identify.netbank-se.com Open in urlscan Pro
89.185.84.39  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request mobilt-bankid Show response identify.netbank-se.com/foretag/	6 KB 3 KB	604ms 81ms	Document text/html	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://identify.netbank-se.com/foretag/mobilt-bankid Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash f589532d90d96f0fb672c66fadb0fe2a6bcdbd20c18aa6cb274037acaab3b417 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 accept-language se-SE,se;q=0.9 Response headers cache-control no-cache, private content-encoding gzip content-type text/html; charset=UTF-8 date Fri, 18 Nov 2022 09:55:30 GMT server nginx vary Accept-Encoding x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 1; mode=block
GET H2	200	app.css identify.netbank-se.com/css/nordea/	17 KB 4 KB	62ms 60ms	Stylesheet text/css	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://identify.netbank-se.com/css/nordea/app.css?id=9181c3676fc1d9b91437f6fef73c48ce Requested by Host: identify.netbank-se.com URL: https://identify.netbank-se.com/foretag/mobilt-bankid Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash 2dd7a4aaf28ffec907932bfac6831e81c76aa0f502687d27670fd130528cf080 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://identify.netbank-se.com/foretag/mobilt-bankid User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 Response headers date Fri, 18 Nov 2022 09:55:30 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 15 Nov 2022 08:51:07 GMT server nginx etag W/"637352fb-459e" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css x-xss-protection 1; mode=block
GET H2	200	bankid.svg identify.netbank-se.com/images/	3 KB 2 KB	62ms 60ms	Image image/svg+xml	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://identify.netbank-se.com/images/bankid.svg Requested by Host: identify.netbank-se.com URL: https://identify.netbank-se.com/foretag/mobilt-bankid Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash ce22eb0c405b78a4247ec19eba5816e03a01a3c065e84a2bc58a23875cd1efc7 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://identify.netbank-se.com/foretag/mobilt-bankid User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 Response headers date Fri, 18 Nov 2022 09:55:30 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 15 Nov 2022 08:51:07 GMT server nginx etag W/"637352fb-cb1" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block
GET H2	200	card_reader.svg identify.netbank-se.com/images/nordea/	891 B 673 B	60ms 59ms	Image image/svg+xml	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://identify.netbank-se.com/images/nordea/card_reader.svg Requested by Host: identify.netbank-se.com URL: https://identify.netbank-se.com/foretag/mobilt-bankid Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash b34c9039b5f92575e57676734ec42dd908ef1877fe59a4d55b4277db69663830 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://identify.netbank-se.com/foretag/mobilt-bankid User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 Response headers date Fri, 18 Nov 2022 09:55:30 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 15 Nov 2022 08:51:07 GMT server nginx etag W/"637352fb-37b" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block
GET H2	200	qr_reader.svg identify.netbank-se.com/images/nordea/	642 B 561 B	61ms 61ms	Image image/svg+xml	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://identify.netbank-se.com/images/nordea/qr_reader.svg Requested by Host: identify.netbank-se.com URL: https://identify.netbank-se.com/foretag/mobilt-bankid Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash 0b76503946c6f19f7150b0950f704eac5cb94842b7698ea8eb9b0d4372b1bd05 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://identify.netbank-se.com/foretag/mobilt-bankid User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 Response headers date Fri, 18 Nov 2022 09:55:30 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 15 Nov 2022 08:51:07 GMT server nginx etag W/"637352fb-282" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block
GET H2	200	app.js Show response identify.netbank-se.com/js/nordea/	810 KB 168 KB	118ms 118ms	Script application/javascript	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://identify.netbank-se.com/js/nordea/app.js?id=ec532bf743592ac2428c3bccab12ff53 Requested by Host: identify.netbank-se.com URL: https://identify.netbank-se.com/foretag/mobilt-bankid Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash 566e50a6380bbba616b4009092cf699587b3e849ff8d3de35dc1b90d30cc7929 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://identify.netbank-se.com/foretag/mobilt-bankid User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 Response headers date Fri, 18 Nov 2022 09:55:30 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 15 Nov 2022 08:51:07 GMT server nginx etag W/"637352fb-ca929" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript; charset=utf-8 x-xss-protection 1; mode=block
