nordea-ohjaussivu023.dynv6.net Open in urlscan Pro
45.82.120.94 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://nordea-ohjaussivu023.dynv6.net/fin/kyc.php
Effective URL:
https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php
Submission: On August 10 via manual (August 10th 2023, 5:27:44 am UTC) from FI — Scanned from FI

Summary HTTP 16 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 45.82.120.94, located in Germany and belongs to SYNLINQ synlinq.de, DE. The main domain is nordea-ohjaussivu023.dynv6.net.
TLS certificate: Issued by R3 on August 9th 2023. Valid for: 3 months.

This is the only time nordea-ohjaussivu023.dynv6.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	45.82.120.94 45.82.120.94	44486 (SYNLINQ s...) (SYNLINQ synlinq.de)
11	158.233.249.231 158.233.249.231	201271 (NORDEA-AS) (NORDEA-AS)
1	2a02:26f0:480... 2a02:26f0:480:bb2::312e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.38.98.68 23.38.98.68	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
16	5

2 45.82.120.94 (Germany) 1 redirects

ASN44486 (SYNLINQ synlinq.de, DE)
PTR: default.bero-host.de

nordea-ohjaussivu023.dynv6.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 158.233.249.231 (Finland)

ASN201271 (NORDEA-AS, FI)

identify.nordea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:bb2::312e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn-icons-png.flaticon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.38.98.68 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-38-98-68.deploy.static.akamaitechnologies.com

www.nordea.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	nordea.com identify.nordea.com — Cisco Umbrella Rank: 518232	123 KB
2	dynv6.net 1 redirects nordea-ohjaussivu023.dynv6.net	12 KB
1	nordea.fi www.nordea.fi	231 B
1	flaticon.com cdn-icons-png.flaticon.com — Cisco Umbrella Rank: 45669	18 KB
16	4

	Domain	Requested by
11	identify.nordea.com	nordea-ohjaussivu023.dynv6.net identify.nordea.com
2	nordea-ohjaussivu023.dynv6.net	1 redirects
1	www.nordea.fi	identify.nordea.com
1	cdn-icons-png.flaticon.com	nordea-ohjaussivu023.dynv6.net
16	4

This site contains links to these domains. Also see Links.

Domain
www.nordea.fi

Subject Issuer	Validity	Valid
nordea-ohjaussivu023.dynv6.net R3	`2023-08-09` - `2023-11-07`	3 months	crt.sh
identify.nordea.com Entrust Certification Authority - L1M	`2022-08-31` - `2023-09-27`	a year	crt.sh
freepik.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
nordea.fi Entrust Certification Authority - L1M	`2023-01-16` - `2024-02-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php
Frame ID: 189EC4463603EC26C7BBC57CFD98BDC3
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nordea - Tunnistautuminen

Page URL History Show full URLs

https://nordea-ohjaussivu023.dynv6.net/fin/kyc.php HTTP 302
https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

16
Requests

88 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

152 kB
Transfer

312 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nordea.fi/nordea-id
Title: www.nordea.fi

Search URL Search Domain Scan URL

URL: https://www.nordea.fi/henkiloasiakkaat/palvelumme/verkko-mobiilipalvelut/tunnuslukulaite.html
Title: www.nordea.fi

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://nordea-ohjaussivu023.dynv6.net/fin/kyc.php HTTP 302
https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request asiakas.php Show response
nordea-ohjaussivu023.dynv6.net/fin/
Redirect Chain

https://nordea-ohjaussivu023.dynv6.net/fin/kyc.php
https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php

40 KB
11 KB

64ms
63ms

Document
text/html

45.82.120.94
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.82.120.94 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS: default.bero-host.de
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 1694e95ed5d55c303f05c0e0535bb961608e9917322efa612833c8a135d50b47

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 11308
Content-Type: text/html; charset=UTF-8
Date: Thu, 10 Aug 2023 05:27:39 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 10 Aug 2023 05:27:39 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache/2.4.18 (Ubuntu)
location: asiakas.php

GET
H/1.1 200
OK styles-5e97586861ac76183e6fd7440d5e7a5e.css
identify.nordea.com/assets/ 35 KB
7 KB 235ms
48ms Stylesheet
text/css 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://identify.nordea.com/assets/styles-5e97586861ac76183e6fd7440d5e7a5e.css

