urlscan.io logo urlscan.io
SecurityTrails logo

nor-dea.com Open in urlscan Pro
138.201.47.52  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nor-dea.com/
Effective URL: https://nor-dea.com/
Submission: On July 14 via manual from DK
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 29 HTTP transactions. The main IP is 138.201.47.52, located in Germany and belongs to HETZNER-AS, DE. The main domain is nor-dea.com.
TLS certificate: Issued by R3 on July 13th 2021. Valid for: 3 months.
This is the only time nor-dea.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

IP Address AS Autonomous System
1 28 138.201.47.52 24940 (HETZNER-AS)
1 34.107.253.133 15169 (GOOGLE)
1 104.109.77.38 16625 (AKAMAI-AS)
29 4
Apex Domain
Subdomains		 Transfer
28 nor-dea.com
nor-dea.com
955 KB
1 tiqcdn.com
tags.tiqcdn.com
202 B
1 cookiereports.com
policy.cookiereports.com
30 KB
29 3
Domain Requested by
28 nor-dea.com 1 redirects nor-dea.com
1 tags.tiqcdn.com nor-dea.com
1 policy.cookiereports.com nor-dea.com
29 3
Subject Issuer Validity Valid
*.nor-dea.com
R3		 2021-07-13 -
2021-10-11		 3 months crt.sh
policy.cookiereports.com
Gandi Standard SSL CA 2		 2021-05-17 -
2022-05-24		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2021-04-19 -
2022-04-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nor-dea.com/
Frame ID: 06403D1C21FC565AB0838C286AD2816F
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://nor-dea.com/ HTTP 301
    https://nor-dea.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