GET H2	200	bg-top.png identify.netbank-se.com/images/	39 KB 40 KB	182ms 182ms	Image image/png	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Show image Full URL https://identify.netbank-se.com/images/bg-top.png?5e73b3c67b0510c4c5cfedf73b38cb40 Requested by Host: identify.netbank-se.com URL: https://identify.netbank-se.com/css/nordea/app.css?id=9181c3676fc1d9b91437f6fef73c48ce Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash 9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language se-SE,se;q=0.9 Referer https://identify.netbank-se.com/css/nordea/app.css?id=9181c3676fc1d9b91437f6fef73c48ce User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 Response headers date Fri, 18 Nov 2022 09:55:30 GMT x-content-type-options nosniff last-modified Tue, 15 Nov 2022 08:51:07 GMT server nginx etag "637352fb-9d93" x-frame-options SAMEORIGIN content-type image/png accept-ranges bytes content-length 40339 x-xss-protection 1; mode=block
GET H2	200	7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2 identify.netbank-se.com/fonts/nordea/	26 KB 26 KB	183ms 183ms	Font font/woff2	89.185.84.39 GIR-AS
General Check archive.org Show headers Download Go to Full URL https://identify.netbank-se.com/fonts/nordea/7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2 Requested by Host: identify.netbank-se.com URL: https://identify.netbank-se.com/css/nordea/app.css?id=9181c3676fc1d9b91437f6fef73c48ce Protocol H2 Security TLS 1.3, , AES_128_GCM Server 89.185.84.39 London, United Kingdom, ASN207713 (GIR-AS, RU), Reverse DNS 4SER-1668410871.4server.su Software nginx / Resource Hash a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://identify.netbank-se.com/css/nordea/app.css?id=9181c3676fc1d9b91437f6fef73c48ce Origin https://identify.netbank-se.com accept-language se-SE,se;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1 Response headers date Fri, 18 Nov 2022 09:55:30 GMT x-content-type-options nosniff last-modified Tue, 15 Nov 2022 08:51:07 GMT server nginx etag "637352fb-6734" x-frame-options SAMEORIGIN content-type font/woff2 accept-ranges bytes content-length 26420 x-xss-protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| userFlow function| axios object| QRCode object| Alpine function| Vue

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			identify.netbank-se.com/	1970-01-20 07:32:52	Name: XSRF-TOKEN Value: eyJpdiI6IjU4Y1lnOU1tbkphbHJEMDNUYW9kSmc9PSIsInZhbHVlIjoid0wwVGZVZCtuYUZteDJCblhqMzYvVjFZRm91UHY2L0V3aytBT2JDcFNVOFMrdGtOMXVTVlM4ZGZPSzRjdThlRmUyZDltRGp3d3Zkc011T0dITGt5R3hTVFR5bUJMOUozeDIyZEg2ek9Tc093Mk9URlV0MmhqQ3ZKWVpYblRIUFoiLCJtYWMiOiIxN2RiZGZjOGQ1NDkyYTliM2ZmZjIwZWQzOWVlYzc2N2ZmNjk5YmQxYzFlNTkyZmI4ODczMTdhYzYwOTA0ZjRiIiwidGFnIjoiIn0%3D
			identify.netbank-se.com/	1970-01-20 07:32:52	Name: laravel_session Value: eyJpdiI6Img4SGVSL3hiemFHQ0s3VUdSbENWbHc9PSIsInZhbHVlIjoibUdVbkdjTzRhNWErT0E1dnZwOXd3c2pJUmxvT1lnai8zcG9WZWRwT0FkeTZqeHJKWEIxNTFDdnZOdlV5bHZ5TXdzRW5teGM0OXE0TGg5QzRibCs1WjRodVRZVWZpQVQ0VzBZMjBQM2hsWWtOMmk1QnQ3MjNYWEZOaWVEelNUVjkiLCJtYWMiOiJjMjI3MWVmMTlmYzYxYTkzYjRkYjZmYTgzMWJjNTk1Nzg5MjhlZDE5NWNiMDQzZGFkZmRlMDhiNTU3OTJjYmM4IiwidGFnIjoiIn0%3D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://identify.netbank-se.com/foretag/mobilt-bankid Message: The resource https://identify.netbank-se.com/images/bankid.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://identify.netbank-se.com/foretag/mobilt-bankid Message: The resource https://identify.netbank-se.com/images/nordea/card_reader.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://identify.netbank-se.com/foretag/mobilt-bankid Message: The resource https://identify.netbank-se.com/images/nordea/qr_reader.svg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

identify.netbank-se.com
89.185.84.39
0b76503946c6f19f7150b0950f704eac5cb94842b7698ea8eb9b0d4372b1bd05
2dd7a4aaf28ffec907932bfac6831e81c76aa0f502687d27670fd130528cf080
566e50a6380bbba616b4009092cf699587b3e849ff8d3de35dc1b90d30cc7929
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
b34c9039b5f92575e57676734ec42dd908ef1877fe59a4d55b4277db69663830
ce22eb0c405b78a4247ec19eba5816e03a01a3c065e84a2bc58a23875cd1efc7
f589532d90d96f0fb672c66fadb0fe2a6bcdbd20c18aa6cb274037acaab3b417