nordea.verifieraidentiteten.com
Open in
urlscan Pro
209.142.64.222
Malicious Activity!
Public Scan
Submitted URL: https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/login.php
Effective URL: https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/loading.html
Submission: On November 18 via manual from DK — Scanned from DE
Effective URL: https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/loading.html
Submission: On November 18 via manual from DK — Scanned from DE
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 25 HTTP transactions.
The main IP is 209.142.64.222, located in
United States and
belongs to SCALAHOSTING, US.
The main domain is nordea.verifieraidentiteten.com.
TLS certificate: Issued by R3 on November 18th 2021. Valid for: 3 months.
This is the only time nordea.verifieraidentiteten.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on November 18th 2021. Valid for: 3 months.
This is the only time nordea.verifieraidentiteten.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 25 | 209.142.64.222 209.142.64.222 | 40476 (SCALAHOSTING) (SCALAHOSTING) | |
| 1 | 2.16.186.154 2.16.186.154 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 25 | 2 |
25
209.142.64.222
(United States)
ASN40476 (SCALAHOSTING, US)
PTR: rose.vivawebhost.com
ASN40476 (SCALAHOSTING, US)
PTR: rose.vivawebhost.com
| nordea.verifieraidentiteten.com |
1
2.16.186.154
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-154.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-154.deploy.static.akamaitechnologies.com
| www.nordea.se |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 25 |
verifieraidentiteten.com
1 redirects
nordea.verifieraidentiteten.com |
389 KB |
| 1 |
nordea.se
www.nordea.se |
243 B |
| 25 | 2 |
| Domain | Requested by | |
|---|---|---|
| 25 | nordea.verifieraidentiteten.com |
1 redirects
nordea.verifieraidentiteten.com
|
| 1 | www.nordea.se |
nordea.verifieraidentiteten.com
|
| 25 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.nordea.verifieraidentiteten.com R3 |
2021-11-18 - 2022-02-16 |
3 months | crt.sh |
| nordea.fi Entrust Certification Authority - L1M |
2021-04-15 - 2022-04-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/loading.html
Frame ID: 2586CDBFB039E1AC8DF9DB2012D5C8A1
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Nordea - IdentifieringPage URL History Show full URLs
-
https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/login.php
HTTP 302
https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/loading.html Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/login.php
HTTP 302
https://nordea.verifieraidentiteten.com/secure/inbox/account/ifram/loading.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
loading.html
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/ Redirect Chain
|
55 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles-f52db9631d9be86fc53fe6c5dfe16b1e.css
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
32 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Spinner.gif
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
78 KB 79 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
key-ca4ef88caabfc9bc5dc60a9d9fe78fa3.svg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
961 B 1003 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
no-connection-83f79e2367a313b468986e12a237c346.svg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
empty-3857ebe69f653487f8c9d99adde4657f.svg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
BankID-help-f49cac0d16beb2a30032945030556212.jpg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
26 KB 27 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
qrcode.min-4738cd77646b8ed7fee4ed8e08d91d2d.js.download
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
54 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
scripts-3d83ead5a4056284a834171ecb4d5e32.js.download
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
120 KB 121 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
564d0ff0f3578b7128a458ef269b286a.jpg
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
c233a817ad142919d728ebf4c8b3d54c.woff2
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
getMessage
www.nordea.se/wemapp/api/ |
11 B 243 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
8303da27eb3496a604f280ca8f3b4388.woff
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e18bb962ed5dc6adc929833b78251735.woff
nordea.verifieraidentiteten.com/secure/inbox/account/ifram/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
nordea.verifieraidentiteten.com/assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
nordea.verifieraidentiteten.com/assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
nordea.verifieraidentiteten.com/assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
no-connection-83f79e2367a313b468986e12a237c346.svg
nordea.verifieraidentiteten.com/assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
empty-3857ebe69f653487f8c9d99adde4657f.svg
nordea.verifieraidentiteten.com/assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
nordea.verifieraidentiteten.com/assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| safeLog object| QRCode object| App0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nordea.verifieraidentiteten.com
www.nordea.se
2.16.186.154
209.142.64.222
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
1eafbdfe778461068cd8999d9b086ff504d0bc9d3fbfb2cc2f735ee037a2a8f6
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
72b01f6773313f0b771bc5c137479bed0e74e8d6d1c76794a1ded78d561577fa
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
97f27f25912f72cb94fdb45b5bf833a6280754167831c74fc8bed9483ef5ac8b
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
bf62ade57f41064e2bbc5e3b9402780411f8e0ad0bff55f2328d0e8165bf30b7
c00dcfa90a7311691ccb9176a6b561abe61ba84ea985dcd61f6cd11ff04cfa29
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
e8eb48d905562a6a100dd41183a7782d8505478c21728b69f73fdf2b2a6f76ab
edd1663bb07c5638c4429882a1f2b4ed24a1947b4d3634f00ff0c9b22ff6b427