29
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

985 kB
Transfer

2104 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nor-dea.com/ HTTP 301
    https://nor-dea.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nor-dea.com/
Redirect Chain
  • http://nor-dea.com/
  • https://nor-dea.com/
84 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
186f036270909ecb8b5250b41d4eff456fb31592d7ad6d974d8a60ea9a30d66d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
nor-dea.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control
max-age=60, private, proxy-revalidate
expires
Fri, 13 Aug 2021 14:24:39 GMT
content-type
text/html
last-modified
Wed, 14 Jul 2021 07:47:44 GMT
accept-ranges
bytes
content-encoding
br
vary
Accept-Encoding,User-Agent
content-length
13160
date
Wed, 14 Jul 2021 14:24:39 GMT
server
LiteSpeed/6.0 Enterprise
x-content-type-options
nosniff
x-xss-protection
1; mode=block
alt-svc
h3-34=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-type
text/html
content-length
707
date
Wed, 14 Jul 2021 14:24:39 GMT
server
LiteSpeed/6.0 Enterprise
location
https://nor-dea.com/
x-content-type-options
nosniff
x-xss-protection
1; mode=block
vary
User-Agent
mainfa3e.css
nor-dea.com/static/dotxx2017/css/ 		257 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
4723f5a4161346b300c1e4cdda8b84eb6a207df5463f486b23393055e54fa631
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static/dotxx2017/css/mainfa3e.css?v=3.36.4
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:39 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 01 Jun 2021 20:24:48 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
max-age=172800, proxy-revalidate
accept-ranges
bytes
content-length
35320
x-xss-protection
1; mode=block
expires
Fri, 13 Aug 2021 14:24:39 GMT
clientfa3e.js
nor-dea.com/static-client/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static-client/clientfa3e.js?v=3.36.4
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
8514f3a8592336e28a91f99c3dc469d9525d83d991c9e2bb9a7452e1dd12f71f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static-client/clientfa3e.js?v=3.36.4
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:39 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 01 Jun 2021 20:28:28 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=172800, proxy-revalidate
accept-ranges
bytes
content-length
4699
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:39 GMT
vendors_clientfa3e.js
nor-dea.com/static-client/ 		196 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static-client/vendors_clientfa3e.js?v=3.36.4
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
4c40679e994e802dd8c84cad39768099c24d54ae2dcab56703d8e3e91594bc44
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static-client/vendors_clientfa3e.js?v=3.36.4
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 01 Jun 2021 20:28:28 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=172800, proxy-revalidate
accept-ranges
bytes
content-length
56482
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
mainfa3e.js
nor-dea.com/static/dotxx2017/js/ 		434 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
ba169ea224ff6c846a703647365946227857741b396358792820eec52ceba3cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static/dotxx2017/js/mainfa3e.js?v=3.36.4
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 01 Jun 2021 20:24:48 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=172800, proxy-revalidate
accept-ranges
bytes
content-length
121051
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
utag.sync.js
nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
47080fc7030412fd77e6bc2585c81b13814c91800bf956bba2a1495ca2a53aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:39 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Thu, 01 Jul 2021 20:32:12 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=172800, proxy-revalidate
accept-ranges
bytes
content-length
1109
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:39 GMT
Nordea-logo%20(2017).svg
nor-dea.com/Images/154-169221/ 		2 KB
920 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-169221/Nordea-logo%20(2017).svg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
4273df9fda1edea73177fc0f181a659e190e37e040f09640f67f7bfe822df3b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-169221/Nordea-logo%20(2017).svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Sun, 23 Apr 2017 21:31:34 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
841
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
porch-large-overlay.jpg
nor-dea.com/Images/154-315652/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-315652/porch-large-overlay.jpg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
1af3fc06c25b77614b8d5803ace1a2d4fd184b2e41c741d3e0d947f68fc5e13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-315652/porch-large-overlay.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Wed, 15 May 2019 19:49:12 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
79790
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
family-playing-on-floor-small-overlay.jpg
nor-dea.com/Images/154-230341/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-230341/family-playing-on-floor-small-overlay.jpg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
11022533036c924a0ef12239e16c15a709c3f9770bdca71656d69f7fd3c60efc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-230341/family-playing-on-floor-small-overlay.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Thu, 26 Nov 2020 00:00:22 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
47429
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
woman-looking-at-temple-small-overlay.jpg
nor-dea.com/Images/154-236000/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-236000/woman-looking-at-temple-small-overlay.jpg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
1a6ed310ee1475bde1229e47b8813fab95c0b3bed16840e6d72b601f7f3c79ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-236000/woman-looking-at-temple-small-overlay.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Thu, 08 Mar 2018 00:55:36 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
50623
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
nordea-open-bag-small.jpg
nor-dea.com/Images/154-406600/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-406600/nordea-open-bag-small.jpg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
bfd9becc09685210c985de3e4d672b311ab8db794d1027b4ac71a46d5a4ecad3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-406600/nordea-open-bag-small.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Wed, 26 May 2021 20:29:26 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
31825
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
Nora-summer-campaign-large-overlay_1280x650.jpg
nor-dea.com/Images/154-320168/ 		181 KB
181 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-320168/Nora-summer-campaign-large-overlay_1280x650.jpg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
89c14d71c5b3d7c02ababcfd9203957d2fcf6bdfe5fbcec115af48cabfa25a5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-320168/Nora-summer-campaign-large-overlay_1280x650.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Jul 2019 01:02:32 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
185259
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
father-playing-with-his-child-small-overlay.jpg
nor-dea.com/Images/154-234713/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-234713/father-playing-with-his-child-small-overlay.jpg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
dc66a5501365c26e5f0c0b47451f901e4038f9c341e9f573ecf0326b95710eef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-234713/father-playing-with-his-child-small-overlay.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 May 2018 00:29:38 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
44276
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
wearables-small-dark-overlay.jpg
nor-dea.com/Images/154-406881/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-406881/wearables-small-dark-overlay.jpg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
25cb4931bdc73603ef1ed80c0a29fc9271ccada257dea824215a4d25e39130ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-406881/wearables-small-dark-overlay.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Mon, 31 May 2021 01:46:10 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
51477
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
customer-service-blue-background.png
nor-dea.com/Images/154-405954/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-405954/customer-service-blue-background.png
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
0e8ab3d655b751d6b3f68a94a768ce65a547ad949ed772c092995bebcb34cd85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-405954/customer-service-blue-background.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Fri, 28 May 2021 03:11:44 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
20892
x-xss-protection
1; mode=block
expires
Thu, 14 Jul 2022 14:24:41 GMT
facebook.svg
nor-dea.com/Images/154-200667/ 		303 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-200667/facebook.svg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
1d8021bcac1849e2ee1ae2b7ab0180d1b4f51246d933e74ed45a8419bbdf1071
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-200667/facebook.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 11 Jul 2017 23:50:10 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
203
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
twitter.svg
nor-dea.com/Images/154-200669/ 		723 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-200669/twitter.svg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
10d3caf25a8a3d647cc2176ec4f8ba242875c500ae37c372a4cd8d99497a99c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-200669/twitter.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 11 Jul 2017 23:51:06 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
409
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
linkedin.svg
nor-dea.com/Images/154-200668/ 		382 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-200668/linkedin.svg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
693d46ad0e903dce59615931e50bed9218962085b0ae2f048539cfd13210ca73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-200668/linkedin.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 11 Jul 2017 23:50:40 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
247
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
youtube.svg
nor-dea.com/Images/154-200670/ 		785 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nor-dea.com/Images/154-200670/youtube.svg
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
35e886d202e2c72219bf834f5a67b9c12cf6698eb4237d8d54696572a377d624
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/Images/154-200670/youtube.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 11 Jul 2017 23:51:30 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
428
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
utag.js
nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/ 		286 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
cf6be2ffab32870f193c4c3c82a598079bcfc2a019166cded5cc31b3df47abc2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Thu, 01 Jul 2021 20:32:12 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=172800, proxy-revalidate
accept-ranges
bytes
content-length
83250
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
truncated
/ 		177 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1046c2618aa140dc881112f813d041df7f2c364e49d166b0c2a34e7484119aef

