www.nordeafinans.no Open in urlscan Pro
104.111.240.96 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nordeafinans.no/
Effective URL:
https://www.nordeafinans.no/
Submission: On December 11 via manual (December 11th 2020, 2:41:25 pm UTC) from NO

Summary HTTP 25 Redirects Links 44 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 25 HTTP transactions. The main IP is 104.111.240.96, located in Netherlands and belongs to AKAMAI-AS, US. The main domain is www.nordeafinans.no.
TLS certificate: Issued by DigiCert ECC Extended Validation Serv... on June 26th 2020. Valid for: 2 years.

This is the only time www.nordeafinans.no was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	158.233.250.69 158.233.250.69	201271 (NORDEA-AS) (NORDEA-AS)
21	104.111.240.96 104.111.240.96	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.109.77.38 104.109.77.38	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.107.253.133 34.107.253.133	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
25	5

1 158.233.250.69 (Finland) 1 redirects

ASN201271 (NORDEA-AS, SE)

nordeafinans.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 104.111.240.96 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-240-96.deploy.static.akamaitechnologies.com

www.nordeafinans.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.77.38 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-77-38.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.253.133 (United States)

ASN15169 (GOOGLE, US)
PTR: 133.253.107.34.bc.googleusercontent.com

policy.cookiereports.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	nordeafinans.no 1 redirects nordeafinans.no www.nordeafinans.no	1 MB
2	tiqcdn.com tags.tiqcdn.com	39 KB
1	googleapis.com ajax.googleapis.com	30 KB
1	cookiereports.com policy.cookiereports.com	20 KB
0	Failed function sub() { [native code] }. Failed
25	5

	Domain	Requested by
21	www.nordeafinans.no	www.nordeafinans.no
2	tags.tiqcdn.com	www.nordeafinans.no tags.tiqcdn.com
1	ajax.googleapis.com	policy.cookiereports.com
1	policy.cookiereports.com	www.nordeafinans.no
1	nordeafinans.no	1 redirects
0	truncated Failed	www.nordeafinans.no
25	6

This site contains links to these domains. Also see Links.

Domain
nettbanken.nordea.no
nb.nordea.no
minfinansiering.flow.nordeafinans.no
eservice.nordeafinance.com
cct.nordea.no
flow.nordeafinans.no
www.nordea.no
nfn.apakgroup.com
nfportal.nordeafinance.com
kalkulator.nordeafinans.no
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com
tealium.com
www.vmware.com
support.microsoft.com
support.google.com
support.apple.com
support.mozilla.org

Subject Issuer	Validity	Valid
nordea.com DigiCert ECC Extended Validation Server CA	`2020-06-26` - `2022-06-25`	2 years	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2020-03-16` - `2021-06-15`	a year	crt.sh
policy.cookiereports.com Gandi Standard SSL CA 2	`2019-05-14` - `2021-05-24`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.nordeafinans.no/
Frame ID: CA89639FCB5A636B05B7B3B84601D429
Requests: 26 HTTP requests in this frame

Frame: data://truncated
Frame ID: DD24B3D308DDDFADE6F9FD1ABB649003
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 2E48D928858F547039104506BBDD28FC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://nordeafinans.no/ HTTP 301
https://www.nordeafinans.no/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

25
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

4
Countries

1249 kB
Transfer

1710 kB
Size

4
Cookies

44 Outgoing links

These are links going to different origins than the main page.

URL: https://nettbanken.nordea.no/login/
Title: Nettbank Privat Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://nb.nordea.no/jlogin/nettbank/login/login
Title: Nettbank Bedrift Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://minfinansiering.flow.nordeafinans.no/
Title: Min finansiering

Search URL Search Domain Scan URL

URL: https://eservice.nordeafinance.com/P6NCN/H6NCN000.asp
Title: Min søknad

Search URL Search Domain Scan URL

URL: https://cct.nordea.no/nocct?agm=false
Title: Kontakt og meldinger

Search URL Search Domain Scan URL

URL: https://flow.nordeafinans.no/
Title: Nordea Finans Flow

Search URL Search Domain Scan URL

URL: http://www.nordea.no/ncvsonline
Title: NCVS Partnerportalen

Search URL Search Domain Scan URL

URL: http://nfn.apakgroup.com/
Title: Online lagersystem

Search URL Search Domain Scan URL

URL: https://nfportal.nordeafinance.com/login/engine?FinCompany=552&Lang=8
Title: Factoring Online

