urlscan.io logo urlscan.io
SecurityTrails logo

web11496.web09.bero-webspace.de Open in urlscan Pro
45.82.121.115  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://web11496.web09.bero-webspace.de/
Submission: On August 22 via manual from NO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 45.82.121.115, located in Germany and belongs to SYNLINQ synlinq.de, DE. The main domain is web11496.web09.bero-webspace.de.
TLS certificate: Issued by R3 on August 18th 2023. Valid for: 3 months.
This is the only time web11496.web09.bero-webspace.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 45.82.121.115 44486 (SYNLINQ s...)
16 158.233.249.230 201271 (NORDEA-AS)
1 23.38.98.78 20940 (AKAMAI-ASN1)
20 4
Apex Domain
Subdomains		 Transfer
16 nordea.com
identify.nordea.com — Cisco Umbrella Rank: 587841
133 KB
1 nordea.fi
www.nordea.fi
231 B
1 bero-webspace.de
web11496.web09.bero-webspace.de
11 KB
20 3
Domain Requested by
16 identify.nordea.com web11496.web09.bero-webspace.de
identify.nordea.com
1 www.nordea.fi identify.nordea.com
1 web11496.web09.bero-webspace.de
20 3

This site contains links to these domains. Also see Links.

Domain
www.nordea.fi
Subject Issuer Validity Valid
web11496.web09.bero-webspace.de
R3		 2023-08-18 -
2023-11-16		 3 months crt.sh
identify.nordea.com
Entrust Certification Authority - L1M		 2022-08-31 -
2023-09-27		 a year crt.sh
nordea.fi
Entrust Certification Authority - L1M		 2023-01-16 -
2024-02-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://web11496.web09.bero-webspace.de/
Frame ID: 26EAC7762B91B7DE2825CD28D929DC1A
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nordea - Tunnistautuminen

Page Statistics

20
Requests

90 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

144 kB
Transfer

307 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web11496.web09.bero-webspace.de/ 		42 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web11496.web09.bero-webspace.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.82.121.115 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS
web09.bero-host.de
Software
nginx / PHP/8.2.9 PleskLin
Resource Hash
37e6d7169e13cf707715a62dbefb6eaa6f63e672f7b50ff798f03cafa500d529

