nordea.secure294.com Open in urlscan Pro
185.247.184.10  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request privat Show response nordea.secure294.com/	6 KB 3 KB	270ms 104ms	Document text/html	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://nordea.secure294.com/privat Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash d01b21b18f42e608dc8b7a9e6bf7a9cffa2d260bd002fb0f9aba8d3a967cbfd4 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language se-SE,se;q=0.9 Response headers cache-control no-cache, private content-encoding gzip content-type text/html; charset=UTF-8 date Tue, 07 Mar 2023 09:23:00 GMT server nginx vary Accept-Encoding x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	app.css nordea.secure294.com/css/nordea/	12 KB 4 KB	68ms 67ms	Stylesheet text/css	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://nordea.secure294.com/css/nordea/app.css?id=4cee94230bab3a20e9ea046d4399c4ed Requested by Host: nordea.secure294.com URL: https://nordea.secure294.com/privat Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash 02f83a5b9399a138bd6017bb0c2e5f2924f0e36799324e7e4f4f517130939952 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://nordea.secure294.com/privat User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 07 Mar 2023 09:23:00 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 16 Feb 2023 15:20:14 GMT server nginx etag W/"63ee49ae-302c" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css x-xss-protection 1; mode=block
GET H2	200	bankid.svg nordea.secure294.com/images/	3 KB 2 KB	68ms 68ms	Image image/svg+xml	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://nordea.secure294.com/images/bankid.svg Requested by Host: nordea.secure294.com URL: https://nordea.secure294.com/privat Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash ce22eb0c405b78a4247ec19eba5816e03a01a3c065e84a2bc58a23875cd1efc7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://nordea.secure294.com/privat User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 07 Mar 2023 09:23:00 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 16 Feb 2023 15:20:14 GMT server nginx etag W/"63ee49ae-cb1" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block
GET H2	200	card_reader.svg nordea.secure294.com/images/nordea/	891 B 673 B	69ms 69ms	Image image/svg+xml	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://nordea.secure294.com/images/nordea/card_reader.svg Requested by Host: nordea.secure294.com URL: https://nordea.secure294.com/privat Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash b34c9039b5f92575e57676734ec42dd908ef1877fe59a4d55b4277db69663830 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://nordea.secure294.com/privat User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 07 Mar 2023 09:23:01 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 16 Feb 2023 15:20:14 GMT server nginx etag W/"63ee49ae-37b" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block
GET H2	200	qr_reader.svg nordea.secure294.com/images/nordea/	642 B 561 B	69ms 69ms	Image image/svg+xml	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://nordea.secure294.com/images/nordea/qr_reader.svg Requested by Host: nordea.secure294.com URL: https://nordea.secure294.com/privat Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash 0b76503946c6f19f7150b0950f704eac5cb94842b7698ea8eb9b0d4372b1bd05 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://nordea.secure294.com/privat User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 07 Mar 2023 09:23:01 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 16 Feb 2023 15:20:14 GMT server nginx etag W/"63ee49ae-282" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block
GET H2	200	app.js Show response nordea.secure294.com/js/nordea/	215 KB 67 KB	133ms 133ms	Script application/javascript	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://nordea.secure294.com/js/nordea/app.js?id=13fb264ad0a2b81df0d4c4ddcbb6f833 Requested by Host: nordea.secure294.com URL: https://nordea.secure294.com/privat Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash af1eadde5664e5d1de755b21881b3b734f1e9c0c8570f9684bd1d02bc744b7df Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://nordea.secure294.com/privat User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 07 Mar 2023 09:23:01 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 16 Feb 2023 15:20:14 GMT server nginx etag W/"63ee49ae-35af2" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript; charset=utf-8 x-xss-protection 1; mode=block