Search URL Search Domain Scan URL

URL: http://www.nordea.no/privat/lan/billan-batlan-og-lan-uten-sikkerhet/billan-og-batlan.html
Title: Bil- og båtlån Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.nordea.no/privat/lan/billan-batlan-og-lan-uten-sikkerhet/billan-og-batlan.html#tab=Lanerettsbevis
Title: Lånerettsbevis Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.nordea.no/privat/daglig-bruk/bank-og-kredittkort/whitecard.html
Title: Whitecard Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/privat/kundeservice/general-data-protection-regulation.html
Title: GDPR - ny personvern policy Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/bil/index.html
Title: Bilfinansiering Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/driftsfinansiering/factoring.html
Title: Factoring Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/anleggsfinansiering/leasing.html
Title: Leasing av utstyr Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/anleggsfinansiering/nordea-techfleet.html
Title: Nordea Techfleet Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/anleggsfinansiering/utstyr-for-salg.html
Title: Brukt utstyr for salg Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/anleggsfinansiering/losore-lan-til-utstyr.html
Title: Løsørelån - lån til utstyr Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/kundefinansiering/index.html
Title: Kundefinansiering Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.nordea.no/bedrift/finansiering/anleggsfinansiering/
Title: Les om hva vi kan tilby Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.nordea.no/bedrift/finansiering/anleggsfinansiering/lan-og-leasingkalkulator.html
Title: Lån- og leasingkalkulator Se hva det koster å lease/låne Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://kalkulator.nordeafinans.no/firmabil
Title: Firmabilkalkulator Beregn kostnader ved firmabil Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/sikkerhet/
Title: Sikkerhet Les om sikkerhet på nett Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.nordea.no/bedrift/finansiering/bil/
Title: Finansiering av firmabilGi din bedrift handlefrihet Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.nordea.no/bedrift/finansiering/anleggsfinansiering/nordea-techfleet.html
Title: Administrasjonsløsningen Nordea TechfleetFor IKT- og medisinsk utstyr Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/vare-produkter/finansiering/anleggsfinansiering/losorelan-lan-til-utstyr.html
Title: Løsørelån - lån til utstyrFinansiering av utstyr din bedrift har behov for Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/bedrift/finansiering/bil/angaende-ditt-engasjement-hos-nordea-finans.html
Title: Send e-post Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/om-nordea/om-nordea/juridisk-informasjon/generelle-vilkar-nordeas-nettsider.html
Title: Generelle vilkår Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/om-nordea/om-nordea/juridisk-informasjon/nordeas-personvernpolicy.html
Title: Nordeas personvernpolicy Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/om-nordea/om-nordea/juridisk-informasjon/angrerett.html
Title: Angrefrist Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.nordea.no/om-nordea/om-nordea/juridisk-informasjon/important-information-for-us-persons.html
Title: Important information for US persons Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.facebook.com/NordeaNorge
Title: Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.twitter.com/NordeaNorge
Title: Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/nordea
Title: Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/NordeaNorge
Title: Åpnes i nytt vindu

Search URL Search Domain Scan URL

URL: http://tealium.com/
Title: Tealium

Search URL Search Domain Scan URL

URL: https://tealium.com/privacy/
Title: Personvern

Search URL Search Domain Scan URL

URL: https://www.vmware.com/
Title: VMware, Inc

Search URL Search Domain Scan URL

URL: https://www.vmware.com/help/privacy.html
Title: Personvern

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/nb-no/help/17442/windows-internet-explorer-delete-manage-cookies
Title: Microsoft Internet Explorer (IE)

Search URL Search Domain Scan URL

URL: https://support.google.com/chrome/answer/95647?hl=no
Title: Google Chrome

Search URL Search Domain Scan URL

URL: https://support.apple.com/no-no/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Title: Safari

Search URL Search Domain Scan URL

URL: https://support.mozilla.org/no/kb/aktiver-og-deaktiver-infokapsler
Title: Firefox

