telsraupdating.wpdevcloud.com
Open in
urlscan Pro
2607:1b00:93b2:e42c::a2d8
Malicious Activity!
Public Scan
Submission: On March 06 via manual from DK
Summary
This is the only time telsraupdating.wpdevcloud.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2607:1b00:93b... 2607:1b00:93b2:e42c::a2d8 | 54456 (CLOUDACCE...) (CLOUDACCESS-NETWORK) | |
9 | 158.233.249.1 158.233.249.1 | 201271 (NORDEA-AS) (NORDEA-AS) | |
1 | 2606:4700::68... 2606:4700::6811:4104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 6 |
ASN54456 (CLOUDACCESS-NETWORK, US)
telsraupdating.wpdevcloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
nordea.no
nettbanken.nordea.no |
444 KB |
4 |
wpdevcloud.com
telsraupdating.wpdevcloud.com |
10 KB |
1 |
gstatic.com
fonts.gstatic.com |
9 KB |
1 |
googleapis.com
fonts.googleapis.com |
779 B |
1 |
bootstrapcdn.com
netdna.bootstrapcdn.com |
7 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
4 KB |
17 | 6 |
Domain | Requested by | |
---|---|---|
9 | nettbanken.nordea.no |
telsraupdating.wpdevcloud.com
nettbanken.nordea.no |
4 | telsraupdating.wpdevcloud.com |
nettbanken.nordea.no
|
1 | fonts.gstatic.com |
telsraupdating.wpdevcloud.com
|
1 | fonts.googleapis.com |
telsraupdating.wpdevcloud.com
|
1 | netdna.bootstrapcdn.com |
telsraupdating.wpdevcloud.com
|
1 | cdnjs.cloudflare.com |
telsraupdating.wpdevcloud.com
|
17 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nordea.no |
Subject Issuer | Validity | Valid | |
---|---|---|---|
nettbanken.nordea.no Entrust Certification Authority - L1M |
2019-09-12 - 2020-09-12 |
a year | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-12-05 - 2020-06-12 |
6 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/
Frame ID: 112810B4C15EA57666EEA6C6DE94FA8E
Requests: 17 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
animate.css (Web Frameworks) Expand
Detected patterns
- html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- script /require.*\.js/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Sådan får du BankID på mobil
Search URL Search Domain Scan URL
Title: Tilmeld dig
Search URL Search Domain Scan URL
Title: Hjælp
Search URL Search Domain Scan URL
Title: Kontakt
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
telsraupdating.wpdevcloud.com/cli/2bcebaa57c592d7cae7437332635dae6/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
nettbanken.nordea.no/login/assets/javascripts-min/ |
615 KB 195 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
nettbanken.nordea.no/login/assets/stylesheets/libs/bootstrap/ |
98 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/2.0/ |
47 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
netdna.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 779 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.min.css
nettbanken.nordea.no/login/assets/stylesheets/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
require.js
nettbanken.nordea.no/login/assets/javascripts/ |
14 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
perf_stats.js
nettbanken.nordea.no/login/assets/javascripts/stats/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app-store-badge.svg
nettbanken.nordea.no/login/assets/images/ |
10 KB 11 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google-play-store-badge.svg
nettbanken.nordea.no/login/assets/images/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-app-qr-code.png
nettbanken.nordea.no/login/assets/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
nettbanken.nordea.no/login/assets/javascripts-min/ |
615 KB 195 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
stats
telsraupdating.wpdevcloud.com/login/ |
4 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
stats
telsraupdating.wpdevcloud.com/login/ |
4 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
stats
telsraupdating.wpdevcloud.com/login/ |
4 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| requirejs function| require function| define function| SendData function| peStat function| pStat function| $ function| jQuery object| angular object| jQuery111108344737748579394 function| _ object| Placeholders object| jQuery11110151322601087116931 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
telsraupdating.wpdevcloud.com/ | Name: IV_JCT Value: %2Flogin |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
netdna.bootstrapcdn.com
nettbanken.nordea.no
telsraupdating.wpdevcloud.com
158.233.249.1
2001:4de0:ac19::1:b:1a
2606:4700::6811:4104
2607:1b00:93b2:e42c::a2d8
2a00:1450:4001:819::200a
2a00:1450:4001:81d::2003
0f60979b728ce4cf2de33e6a9765c7adc5df57246d00478d0d1b5ef026754a76
18521983a3ed5e76f27be85023b93bb7e21301750cbbfb163e8d7bbe7e8fd2ef
377e90233074716e2b6fa4bb1c30baacbc1ebd0ac402475410c1a5d635116088
4f42f4e66299f2e67d7890f435901468dc9c7e7824c5eb1896774ab32a80cf79
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5a413ebf7a43a7e00d4fdeb7eab02f263db68be30ae07039ba6bde500934ed32
5e180ee55cd7ef9c9a8d9b66d95be27db881e7e8b1ac30a0351038c4524385a4
769638ff7c0df5973591a3aedf0f62deded02cb3adf7943f1e43d2789db770f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7cd8d471eec190c74051c0bee16aff8f0d8c814b12c71a872857b1b77872f97b
af6f0471a9344b774b20e0a264ce890c97c969c0715bbb862ffd56318ddddacb
b1d673376a9219367cb57c21821d296a37fb89d121c234ed81991ddd5159f511
bfa21901e87e44f386b8208764bc596acaaaa085e560bf989d40982eb0e5a7c8
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b
fa61f9a7c2e4aaa831b61058a814316ebc4cedcf82325869d4ddaade239066c8