GET H2	200	bg-top.png nordea.secure294.com/images/	39 KB 40 KB	203ms 202ms	Image image/png	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://nordea.secure294.com/images/bg-top.png?5e73b3c67b0510c4c5cfedf73b38cb40 Requested by Host: nordea.secure294.com URL: https://nordea.secure294.com/css/nordea/app.css?id=4cee94230bab3a20e9ea046d4399c4ed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash 9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://nordea.secure294.com/css/nordea/app.css?id=4cee94230bab3a20e9ea046d4399c4ed User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 07 Mar 2023 09:23:01 GMT x-content-type-options nosniff last-modified Thu, 16 Feb 2023 15:20:14 GMT server nginx etag "63ee49ae-9d93" x-frame-options SAMEORIGIN content-type image/png accept-ranges bytes content-length 40339 x-xss-protection 1; mode=block
GET H2	200	7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2 nordea.secure294.com/fonts/nordea/	26 KB 26 KB	203ms 203ms	Font font/woff2	185.247.184.10 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://nordea.secure294.com/fonts/nordea/7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2 Requested by Host: nordea.secure294.com URL: https://nordea.secure294.com/css/nordea/app.css?id=4cee94230bab3a20e9ea046d4399c4ed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.247.184.10 Rome, Italy, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1676559442.ip-ptr.tech Software nginx / Resource Hash a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://nordea.secure294.com/css/nordea/app.css?id=4cee94230bab3a20e9ea046d4399c4ed Origin https://nordea.secure294.com accept-language se-SE,se;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 07 Mar 2023 09:23:01 GMT x-content-type-options nosniff last-modified Thu, 16 Feb 2023 15:20:14 GMT server nginx etag "63ee49ae-6734" x-frame-options SAMEORIGIN content-type font/woff2 accept-ranges bytes content-length 26420 x-xss-protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| userFlow function| axios object| QRCode object| Alpine function| Vue

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nordea.secure294.com/	1970-01-20 10:09:48	Name: XSRF-TOKEN Value: eyJpdiI6Im4xVzJidTl5V3l2WmJXcGNtTktpUkE9PSIsInZhbHVlIjoiYzhTSEt0T2FyV0xFLzdLU1Y4MnYxeHQ3QW1RSEZab09QZm1CbWN0dHNJRVg0eUFmMDZES1ZScGZzRUR6NXlxUWJJanE1bEdjY003WFhUQXBGOFpPZnNpSUt3TitNOW9RVFhwem5va1U0aFgvdUoyVk1xb0lrbkdyMzFvRlVER0IiLCJtYWMiOiI3ZDNjZDg2MzIwN2FiZTI5NzliYmJkM2ZlNmQxMjZhZGVmNjA1OTcyNTVkZjdhZjE4YjExZWRiYWEzNjdiMjA0IiwidGFnIjoiIn0%3D
			nordea.secure294.com/	1970-01-20 10:09:48	Name: laravel_session Value: eyJpdiI6InBZQUtBVkpiZFZCcCsvVS9ISVJIVmc9PSIsInZhbHVlIjoiL1ZOVE8yVExzQmRneEZOOWRNbTRWRG9HVkFtQU1hZlc4TGM3ZGc4bTlJOWpLMm8xNUg2Y2FFeEhXR0pvSDc5SXVKZVBCazI0cnJoNFJ5UzQ2RU1zK1piUW96aUNNZHRzWUVkVU1UZWxTMEZzY3BNNW9ZOWNrQWZ1UTZ6ZStNWlkiLCJtYWMiOiI3OWMyYjQ0ZDZjODQ5YmNkNTg1Mjk0MmE1MGYxNzlmOTQ1MDA4YTYzMjM0ZDhlMGVhN2FjODQ4MWIwODliYWEzIiwidGFnIjoiIn0%3D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://nordea.secure294.com/privat Message: The resource https://nordea.secure294.com/images/bankid.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://nordea.secure294.com/privat Message: The resource https://nordea.secure294.com/images/nordea/card_reader.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://nordea.secure294.com/privat Message: The resource https://nordea.secure294.com/images/nordea/qr_reader.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nordea.secure294.com
185.247.184.10
02f83a5b9399a138bd6017bb0c2e5f2924f0e36799324e7e4f4f517130939952
0b76503946c6f19f7150b0950f704eac5cb94842b7698ea8eb9b0d4372b1bd05
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
af1eadde5664e5d1de755b21881b3b734f1e9c0c8570f9684bd1d02bc744b7df
b34c9039b5f92575e57676734ec42dd908ef1877fe59a4d55b4277db69663830
ce22eb0c405b78a4247ec19eba5816e03a01a3c065e84a2bc58a23875cd1efc7
d01b21b18f42e608dc8b7a9e6bf7a9cffa2d260bd002fb0f9aba8d3a967cbfd4