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nordeafinans.no/ HTTP 301
https://www.nordeafinans.no/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.nordeafinans.no/
Redirect Chain

http://nordeafinans.no/
https://www.nordeafinans.no/

34 KB
8 KB

257ms
149ms

Document
text/html

104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

51cd0c8c2800e2cf3327c2f91e39775d5291c7200a36ec9f16e1ee09901646ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.nordeafinans.no
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Content-Type: text/html;charset=utf-8
ETag: "59f45e467f1e016c48f6e1e74816a086"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=edge,chrome=1
Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Content-Length: 7099
Vary: Accept-Encoding
Cache-Control: public, max-age=59
Expires: Fri, 11 Dec 2020 14:42:07 GMT
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=node0mln4cxpe1270la71rci5c50431203.node0; Path=/; Secure NSC_TUBS.mjwf.xfn3.qspe.opsefb.dpn=14b5a3d9d159a0ad004cc5a1de58a16f5e0decc36459be7bfe9d673a686e43f5ec14a97e;path=/;secure;httponly DC=2; path=/

Redirect headers

Location: https://www.nordeafinans.no/
Strict-Transport-Security: max-age=157680000

GET
H/1.1 200
OK main.css
www.nordeafinans.no/static/dotxx2017/css/ 253 KB
43 KB 39ms
39ms Stylesheet
text/css 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4d70caa5372278f4c5cd1d327172fb501f68930732eacc594c2e59f4c89efb39

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cteonnt-Length: 259482
Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
Last-Modified: Wed, 18 Nov 2020 10:36:28 GMT
Server: nginx
ETag: "5fb4f92c-3f59a"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=42860568
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43311

GET
H/1.1 200
OK main.js Show response
www.nordeafinans.no/static/dotxx2017/js/ 431 KB
431 KB 107ms
65ms Script
application/javascript 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/static/dotxx2017/js/main.js?v=3.17.14

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

efdbfa8999a18d90ec8be45ffb7bf1689caf0f11c42ad13bafdc800e7846ed60

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Last-Modified: Wed, 18 Nov 2020 10:36:28 GMT
Server: nginx
ETag: "5fb4f92c-6bae7"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43199993
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 441063

GET
H/1.1 200
OK Nordea-logo%20(2017).svg
www.nordeafinans.no/Images/159-169221/ 2 KB
2 KB 38ms
38ms Image
image/svg+xml 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-169221/Nordea-logo%20(2017).svg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4273df9fda1edea73177fc0f181a659e190e37e040f09640f67f7bfe822df3b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Mon, 24 Apr 2017 08:31:35 GMT
Server: nginx
ETag: 1493022695000
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=9552
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 1915
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK colleagues-small-talking-in-office-building-2-large-overlay.jpg
www.nordeafinans.no/Images/159-270939/ 110 KB
110 KB 151ms
47ms Image
image/jpeg 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-270939/colleagues-small-talking-in-office-building-2-large-overlay.jpg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

16cf0d4bbd7ab14036d36bdb3b8b3bf29bb094dce51e8aaff5699e9953b4911c

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Fri, 07 Aug 2020 09:41:45 GMT
Server: nginx
ETag: 1596793305000
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=27943
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 112234
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Nordea_xx_small-Urban%20workout.jpg
www.nordeafinans.no/Images/159-380257/ 37 KB
37 KB 207ms
37ms Image
image/jpeg 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-380257/Nordea_xx_small-Urban%20workout.jpg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6435ea9a1fe3ba5af04557749a9c279782201749d06072ab7b9d280ac98bf056

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Sep 2020 09:37:55 GMT
Server: nginx
ETag: 1601372275000
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=27942
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 37927
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Couple-in-couch-with-tablet-large-overlay.jpg
www.nordeafinans.no/Images/159-229824/ 139 KB
139 KB 217ms
44ms Image
image/jpeg 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-229824/Couple-in-couch-with-tablet-large-overlay.jpg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5a84693a9c9d4dd2bef05fbdd49f73dce4658b082304b72dae8972ab95ebbdb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 25 Oct 2017 08:07:27 GMT
Server: nginx
ETag: 1508918847000
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=10254
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 142080
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Convertible-car-on-the-road-large-overlay.jpg
www.nordeafinans.no/Images/159-239642/ 136 KB
136 KB 232ms
47ms Image
image/jpeg 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-239642/Convertible-car-on-the-road-large-overlay.jpg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

