nordea.securetransactions.info Open in urlscan Pro
198.251.88.188 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nordea.securetransactions.info/login
Effective URL:
https://nordea.securetransactions.info/login
Submission: On May 14 via manual (May 14th 2024, 11:08:56 am UTC) from FI — Scanned from FI

Summary HTTP 13 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 198.251.88.188, located in Luxembourg, Luxembourg and belongs to PONYNET, US. The main domain is nordea.securetransactions.info.
TLS certificate: Issued by R3 on April 29th 2024. Valid for: 3 months.

This is the only time nordea.securetransactions.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	198.251.88.188 198.251.88.188	53667 (PONYNET) (PONYNET)
4	54.220.192.176 54.220.192.176	16509 (AMAZON-02) (AMAZON-02)
13	2

9 198.251.88.188 (Luxembourg, Luxembourg)

ASN53667 (PONYNET, US)
PTR: c4.my-control-panel.com

nordea.securetransactions.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.220.192.176 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-192-176.eu-west-1.compute.amazonaws.com

api-world-d8c5917b0a3d.herokuapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	securetransactions.info nordea.securetransactions.info	369 KB
4	herokuapp.com api-world-d8c5917b0a3d.herokuapp.com	3 KB
13	2

	Domain	Requested by
9	nordea.securetransactions.info	nordea.securetransactions.info
4	api-world-d8c5917b0a3d.herokuapp.com	nordea.securetransactions.info
13	2

This site contains links to these domains. Also see Links.

Domain
www.nordea.se

Subject Issuer	Validity	Valid
www.seb.securetransactions.info R3	`2024-04-29` - `2024-07-28`	3 months	crt.sh
*.herokuapp.com Amazon RSA 2048 M03	`2024-03-02` - `2025-03-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://nordea.securetransactions.info/login
Frame ID: 23C50FB6E27FFB7D019D17A6FAEFA58A
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

http://nordea.securetransactions.info/login HTTP 307
https://nordea.securetransactions.info/login Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

372 kB
Transfer

728 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.nordea.se/om-nordea/behandling-av-personuppgifter.html
Title: Behandling av personuppgifter

Search URL Search Domain Scan URL

URL: http://www.nordea.se/om-nordea/sakerhet-bedrageri.html
Title: Läs mer om säkerhetÖppnas i nytt fönster

Search URL Search Domain Scan URL

URL: https://www.nordea.se/privat/cookies.html
Title: Läs mer om cookiesÖppnas i nytt fönster

Search URL Search Domain Scan URL

URL: https://www.nordea.se/privat/kundservice/kom-igang-internetbanken.html
Title: nordea.se/nätbankstips.