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
11591
content-type
text/html; charset=UTF-8
date
Tue, 22 Aug 2023 07:18:05 GMT
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.9 PleskLin
styles-5e97586861ac76183e6fd7440d5e7a5e.css
identify.nordea.com/assets/ 		35 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identify.nordea.com/assets/styles-5e97586861ac76183e6fd7440d5e7a5e.css
Requested by
Host: web11496.web09.bero-webspace.de
URL: https://web11496.web09.bero-webspace.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
e3f71711097c854d9836620612c0a1b813dcfce9349cc7214c8445e0f15c2688
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:42:37 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
codes_app-a89defc476c5ea3f806b6f5360157e81.svg
identify.nordea.com/assets/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/codes_app-a89defc476c5ea3f806b6f5360157e81.svg
Requested by
Host: web11496.web09.bero-webspace.de
URL: https://web11496.web09.bero-webspace.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:42:37 GMT
ETag
W/"a89defc476c5ea3f806b6f5360157e81"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1442
X-XSS-Protection
1; mode=block
offline-8599dbe5088e0566b0e39373d3a56b60.svg
identify.nordea.com/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/offline-8599dbe5088e0566b0e39373d3a56b60.svg
Requested by
Host: web11496.web09.bero-webspace.de
URL: https://web11496.web09.bero-webspace.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
4bb0667918cd4d97513a0d51d50ed3f3cf4d61ddb35f6319cde294149ebb79ae
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:33:16 GMT
ETag
W/"8599dbe5088e0566b0e39373d3a56b60"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1873
X-XSS-Protection
1; mode=block
code_calculator-6af4aa53625a02dcb8b5cfd7ac2d30bd.svg
identify.nordea.com/assets/images/ 		671 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/code_calculator-6af4aa53625a02dcb8b5cfd7ac2d30bd.svg
Requested by
Host: web11496.web09.bero-webspace.de
URL: https://web11496.web09.bero-webspace.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
23c76e6a9df05e6f95e1384fbf5566300447cf8a2e658af4de19bb52c14eeadf
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:41:02 GMT
ETag
W/"6af4aa53625a02dcb8b5cfd7ac2d30bd"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
671
X-XSS-Protection
1; mode=block
key-ca4ef88caabfc9bc5dc60a9d9fe78fa3.svg
identify.nordea.com/assets/images/ 		961 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/key-ca4ef88caabfc9bc5dc60a9d9fe78fa3.svg
Requested by
Host: web11496.web09.bero-webspace.de
URL: https://web11496.web09.bero-webspace.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
97f27f25912f72cb94fdb45b5bf833a6280754167831c74fc8bed9483ef5ac8b
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:31:46 GMT
ETag
W/"ca4ef88caabfc9bc5dc60a9d9fe78fa3"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
961
X-XSS-Protection
1; mode=block
qrcode-4b3ad41217c6bbe10f1bab9c3670216d.js
identify.nordea.com/assets/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identify.nordea.com/assets/qrcode-4b3ad41217c6bbe10f1bab9c3670216d.js
Requested by
Host: web11496.web09.bero-webspace.de
URL: https://web11496.web09.bero-webspace.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
a020d31f9da69db318dadde59006ac690b52a1235937b8b0dcc898851a172120
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:33:16 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"4b3ad41217c6bbe10f1bab9c3670216d--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
application/javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
8838
X-XSS-Protection
1; mode=block
scripts-870b2262b02a39385e4b101e8af1719c.js
identify.nordea.com/assets/ 		111 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identify.nordea.com/assets/scripts-870b2262b02a39385e4b101e8af1719c.js
Requested by
Host: web11496.web09.bero-webspace.de
URL: https://web11496.web09.bero-webspace.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
e5582b316ef765b8ce1d2f96aa64027dffe49217bf6ab2793c9239d59eb9b823
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:31:46 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"870b2262b02a39385e4b101e8af1719c--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type
image/gif
564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
identify.nordea.com/assets/ 		67 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
Requested by
Host: identify.nordea.com
URL: https://identify.nordea.com/assets/styles-5e97586861ac76183e6fd7440d5e7a5e.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identify.nordea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:41:02 GMT
ETag
W/"b7a1feddcbbebce5f93166d4e2765fff"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
68419
X-XSS-Protection
1; mode=block
aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
identify.nordea.com/assets/ 		0
0
b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
identify.nordea.com/assets/ 		0
0
getMessage
www.nordea.fi/wemapp/api/ 		11 B
231 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.nordea.fi/wemapp/api/getMessage?id=281
Requested by
Host: identify.nordea.com
URL: https://identify.nordea.com/assets/scripts-870b2262b02a39385e4b101e8af1719c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.98.78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-38-98-78.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=157680000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000, max-age=157680000
date
Tue, 22 Aug 2023 07:18:05 GMT
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
p3p
CP="This is not a P3P policy!!!"
cache-control
public, max-age=12
content-length
11
3defb92f3d1f7309bb86-28abb007069a4e48b1a0830fb5d4a822.svg
identify.nordea.com/assets/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/3defb92f3d1f7309bb86-28abb007069a4e48b1a0830fb5d4a822.svg
Requested by
Host: identify.nordea.com
URL: https://identify.nordea.com/assets/styles-5e97586861ac76183e6fd7440d5e7a5e.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
f0dd565f9257ed5f2b92bcdf9fffeb6b057829269c5a5c60033f89402b372b1a
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identify.nordea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:42:37 GMT
ETag
W/"28abb007069a4e48b1a0830fb5d4a822"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1724
X-XSS-Protection
1; mode=block
aa78d594083d0ccfefcf-d2c5355e1fcc507cd7b7389e87e6c9de.svg
identify.nordea.com/assets/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/aa78d594083d0ccfefcf-d2c5355e1fcc507cd7b7389e87e6c9de.svg
Requested by
Host: identify.nordea.com
URL: https://identify.nordea.com/assets/styles-5e97586861ac76183e6fd7440d5e7a5e.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
9f447470aba212c3bf9d926893df1219f82f5ea14fb495658af56d6ab22c9697
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identify.nordea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:41:02 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"d2c5355e1fcc507cd7b7389e87e6c9de--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1734
X-XSS-Protection
1; mode=block
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
identify.nordea.com/assets/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:33:16 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"f426cda35f41e4c0b7c30c814b5eb2ee--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1315
X-XSS-Protection
1; mode=block
technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
identify.nordea.com/assets/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:33:16 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"91ca9eec9eed6ed945355d650bb10d41--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1151
X-XSS-Protection
1; mode=block
something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
identify.nordea.com/assets/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:42:37 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"9bbd07dc81f3c2a11d2c7735b416ee18--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1210
X-XSS-Protection
1; mode=block
cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
identify.nordea.com/assets/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:41:02 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"d0c0f9d25ebde42bbd552c8ad5363f01--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1449
X-XSS-Protection
1; mode=block
no-connection-83f79e2367a313b468986e12a237c346.svg
identify.nordea.com/assets/images/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/no-connection-83f79e2367a313b468986e12a237c346.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:41:02 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
ETag
W/"83f79e2367a313b468986e12a237c346--gzip"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
2005
X-XSS-Protection
1; mode=block
empty-3857ebe69f653487f8c9d99adde4657f.svg
identify.nordea.com/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identify.nordea.com/assets/images/empty-3857ebe69f653487f8c9d99adde4657f.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.233.249.230 , Finland, ASN201271 (NORDEA-AS, FI),
Reverse DNS
Software
/
Resource Hash
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11496.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 07:18:05 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin
Last-Modified
Thu, 29 Jun 2023 04:41:02 GMT
ETag
W/"3857ebe69f653487f8c9d99adde4657f"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
1642
X-XSS-Protection
1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
identify.nordea.com
URL
https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
Domain
identify.nordea.com
URL
https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on August 22nd 2023, 11:40:47 am UTC — From Netherlands