Requested by

Host: nordea-ohjaussivu023.dynv6.net
URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

e3f71711097c854d9836620612c0a1b813dcfce9349cc7214c8445e0f15c2688

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:34:56 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H2 200 3076404.png
cdn-icons-png.flaticon.com/512/3076/ 17 KB
18 KB 254ms
62ms Image
image/png 2a02:26f0:480:bb2::312e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-icons-png.flaticon.com/512/3076/3076404.png
Requested by: Host: nordea-ohjaussivu023.dynv6.net
URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:bb2::312e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: dabebc9c35addb11b291e307132ec2d9bd10cde3511d5e530d8dd63e968c0f50

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Thu, 10 Aug 2023 05:27:40 GMT
x-amz-meta-goog-reserved-file-mtime: 1591617130
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 17541
pragma: public
last-modified: Thu, 14 Oct 2021 19:13:52 GMT
etag: "d1d7924e1e34845c368da9ce1ac603f8"
vary: Accept-Encoding
x-goog-generation: 1634238832364591
content-type: image/png
access-control-allow-origin: *
x-default-rule: YES
cache-control: public, max-age=31536000
x-goog-stored-content-length: 17541
accept-ranges: bytes
x-amz-meta-x-goog-reserved-source-generation: 1627240323298902
expires: Thu, 10 Aug 2023 05:27:40 GMT

GET
H/1.1 200
OK key-ca4ef88caabfc9bc5dc60a9d9fe78fa3.svg
identify.nordea.com/assets/images/ 961 B
1 KB 190ms
50ms Image
image/svg+xml 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/key-ca4ef88caabfc9bc5dc60a9d9fe78fa3.svg

Requested by

Host: nordea-ohjaussivu023.dynv6.net
URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

97f27f25912f72cb94fdb45b5bf833a6280754167831c74fc8bed9483ef5ac8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:39:21 GMT
ETag: W/"ca4ef88caabfc9bc5dc60a9d9fe78fa3"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 961
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK qrcode-4b3ad41217c6bbe10f1bab9c3670216d.js Show response
identify.nordea.com/assets/ 23 KB
9 KB 189ms
50ms Script
application/javascript 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://identify.nordea.com/assets/qrcode-4b3ad41217c6bbe10f1bab9c3670216d.js

Requested by

Host: nordea-ohjaussivu023.dynv6.net
URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

a020d31f9da69db318dadde59006ac690b52a1235937b8b0dcc898851a172120

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:34:56 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"4b3ad41217c6bbe10f1bab9c3670216d--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: application/javascript
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 8838
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK scripts-870b2262b02a39385e4b101e8af1719c.js Show response
identify.nordea.com/assets/ 111 KB
26 KB 188ms
48ms Script
application/javascript 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://identify.nordea.com/assets/scripts-870b2262b02a39385e4b101e8af1719c.js

Requested by

Host: nordea-ohjaussivu023.dynv6.net
URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

e5582b316ef765b8ce1d2f96aa64027dffe49217bf6ab2793c9239d59eb9b823

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:36:27 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"870b2262b02a39385e4b101e8af1719c--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK 564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
identify.nordea.com/assets/ 67 KB
67 KB 48ms
47ms Image
image/jpeg 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg

Requested by

Host: identify.nordea.com
URL: https://identify.nordea.com/assets/styles-5e97586861ac76183e6fd7440d5e7a5e.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://identify.nordea.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:36:27 GMT
ETag: W/"b7a1feddcbbebce5f93166d4e2765fff"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 68419
X-XSS-Protection: 1; mode=block

GET aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
identify.nordea.com/assets/ 0
0

GET b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
identify.nordea.com/assets/ 0
0

GET
H2 200 getMessage Show response
www.nordea.fi/wemapp/api/ 11 B
231 B 267ms
67ms XHR
application/json 23.38.98.68
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordea.fi/wemapp/api/getMessage?id=281

Requested by

Host: identify.nordea.com
URL: https://identify.nordea.com/assets/scripts-870b2262b02a39385e4b101e8af1719c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.98.68 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-38-98-68.deploy.static.akamaitechnologies.com