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
NordeaSansSmall-Regular.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2
pragma
no-cache
origin
https://nor-dea.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
nor-dea.com
referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://nor-dea.com
Referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Wed, 14 Apr 2021 00:58:40 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
26420
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
NordeaSansSmall-Medium.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2
pragma
no-cache
origin
https://nor-dea.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
nor-dea.com
referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://nor-dea.com
Referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 16 May 2021 21:05:52 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
26880
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
iconfont.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static/dotxx2017/assets/fonts/iconfont.woff2
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
c1646d8b60b20b3020d99197f13a940cbdcc12506fe75bd9e3817e5c5dbf10bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static/dotxx2017/assets/fonts/iconfont.woff2
pragma
no-cache
origin
https://nor-dea.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
nor-dea.com
referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://nor-dea.com
Referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Wed, 14 Apr 2021 00:58:40 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
15272
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
NordeaSansLarge-Regular.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2
pragma
no-cache
origin
https://nor-dea.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
nor-dea.com
referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://nor-dea.com
Referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Mon, 01 Feb 2021 21:35:52 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
27028
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
NordeaSansLarge-Medium.woff2
nor-dea.com/static/dotxx2017/assets/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/static/dotxx2017/assets/fonts/NordeaSansLarge-Medium.woff2
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/static/dotxx2017/assets/fonts/NordeaSansLarge-Medium.woff2
pragma
no-cache
origin
https://nor-dea.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
nor-dea.com
referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://nor-dea.com
Referer
https://nor-dea.com/static/dotxx2017/css/mainfa3e.css?v=3.36.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
x-content-type-options
nosniff
last-modified
Wed, 14 Apr 2021 00:58:40 GMT
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
27448
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
2cdc3edd_panel-sv-se.js
nor-dea.com/policy.cookiereports.com/ 		118 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/policy.cookiereports.com/2cdc3edd_panel-sv-se.js
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
9efe2862691ae1d9e1616af064b96b0099d43e3e04de9f8cac73d6150132b550
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/policy.cookiereports.com/2cdc3edd_panel-sv-se.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:41 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 12 Jul 2021 17:48:58 GMT
server
LiteSpeed/6.0 Enterprise
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=172800, proxy-revalidate
accept-ranges
bytes
content-length
22161
x-xss-protection
1; mode=block
expires
Wed, 21 Jul 2021 14:24:41 GMT
jquery.min.js
policy.cookiereports.com/j/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://policy.cookiereports.com/j/jquery.min.js
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/policy.cookiereports.com/2cdc3edd_panel-sv-se.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.253.133 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Apache /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 13:45:41 GMT
content-encoding
gzip
last-modified
Mon, 17 May 2021 11:56:37 GMT
server
Apache
age
2343
etag
"15d84-5c2854926587d-gzip"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
public,max-age=3600
accept-ranges
bytes
alt-svc
clear
content-length
30910
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
202 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/op-web/202107020732&cb=1626272684133
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-77-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://nor-dea.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 14:24:44 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Wed, 14 Jul 2021 14:34:44 GMT
getMessage
nor-dea.com/wemapp/api/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://nor-dea.com/wemapp/api/getMessage?id=15
Requested by
Host: nor-dea.com
URL: https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
138.201.47.52 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vs-scarlet.hostseo.com
Software
LiteSpeed/6.0 Enterprise /
Resource Hash
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
utag_main=v_id:017aa567d8370097aea3f872717800072001406a00b08$_sn:1$_se:1$_ss:1$_st:1626274484088$ses_id:1626272684088%3Bexp-session$_pn:1%3Bexp-session$lv:1$sv:1%3Bexp-session$le:1$se:1%3Bexp-session
:path
/wemapp/api/getMessage?id=15
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
nor-dea.com
referer
https://nor-dea.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://nor-dea.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jul 2021 14:24:44 GMT
x-content-type-options
nosniff
server
LiteSpeed/6.0 Enterprise
vary
User-Agent
content-type
text/html
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-length
1238
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| __HYDRATION_DATA__ object| __CONTEXT__ object| Nordea object| app_params boolean| isInICE object| __TEALIUM function| mboxCreate function| mboxDefine function| mboxUpdate object| adobe object| utag_data object| webpackChunkpublic_sites_node object| _cookiereports boolean| utag_condload object| utag function| e function| AppMeasurement_Module_AudienceManagement boolean| __tealium_twc_switch function| DIL object| globalWebAnalytics function| Visitor function| targetPageParamsAll function| targetPageParams function| $ function| jQuery object| cookieTable object| elm