Search URL Search Domain Scan URL

URL: https://www.nordea.se/privat/produkter/mobilbank-internetbank/mobilt-bankid.html
Title: nordea.se/mobiltbankid.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nordea.securetransactions.info/login HTTP 307
https://nordea.securetransactions.info/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login Show response nordea.securetransactions.info/ Redirect Chain http://nordea.securetransactions.info/login https://nordea.securetransactions.info/login	606 B 518 B	602ms 96ms	Document text/html	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://nordea.securetransactions.info/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `9b12e3243dee7aff04d6aa5ced578138352aa5df08a74d6c656b3bd4ef09c9f3` Request headers Accept-Language fi-FI,fi;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 264 content-type text/html date Tue, 14 May 2024 11:08:51 GMT last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed vary Accept-Encoding Redirect headers Location https://nordea.securetransactions.info/login Non-Authoritative-Reason HttpsUpgrades
GET H2	200	main.c03286be.js Show response nordea.securetransactions.info/static/js/	380 KB 117 KB	193ms 193ms	Script text/javascript	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://nordea.securetransactions.info/static/js/main.c03286be.js Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `4dbb9685031dd1b2fe96aa9df394949d406c3ca938cf489919f977f7d4da4b27` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/login Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:51 GMT content-encoding br last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed vary Accept-Encoding content-type text/javascript accept-ranges bytes content-length 119469
GET H2	200	main.47459b6e.css nordea.securetransactions.info/static/css/	24 KB 5 KB	192ms 191ms	Stylesheet text/css	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://nordea.securetransactions.info/static/css/main.47459b6e.css Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `b3b71a6cc4563e96c5ea22d44fdab6389bef2b9a0b52e64e5793ada7e0fd2c06` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/login Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:51 GMT content-encoding br last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 5271 expires Tue, 21 May 2024 11:08:51 GMT
GET H3	200	new_customer_bg.75cd8f7c2084b0ddbee54d2f22aa7f86.svg nordea.securetransactions.info/static/media/	250 B 332 B	269ms 269ms	Image image/svg+xml	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://nordea.securetransactions.info/static/media/new_customer_bg.75cd8f7c2084b0ddbee54d2f22aa7f86.svg Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `9d37394dbeca75299e77738f7cb0304bbcd30a229e806fe21d4d58eb61231c68` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/login Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:52 GMT content-encoding br last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 173 expires Tue, 21 May 2024 11:08:52 GMT
GET H3	200	new_customer.59298dbaf0ddc1bcd1c6a716c9a7a33c.svg nordea.securetransactions.info/static/media/	6 KB 2 KB	98ms 98ms	Image image/svg+xml	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://nordea.securetransactions.info/static/media/new_customer.59298dbaf0ddc1bcd1c6a716c9a7a33c.svg Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `b66d265f010f8c27f0640042b44c99c6fb3ee5325f0dd4c8187042132396428b` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/login Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:52 GMT content-encoding br last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes content-length 2156 expires Tue, 21 May 2024 11:08:52 GMT
GET H3	200	background.ff0f06dcf7f966cd4bbd.jpg nordea.securetransactions.info/static/media/	176 KB 177 KB	100ms 99ms	Image image/jpeg	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://nordea.securetransactions.info/static/media/background.ff0f06dcf7f966cd4bbd.jpg Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `a4a6b4fe5e9321578d4b1df41108c3eee18554bbb5ed6b8ec4d98d3d4076f905` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/login Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:52 GMT last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 180611 expires Tue, 21 May 2024 11:08:52 GMT
GET H3	200	nordea-sans.1273415d7fcec00621e0.ttf nordea.securetransactions.info/static/media/	71 KB 34 KB	117ms 117ms	Font font/ttf	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://nordea.securetransactions.info/static/media/nordea-sans.1273415d7fcec00621e0.ttf Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/static/css/main.47459b6e.css Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `1803077f02945c4a89476392df4246048e2a18b2e46e11978fdad93db5ace4ca` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/static/css/main.47459b6e.css Origin https://nordea.securetransactions.info Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:52 GMT content-encoding br last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed vary Accept-Encoding content-type font/ttf cache-control public, max-age=604800 accept-ranges bytes content-length 35016 expires Tue, 21 May 2024 11:08:52 GMT
GET H3	200	NordeaSansSmall.b445af4a13e10c94e7d3.ttf nordea.securetransactions.info/static/media/	68 KB 33 KB	227ms 226ms	Font font/ttf	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://nordea.securetransactions.info/static/media/NordeaSansSmall.b445af4a13e10c94e7d3.ttf Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/static/css/main.47459b6e.css Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `bdf9cd9c908916a8cfc5169a3fcb1585f79e7629ef100b4cbc46f81c08d94aa2` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/static/css/main.47459b6e.css Origin https://nordea.securetransactions.info Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:52 GMT content-encoding br last-modified Thu, 11 Apr 2024 08:33:44 GMT server LiteSpeed vary Accept-Encoding content-type font/ttf cache-control public, max-age=604800 accept-ranges bytes content-length 33874 expires Tue, 21 May 2024 11:08:52 GMT
GET H/1.1	200 OK	/ Show response api-world-d8c5917b0a3d.herokuapp.com/socket.io/	118 B 909 B	315ms 76ms	XHR text/plain	54.220.192.176 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=OzsodgP Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/static/js/main.c03286be.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.220.192.176 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-220-192-176.eu-west-1.compute.amazonaws.com Software Cowboy / Resource Hash `29045d98b84f1c0f30429859e13000d20bbf3b8183f71a55bc6006e78f223e40` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept / Referer https://nordea.securetransactions.info/ Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 14 May 2024 11:08:52 GMT Via 1.1 vegur Nel {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Server Cowboy Vary Origin Report-To {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D"}]} Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin https://nordea.securetransactions.info Cache-Control no-store Connection keep-alive Content-Length 118 Reporting-Endpoints heroku-nel=https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D
GET H3	200	favicon.ico nordea.securetransactions.info/	1 KB 203 B	259ms 259ms	Other image/x-icon	198.251.88.188 PONYNET
General Check archive.org Show headers Download Go to Full URL https://nordea.securetransactions.info/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 198.251.88.188 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c4.my-control-panel.com Software LiteSpeed / Resource Hash `53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://nordea.securetransactions.info/login Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 14 May 2024 11:08:52 GMT content-encoding br last-modified Thu, 28 Dec 2023 20:01:56 GMT server LiteSpeed vary Accept-Encoding content-type image/x-icon cache-control public, max-age=604800 accept-ranges bytes content-length 147 expires Tue, 21 May 2024 11:08:52 GMT
POST H/1.1	200 OK	/ Show response api-world-d8c5917b0a3d.herokuapp.com/socket.io/	2 B 775 B	75ms 75ms	XHR text/html	54.220.192.176 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=OzsodlM&sid=XWmrCZryqUbb_5PdABZ_ Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/static/js/main.c03286be.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.220.192.176 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-220-192-176.eu-west-1.compute.amazonaws.com Software Cowboy / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-type text/plain;charset=UTF-8 Accept / Referer https://nordea.securetransactions.info/ sec-ch-ua-platform "Win32" Response headers Date Tue, 14 May 2024 11:08:52 GMT Via 1.1 vegur Nel {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Server Cowboy Vary Origin Report-To {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D"}]} Content-Type text/html Access-Control-Allow-Origin https://nordea.securetransactions.info Cache-Control no-store Connection keep-alive Content-Length 2 Reporting-Endpoints heroku-nel=https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D
GET H/1.1	200 OK	/ Show response api-world-d8c5917b0a3d.herokuapp.com/socket.io/	32 B 822 B	152ms 77ms	XHR text/plain	54.220.192.176 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=OzsodlN&sid=XWmrCZryqUbb_5PdABZ_ Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/static/js/main.c03286be.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.220.192.176 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-220-192-176.eu-west-1.compute.amazonaws.com Software Cowboy / Resource Hash `2d02aad99fc053ea44153712addcefdb70f8988a8749b447ac0b37cf42b94c5e` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept / Referer https://nordea.securetransactions.info/ Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 14 May 2024 11:08:52 GMT Via 1.1 vegur Nel {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Server Cowboy Vary Origin Report-To {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D"}]} Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin https://nordea.securetransactions.info Cache-Control no-store Connection keep-alive Content-Length 32 Reporting-Endpoints heroku-nel=https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D
GET H/1.1	200 OK	/ Show response api-world-d8c5917b0a3d.herokuapp.com/socket.io/	1 B 790 B	315ms 315ms	XHR text/plain	54.220.192.176 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-world-d8c5917b0a3d.herokuapp.com/socket.io/?EIO=4&transport=polling&t=Ozsodno&sid=XWmrCZryqUbb_5PdABZ_ Requested by Host: nordea.securetransactions.info URL: https://nordea.securetransactions.info/static/js/main.c03286be.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.220.192.176 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-220-192-176.eu-west-1.compute.amazonaws.com Software Cowboy / Resource Hash `e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept / Referer https://nordea.securetransactions.info/ Accept-Language fi-FI,fi;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 14 May 2024 11:08:53 GMT Via 1.1 vegur Nel {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Server Cowboy Vary Origin Report-To {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D"}]} Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin https://nordea.securetransactions.info Cache-Control no-store Connection keep-alive Content-Length 1 Reporting-Endpoints heroku-nel=https://nel.heroku.com/reports?ts=1715684932&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=2Hy3jwxR915OZyK7V1j8ymukSnhmqu%2F92CmL%2FLCDJaM%3D

