identify.nordea.skobidoba.de Open in urlscan Pro
193.124.45.159 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cinemata.hosted.phplist.com/lists/lt.php?tid=fU8JAgcAVQ4PV0tSWQFTSQVbAFYdV1AEVk8FAF4PAQwGCwYAWwVLAwcLBVRaAlVJAFBUDR0BBgcOTwd...
Effective URL:
https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2Mngy...
Submission: On April 22 via manual (April 22nd 2024, 6:45:00 am UTC) from NO — Scanned from NO

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 10 HTTP transactions. The main IP is 193.124.45.159, located in Istanbul, Turkey and belongs to GLBBULUTTEKNOLOJISI-AS, TR. The main domain is identify.nordea.skobidoba.de.
TLS certificate: Issued by R3 on April 7th 2024. Valid for: 3 months.

This is the only time identify.nordea.skobidoba.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.33.29.14 45.33.29.14	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 2	193.124.45.159 193.124.45.159	48207 (GLBBULUTT...) (GLBBULUTTEKNOLOJISI-AS)
6	158.233.249.230 158.233.249.230	201271 (NORDEA-AS) (NORDEA-AS)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
10	4

1 45.33.29.14 (Richardson, United States) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: aspen.phplist.com

cinemata.hosted.phplist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.124.45.159 (Istanbul, Turkey) 1 redirects

ASN48207 (GLBBULUTTEKNOLOJISI-AS, TR)

fdjkghdkfjghfdkljhlfkdsfg.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
identify.nordea.skobidoba.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 158.233.249.230 (Finland)

ASN201271 (NORDEA-AS, FI)

identify.nordea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	nordea.com identify.nordea.com — Cisco Umbrella Rank: 609102	82 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 767	29 KB
1	skobidoba.de identify.nordea.skobidoba.de	11 KB
1	fdjkghdkfjghfdkljhlfkdsfg.ru 1 redirects fdjkghdkfjghfdkljhlfkdsfg.ru	326 B
1	phplist.com 1 redirects cinemata.hosted.phplist.com	528 B
10	5

	Domain	Requested by
6	identify.nordea.com	identify.nordea.skobidoba.de identify.nordea.com
1	code.jquery.com	identify.nordea.skobidoba.de
1	identify.nordea.skobidoba.de
1	fdjkghdkfjghfdkljhlfkdsfg.ru	1 redirects
1	cinemata.hosted.phplist.com	1 redirects
10	5

This site contains no links.

Subject Issuer	Validity	Valid
identify.nordea.skobidoba.de R3	`2024-04-07` - `2024-07-06`	3 months	crt.sh
identify.nordea.com Entrust Certification Authority - L1M	`2024-03-20` - `2024-09-26`	6 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/
Frame ID: 40CEFACE98F365160592484314368770
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nordea - Identifisering

Page URL History Show full URLs

https://cinemata.hosted.phplist.com/lists/lt.php?tid=fU8JAgcAVQ4PV0tSWQFTSQVbAFYdV1AEVk8FAF4PAQwGCwYAWwVLAwcLBVR... HTTP 303
https://fdjkghdkfjghfdkljhlfkdsfg.ru/nordeaDirect/ HTTP 302
https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRl... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

80 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

122 kB
Transfer

206 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cinemata.hosted.phplist.com/lists/lt.php?tid=fU8JAgcAVQ4PV0tSWQFTSQVbAFYdV1AEVk8FAF4PAQwGCwYAWwVLAwcLBVRaAlVJAFBUDR0BBgcOTwdWAVAVDVYKAQQGBwZUAgIASl5TUlMDAFUNHVQMBgFPUlENVBUNVgdVGwAEBlVVA19VDgYFVw HTTP 303
https://fdjkghdkfjghfdkljhlfkdsfg.ru/nordeaDirect/ HTTP 302
https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/
Redirect Chain

https://cinemata.hosted.phplist.com/lists/lt.php?tid=fU8JAgcAVQ4PV0tSWQFTSQVbAFYdV1AEVk8FAF4PAQwGCwYAWwVLAwcLBVRaAlVJAFBUDR0BBgcOTwdWAVAVDVYKAQQGBwZUAgIASl5TUlMDAFUNHVQMBgFPUlENVBUNVgdVGwAEBlVVA19V...
https://fdjkghdkfjghfdkljhlfkdsfg.ru/nordeaDirect/
https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/

10 KB
11 KB

628ms
284ms

Document
text/html

193.124.45.159
GLBBULUTTEKNOLOJI...

General

Check archive.org

Show headers Download Go to

Full URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 193.124.45.159 Istanbul, Turkey, ASN48207 (GLBBULUTTEKNOLOJISI-AS, TR),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ca0fca0507f078110c39601829a23f193580bb4957e0e9a0dcd13b987cfdb210

Request headers

Accept-Language: no-NO,no;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Apr 2024 06:44:54 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.22.1
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Apr 2024 06:44:53 GMT
Server: nginx/1.22.1
location: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/

GET
H/1.1 200
OK styles-e681949d088951026d3104067c0a00b7.css
identify.nordea.com/assets/ 36 KB
7 KB 1240ms
52ms Stylesheet
text/css 158.233.249.230
NORDEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://identify.nordea.com/assets/styles-e681949d088951026d3104067c0a00b7.css

