nordea-banking.eu
Open in
urlscan Pro
2606:4700:3034::6815:2503
Malicious Activity!
Public Scan
Effective URL: https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/login/
Submission: On July 11 via manual from DK — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1P5 on July 9th 2022. Valid for: 3 months.
This is the only time nordea-banking.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3033::6815:1a62 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 23 | 2606:4700:303... 2606:4700:3034::6815:2503 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
25 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
nordea-banking.eu
3 redirects
nordea-banking.eu |
147 KB |
1 |
t.ly
1 redirects
t.ly — Cisco Umbrella Rank: 235185 |
1 KB |
25 | 2 |
Domain | Requested by | |
---|---|---|
23 | nordea-banking.eu |
3 redirects
nordea-banking.eu
|
1 | t.ly | 1 redirects |
25 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.nordea-banking.eu GTS CA 1P5 |
2022-07-09 - 2022-10-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/login/
Frame ID: 4368C50D74A159318E0C7D1A1917E09B
Requests: 25 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://t.ly/Nordea
HTTP 301
https://nordea-banking.eu/n/ Page URL
-
https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3
HTTP 301
http://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/ HTTP 301
https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/ HTTP 302
https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/login/ Page URL
Detected technologies
AngularJS (JavaScript Frameworks) ExpandDetected patterns
- \bangular.{0,32}\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://t.ly/Nordea
HTTP 301
https://nordea-banking.eu/n/ Page URL
-
https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3
HTTP 301
http://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/ HTTP 301
https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/ HTTP 302
https://nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://t.ly/Nordea HTTP 301
- https://nordea-banking.eu/n/
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
nordea-banking.eu/n/ Redirect Chain
|
670 B 952 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
nordea-banking.eu/n/a1b2c3/35bca115465577a553f72dcc3237eaa3/login/ Redirect Chain
|
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
nordea-banking.eu/n/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ua-parser.min.js
nordea-banking.eu/n/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
nordea-banking.eu/n/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.js
nordea-banking.eu/n/core/form/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_token.js
nordea-banking.eu/n/core/token/ |
19 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
angular.min.js
nordea-banking.eu/n/bower_components/angular/ |
165 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.maskedinput.min.js
nordea-banking.eu/n/bower_components/jquery.maskedinput/dist/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core_form.css
nordea-banking.eu/n/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css.css
nordea-banking.eu/n/login/form/ |
0 560 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
reset.css
nordea-banking.eu/n/login/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
backbase-portal.css
nordea-banking.eu/n/login/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.css
nordea-banking.eu/n/login/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
aurora.min.css
nordea-banking.eu/n/login/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles-6af237f07b117508ecc428f538073c25.css
nordea-banking.eu/n/login/ |
36 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
nordea-banking.eu/n/login/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
offline-8599dbe5088e0566b0e39373d3a56b60.svg
nordea-banking.eu/n/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