09ec60519523c91f97e2a6e09ed82a6edd76cd18721ebcb66acd606cf60df436

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Mon, 18 Dec 2017 10:19:56 GMT
Server: nginx
ETag: 1513592396000
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=10234
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 138855
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK people-in-meeting-room-small-overlay.jpg
www.nordeafinans.no/Images/159-234649/ 46 KB
46 KB 62ms
62ms Image
image/jpeg 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-234649/people-in-meeting-room-small-overlay.jpg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

13c689508781c80953e53282d27adda99399978d5eb4640395cfc83f824a4725

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Fri, 07 Aug 2020 11:41:25 GMT
Server: nginx
ETag: 1596800485000
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=27867
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 46999
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK boat-and-mountains-small-overlay.jpg
www.nordeafinans.no/Images/159-242844/ 35 KB
35 KB 73ms
72ms Image
image/jpeg 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-242844/boat-and-mountains-small-overlay.jpg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

666db03bff14783e14c65239422e4a70fb092187871c637d37fe19780ddebd6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 10 Jan 2018 20:36:02 GMT
Server: nginx
ETag: 1515616562000
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=27896
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 35549
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Handyman-fixing-ceiling-small-overlay.jpg
www.nordeafinans.no/Images/159-239783/ 43 KB
44 KB 46ms
45ms Image
image/jpeg 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-239783/Handyman-fixing-ceiling-small-overlay.jpg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

cb238c09237ae5265e1e15866daec1303be27d1796290a9769f7acd8d19f69ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Tue, 28 Jul 2020 11:39:26 GMT
Server: nginx
ETag: 1595936366000
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, max-age=869
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 44467
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK facebook.svg
www.nordeafinans.no/Images/159-200667/ 303 B
669 B 35ms
35ms Image
image/svg+xml 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-200667/facebook.svg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1d8021bcac1849e2ee1ae2b7ab0180d1b4f51246d933e74ed45a8419bbdf1071

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 12 Jul 2017 10:50:11 GMT
Server: nginx
ETag: 1499856611000
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=27938
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 231
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK twitter.svg
www.nordeafinans.no/Images/159-200669/ 723 B
883 B 43ms
42ms Image
image/svg+xml 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-200669/twitter.svg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

10d3caf25a8a3d647cc2176ec4f8ba242875c500ae37c372a4cd8d99497a99c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 12 Jul 2017 10:51:06 GMT
Server: nginx
ETag: 1499856666000
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=28611
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 445
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK linkedin.svg
www.nordeafinans.no/Images/159-200668/ 382 B
715 B 38ms
37ms Image
image/svg+xml 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-200668/linkedin.svg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

693d46ad0e903dce59615931e50bed9218962085b0ae2f048539cfd13210ca73

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 12 Jul 2017 10:50:41 GMT
Server: nginx
ETag: 1499856641000
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=27852
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 277
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK youtube.svg
www.nordeafinans.no/Images/159-200670/ 785 B
892 B 45ms
44ms Image
image/svg+xml 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nordeafinans.no/Images/159-200670/youtube.svg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

35e886d202e2c72219bf834f5a67b9c12cf6698eb4237d8d54696572a377d624

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 12 Jul 2017 10:51:31 GMT
Server: nginx
ETag: 1499856691000
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=18886
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 454
X-XSS-Protection: 1; mode=block

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/nordea/finans-web/prod/ 143 KB
39 KB 107ms
61ms Script
application/x-javascript 104.109.77.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/nordea/finans-web/prod/utag.js
Requested by: Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 526b3c695e2f2a7622fdef362403f1fbcad561317dc8a162fc143f1cfb91bbab

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 11 Dec 2020 14:41:08 GMT
content-encoding: gzip
last-modified: Tue, 24 Nov 2020 09:17:54 GMT
server: AkamaiNetStorage
etag: "96b10e83f987b64c77b78032388c161e:1606209474.467887"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
content-length: 39881
expires: Fri, 11 Dec 2020 14:46:08 GMT

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1046c2618aa140dc881112f813d041df7f2c364e49d166b0c2a34e7484119aef

