telsraupdating.wpdevcloud.com Open in urlscan Pro
2607:1b00:93b2:e42c::a2d8  Malicious Activity! Public Scan

URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Submission: On March 06 via manual from DK

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 17 HTTP transactions. The main IP is 2607:1b00:93b2:e42c::a2d8, located in United States and belongs to CLOUDACCESS-NETWORK, US. The main domain is telsraupdating.wpdevcloud.com.
This is the only time telsraupdating.wpdevcloud.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

IP Address AS Autonomous System
4 2607:1b00:93b... 54456 (CLOUDACCE...)
9 158.233.249.1 201271 (NORDEA-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
17 6
Domain Requested by
9 nettbanken.nordea.no telsraupdating.wpdevcloud.com
nettbanken.nordea.no
4 telsraupdating.wpdevcloud.com nettbanken.nordea.no
1 fonts.gstatic.com telsraupdating.wpdevcloud.com
1 fonts.googleapis.com telsraupdating.wpdevcloud.com
1 netdna.bootstrapcdn.com telsraupdating.wpdevcloud.com
1 cdnjs.cloudflare.com telsraupdating.wpdevcloud.com
17 6

This site contains links to these domains. Also see Links.

Domain
www.nordea.no
Subject Issuer Validity Valid
nettbanken.nordea.no
Entrust Certification Authority - L1M
2019-09-12 -
2020-09-12
a year crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-12-05 -
2020-06-12
6 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA
2019-09-14 -
2020-10-13
a year crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.google.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh

This page contains 1 frames:

Primary Page: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Frame ID: 112810B4C15EA57666EEA6C6DE94FA8E
Requests: 17 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /require.*\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

17
Requests

76 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

474 kB
Transfer

1491 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
15 KB
4 KB
Document
General
Full URL
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Server
2607:1b00:93b2:e42c::a2d8 , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache /
Resource Hash
b1d673376a9219367cb57c21821d296a37fb89d121c234ed81991ddd5159f511

Request headers

Host
telsraupdating.wpdevcloud.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 06 Mar 2020 13:56:10 GMT
Server
Apache
Last-Modified
Mon, 02 Mar 2020 17:37:07 GMT
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
3867
Keep-Alive
timeout=60
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
main.js
nettbanken.nordea.no/login/assets/javascripts-min/
615 KB
195 KB
Script
General
Full URL
https://nettbanken.nordea.no/login/assets/javascripts-min/main.js
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
377e90233074716e2b6fa4bb1c30baacbc1ebd0ac402475410c1a5d635116088
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 13:05:54 GMT
etag
"a3754bf550d7885b40d0e70c91c632660d4b1ef3"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
Strict-Transport-Security
max-age=157680000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
expires
0
bootstrap.min.css
nettbanken.nordea.no/login/assets/stylesheets/libs/bootstrap/
98 KB
22 KB
Stylesheet
General
Full URL
https://nettbanken.nordea.no/login/assets/stylesheets/libs/bootstrap/bootstrap.min.css
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 12:33:34 GMT
etag
"96a93902219f8086f1a1bd752c1fb4025ce70b63"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
Strict-Transport-Security
max-age=157680000
content-type
text/css; charset=utf-8
x-xss-protection
1; mode=block
expires
0
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/2.0/
47 KB
4 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/2.0/animate.min.css
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa61f9a7c2e4aaa831b61058a814316ebc4cedcf82325869d4ddaade239066c8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
br
cf-cache-status
HIT
age
10997135
cf-ray
56fc94237f6b178a-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:15:36 GMT
server
cloudflare
etag
W/"5afd4838-ba44"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Wed, 24 Feb 2021 13:56:11 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.000
font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/4.7.0/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://netdna.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
access-control-allow-origin
*
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
css
fonts.googleapis.com/
5 KB
779 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bfa21901e87e44f386b8208764bc596acaaaa085e560bf989d40982eb0e5a7c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 06 Mar 2020 13:56:11 GMT
server
ESF
date
Fri, 06 Mar 2020 13:56:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 06 Mar 2020 13:56:11 GMT
main.min.css
nettbanken.nordea.no/login/assets/stylesheets/
11 KB
3 KB
Stylesheet
General
Full URL
https://nettbanken.nordea.no/login/assets/stylesheets/main.min.css
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
18521983a3ed5e76f27be85023b93bb7e21301750cbbfb163e8d7bbe7e8fd2ef
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 12:34:18 GMT
etag
"e0e7ec8017b4c993d95b823be3f47688e24c0418"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
Strict-Transport-Security
max-age=157680000
content-type
text/css; charset=utf-8
x-xss-protection
1; mode=block
expires
0
require.js
nettbanken.nordea.no/login/assets/javascripts/
14 KB
7 KB
Script
General
Full URL
https://nettbanken.nordea.no/login/assets/javascripts/require.js
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
769638ff7c0df5973591a3aedf0f62deded02cb3adf7943f1e43d2789db770f8
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
gzip
last-modified
Mon, 23 Sep 2013 19:57:38 GMT
etag
"c95d858e3be5e598cf3e0e0c827845c8c0fbf2d4"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
Strict-Transport-Security
max-age=157680000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
expires
0
perf_stats.js
nettbanken.nordea.no/login/assets/javascripts/stats/
1 KB
1 KB
Script
General
Full URL
https://nettbanken.nordea.no/login/assets/javascripts/stats/perf_stats.js
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
7cd8d471eec190c74051c0bee16aff8f0d8c814b12c71a872857b1b77872f97b
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 12:34:16 GMT
etag
"57353d738ec5bd95e1cd7bf0f02df40991e11a04"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
Strict-Transport-Security
max-age=157680000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
expires
0
app-store-badge.svg
nettbanken.nordea.no/login/assets/images/
10 KB
11 KB
Image
General
Full URL
https://nettbanken.nordea.no/login/assets/images/app-store-badge.svg
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
4f42f4e66299f2e67d7890f435901468dc9c7e7824c5eb1896774ab32a80cf79
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
last-modified
Tue, 07 May 2019 12:33:34 GMT
etag
"a239397044e74dca340bad46d3fcb6720c5c7fc1"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
Strict-Transport-Security
max-age=157680000
content-type
image/svg+xml
content-length
10708
x-xss-protection
1; mode=block
expires
0
google-play-store-badge.svg
nettbanken.nordea.no/login/assets/images/
7 KB
7 KB
Image
General
Full URL
https://nettbanken.nordea.no/login/assets/images/google-play-store-badge.svg
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
5a413ebf7a43a7e00d4fdeb7eab02f263db68be30ae07039ba6bde500934ed32
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
last-modified
Tue, 07 May 2019 12:33:34 GMT
etag
"70717f92aedf47be30cfd7899b1a809ad4d056fa"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
Strict-Transport-Security
max-age=157680000
content-type
image/svg+xml
content-length
6910
x-xss-protection
1; mode=block
expires
0
mobile-app-qr-code.png
nettbanken.nordea.no/login/assets/images/
2 KB
2 KB
Image
General
Full URL
https://nettbanken.nordea.no/login/assets/images/mobile-app-qr-code.png
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
0f60979b728ce4cf2de33e6a9765c7adc5df57246d00478d0d1b5ef026754a76
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
last-modified
Tue, 07 May 2019 12:33:34 GMT
etag
"521befa980af10f1109fe2d0ac51d0c7fc6ca409"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
Strict-Transport-Security
max-age=157680000
content-type
image/png
content-length
2017
x-xss-protection
1; mode=block
expires
0
main.js
nettbanken.nordea.no/login/assets/javascripts-min/
615 KB
195 KB
Script
General
Full URL
https://nettbanken.nordea.no/login/assets/javascripts-min/main.js
Requested by
Host: nettbanken.nordea.no
URL: https://nettbanken.nordea.no/login/assets/javascripts/require.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.1 , Finland, ASN201271 (NORDEA-AS, SE),
Reverse DNS
Software
/
Resource Hash
377e90233074716e2b6fa4bb1c30baacbc1ebd0ac402475410c1a5d635116088
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 06 Mar 2020 13:56:11 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 13:05:54 GMT
etag
"a3754bf550d7885b40d0e70c91c632660d4b1ef3"
x-frame-options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
Strict-Transport-Security
max-age=157680000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
expires
0
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: telsraupdating.wpdevcloud.com
URL: http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,300
Origin
http://telsraupdating.wpdevcloud.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Feb 2020 20:33:58 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
926533
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9132
x-xss-protection
0
expires
Tue, 23 Feb 2021 20:33:58 GMT
stats
telsraupdating.wpdevcloud.com/login/
4 KB
2 KB
XHR
General
Full URL
http://telsraupdating.wpdevcloud.com/login/stats
Requested by
Host: nettbanken.nordea.no
URL: https://nettbanken.nordea.no/login/assets/javascripts/stats/perf_stats.js
Protocol
HTTP/1.1
Server
2607:1b00:93b2:e42c::a2d8 , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache / PHP/7.2.27
Resource Hash
af6f0471a9344b774b20e0a264ce890c97c969c0715bbb862ffd56318ddddacb

