omavero.fi-26.info Open in urlscan Pro
45.93.20.188  Malicious Activity! Public Scan

URL: https://omavero.fi-26.info/public/pages/?d=nordea
Submission: On December 27 via manual from FI — Scanned from FI

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 22 HTTP transactions. The main IP is 45.93.20.188, located in Russian Federation and belongs to CHANGWAY-AS, HK. The main domain is omavero.fi-26.info.
TLS certificate: Issued by R3 on December 26th 2023. Valid for: 3 months.
This is the only time omavero.fi-26.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Live information

Domain & IP information

IP Address AS Autonomous System
22 45.93.20.188 57523 (CHANGWAY-AS)
22 1
Apex Domain
Subdomains
Transfer
22 fi-26.info
omavero.fi-26.info
292 KB
22 1
Domain Requested by
22 omavero.fi-26.info omavero.fi-26.info
22 1

This site contains links to these domains. Also see Links.

Domain
www.nordea.fi
Subject Issuer Validity Valid
omavero.fi-26.info
R3
2023-12-26 -
2024-03-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://omavero.fi-26.info/public/pages/?d=nordea
Frame ID: 901DDEEA0CE027819379D53CC38E6334
Requests: 22 HTTP requests in this frame

Screenshot

Page Title

Nordea - Tunnistautuminen

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

292 kB
Transfer

729 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
omavero.fi-26.info/public/pages/
101 KB
29 KB
Document
General
Full URL
https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e7fe3c75fd4bb3db76eabb7c7458b63d55b56433c620e99ab64fae8fbfd5db6c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
29658
content-type
text/html; charset=UTF-8
date
Wed, 27 Dec 2023 05:53:06 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding
styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
omavero.fi-26.info/public/front_end/front_end_files/nordea/
29 KB
6 KB
Stylesheet
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c449d881b8a86555a34768460eab87a7c527df3c70eb1eed38d76be235dd39a3

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:32 GMT
server
LiteSpeed
etag
"75ab-64e39ce0-28051f;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
5753
expires
Wed, 03 Jan 2024 05:53:07 GMT
jquery.js
omavero.fi-26.info/public/front_end/front_end_files/nordea/
266 KB
72 KB
Script
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/jquery.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"42719-64e39cde-280511;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
73807
expires
Wed, 03 Jan 2024 05:53:07 GMT
jquery.validate.js
omavero.fi-26.info/public/front_end/front_end_files/nordea/
47 KB
12 KB
Script
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/jquery.validate.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
643cec1f3b8b02da905715f06e046d7c03d743b500a09457040503bdcf46f422

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:32 GMT
server
LiteSpeed
etag
"bab4-64e39ce0-280515;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
11910
expires
Wed, 03 Jan 2024 05:53:07 GMT
jquery.maskedinput.js
omavero.fi-26.info/public/front_end/front_end_files/nordea/
10 KB
3 KB
Script
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/jquery.maskedinput.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b134fc3f777a1aeb46d45b7999e88fb655daa62f4fafe5bcaed5f70b4bb7bcef

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"2902-64e39cde-280512;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
2498
expires
Wed, 03 Jan 2024 05:53:07 GMT
jquery.payment.js
omavero.fi-26.info/public/front_end/front_end_files/nordea/
17 KB
3 KB
Script
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/jquery.payment.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
95d434ce5101fa0215bc35d3422c524705f6cd7998b728fcc6d8277b07f39730

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"4494-64e39cde-280514;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
3357
expires
Wed, 03 Jan 2024 05:53:07 GMT
jquery.js
omavero.fi-26.info/public/js/cntdjs/
87 KB
30 KB
Script
General
Full URL
https://omavero.fi-26.info/public/js/cntdjs/jquery.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:36 GMT
server
LiteSpeed
etag
"15d9d-64e39ce4-2805b2;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
30112
expires
Wed, 03 Jan 2024 05:53:07 GMT
jquery.mask.js
omavero.fi-26.info/public/js/cntdjs/
23 KB
6 KB
Script
General
Full URL
https://omavero.fi-26.info/public/js/cntdjs/jquery.mask.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:36 GMT
server
LiteSpeed
etag
"5a88-64e39ce4-2805b3;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
5554
expires
Wed, 03 Jan 2024 05:53:07 GMT
cntd.js
omavero.fi-26.info/public/js/cntdjs/
3 KB
1000 B
Script
General
Full URL
https://omavero.fi-26.info/public/js/cntdjs/cntd.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c92e085ddf7aea5c3dc350f80e757f6f7a743fb97b4f004a69320a6e56d8c709

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:36 GMT
server
LiteSpeed
etag
"b0b-64e39ce4-2805b1;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
934
expires
Wed, 03 Jan 2024 05:53:07 GMT
loading.js
omavero.fi-26.info/public/js/shared/
3 KB
843 B
Script
General
Full URL
https://omavero.fi-26.info/public/js/shared/loading.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
986f80e622582142a00b8ec4f60b69082f6c1548e5ecf519a0295900a1cf3531