Software

Resource Hash

8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000, max-age=157680000

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000, max-age=157680000
date: Thu, 10 Aug 2023 05:27:40 GMT
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
p3p: CP="This is not a P3P policy!!!"
cache-control: public, max-age=0
content-length: 11

GET
H/1.1 200
OK service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
identify.nordea.com/assets/images/ 3 KB
2 KB 52ms
51ms Image
image/svg+xml 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:34:56 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"f426cda35f41e4c0b7c30c814b5eb2ee--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1315
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
identify.nordea.com/assets/images/ 3 KB
2 KB 49ms
48ms Image
image/svg+xml 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:34:56 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"91ca9eec9eed6ed945355d650bb10d41--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1151
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
identify.nordea.com/assets/images/ 3 KB
2 KB 51ms
50ms Image
image/svg+xml 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:37:47 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"9bbd07dc81f3c2a11d2c7735b416ee18--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1210
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
identify.nordea.com/assets/images/ 3 KB
2 KB 49ms
48ms Image
image/svg+xml 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:34:56 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"d0c0f9d25ebde42bbd552c8ad5363f01--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1449
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK no-connection-83f79e2367a313b468986e12a237c346.svg
identify.nordea.com/assets/images/ 5 KB
3 KB 106ms
52ms Image
image/svg+xml 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/no-connection-83f79e2367a313b468986e12a237c346.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:39:21 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
ETag: W/"83f79e2367a313b468986e12a237c346--gzip"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 2005
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK empty-3857ebe69f653487f8c9d99adde4657f.svg
identify.nordea.com/assets/images/ 2 KB
2 KB 105ms
51ms Image
image/svg+xml 158.233.249.231
NORDEA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identify.nordea.com/assets/images/empty-3857ebe69f653487f8c9d99adde4657f.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

158.233.249.231 , Finland, ASN201271 (NORDEA-AS, FI),

Reverse DNS

Software

Resource Hash

d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://nordea-ohjaussivu023.dynv6.net/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Thu, 10 Aug 2023 05:27:40 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Content-Type-Options: nosniff
Referrer-Policy: origin
Last-Modified: Thu, 29 Jun 2023 04:36:27 GMT
ETag: W/"3857ebe69f653487f8c9d99adde4657f"
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 1642
X-XSS-Protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: identify.nordea.com
URL: https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff

Domain: identify.nordea.com
URL: https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| safeLog function| checkInputs object| QRCode object| App

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nordea-ohjaussivu023.dynv6.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: d9j6gihr0sa02skqlq23cavm52

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php Message: Access to font at 'https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff' from origin 'https://nordea-ohjaussivu023.dynv6.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://identify.nordea.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://nordea-ohjaussivu023.dynv6.net/fin/asiakas.php Message: Access to font at 'https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff' from origin 'https://nordea-ohjaussivu023.dynv6.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://identify.nordea.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-icons-png.flaticon.com
identify.nordea.com
nordea-ohjaussivu023.dynv6.net
www.nordea.fi
identify.nordea.com
158.233.249.231
23.38.98.68
2a02:26f0:480:bb2::312e
45.82.120.94
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
1694e95ed5d55c303f05c0e0535bb961608e9917322efa612833c8a135d50b47
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
97f27f25912f72cb94fdb45b5bf833a6280754167831c74fc8bed9483ef5ac8b
a020d31f9da69db318dadde59006ac690b52a1235937b8b0dcc898851a172120
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
dabebc9c35addb11b291e307132ec2d9bd10cde3511d5e530d8dd63e968c0f50
e3f71711097c854d9836620612c0a1b813dcfce9349cc7214c8445e0f15c2688
e5582b316ef765b8ce1d2f96aa64027dffe49217bf6ab2793c9239d59eb9b823

nordea-ohjaussivu023.dynv6.net Open in urlscan Pro 45.82.120.94 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

88 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

152 kBTransfer

312 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

nordea-ohjaussivu023.dynv6.net Open in urlscan Pro
45.82.120.94 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

88 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

152 kB
Transfer

312 kB
Size

1
Cookies

16 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!