1 Cookies

Domain/Path Name / Value
.nor-dea.com/ Name: utag_main
Value: v_id:017aa567d8370097aea3f872717800072001406a00b08$_sn:1$_se:1$_ss:1$_st:1626274484088$ses_id:1626272684088%3Bexp-session$_pn:1%3Bexp-session$lv:1$sv:1%3Bexp-session$le:1$se:1%3Bexp-session

2 Console Messages

Source Level URL
Text
console-api log URL: https://nor-dea.com/tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js(Line 2)
Message:
DV - Function AAM - 2.22.0
console-api warning URL: https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4(Line 11)
Message:
jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at ia (https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4:18:210436) at ua (https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4:18:214482) at HTMLDocument.<anonymous> (https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4:18:215754) at f (https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4:1:24838) at h (https://nor-dea.com/static/dotxx2017/js/mainfa3e.js?v=3.36.4:1:25140) undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nor-dea.com
policy.cookiereports.com
tags.tiqcdn.com
104.109.77.38
138.201.47.52
34.107.253.133
0e8ab3d655b751d6b3f68a94a768ce65a547ad949ed772c092995bebcb34cd85
1046c2618aa140dc881112f813d041df7f2c364e49d166b0c2a34e7484119aef
1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245
10d3caf25a8a3d647cc2176ec4f8ba242875c500ae37c372a4cd8d99497a99c7
11022533036c924a0ef12239e16c15a709c3f9770bdca71656d69f7fd3c60efc
186f036270909ecb8b5250b41d4eff456fb31592d7ad6d974d8a60ea9a30d66d
1a6ed310ee1475bde1229e47b8813fab95c0b3bed16840e6d72b601f7f3c79ac
1af3fc06c25b77614b8d5803ace1a2d4fd184b2e41c741d3e0d947f68fc5e13f
1d8021bcac1849e2ee1ae2b7ab0180d1b4f51246d933e74ed45a8419bbdf1071
25cb4931bdc73603ef1ed80c0a29fc9271ccada257dea824215a4d25e39130ab
35e886d202e2c72219bf834f5a67b9c12cf6698eb4237d8d54696572a377d624
4273df9fda1edea73177fc0f181a659e190e37e040f09640f67f7bfe822df3b9
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
47080fc7030412fd77e6bc2585c81b13814c91800bf956bba2a1495ca2a53aa3
4723f5a4161346b300c1e4cdda8b84eb6a207df5463f486b23393055e54fa631
4c40679e994e802dd8c84cad39768099c24d54ae2dcab56703d8e3e91594bc44
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
693d46ad0e903dce59615931e50bed9218962085b0ae2f048539cfd13210ca73
8514f3a8592336e28a91f99c3dc469d9525d83d991c9e2bb9a7452e1dd12f71f
89c14d71c5b3d7c02ababcfd9203957d2fcf6bdfe5fbcec115af48cabfa25a5b
9efe2862691ae1d9e1616af064b96b0099d43e3e04de9f8cac73d6150132b550
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
ba169ea224ff6c846a703647365946227857741b396358792820eec52ceba3cc
bfd9becc09685210c985de3e4d672b311ab8db794d1027b4ac71a46d5a4ecad3
c1646d8b60b20b3020d99197f13a940cbdcc12506fe75bd9e3817e5c5dbf10bf
c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3
cf6be2ffab32870f193c4c3c82a598079bcfc2a019166cded5cc31b3df47abc2
dc66a5501365c26e5f0c0b47451f901e4038f9c341e9f573ecf0326b95710eef
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d