![](/screenshots/0d2ec590-c500-48e4-9af3-195eb6669a3c.png)
identify.nordea.skobidoba.de
Open in
urlscan Pro
193.124.45.159
Malicious Activity!
Public Scan
Effective URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2Mngy...
Submission: On April 22 via manual from NO — Scanned from NO
Summary
TLS certificate: Issued by R3 on April 7th 2024. Valid for: 3 months.
This is the only time identify.nordea.skobidoba.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 45.33.29.14 45.33.29.14 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
1 2 | 193.124.45.159 193.124.45.159 | 48207 (GLBBULUTT...) (GLBBULUTTEKNOLOJISI-AS) | |
6 | 158.233.249.230 158.233.249.230 | 201271 (NORDEA-AS) (NORDEA-AS) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
10 | 4 |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: aspen.phplist.com
cinemata.hosted.phplist.com |
ASN48207 (GLBBULUTTEKNOLOJISI-AS, TR)
fdjkghdkfjghfdkljhlfkdsfg.ru | |
identify.nordea.skobidoba.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
nordea.com
identify.nordea.com — Cisco Umbrella Rank: 609102 |
82 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 767 |
29 KB |
1 |
skobidoba.de
identify.nordea.skobidoba.de |
11 KB |
1 |
fdjkghdkfjghfdkljhlfkdsfg.ru
1 redirects
fdjkghdkfjghfdkljhlfkdsfg.ru |
326 B |
1 |
phplist.com
1 redirects
cinemata.hosted.phplist.com |
528 B |
10 | 5 |
Domain | Requested by | |
---|---|---|
6 | identify.nordea.com |
identify.nordea.skobidoba.de
identify.nordea.com |
1 | code.jquery.com |
identify.nordea.skobidoba.de
|
1 | identify.nordea.skobidoba.de | |
1 | fdjkghdkfjghfdkljhlfkdsfg.ru | 1 redirects |
1 | cinemata.hosted.phplist.com | 1 redirects |
10 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
identify.nordea.skobidoba.de R3 |
2024-04-07 - 2024-07-06 |
3 months | crt.sh |
identify.nordea.com Entrust Certification Authority - L1M |
2024-03-20 - 2024-09-26 |
6 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/
Frame ID: 40CEFACE98F365160592484314368770
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/0d2ec590-c500-48e4-9af3-195eb6669a3c.png)
Page Title
Nordea - IdentifiseringPage URL History Show full URLs
-
https://cinemata.hosted.phplist.com/lists/lt.php?tid=fU8JAgcAVQ4PV0tSWQFTSQVbAFYdV1AEVk8FAF4PAQwGCwYAWwVLAwcLBVR...
HTTP 303
https://fdjkghdkfjghfdkljhlfkdsfg.ru/nordeaDirect/ HTTP 302
https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRl... Page URL
Detected technologies
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://cinemata.hosted.phplist.com/lists/lt.php?tid=fU8JAgcAVQ4PV0tSWQFTSQVbAFYdV1AEVk8FAF4PAQwGCwYAWwVLAwcLBVRaAlVJAFBUDR0BBgcOTwdWAVAVDVYKAQQGBwZUAgIASl5TUlMDAFUNHVQMBgFPUlENVBUNVgdVGwAEBlVVA19VDgYFVw
HTTP 303
https://fdjkghdkfjghfdkljhlfkdsfg.ru/nordeaDirect/ HTTP 302
https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/ Redirect Chain
|
10 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-e681949d088951026d3104067c0a00b7.css
identify.nordea.com/assets/ |
36 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.2.4.min.js
code.jquery.com/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
codes_app-a89defc476c5ea3f806b6f5360157e81.svg
identify.nordea.com/assets/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg
identify.nordea.com/assets/images/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bankidnomobile-8bd2f3c1665c6c00eff2af6bd153e9f6.svg
identify.nordea.com/assets/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
identify.nordea.com/assets/ |
67 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
identify.nordea.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
identify.nordea.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon-9a39921b4a8d93d5528b4ccdc5d76e91.ico
identify.nordea.com/assets/images/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- identify.nordea.com
- URL
- https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
- Domain
- identify.nordea.com
- URL
- https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.phplist.com/ | Name: WebblerSession Value: 0qc5mg5uuhvnobbm0i7s28efo5 |
|
cinemata.hosted.phplist.com/ | Name: SERVERID Value: pqserver4|ZiYHa|ZiYHa |
|
identify.nordea.skobidoba.de/ | Name: PHPSESSID Value: 0aophbi5g9g61vfmaag0spip5v |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cinemata.hosted.phplist.com
code.jquery.com
fdjkghdkfjghfdkljhlfkdsfg.ru
identify.nordea.com
identify.nordea.skobidoba.de
identify.nordea.com
158.233.249.230
193.124.45.159
2a04:4e42:200::649
45.33.29.14
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb
742f4ac7148ead577b274c9d2ee2d5b6a4916bcfcf483d7a0c1d75bae8fe1261
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
8e983af3546212ed1e62b9c26c00f0f3a4c6fa7c17c9b852cd2910f8b425f8d3
b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9
ca0fca0507f078110c39601829a23f193580bb4957e0e9a0dcd13b987cfdb210
e7c43461481c45416510cc850cdc8b1db76d00964b110628ad197d278dfbd608