2fa-app.digital
Open in
urlscan Pro
2606:4700:3033::ac43:acb7
Malicious Activity!
Public Scan
Submitted URL: http://pixly.me/FtLH
Effective URL: https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/login/
Submission: On July 06 via manual from FI — Scanned from FI
Effective URL: https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/login/
Submission: On July 06 via manual from FI — Scanned from FI
Summary
This website contacted 2 IPs
in 2 countries
across 3 domains to perform 29 HTTP transactions.
The main IP is 2606:4700:3033::ac43:acb7, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is 2fa-app.digital.
TLS certificate: Issued by GTS CA 1P5 on July 6th 2022. Valid for: 3 months.
This is the only time 2fa-app.digital was scanned on urlscan.io!
TLS certificate: Issued by GTS CA 1P5 on July 6th 2022. Valid for: 3 months.
This is the only time 2fa-app.digital was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 2 | 162.250.190.160 162.250.190.160 | 26832 (RICAWEBSE...) (RICAWEBSERVICES) | |
| 3 30 | 2606:4700:303... 2606:4700:3033::ac43:acb7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 2606:4700:303... 2606:4700:3036::6815:2335 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 29 | 2 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 30 |
2fa-app.digital
3 redirects
2fa-app.digital |
274 KB |
| 2 |
moneyteamhere.club
moneyteamhere.club |
950 B |
| 2 |
pixly.me
2 redirects
pixly.me |
924 B |
| 29 | 3 |
| Domain | Requested by | |
|---|---|---|
| 30 | 2fa-app.digital |
3 redirects
2fa-app.digital
|
| 2 | moneyteamhere.club |
2fa-app.digital
|
| 2 | pixly.me | 2 redirects |
| 29 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.2fa-app.digital GTS CA 1P5 |
2022-07-06 - 2022-10-04 |
3 months | crt.sh |
| *.moneyteamhere.club E1 |
2022-05-15 - 2022-08-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/login/
Frame ID: 8FA880DB23243E14FBEFB9C3EE10DE58
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
Nordea - IdentifieringPage URL History Show full URLs
-
http://pixly.me/FtLH
HTTP 301
https://pixly.me/FtLH HTTP 301
https://2fa-app.digital/nordea/ Page URL
-
https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70
HTTP 301
http://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/ HTTP 301
https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/ HTTP 302
https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/login/ Page URL
Detected technologies
AngularJS
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \bangular.{0,32}\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://pixly.me/FtLH
HTTP 301
https://pixly.me/FtLH HTTP 301
https://2fa-app.digital/nordea/ Page URL
-
https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70
HTTP 301
http://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/ HTTP 301
https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/ HTTP 302
https://2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://pixly.me/FtLH HTTP 301
- https://pixly.me/FtLH HTTP 301
- https://2fa-app.digital/nordea/
29 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
2fa-app.digital/nordea/ Redirect Chain
|
728 B 965 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Primary Request
/
2fa-app.digital/nordea/a1b2c3/04c93235f477ae90735de990cf5a7e70/login/ Redirect Chain
|
18 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jquery.min.js
2fa-app.digital/nordea/bower_components/jquery/dist/ |
85 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ua-parser.min.js
2fa-app.digital/nordea/bower_components/ua-parser-js/dist/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
font-awesome.min.css
2fa-app.digital/nordea/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
core_form.js
2fa-app.digital/nordea/core/form/ |
19 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
core_token.js
2fa-app.digital/nordea/core/token/ |
14 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
angular.min.js
2fa-app.digital/nordea/bower_components/angular/ |
165 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jquery.maskedinput.min.js
2fa-app.digital/nordea/bower_components/jquery.maskedinput/dist/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
core_form.css
2fa-app.digital/nordea/core/form/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
css.css
2fa-app.digital/nordea/login/form/ |
0 536 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
reset.css
2fa-app.digital/nordea/login/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
backbase-portal.css
2fa-app.digital/nordea/login/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
all.css