Requested by

Host: identify.nordea.skobidoba.de
URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

e7c43461481c45416510cc850cdc8b1db76d00964b110628ad197d278dfbd608

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 06:44:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Fri, 23 Feb 2024 04:21:35 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 151ms
46ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: identify.nordea.skobidoba.de
URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 06:44:54 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 6509541
x-cache: HIT, HIT
content-length: 29811
x-served-by: cache-lga21935-LGA, cache-bma1633-BMA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1713768295.793170,VS0,VE0
etag: W/"28feccc0-14e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 60, 107058

GET
H/1.1 200
OK codes_app-a89defc476c5ea3f806b6f5360157e81.svg
identify.nordea.com/assets/images/ 1 KB
2 KB 1241ms
53ms Image
image/svg+xml 158.233.249.230
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/codes_app-a89defc476c5ea3f806b6f5360157e81.svg

Requested by

Host: identify.nordea.skobidoba.de
URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 06:44:55 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Fri, 23 Feb 2024 04:23:05 GMT
ETag: W/"a89defc476c5ea3f806b6f5360157e81"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1442
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg
identify.nordea.com/assets/images/ 3 KB
1 KB 1243ms
55ms Image
image/svg+xml 158.233.249.230
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg

Requested by

Host: identify.nordea.skobidoba.de
URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

8e983af3546212ed1e62b9c26c00f0f3a4c6fa7c17c9b852cd2910f8b425f8d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 06:44:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Fri, 23 Feb 2024 04:30:02 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"4ea331ae4c5bc3a12e6cf8340862d4c0--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 937
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bankidnomobile-8bd2f3c1665c6c00eff2af6bd153e9f6.svg
identify.nordea.com/assets/images/ 4 KB
2 KB 51ms
51ms Image
image/svg+xml 158.233.249.230
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/bankidnomobile-8bd2f3c1665c6c00eff2af6bd153e9f6.svg

Requested by

Host: identify.nordea.skobidoba.de
URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

742f4ac7148ead577b274c9d2ee2d5b6a4916bcfcf483d7a0c1d75bae8fe1261

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 06:44:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Fri, 23 Feb 2024 04:31:19 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"8bd2f3c1665c6c00eff2af6bd153e9f6--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1530
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
identify.nordea.com/assets/ 67 KB
67 KB 53ms
52ms Image
image/jpeg 158.233.249.230
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg

Requested by

Host: identify.nordea.com
URL: https://identify.nordea.com/assets/styles-e681949d088951026d3104067c0a00b7.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://identify.nordea.com/
Accept-Language: no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 06:44:55 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Fri, 23 Feb 2024 04:31:19 GMT
ETag: W/"b7a1feddcbbebce5f93166d4e2765fff"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 68419
X-XSS-Protection: 1; mode=block

GET aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
identify.nordea.com/assets/ 0
0

GET b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
identify.nordea.com/assets/ 0
0

GET
H/1.1 200
OK favicon-9a39921b4a8d93d5528b4ccdc5d76e91.ico
identify.nordea.com/assets/images/ 1 KB
2 KB 62ms
61ms Other
image/x-icon 158.233.249.230
NORDEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://identify.nordea.com/assets/images/favicon-9a39921b4a8d93d5528b4ccdc5d76e91.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 06:44:56 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Fri, 23 Feb 2024 04:21:35 GMT
ETag: W/"9a39921b4a8d93d5528b4ccdc5d76e91"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: image/x-icon
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1150
X-XSS-Protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: identify.nordea.com
URL: https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff

Domain: identify.nordea.com
URL: https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.phplist.com/	1969-12-31 23:59:59	Name: WebblerSession Value: 0qc5mg5uuhvnobbm0i7s28efo5
cinemata.hosted.phplist.com/	1969-12-31 23:59:59	Name: SERVERID Value: pqserver4\|ZiYHa\|ZiYHa
identify.nordea.skobidoba.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0aophbi5g9g61vfmaag0spip5v

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
javascript	error	URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/ Message: Access to font at 'https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff' from origin 'https://identify.nordea.skobidoba.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://identify.nordea.skobidoba.de/cTN4NGg0djVtNG40aDVlNDE0cTRuNTA2NTRhNHg1cDJiNDQzdTJ4MmE0eDJwMmQ0dTVqNHc1YzRlNGc1ODM3NHkyNzR2MngyeDJhNHcyeTIxM2g0/ Message: Access to font at 'https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff' from origin 'https://identify.nordea.skobidoba.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cinemata.hosted.phplist.com
code.jquery.com
fdjkghdkfjghfdkljhlfkdsfg.ru
identify.nordea.com
identify.nordea.skobidoba.de
identify.nordea.com
158.233.249.230
193.124.45.159
2a04:4e42:200::649
45.33.29.14
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb
742f4ac7148ead577b274c9d2ee2d5b6a4916bcfcf483d7a0c1d75bae8fe1261
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
8e983af3546212ed1e62b9c26c00f0f3a4c6fa7c17c9b852cd2910f8b425f8d3
b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9
ca0fca0507f078110c39601829a23f193580bb4957e0e9a0dcd13b987cfdb210
e7c43461481c45416510cc850cdc8b1db76d00964b110628ad197d278dfbd608

identify.nordea.skobidoba.de Open in urlscan Pro 193.124.45.159 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

80 %HTTPS

25 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

122 kBTransfer

206 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

3 Cookies

5 Console Messages

Indicators

identify.nordea.skobidoba.de Open in urlscan Pro
193.124.45.159 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

122 kB
Transfer

206 kB
Size

3
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!