Threats: Brand Impersonation Phishing
Brands: Nordea FI
Comment: #Phishing

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| safeLog function| redirectToPage2 function| redirectToPage function| checkInputs object| QRCode object| App

0 Cookies

4 Console Messages

Source Level URL
Text
javascript error URL: https://web11496.web09.bero-webspace.de/
Message:
Access to font at 'https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff' from origin 'https://web11496.web09.bero-webspace.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://web11496.web09.bero-webspace.de/
Message:
Access to font at 'https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff' from origin 'https://web11496.web09.bero-webspace.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

identify.nordea.com
web11496.web09.bero-webspace.de
www.nordea.fi
identify.nordea.com
158.233.249.230
23.38.98.78
45.82.121.115
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
23c76e6a9df05e6f95e1384fbf5566300447cf8a2e658af4de19bb52c14eeadf
37e6d7169e13cf707715a62dbefb6eaa6f63e672f7b50ff798f03cafa500d529
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
4bb0667918cd4d97513a0d51d50ed3f3cf4d61ddb35f6319cde294149ebb79ae
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
97f27f25912f72cb94fdb45b5bf833a6280754167831c74fc8bed9483ef5ac8b
9f447470aba212c3bf9d926893df1219f82f5ea14fb495658af56d6ab22c9697
a020d31f9da69db318dadde59006ac690b52a1235937b8b0dcc898851a172120
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
e3f71711097c854d9836620612c0a1b813dcfce9349cc7214c8445e0f15c2688
e5582b316ef765b8ce1d2f96aa64027dffe49217bf6ab2793c9239d59eb9b823
f0dd565f9257ed5f2b92bcdf9fffeb6b057829269c5a5c60033f89402b372b1a