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK NordeaSansSmall-Medium.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ 26 KB
27 KB 80ms
63ms Font
font/woff2 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://www.nordeafinans.no
Referer: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Last-Modified: Wed, 18 Nov 2020 10:36:28 GMT
Server: nginx
ETag: "5fb4f92c-6900"
Vary: Accept-Encoding
Content-Type: font/woff2
Cache-Control: max-age=43200000
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26880

GET
H/1.1 200
OK iconfont.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ 15 KB
15 KB 143ms
110ms Font
font/woff2 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/static/dotxx2017/assets/fonts/iconfont.woff2

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

c1646d8b60b20b3020d99197f13a940cbdcc12506fe75bd9e3817e5c5dbf10bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://www.nordeafinans.no
Referer: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Last-Modified: Wed, 18 Nov 2020 10:36:28 GMT
Server: nginx
ETag: "5fb4f92c-3ba8"
Vary: Accept-Encoding
Content-Type: font/woff2
Cache-Control: max-age=43200000
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15272

GET
H/1.1 200
OK NordeaSansSmall-Regular.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ 26 KB
26 KB 160ms
127ms Font
font/woff2 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://www.nordeafinans.no
Referer: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Last-Modified: Wed, 18 Nov 2020 10:36:28 GMT
Server: nginx
ETag: "5fb4f92c-6734"
Vary: Accept-Encoding
Content-Type: font/woff2
Cache-Control: max-age=43200000
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26420

GET
H/1.1 200
OK NordeaSansLarge-Regular.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ 26 KB
27 KB 160ms
127ms Font
font/woff2 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://www.nordeafinans.no
Referer: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Last-Modified: Wed, 18 Nov 2020 10:36:28 GMT
Server: nginx
ETag: "5fb4f92c-6994"
Vary: Accept-Encoding
Content-Type: font/woff2
Cache-Control: max-age=43199998
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27028

GET
H/1.1 200
OK NordeaSansLarge-Medium.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ 27 KB
27 KB 154ms
121ms Font
font/woff2 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/static/dotxx2017/assets/fonts/NordeaSansLarge-Medium.woff2

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Origin: https://www.nordeafinans.no
Referer: https://www.nordeafinans.no/static/dotxx2017/css/main.css?v=3.17.14
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
Last-Modified: Wed, 18 Nov 2020 10:36:28 GMT
Server: nginx
ETag: "5fb4f92c-6b38"
Vary: Accept-Encoding
Content-Type: font/woff2
Cache-Control: max-age=43200000
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27448

GET
H2 200 ad3a78ba_panel-no.js Show response
policy.cookiereports.com/ 90 KB
20 KB 64ms
27ms Script
application/javascript 34.107.253.133
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://policy.cookiereports.com/ad3a78ba_panel-no.js
Requested by: Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.253.133 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 133.253.107.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: e2d7a8ee8690f916ad00bc5fca2d97a31c8348052934e250759030399cfbfaec

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 11 Dec 2020 14:41:08 GMT
content-encoding: gzip
last-modified: Tue, 08 Dec 2020 07:26:56 GMT
server: Apache
etag: "167ed-5b5eede184c1b-gzip"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: public,max-age=3600
accept-ranges: bytes
alt-svc: clear
content-length: 20055

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 23ms
23ms Script
application/x-javascript 104.109.77.38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/finans-web/202011240917&cb=1607697668459
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/nordea/finans-web/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 11 Dec 2020 14:41:08 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Fri, 11 Dec 2020 14:51:08 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
30 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: policy.cookiereports.com
URL: https://policy.cookiereports.com/ad3a78ba_panel-no.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 11 Dec 2020 10:21:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15570
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Dec 2021 10:21:38 GMT

GET
H/1.1 200
OK Nordea-logo%20(2017).svg Show response
www.nordeafinans.no/Images/159-169221/ 2 KB
2 KB 32ms
31ms XHR
image/svg+xml 104.111.240.96
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nordeafinans.no/Images/159-169221/Nordea-logo%20(2017).svg

Requested by

Host: www.nordeafinans.no
URL: https://www.nordeafinans.no/static/dotxx2017/js/main.js?v=3.17.14

