urlscan.io logo urlscan.io
SecurityTrails logo

netbank-nordea-asiakaspalvelu.info Open in urlscan Pro
81.94.150.147  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://greenkosherpoultry.com/awr8q
Effective URL: https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
Submission: On February 23 via manual from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 21 HTTP transactions. The main IP is 81.94.150.147, located in Moscow, Russian Federation and belongs to WESTCALL-AS, RU. The main domain is netbank-nordea-asiakaspalvelu.info.
TLS certificate: Issued by R3 on February 23rd 2024. Valid for: 3 months.
This is the only time netbank-nordea-asiakaspalvelu.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

IP Address AS Autonomous System
1 193.3.19.26 50340 (SELECTEL-MSK)
6 81.94.150.147 8595 (WESTCALL-AS)
21 3
Domain Requested by
5 netbank-nordea-asiakaspalvelu.info netbank-nordea-asiakaspalvelu.info
1 asiakaspalvelu-nordea-netbank.com
1 greenkosherpoultry.com
21 3

This site contains no links.

Subject Issuer Validity Valid
f1sites.com
R3		 2024-02-21 -
2024-05-21		 3 months crt.sh
asiakaspalvelu-nordea-netbank.com
R3		 2024-02-21 -
2024-05-21		 3 months crt.sh
netbank-nordea-asiakaspalvelu.info
R3		 2024-02-23 -
2024-05-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
Frame ID: 53843AA7C1BB8AC6DA10D16CB4E19199
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://greenkosherpoultry.com/awr8q Page URL
  2. https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

43 kB
Transfer

141 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://greenkosherpoultry.com/awr8q Page URL
  2. https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
awr8q
greenkosherpoultry.com/ 		82 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
https://greenkosherpoultry.com/awr8q
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.3.19.26 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),
Reverse DNS
Software
nginx /
Resource Hash
bda3213fde000f3fdaf9f12d0d14f3d91e7410514f96deff9eccd33f8bd9b7a9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
82
Content-Type
text/html; charset=UTF-8
Date
Fri, 23 Feb 2024 09:27:00 GMT
ETag
"52-612071622fca9"
Keep-Alive
timeout=60
Last-Modified
Fri, 23 Feb 2024 06:58:25 GMT
Server
nginx
/
asiakaspalvelu-nordea-netbank.com/ 		0
117 B 		Document
General
Check archive.org
Download Go to
Full URL
https://asiakaspalvelu-nordea-netbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
81.94.150.147 Moscow, Russian Federation, ASN8595 (WESTCALL-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://greenkosherpoultry.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

content-length
0
content-type
text/html; charset=UTF-8
date
Fri, 23 Feb 2024 09:27:01 GMT
refresh
0; URL=https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
server
nginx
Primary Request 10ZX4FI.php
netbank-nordea-asiakaspalvelu.info/ 		25 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
81.94.150.147 Moscow, Russian Federation, ASN8595 (WESTCALL-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
3b53af43c3eef94384a5d6bcd21642743f18bf96b6a144555a970212a230cd9d

Request headers

Referer
https://asiakaspalvelu-nordea-netbank.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

content-encoding
gzip
content-length
5531
content-type
text/html; charset=UTF-8
date
Fri, 23 Feb 2024 09:27:03 GMT
server
nginx
vary
Accept-Encoding
style.css
netbank-nordea-asiakaspalvelu.info/css/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netbank-nordea-asiakaspalvelu.info/css/style.css
Requested by
Host: netbank-nordea-asiakaspalvelu.info
URL: https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
81.94.150.147 Moscow, Russian Federation, ASN8595 (WESTCALL-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
05b2dab1c74c37f3d2b356d36e8fc36ad6553afaeb79f98f81db77bbec3aaebf

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 09:27:04 GMT
content-encoding
gzip
last-modified
Tue, 20 Feb 2024 07:06:12 GMT
server
nginx
etag
W/"65d44f64-6a43"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.6.0.min.js
netbank-nordea-asiakaspalvelu.info/js/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://netbank-nordea-asiakaspalvelu.info/js/jquery-3.6.0.min.js
Requested by
Host: netbank-nordea-asiakaspalvelu.info
URL: https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
81.94.150.147 Moscow, Russian Federation, ASN8595 (WESTCALL-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 09:27:04 GMT
content-encoding
gzip
last-modified
Tue, 20 Feb 2024 07:06:14 GMT
server
nginx
etag
W/"65d44f66-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
key.svg
netbank-nordea-asiakaspalvelu.info/img/ 		1 KB
895 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://netbank-nordea-asiakaspalvelu.info/img/key.svg
Requested by
Host: netbank-nordea-asiakaspalvelu.info
URL: https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
81.94.150.147 Moscow, Russian Federation, ASN8595 (WESTCALL-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 09:27:04 GMT
content-encoding
gzip
last-modified
Tue, 20 Feb 2024 07:06:12 GMT
server
nginx
etag
W/"65d44f64-5a2"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
qr.svg
netbank-nordea-asiakaspalvelu.info/img/ 		1 KB
642 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://netbank-nordea-asiakaspalvelu.info/img/qr.svg
Requested by
Host: netbank-nordea-asiakaspalvelu.info
URL: https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
81.94.150.147 Moscow, Russian Federation, ASN8595 (WESTCALL-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
9dce5d117feaa37a56f57d332e48c012e56e5569dac7cab55a28305587624a24

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://netbank-nordea-asiakaspalvelu.info/10ZX4FI.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 09:27:04 GMT
content-encoding
gzip
last-modified
Tue, 20 Feb 2024 07:06:12 GMT
server
nginx
etag
W/"65d44f64-48e"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
second.svg
netbank-nordea-asiakaspalvelu.info/img/ 		0
0
private.svg
netbank-nordea-asiakaspalvelu.info/img/ 		0
0
id.svg
netbank-nordea-asiakaspalvelu.info/img/ 		0
0
call.svg
netbank-nordea-asiakaspalvelu.info/img/ 		0
0
attach.js
netbank-nordea-asiakaspalvelu.info/js/ 		0
0
api.js
netbank-nordea-asiakaspalvelu.info/js/ 		0
0
app.js
netbank-nordea-asiakaspalvelu.info/js/ 		0
0
call.js
netbank-nordea-asiakaspalvelu.info/js/ 		0
0
jquery.mask.min.js
netbank-nordea-asiakaspalvelu.info/js/ 		0
0
bg3.jpg
netbank-nordea-asiakaspalvelu.info/img/ 		0
0
nordone.woff
netbank-nordea-asiakaspalvelu.info/font/ 		0
0
eye.svg
netbank-nordea-asiakaspalvelu.info/img/ 		0
0
thenordius.woff
netbank-nordea-asiakaspalvelu.info/font/ 		0
0
noradno.woff
netbank-nordea-asiakaspalvelu.info/font/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/img/second.svg
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/img/private.svg
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/img/id.svg
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/img/call.svg
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/js/attach.js
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/js/api.js
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/js/app.js
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/js/call.js
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/js/jquery.mask.min.js
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/img/bg3.jpg
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/font/nordone.woff
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/img/eye.svg
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/font/thenordius.woff
Domain
netbank-nordea-asiakaspalvelu.info
URL
https://netbank-nordea-asiakaspalvelu.info/font/noradno.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://greenkosherpoultry.com/awr8q
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)