2fa-app.digital/nordea/login/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
aurora.min.css
2fa-app.digital/nordea/login/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
styles-6af237f07b117508ecc428f538073c25.css
2fa-app.digital/nordea/login/ |
36 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
2fa-app.digital/nordea/login/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
2fa-app.digital/nordea/login/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
bankid-50be3041fee8c5472da09cf6dc8f0870.svg
2fa-app.digital/nordea/login/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
card_reader-2278b158da2759bf05c873c4a4712ac1.svg
2fa-app.digital/nordea/login/ |
891 B 1009 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
qr_reader-da214ba307c965a97824d2e852030475.svg
2fa-app.digital/nordea/login/ |
642 B 919 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
form.js
2fa-app.digital/nordea/login/form/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ng.js
2fa-app.digital/nordea/login/ng/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
token.js
2fa-app.digital/nordea/login/token/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
564d0ff0f3578b7128a458ef269b286a.jpg
2fa-app.digital/nordea/login/ |
67 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
c233a817ad142919d728ebf4c8b3d54c.woff2
2fa-app.digital/nordea/login/ |
26 KB 27 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
2fa-app.digital/nordea/login/ |
26 KB 26 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gate.php
moneyteamhere.club/uadmin/ |
57 B 602 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gate.php
moneyteamhere.club/uadmin/ |
57 B 348 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)52 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| UAParser function| save_logs__ function| save_logs_done__ function| ask_login_proxy function| ask_sms_proxy function| ask_pin_proxy function| ask_cc_proxy function| ask_mobc_proxy function| ask_readme_proxy function| ask_login2_proxy function| ask_kontrollkod_proxy function| next__ function| finish__ function| set_event function| def_plugin_data_receiver function| deep_json_parse object| cookies function| lock_redirect function| advanced_string_validation function| sin_luhn function| cc_luhn function| dob_luhn function| exp_with_day_luhn function| exp_luhn function| qasame__ function| valid_a function| valid_q function| EN function| send1 object| bider_obj object| last_respond undefined| last_operation object| respond object| angular string| bid object| php_js object| app object| loader_ string| el object| CORE__ object| REST_FN__ number| bidder_timer4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| 2fa-app.digital/nordea | Name: real Value: OK |
|
| pixly.me/ | Name: PHPSESSID Value: 3760e9c5fc0755941ba7c7c8b93bedab |
|
| pixly.me/ | Name: short_FtLH Value: 1 |
|
| 2fa-app.digital/ | Name: bid Value: 04c93235f477ae90735de990cf5a7e70 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
2fa-app.digital
moneyteamhere.club
pixly.me
162.250.190.160
2606:4700:3033::ac43:acb7
2606:4700:3036::6815:2335
018524c8fad209ac2aee2c9056133aabd2a86637c2c6b0f03d089176d1b70fd1
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
041a9e12d19dc2165f7e1435d6611f0a6efeba4d7375ca2bbb778364f9320561
0b76503946c6f19f7150b0950f704eac5cb94842b7698ea8eb9b0d4372b1bd05
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
31c87dedf2d3a1bd2e2fa1e026abb9b3c32040d7ada2651b4a125bf8418fc2b5
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
3c268c23de2cdc03399f28e51ad14dbf933052ba513f9d85d466e38a67e7ebb1
406a11c423ffe3d6c6c94df7fbe6eaf6f49a70086e9f82bbfa0cad51fbd31ad8
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67
6c3bbbab182d097c3a57db37a6fc64da4065c65765816439f0b9c6104a3b0e97
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
85b632fa0cadb0913e4b3eb7d29496aeacf3286c0f4947b037187d7f773c596d
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f
a30b67e102e644f091fd5736b8eb5f195f738422c6bfc706fd68af6073c6de26
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
ace188bf655c1a2b884cda230edb599ef0c35f0f494a628928fc8bc0f57db881
b34c9039b5f92575e57676734ec42dd908ef1877fe59a4d55b4277db69663830
c214695e0609b540ab0885b59787f76a0e0be8ccb2a333d8d2231ecae1825f4b
ce22eb0c405b78a4247ec19eba5816e03a01a3c065e84a2bc58a23875cd1efc7
d570cccbb900be6c53921c0b83e7c8119f3f4e5824338862639c97b85fbbf6a6
dab4c8a9e927358715a4e0ed52c4c7dbcc8adecdd1927ee3137a6c4192e68bca
dfa783c57225326e4adcd75d3095944b798010fe9be890fe5d526319dac77d61
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e49785af4ded10c9c41dc2336ec1c875f3eb0723e24eb235156b24cb11351cea