa5ced578138352aa5df08a74d6c656b3bd4ef09c9f3
9d37394dbeca75299e77738f7cb0304bbcd30a229e806fe21d4d58eb61231c68
a4a6b4fe5e9321578d4b1df41108c3eee18554bbb5ed6b8ec4d98d3d4076f905
b3b71a6cc4563e96c5ea22d44fdab6389bef2b9a0b52e64e5793ada7e0fd2c06
b66d265f010f8c27f0640042b44c99c6fb3ee5325f0dd4c8187042132396428b
bdf9cd9c908916a8cfc5169a3fcb1585f79e7629ef100b4cbc46f81c08d94aa2
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683