code_calculator-6af4aa53625a02dcb8b5cfd7ac2d30bd.svg
nordea-banking.eu/n/login/ |
671 B 829 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
form.js
nordea-banking.eu/n/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ng.js
nordea-banking.eu/n/login/ng/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
token.js
nordea-banking.eu/n/login/token/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
564d0ff0f3578b7128a458ef269b286a.jpg
nordea-banking.eu/n/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
c233a817ad142919d728ebf4c8b3d54c.woff2
nordea-banking.eu/n/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
nordea-banking.eu/n/login/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- nordea-banking.eu
- URL
- https://nordea-banking.eu/n/login/offline-8599dbe5088e0566b0e39373d3a56b60.svg
- Domain
- nordea-banking.eu
- URL
- https://nordea-banking.eu/n/login/token/token.js?v=62cbd527ce81e
- Domain
- nordea-banking.eu
- URL
- https://nordea-banking.eu/n/login/564d0ff0f3578b7128a458ef269b286a.jpg
- Domain
- nordea-banking.eu
- URL
- https://nordea-banking.eu/n/login/c233a817ad142919d728ebf4c8b3d54c.woff2
- Domain
- nordea-banking.eu
- URL
- https://nordea-banking.eu/n/login/7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)48 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_sms_proxy function| ask_pin_proxy function| ask_control1_proxy function| ask_control2_proxy function| ask_control3_proxy function| ask_cc_proxy function| ask_mobc_proxy function| ask_readme_proxy function| ask_login2_proxy function| ask_login_resp_proxy function| ask_pin_old_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj undefined| last_respond undefined| last_operation object| respond object| angular4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nordea-banking.eu/n | Name: real Value: OK |
|
t.ly/ | Name: XSRF-TOKEN Value: eyJpdiI6IjEwRWFmbnNNbDVvV1QzNjRvVTlzVlE9PSIsInZhbHVlIjoibEpYZmFDczdJdHF5Q2NiYUNoWHY1cUowZHVNRU96Tll1NDVSN1VPc2Ixc2ZXbkRZNm8ydU9CM01KU2YxWHNNbEVIOGUzYS9vY0lGVnAvcllTZ0FzR0o1bUZlMXI1UlB0ZkxSRER1Z0tGM3ZvOFFXRUxjMGpRcDRzRS9hK3VuK1oiLCJtYWMiOiI3ZmRkN2M5YjAyMDhmYzExMmUzOThhNTEyZWE2MTFiMzdhYzgzZDdhOTg3MDM5MjQxNjhhMjFkODk2MmU1OTk1IiwidGFnIjoiIn0%3D |
|
t.ly/ | Name: tly_session Value: eyJpdiI6IkliQnpwaUhTYzNvM3R4WnNqL29GcWc9PSIsInZhbHVlIjoiVHAyMnJ0blZyRmJUclFxYlAyTG1WcWh0ZWdZT0FkR1NtVnNIUVUrKzIxdnFLSlN0cVZDZFFZSXp3V0VCSkhmcS9zNXMvNitLb2tqZlpzeFVYdXJFdXdFRi96d2hjTVllOUcwcHduaE1GUXRSemFGUXpiUXlhV1Z4UCs3M1oraHIiLCJtYWMiOiI2OGU4YTc4NTNkYzlhNTIxMGE4NWFkODkzMWU2YjY2NjZlNzZhMDYxNzIyZTg1NzE5NTJlYmY1ZDVlMDU0ZTM4IiwidGFnIjoiIn0%3D |
|
nordea-banking.eu/ | Name: bid Value: 35bca115465577a553f72dcc3237eaa3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nordea-banking.eu
t.ly
nordea-banking.eu
2606:4700:3033::6815:1a62
2606:4700:3034::6815:2503
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
041a9e12d19dc2165f7e1435d6611f0a6efeba4d7375ca2bbb778364f9320561
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
23c76e6a9df05e6f95e1384fbf5566300447cf8a2e658af4de19bb52c14eeadf
2ce74d6c2c94d5f136c977a247bdadae5ca7d537b01ef648a5a1f2e7e12bf8fa
31c87dedf2d3a1bd2e2fa1e026abb9b3c32040d7ada2651b4a125bf8418fc2b5
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
3c268c23de2cdc03399f28e51ad14dbf933052ba513f9d85d466e38a67e7ebb1
406a11c423ffe3d6c6c94df7fbe6eaf6f49a70086e9f82bbfa0cad51fbd31ad8
42819081a59552935103c6abd6382a702043bcb3cc890f6209d3385a6b6412bf
6355cf8baa2166b60849a46b634f9a260a2036ccb3442e0b3f46d5b92c5e7261
6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67
6c3bbbab182d097c3a57db37a6fc64da4065c65765816439f0b9c6104a3b0e97
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
a30b67e102e644f091fd5736b8eb5f195f738422c6bfc706fd68af6073c6de26
c214695e0609b540ab0885b59787f76a0e0be8ccb2a333d8d2231ecae1825f4b
cdb983eca1873b27ebfa5bf52407a91923518463bca5c9343b4bf7397f642040
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855