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Origin
http://telsraupdating.wpdevcloud.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 06 Mar 2020 13:56:12 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.2.27
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Keep-Alive
timeout=60
stats
telsraupdating.wpdevcloud.com/login/
4 KB
2 KB
XHR
General
Full URL
http://telsraupdating.wpdevcloud.com/login/stats
Requested by
Host: nettbanken.nordea.no
URL: https://nettbanken.nordea.no/login/assets/javascripts/stats/perf_stats.js
Protocol
HTTP/1.1
Server
2607:1b00:93b2:e42c::a2d8 , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache / PHP/7.2.27
Resource Hash
af6f0471a9344b774b20e0a264ce890c97c969c0715bbb862ffd56318ddddacb

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Origin
http://telsraupdating.wpdevcloud.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 06 Mar 2020 13:56:13 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.2.27
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Keep-Alive
timeout=60
stats
telsraupdating.wpdevcloud.com/login/
4 KB
2 KB
XHR
General
Full URL
http://telsraupdating.wpdevcloud.com/login/stats
Requested by
Host: nettbanken.nordea.no
URL: https://nettbanken.nordea.no/login/assets/javascripts/stats/perf_stats.js
Protocol
HTTP/1.1
Server
2607:1b00:93b2:e42c::a2d8 , United States, ASN54456 (CLOUDACCESS-NETWORK, US),
Reverse DNS
Software
Apache / PHP/7.2.27
Resource Hash
5e180ee55cd7ef9c9a8d9b66d95be27db881e7e8b1ac30a0351038c4524385a4

Request headers

Referer
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Origin
http://telsraupdating.wpdevcloud.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 06 Mar 2020 13:56:16 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/7.2.27
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-cache
Transfer-Encoding
chunked
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Keep-Alive
timeout=60

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| requirejs function| require function| define function| SendData function| peStat function| pStat function| $ function| jQuery object| angular object| jQuery111108344737748579394 function| _ object| Placeholders object| jQuery1111015132260108711693

1 Cookies

Domain/Path Name / Value
telsraupdating.wpdevcloud.com/ Name: IV_JCT
Value: %2Flogin

1 Console Messages

Source Level URL
Text
console-api log URL: https://nettbanken.nordea.no/login/assets/javascripts-min/main.js(Line 183)
Message:
WARNING: Tried to load angular more than once.