nor-dea.com
Open in
urlscan Pro
138.201.47.52
Malicious Activity!
Public Scan
Effective URL: https://nor-dea.com/
Submission: On July 14 via manual from DK
Summary
TLS certificate: Issued by R3 on July 13th 2021. Valid for: 3 months.
This is the only time nor-dea.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 28 | 138.201.47.52 138.201.47.52 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 34.107.253.133 34.107.253.133 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.109.77.38 104.109.77.38 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
29 | 4 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-109-77-38.deploy.static.akamaitechnologies.com
tags.tiqcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
nor-dea.com
1 redirects
nor-dea.com |
955 KB |
1 |
tiqcdn.com
tags.tiqcdn.com |
202 B |
1 |
cookiereports.com
policy.cookiereports.com |
30 KB |
29 | 3 |
Domain | Requested by | |
---|---|---|
28 | nor-dea.com |
1 redirects
nor-dea.com
|
1 | tags.tiqcdn.com |
nor-dea.com
|
1 | policy.cookiereports.com |
nor-dea.com
|
29 | 3 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.nor-dea.com R3 |
2021-07-13 - 2021-10-11 |
3 months | crt.sh |
policy.cookiereports.com Gandi Standard SSL CA 2 |
2021-05-17 - 2022-05-24 |
a year | crt.sh |
*.tiqcdn.com DigiCert SHA2 Secure Server CA |
2021-04-19 - 2022-04-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://nor-dea.com/
Frame ID: 06403D1C21FC565AB0838C286AD2816F
Requests: 30 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://nor-dea.com/
HTTP 301
https://nor-dea.com/ Page URL
Detected technologies
Tealium (Advertising Networks) ExpandDetected patterns
- script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i
Page Statistics
32 Outgoing links
These are links going to different origins than the main page.
Title: Valutakurser Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Valutaomräknare Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Hitta kontor och uttagsautomat Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Nordea Danmark Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Nordea Finland Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Nordea Norge Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Nordea.com Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Vilka vi är Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Nordea i siffror Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Lediga jobb Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Hållbarhet i Nordea Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Tjänster för stora företag och finansinstitut Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Nyheter & pressmeddelanden Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Presskontakter Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Ingela Gabrielssons blogg Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Investeringsbloggen Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: Öppnas i nytt fönster
Search URL Search Domain Scan URL
Title: cookie-policy
Search URL Search Domain Scan URL
Title: Tealium
Search URL Search Domain Scan URL
Title: Sekretesspolicy
Search URL Search Domain Scan URL
Title: VMware, Inc
Search URL Search Domain Scan URL
Title: Sekretesspolicy
Search URL Search Domain Scan URL
Title: Adobe Inc.
Search URL Search Domain Scan URL
Title: Sekretesspolicy
Search URL Search Domain Scan URL
Title: Microsoft Internet Explorer (IE)
Search URL Search Domain Scan URL
Title: Google Chrome
Search URL Search Domain Scan URL
Title: Safari
Search URL Search Domain Scan URL
Title: Firefox
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nor-dea.com/
HTTP 301
https://nor-dea.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
nor-dea.com/ Redirect Chain
|
84 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
mainfa3e.css
nor-dea.com/static/dotxx2017/css/ |
257 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
clientfa3e.js
nor-dea.com/static-client/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
vendors_clientfa3e.js
nor-dea.com/static-client/ |
196 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
mainfa3e.js
nor-dea.com/static/dotxx2017/js/ |
434 KB 118 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
utag.sync.js
nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
Nordea-logo%20(2017).svg
nor-dea.com/Images/154-169221/ |
2 KB 920 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
porch-large-overlay.jpg
nor-dea.com/Images/154-315652/ |
78 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
family-playing-on-floor-small-overlay.jpg
nor-dea.com/Images/154-230341/ |
46 KB 46 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
woman-looking-at-temple-small-overlay.jpg
nor-dea.com/Images/154-236000/ |
49 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
nordea-open-bag-small.jpg