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.240.96 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-240-96.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4273df9fda1edea73177fc0f181a659e190e37e040f09640f67f7bfe822df3b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nordeafinans.no/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=157680000
X-Content-Type-Options: nosniff
Last-Modified: Mon, 24 Apr 2017 08:31:35 GMT
Server: nginx
ETag: 1493022695000
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=9552
Date: Fri, 11 Dec 2020 14:41:08 GMT
Connection: keep-alive
Content-Length: 1915
X-XSS-Protection: 1; mode=block

GET truncated
/ Frame DD24 0
0

GET truncated
/ Frame 2E48 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: truncated
URL: data:truncated

Domain: truncated
URL: data:truncated

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.nordeafinans.no/	1969-12-31 23:59:59	Name: NSC_TUBS.mjwf.xfn3.qspe.opsefb.dpn Value: 28d4a3da599ae6f130f8abdefe6ec825d44a4a990de3341d7406867f13e553fe755c9399
.nordeafinans.no/	1970-01-19 23:20:33	Name: utag_main Value: v_id:0176523f995c0000786b9f9a86f800078001c07000b08$_sn:1$_se:1$_ss:1$_st:1607699468445$ses_id:1607697668445%3Bexp-session$_pn:1%3Bexp-session$_screen_uri_referring:%2F%3Bexp-session$lv:1$sv:1%3Bexp-session$le:1$se:1%3Bexp-session
www.nordeafinans.no/	1969-12-31 23:59:59	Name: DC Value: 2
www.nordeafinans.no/	1969-12-31 23:59:59	Name: JSESSIONID Value: node0mln4cxpe1270la71rci5c50431203.node0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
nordeafinans.no
policy.cookiereports.com
tags.tiqcdn.com
truncated
www.nordeafinans.no
truncated
104.109.77.38
104.111.240.96
158.233.250.69
2a00:1450:4001:821::200a
34.107.253.133
09ec60519523c91f97e2a6e09ed82a6edd76cd18721ebcb66acd606cf60df436
1046c2618aa140dc881112f813d041df7f2c364e49d166b0c2a34e7484119aef
1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245
10d3caf25a8a3d647cc2176ec4f8ba242875c500ae37c372a4cd8d99497a99c7
13c689508781c80953e53282d27adda99399978d5eb4640395cfc83f824a4725
16cf0d4bbd7ab14036d36bdb3b8b3bf29bb094dce51e8aaff5699e9953b4911c
1d8021bcac1849e2ee1ae2b7ab0180d1b4f51246d933e74ed45a8419bbdf1071
35e886d202e2c72219bf834f5a67b9c12cf6698eb4237d8d54696572a377d624
4273df9fda1edea73177fc0f181a659e190e37e040f09640f67f7bfe822df3b9
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
4d70caa5372278f4c5cd1d327172fb501f68930732eacc594c2e59f4c89efb39
51cd0c8c2800e2cf3327c2f91e39775d5291c7200a36ec9f16e1ee09901646ab
526b3c695e2f2a7622fdef362403f1fbcad561317dc8a162fc143f1cfb91bbab
5a84693a9c9d4dd2bef05fbdd49f73dce4658b082304b72dae8972ab95ebbdb7
6435ea9a1fe3ba5af04557749a9c279782201749d06072ab7b9d280ac98bf056
666db03bff14783e14c65239422e4a70fb092187871c637d37fe19780ddebd6f
693d46ad0e903dce59615931e50bed9218962085b0ae2f048539cfd13210ca73
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
c1646d8b60b20b3020d99197f13a940cbdcc12506fe75bd9e3817e5c5dbf10bf
c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3
cb238c09237ae5265e1e15866daec1303be27d1796290a9769f7acd8d19f69ca
e2d7a8ee8690f916ad00bc5fca2d97a31c8348052934e250759030399cfbfaec
efdbfa8999a18d90ec8be45ffb7bf1689caf0f11c42ad13bafdc800e7846ed60
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

www.nordeafinans.no Open in urlscan Pro 104.111.240.96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

100 %HTTPS

20 %IPv6

5 Domains

6 Subdomains

5 IPs

4 Countries

1249 kBTransfer

1710 kBSize

4 Cookies

44 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

www.nordeafinans.no Open in urlscan Pro
104.111.240.96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

4
Countries

1249 kB
Transfer

1710 kB
Size

4
Cookies

25 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!