![](/screenshots/ff5907df-ab57-4f73-b415-66f60d9a9d40.png)
nordea-ohjaussivu023.dynv6.net
Open in
urlscan Pro
45.82.120.94
Malicious Activity!
Public Scan
Submission: On August 10 via manual from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on August 9th 2023. Valid for: 3 months.
This is the only time nordea-ohjaussivu023.dynv6.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 45.82.120.94 45.82.120.94 | 44486 (SYNLINQ s...) (SYNLINQ synlinq.de) | |
11 | 158.233.249.231 158.233.249.231 | 201271 (NORDEA-AS) (NORDEA-AS) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:28a::312e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.126.36.225 104.126.36.225 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
16 | 5 |
ASN44486 (SYNLINQ synlinq.de, DE)
PTR: default.bero-host.de
nordea-ohjaussivu023.dynv6.net |
ASN20940 (AKAMAI-ASN1, NL)
cdn-icons-png.flaticon.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-36-225.deploy.static.akamaitechnologies.com
www.nordea.fi |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
nordea.com
identify.nordea.com — Cisco Umbrella Rank: 518232 |
123 KB |
1 |
nordea.fi
www.nordea.fi |
232 B |
1 |
flaticon.com
cdn-icons-png.flaticon.com — Cisco Umbrella Rank: 45669 |
18 KB |
1 |
dynv6.net
nordea-ohjaussivu023.dynv6.net |
11 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
11 | identify.nordea.com |
nordea-ohjaussivu023.dynv6.net
identify.nordea.com |
1 | www.nordea.fi |
identify.nordea.com
|
1 | cdn-icons-png.flaticon.com |
nordea-ohjaussivu023.dynv6.net
|
1 | nordea-ohjaussivu023.dynv6.net | |
16 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nordea.fi |
Subject Issuer | Validity | Valid | |
---|---|---|---|
nordea-ohjaussivu023.dynv6.net R3 |
2023-08-09 - 2023-11-07 |
3 months | crt.sh |
identify.nordea.com Entrust Certification Authority - L1M |
2022-08-31 - 2023-09-27 |
a year | crt.sh |
freepik.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-10 |
a year | crt.sh |
nordea.fi Entrust Certification Authority - L1M |
2023-01-16 - 2024-02-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php
Frame ID: 0FF4D46B8DA17A96AF524411F2962FBA
Requests: 17 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: www.nordea.fi
Search URL Search Domain Scan URL
Title: www.nordea.fi
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
asiakas.php
nordea-ohjaussivu023.dynv6.net/fin/ |
40 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-5e97586861ac76183e6fd7440d5e7a5e.css
identify.nordea.com/assets/ |
35 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3076404.png
cdn-icons-png.flaticon.com/512/3076/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
key-ca4ef88caabfc9bc5dc60a9d9fe78fa3.svg
identify.nordea.com/assets/images/ |
961 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode-4b3ad41217c6bbe10f1bab9c3670216d.js
identify.nordea.com/assets/ |
23 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts-870b2262b02a39385e4b101e8af1719c.js
identify.nordea.com/assets/ |
111 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
identify.nordea.com/assets/ |
67 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
identify.nordea.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
identify.nordea.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getMessage
www.nordea.fi/wemapp/api/ |
11 B 232 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
identify.nordea.com/assets/images/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
identify.nordea.com/assets/images/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
identify.nordea.com/assets/images/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
identify.nordea.com/assets/images/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
no-connection-83f79e2367a313b468986e12a237c346.svg
identify.nordea.com/assets/images/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
empty-3857ebe69f653487f8c9d99adde4657f.svg
identify.nordea.com/assets/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- identify.nordea.com
- URL
- https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
- Domain
- identify.nordea.com
- URL
- https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| safeLog function| checkInputs object| QRCode object| App0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn-icons-png.flaticon.com
identify.nordea.com
nordea-ohjaussivu023.dynv6.net
www.nordea.fi
identify.nordea.com
104.126.36.225
158.233.249.231
2a02:26f0:3500:28a::312e
45.82.120.94
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
1694e95ed5d55c303f05c0e0535bb961608e9917322efa612833c8a135d50b47
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
97f27f25912f72cb94fdb45b5bf833a6280754167831c74fc8bed9483ef5ac8b
a020d31f9da69db318dadde59006ac690b52a1235937b8b0dcc898851a172120
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
dabebc9c35addb11b291e307132ec2d9bd10cde3511d5e530d8dd63e968c0f50
e3f71711097c854d9836620612c0a1b813dcfce9349cc7214c8445e0f15c2688
e5582b316ef765b8ce1d2f96aa64027dffe49217bf6ab2793c9239d59eb9b823