nor-dea.com/Images/154-406600/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
Nora-summer-campaign-large-overlay_1280x650.jpg
nor-dea.com/Images/154-320168/ |
181 KB 181 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
father-playing-with-his-child-small-overlay.jpg
nor-dea.com/Images/154-234713/ |
43 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
wearables-small-dark-overlay.jpg
nor-dea.com/Images/154-406881/ |
50 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
customer-service-blue-background.png
nor-dea.com/Images/154-405954/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
facebook.svg
nor-dea.com/Images/154-200667/ |
303 B 281 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
twitter.svg
nor-dea.com/Images/154-200669/ |
723 B 456 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
linkedin.svg
nor-dea.com/Images/154-200668/ |
382 B 294 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
youtube.svg
nor-dea.com/Images/154-200670/ |
785 B 475 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
utag.js
nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/ |
286 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
177 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
NordeaSansSmall-Regular.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
NordeaSansSmall-Medium.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
iconfont.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
NordeaSansLarge-Regular.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
NordeaSansLarge-Medium.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ |
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
2cdc3edd_panel-sv-se.js
nor-dea.com/policy.cookiereports.com/ |
118 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
policy.cookiereports.com/j/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ |
2 B 202 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
getMessage
nor-dea.com/wemapp/api/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| __HYDRATION_DATA__ object| __CONTEXT__ object| Nordea object| app_params boolean| isInICE object| __TEALIUM function| mboxCreate function| mboxDefine function| mboxUpdate object| adobe object| utag_data object| webpackChunkpublic_sites_node object| _cookiereports boolean| utag_condload object| utag function| e function| AppMeasurement_Module_AudienceManagement boolean| __tealium_twc_switch function| DIL object| globalWebAnalytics function| Visitor function| targetPageParamsAll function| targetPageParams function| $ function| jQuery object| cookieTable object| elm1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nor-dea.com/ | Name: utag_main Value: v_id:017aa567d8370097aea3f872717800072001406a00b08$_sn:1$_se:1$_ss:1$_st:1626274484088$ses_id:1626272684088%3Bexp-session$_pn:1%3Bexp-session$lv:1$sv:1%3Bexp-session$le:1$se:1%3Bexp-session |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nor-dea.com
policy.cookiereports.com
tags.tiqcdn.com
104.109.77.38
138.201.47.52
34.107.253.133
0e8ab3d655b751d6b3f68a94a768ce65a547ad949ed772c092995bebcb34cd85
1046c2618aa140dc881112f813d041df7f2c364e49d166b0c2a34e7484119aef
1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245
10d3caf25a8a3d647cc2176ec4f8ba242875c500ae37c372a4cd8d99497a99c7
11022533036c924a0ef12239e16c15a709c3f9770bdca71656d69f7fd3c60efc
186f036270909ecb8b5250b41d4eff456fb31592d7ad6d974d8a60ea9a30d66d
1a6ed310ee1475bde1229e47b8813fab95c0b3bed16840e6d72b601f7f3c79ac
1af3fc06c25b77614b8d5803ace1a2d4fd184b2e41c741d3e0d947f68fc5e13f
1d8021bcac1849e2ee1ae2b7ab0180d1b4f51246d933e74ed45a8419bbdf1071
25cb4931bdc73603ef1ed80c0a29fc9271ccada257dea824215a4d25e39130ab
35e886d202e2c72219bf834f5a67b9c12cf6698eb4237d8d54696572a377d624
4273df9fda1edea73177fc0f181a659e190e37e040f09640f67f7bfe822df3b9
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
47080fc7030412fd77e6bc2585c81b13814c91800bf956bba2a1495ca2a53aa3
4723f5a4161346b300c1e4cdda8b84eb6a207df5463f486b23393055e54fa631
4c40679e994e802dd8c84cad39768099c24d54ae2dcab56703d8e3e91594bc44
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
693d46ad0e903dce59615931e50bed9218962085b0ae2f048539cfd13210ca73
8514f3a8592336e28a91f99c3dc469d9525d83d991c9e2bb9a7452e1dd12f71f
89c14d71c5b3d7c02ababcfd9203957d2fcf6bdfe5fbcec115af48cabfa25a5b
9efe2862691ae1d9e1616af064b96b0099d43e3e04de9f8cac73d6150132b550
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
ba169ea224ff6c846a703647365946227857741b396358792820eec52ceba3cc
bfd9becc09685210c985de3e4d672b311ab8db794d1027b4ac71a46d5a4ecad3
c1646d8b60b20b3020d99197f13a940cbdcc12506fe75bd9e3817e5c5dbf10bf
c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3
cf6be2ffab32870f193c4c3c82a598079bcfc2a019166cded5cc31b3df47abc2
dc66a5501365c26e5f0c0b47451f901e4038f9c341e9f573ecf0326b95710eef
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d