aktia-2.xyz
Open in
urlscan Pro
104.21.7.247
Malicious Activity!
Public Scan
Submission: On October 27 via manual from NL — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 27th 2021. Valid for: a year.
This is the only time aktia-2.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Aktia Bank (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 104.21.7.247 104.21.7.247 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 131.207.49.11 131.207.49.11 | 375 (TIETOTIE-...) (TIETOTIE-AS P.O.Box 38. FI-00441 Helsinki Finland.) | |
14 | 2 |
ASN375 (TIETOTIE-AS P.O.Box 38. FI-00441 Helsinki Finland., FI)
PTR: auth.aktia.fi
auth.aktia.fi |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
aktia.fi
auth.aktia.fi |
100 KB |
3 |
aktia-2.xyz
2 redirects
aktia-2.xyz |
4 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | auth.aktia.fi |
aktia-2.xyz
auth.aktia.fi |
3 | aktia-2.xyz | 2 redirects |
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.aktia.fi |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-10-27 - 2022-10-26 |
a year | crt.sh |
auth.aktia.fi DigiCert SHA2 Extended Validation Server CA |
2020-12-22 - 2022-01-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://aktia-2.xyz/Akti/
Frame ID: 9EC3ED7E2BBC77E9BDB0F4B51814E568
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Aktia - tunnistautuminenPage URL History Show full URLs
-
https://aktia-2.xyz/Akti
HTTP 301
http://aktia-2.xyz/Akti/ HTTP 301
https://aktia-2.xyz/Akti/ Page URL
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: Salasanani on unohtunut
Search URL Search Domain Scan URL
Title: Aukioloajat
Search URL Search Domain Scan URL
Title: Ehdot
Search URL Search Domain Scan URL
Title: Ohjeet
Search URL Search Domain Scan URL
Title: Turvallisuus
Search URL Search Domain Scan URL
Title: Palaute
Search URL Search Domain Scan URL
Title: Yksityisyyden suoja
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://aktia-2.xyz/Akti
HTTP 301
http://aktia-2.xyz/Akti/ HTTP 301
https://aktia-2.xyz/Akti/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
aktia-2.xyz/Akti/ Redirect Chain
|
12 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
auth.aktia.fi/tunnistus/css/ |
58 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
auth.aktia.fi/tunnistus/js/ |
95 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auth.js
auth.aktia.fi/tunnistus/js/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.blockUI.js
auth.aktia.fi/tunnistus/js/ |
19 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr-2.5.3-min.js
auth.aktia.fi/tunnistus/js/ |
11 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.png
auth.aktia.fi/tunnistus/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1x1.png
auth.aktia.fi/tunnistus/images/ |
95 B 559 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
verkkopankki_logo_fi.png
auth.aktia.fi/tunnistus/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
portlet-title-middle.png
auth.aktia.fi/tunnistus/images/ |
245 B 710 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu-item_bg.png
auth.aktia.fi/tunnistus/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_bg.gif
auth.aktia.fi/tunnistus/images/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nuoli.gif
auth.aktia.fi/tunnistus/images/ |
51 B 515 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
muut.png
auth.aktia.fi/tunnistus/images/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Aktia Bank (Financial)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler undefined| $ function| jQuery function| occupyFullBrowser function| placeCursorOnFirstElm function| writeCSS function| markupButton function| aggSubmit function| getSelectedRadioValue function| getSelectedCheckBoxValues function| strTrim function| clearFormElms object| html5 object| Modernizr boolean| cookieEnabled function| jb boolean| submitting function| blockLogin1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
aktia-2.xyz/ | Name: PHPSESSID Value: 2q8klhr9db6c3p6p5aj0r49c62 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aktia-2.xyz
auth.aktia.fi
104.21.7.247
131.207.49.11
009934086aa59da1f66a46c8adb5ad7e434a421c7c43e4a71bfcd7b51e2863c4
0e31b94ec680113ca1ecd06f37f9fcda649ca3200653f40f3f0792dc2e4979b3
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4023964dce0aaf692c30928571252ac9419dfe899ffaea60363696565c1cb548
55eff1c72dc5d18c0091c90aa0814514f7cc6c2a30e643d07afa971ac56f2b92
5f241e671e05ef160ce9c9d73ae80e5a6c8dc3de0a878bc3b7ae9a5203628607
6b9aa2b7a68762af47bc69ae630c3a5bb1fde31821994b3d48cfbef3e9d82652
9f8eedcab7036245f8a71562623f26d3f84928ab703e5f7a7c29f86e15cb47ef
a7bf07390624fd80f1cb05a0bcbc20535f518476bf89df74b218b5dd7b8a2a04
b305df9c1e57e2d89e66185303ac49d2728fc588f98a44d98813a9730a4c129d
c26cfce9caf7b965861956c1f173821f45f1e1f61aa4bd19ddd4b26723411c9d
d7b2f4d394d1dbdc0d1625daed5d0fb932d5429645ae1db8fd12eecf6d90e238
dc321504bc49ea656de64b8090ddb589394906a9a4551128774ef9d144be229a
ff05cc85a54aa616611e34315f079de33309b3b5b9c0ab571e5eeff36b9a1d08