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:38 GMT
server
LiteSpeed
etag
"ce7-64e39ce6-2805c9;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
753
expires
Wed, 03 Jan 2024 05:53:07 GMT
online_status.js
omavero.fi-26.info/public/js/shared/
998 B
472 B
Script
General
Full URL
https://omavero.fi-26.info/public/js/shared/online_status.js
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:38 GMT
server
LiteSpeed
etag
"3e6-64e39ce6-2805cb;br"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
383
expires
Wed, 03 Jan 2024 05:53:07 GMT
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
3 KB
1 KB
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:32 GMT
server
LiteSpeed
etag
"af3-64e39ce0-28051b;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1268
expires
Wed, 03 Jan 2024 05:53:07 GMT
offline-8599dbe5088e0566b0e39373d3a56b60.svg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
2 KB
959 B
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/offline-8599dbe5088e0566b0e39373d3a56b60.svg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
4bb0667918cd4d97513a0d51d50ed3f3cf4d61ddb35f6319cde294149ebb79ae

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:32 GMT
server
LiteSpeed
etag
"751-64e39ce0-280519;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
881
expires
Wed, 03 Jan 2024 05:53:07 GMT
technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
3 KB
1 KB
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:32 GMT
server
LiteSpeed
etag
"b1e-64e39ce0-280520;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1099
expires
Wed, 03 Jan 2024 05:53:07 GMT
something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
3 KB
1 KB
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:32 GMT
server
LiteSpeed
etag
"c20-64e39ce0-28051e;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1160
expires
Wed, 03 Jan 2024 05:53:07 GMT
cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
3 KB
1 KB
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"c19-64e39cde-280506;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1347
expires
Wed, 03 Jan 2024 05:53:07 GMT
no-connection-83f79e2367a313b468986e12a237c346.svg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
5 KB
2 KB
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/no-connection-83f79e2367a313b468986e12a237c346.svg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:32 GMT
server
LiteSpeed
etag
"136e-64e39ce0-280518;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1947
expires
Wed, 03 Jan 2024 05:53:07 GMT
empty-3857ebe69f653487f8c9d99adde4657f.svg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
2 KB
695 B
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/empty-3857ebe69f653487f8c9d99adde4657f.svg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/pages/?d=nordea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/pages/?d=nordea
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
content-encoding
br
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"66a-64e39cde-28050b;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
629
expires
Wed, 03 Jan 2024 05:53:07 GMT
564d0ff0f3578b7128a458ef269b286a.jpg
omavero.fi-26.info/public/front_end/front_end_files/nordea/
67 KB
67 KB
Image
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/564d0ff0f3578b7128a458ef269b286a.jpg
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"10b43-64e39cde-2804fe;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
68419
expires
Wed, 03 Jan 2024 05:53:07 GMT
bb0a855a4f155c9c835a419f38c85653.woff2
omavero.fi-26.info/public/front_end/front_end_files/nordea/
2 KB
2 KB
Font
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/bb0a855a4f155c9c835a419f38c85653.woff2
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
9dd630e7cbf1a068b89a5a134e248ff63f2d452081bf86684aeb4b7f73712b76

Request headers

Referer
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Origin
https://omavero.fi-26.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"8e8-64e39cde-280504;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
2280
expires
Wed, 03 Jan 2024 05:53:07 GMT
c233a817ad142919d728ebf4c8b3d54c.woff2
omavero.fi-26.info/public/front_end/front_end_files/nordea/
26 KB
26 KB
Font
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/c233a817ad142919d728ebf4c8b3d54c.woff2
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03

Request headers

Referer
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Origin
https://omavero.fi-26.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"6900-64e39cde-280505;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
26880
expires
Wed, 03 Jan 2024 05:53:07 GMT
7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
omavero.fi-26.info/public/front_end/front_end_files/nordea/
26 KB
26 KB
Font
General
Full URL
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
Requested by
Host: omavero.fi-26.info
URL: https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.93.20.188 , Russian Federation, ASN57523 (CHANGWAY-AS, HK),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff

Request headers

Referer
https://omavero.fi-26.info/public/front_end/front_end_files/nordea/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Origin
https://omavero.fi-26.info
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 27 Dec 2023 05:53:07 GMT
last-modified
Mon, 21 Aug 2023 17:20:30 GMT
server
LiteSpeed
etag
"6734-64e39cde-280500;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
26420
expires
Wed, 03 Jan 2024 05:53:07 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| validateQty object| webkitEventStorage function| AbortSignalRenderer string| urlroot string| uniqueid object| controller string| url function| custom_callback

1 Cookies

Domain/Path Name / Value
omavero.fi-26.info/ Name: PHPSESSID
Value: ks6r4nm43tf0chmikacekse08a

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

omavero.fi-26.info
45.93.20.188
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
4bb0667918cd4d97513a0d51d50ed3f3cf4d61ddb35f6319cde294149ebb79ae
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
643cec1f3b8b02da905715f06e046d7c03d743b500a09457040503bdcf46f422
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
95d434ce5101fa0215bc35d3422c524705f6cd7998b728fcc6d8277b07f39730
986f80e622582142a00b8ec4f60b69082f6c1548e5ecf519a0295900a1cf3531
9dd630e7cbf1a068b89a5a134e248ff63f2d452081bf86684aeb4b7f73712b76
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
b134fc3f777a1aeb46d45b7999e88fb655daa62f4fafe5bcaed5f70b4bb7bcef
c449d881b8a86555a34768460eab87a7c527df3c70eb1eed38d76be235dd39a3
c92e085ddf7aea5c3dc350f80e757f6f7a743fb97b4f004a69320a6e56d8c709
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7
e7fe3c75fd4bb3db76eabb7c7458b63d55b56433c620e99ab64fae8fbfd5db6c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e