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| platform

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nordea.securetransactions.info/	1970-01-20 20:39:04	Name: nord_session_id Value: 9253efcc-f148-43c0-b652-c4378b759732

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-world-d8c5917b0a3d.herokuapp.com
nordea.securetransactions.info
198.251.88.188
54.220.192.176
1803077f02945c4a89476392df4246048e2a18b2e46e11978fdad93db5ace4ca
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29045d98b84f1c0f30429859e13000d20bbf3b8183f71a55bc6006e78f223e40
2d02aad99fc053ea44153712addcefdb70f8988a8749b447ac0b37cf42b94c5e
4dbb9685031dd1b2fe96aa9df394949d406c3ca938cf489919f977f7d4da4b27
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb
9b12e3243dee7aff04d6aa5ced578138352aa5df08a74d6c656b3bd4ef09c9f3
9d37394dbeca75299e77738f7cb0304bbcd30a229e806fe21d4d58eb61231c68
a4a6b4fe5e9321578d4b1df41108c3eee18554bbb5ed6b8ec4d98d3d4076f905
b3b71a6cc4563e96c5ea22d44fdab6389bef2b9a0b52e64e5793ada7e0fd2c06
b66d265f010f8c27f0640042b44c99c6fb3ee5325f0dd4c8187042132396428b
bdf9cd9c908916a8cfc5169a3fcb1585f79e7629ef100b4cbc46f81c08d94aa2
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

nordea.securetransactions.info Open in urlscan Pro 198.251.88.188 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

372 kBTransfer

728 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

nordea.securetransactions.info Open in urlscan Pro
198.251.88.188 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

372 kB
Transfer

728 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!