cordeo.com

https://Cordeo.com

172.67.137.186 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

9501 days

HTTP

200 · 34.0s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Cordeo Brand Portal | Op naar een Sterk Merk - Cordeo"

Save

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Cordeo

Unknown

technology | ecommerce | finance | other · 4/5/2026

Summary

The page presents Cordeo branding on cordeо.com with a visible Brand Portal title. However, the page appears to be a legitimate corporate site offering brand portal content rather than a clear credential-phishing surface. The screenshot indicates a consent banner and a SPA-like composition with multiple JS assets, but there is no explicit credential harvesting UI in the static HTML. The domain is the official brand domain, but the presence of a Cookiebot consent overlay and extensive external scripts warrants monitoring for potential dynamic credential capture in the SPA; as of the static HTML and observed network, no direct phishing indicative form submission is detected.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://www.cordeo.com/cdn-cgi/rum?.

▸Distinctive asset clues: uc.js, jquery.js, app.css, Screenshot-2024-07-03-at-11.03.48.png, Cordeo_Referentie_Logo_Amsterdam.svg.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 67

Hosts: 6

Domains: 4

Observed Signals (0)

Observed Indicators (1)

▸POST request to /cdn-cgi/rum? observed (likely a Cloudflare/rapid response endpoint) but no credential submission endpoint detected

Risk AssessmentUsed in abuse reports

The site uses the official brand domain cordeо.com and displays legitimate brand portal content. There is no static credential harvesting form in the HTML, but the SPA nature means credentials could be captured dynamically via JavaScript. The presence of numerous external scripts and a consent management iframe suggests standard web analytics and cookie consent usage; however, the risk score is elevated by the SPA rendering pattern and the immediate post target to a CDN URL, which could be used for dynamic data exfiltration if misconfigured. Monitor for any credential collection surfaces in the runtime UI and verify that no form submissions route to an external domain. Recommend continued observation and confirm alignment with legitimate brand portal behavior.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence