www.nordeafinans.no
Open in
urlscan Pro
104.111.240.96
Malicious Activity!
Public Scan
Effective URL: https://www.nordeafinans.no/
Submission: On December 11 via manual from NO
Summary
TLS certificate: Issued by DigiCert ECC Extended Validation Serv... on June 26th 2020. Valid for: 2 years.
This is the only time www.nordeafinans.no was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 158.233.250.69 158.233.250.69 | 201271 (NORDEA-AS) (NORDEA-AS) | |
21 | 104.111.240.96 104.111.240.96 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 104.109.77.38 104.109.77.38 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 34.107.253.133 34.107.253.133 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE) | |
25 | 5 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-240-96.deploy.static.akamaitechnologies.com
www.nordeafinans.no |
ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-77-38.deploy.static.akamaitechnologies.com
tags.tiqcdn.com |
ASN15169 (GOOGLE, US)
PTR: 133.253.107.34.bc.googleusercontent.com
policy.cookiereports.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
nordeafinans.no
1 redirects
nordeafinans.no www.nordeafinans.no |
1 MB |
2 |
tiqcdn.com
tags.tiqcdn.com |
39 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
cookiereports.com
policy.cookiereports.com |
20 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
25 | 5 |
Domain | Requested by | |
---|---|---|
21 | www.nordeafinans.no |
www.nordeafinans.no
|
2 | tags.tiqcdn.com |
www.nordeafinans.no
tags.tiqcdn.com |
1 | ajax.googleapis.com |
policy.cookiereports.com
|
1 | policy.cookiereports.com |
www.nordeafinans.no
|
1 | nordeafinans.no | 1 redirects |
0 | truncated Failed |
www.nordeafinans.no
|
25 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nordea.com DigiCert ECC Extended Validation Server CA |
2020-06-26 - 2022-06-25 |
2 years | crt.sh |
*.tiqcdn.com DigiCert SHA2 Secure Server CA |
2020-03-16 - 2021-06-15 |
a year | crt.sh |
policy.cookiereports.com Gandi Standard SSL CA 2 |
2019-05-14 - 2021-05-24 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-11-10 - 2021-02-02 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.nordeafinans.no/
Frame ID: CA89639FCB5A636B05B7B3B84601D429
Requests: 26 HTTP requests in this frame
Frame:
data://truncated
Frame ID: DD24B3D308DDDFADE6F9FD1ABB649003
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 2E48D928858F547039104506BBDD28FC
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://nordeafinans.no/
HTTP 301
https://www.nordeafinans.no/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Tealium (Advertising Networks) Expand
Detected patterns
- script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i
Page Statistics
44 Outgoing links
These are links going to different origins than the main page.
Title: Nettbank Privat Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Nettbank Bedrift Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Min finansiering
Search URL Search Domain Scan URL
Title: Min søknad
Search URL Search Domain Scan URL
Title: Kontakt og meldinger
Search URL Search Domain Scan URL
Title: Nordea Finans Flow
Search URL Search Domain Scan URL
Title: NCVS Partnerportalen
Search URL Search Domain Scan URL
Title: Online lagersystem
Search URL Search Domain Scan URL
Title: Factoring Online
Search URL Search Domain Scan URL
Title: Bil- og båtlån Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Lånerettsbevis Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Whitecard Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: GDPR - ny personvern policy Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Bilfinansiering Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Factoring Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Leasing av utstyr Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Nordea Techfleet Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Brukt utstyr for salg Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Løsørelån - lån til utstyr Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Kundefinansiering Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Les om hva vi kan tilby Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Lån- og leasingkalkulator Se hva det koster å lease/låne Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Firmabilkalkulator Beregn kostnader ved firmabil Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Sikkerhet Les om sikkerhet på nett Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Finansiering av firmabilGi din bedrift handlefrihet Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Administrasjonsløsningen Nordea TechfleetFor IKT- og medisinsk utstyr Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Løsørelån - lån til utstyrFinansiering av utstyr din bedrift har behov for Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Send e-post Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Generelle vilkår Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Nordeas personvernpolicy Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Angrefrist Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Important information for US persons Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Åpnes i nytt vindu
Search URL Search Domain Scan URL
Title: Tealium
Search URL Search Domain Scan URL
Title: Personvern
Search URL Search Domain Scan URL
Title: VMware, Inc
Search URL Search Domain Scan URL
Title: Personvern
Search URL Search Domain Scan URL
Title: Microsoft Internet Explorer (IE)
Search URL Search Domain Scan URL
Title: Google Chrome
Search URL Search Domain Scan URL
Title: Safari
Search URL Search Domain Scan URL
Title: Firefox
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nordeafinans.no/
HTTP 301
https://www.nordeafinans.no/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
www.nordeafinans.no/ Redirect Chain
|
34 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
www.nordeafinans.no/static/dotxx2017/css/ |
253 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
www.nordeafinans.no/static/dotxx2017/js/ |
431 KB 431 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Nordea-logo%20(2017).svg
www.nordeafinans.no/Images/159-169221/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
colleagues-small-talking-in-office-building-2-large-overlay.jpg
www.nordeafinans.no/Images/159-270939/ |
110 KB 110 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Nordea_xx_small-Urban%20workout.jpg
www.nordeafinans.no/Images/159-380257/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Couple-in-couch-with-tablet-large-overlay.jpg
www.nordeafinans.no/Images/159-229824/ |
139 KB 139 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Convertible-car-on-the-road-large-overlay.jpg
www.nordeafinans.no/Images/159-239642/ |
136 KB 136 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
people-in-meeting-room-small-overlay.jpg
www.nordeafinans.no/Images/159-234649/ |
46 KB 46 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boat-and-mountains-small-overlay.jpg
www.nordeafinans.no/Images/159-242844/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Handyman-fixing-ceiling-small-overlay.jpg
www.nordeafinans.no/Images/159-239783/ |
43 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook.svg
www.nordeafinans.no/Images/159-200667/ |
303 B 669 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter.svg
www.nordeafinans.no/Images/159-200669/ |
723 B 883 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
linkedin.svg
www.nordeafinans.no/Images/159-200668/ |
382 B 715 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
youtube.svg
www.nordeafinans.no/Images/159-200670/ |
785 B 892 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
tags.tiqcdn.com/utag/nordea/finans-web/prod/ |
143 KB 39 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
177 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NordeaSansSmall-Medium.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ |
26 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iconfont.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NordeaSansSmall-Regular.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NordeaSansLarge-Regular.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ |
26 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NordeaSansLarge-Medium.woff2
www.nordeafinans.no/static/dotxx2017/assets/fonts/ |
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ad3a78ba_panel-no.js
policy.cookiereports.com/ |
90 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ |
2 B 202 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Nordea-logo%20(2017).svg
www.nordeafinans.no/Images/159-169221/ |
2 KB 2 KB |
XHR
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
truncated
/ Frame DD24 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
truncated
/ Frame 2E48 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- truncated
- URL
- data:truncated
- Domain
- truncated
- URL
- data:truncated
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| Nordea object| app_params boolean| isInICE object| utag_data boolean| utag_condload object| utag function| e boolean| __tealium_twc_switch object| globalWebAnalytics object| adobe function| Visitor object| _cookiereports function| $ function| jQuery object| cookieTable undefined| scrollTop undefined| scrollLeft object| elm4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.nordeafinans.no/ | Name: NSC_TUBS.mjwf.xfn3.qspe.opsefb.dpn Value: 28d4a3da599ae6f130f8abdefe6ec825d44a4a990de3341d7406867f13e553fe755c9399 |
|
.nordeafinans.no/ | Name: utag_main Value: v_id:0176523f995c0000786b9f9a86f800078001c07000b08$_sn:1$_se:1$_ss:1$_st:1607699468445$ses_id:1607697668445%3Bexp-session$_pn:1%3Bexp-session$_screen_uri_referring:%2F%3Bexp-session$lv:1$sv:1%3Bexp-session$le:1$se:1%3Bexp-session |
|
www.nordeafinans.no/ | Name: DC Value: 2 |
|
www.nordeafinans.no/ | Name: JSESSIONID Value: node0mln4cxpe1270la71rci5c50431203.node0 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=157680000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
nordeafinans.no
policy.cookiereports.com
tags.tiqcdn.com
truncated
www.nordeafinans.no
truncated
104.109.77.38
104.111.240.96
158.233.250.69
2a00:1450:4001:821::200a
34.107.253.133
09ec60519523c91f97e2a6e09ed82a6edd76cd18721ebcb66acd606cf60df436
1046c2618aa140dc881112f813d041df7f2c364e49d166b0c2a34e7484119aef
1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245
10d3caf25a8a3d647cc2176ec4f8ba242875c500ae37c372a4cd8d99497a99c7
13c689508781c80953e53282d27adda99399978d5eb4640395cfc83f824a4725
16cf0d4bbd7ab14036d36bdb3b8b3bf29bb094dce51e8aaff5699e9953b4911c
1d8021bcac1849e2ee1ae2b7ab0180d1b4f51246d933e74ed45a8419bbdf1071
35e886d202e2c72219bf834f5a67b9c12cf6698eb4237d8d54696572a377d624
4273df9fda1edea73177fc0f181a659e190e37e040f09640f67f7bfe822df3b9
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
4d70caa5372278f4c5cd1d327172fb501f68930732eacc594c2e59f4c89efb39
51cd0c8c2800e2cf3327c2f91e39775d5291c7200a36ec9f16e1ee09901646ab
526b3c695e2f2a7622fdef362403f1fbcad561317dc8a162fc143f1cfb91bbab
5a84693a9c9d4dd2bef05fbdd49f73dce4658b082304b72dae8972ab95ebbdb7
6435ea9a1fe3ba5af04557749a9c279782201749d06072ab7b9d280ac98bf056
666db03bff14783e14c65239422e4a70fb092187871c637d37fe19780ddebd6f
693d46ad0e903dce59615931e50bed9218962085b0ae2f048539cfd13210ca73
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
c1646d8b60b20b3020d99197f13a940cbdcc12506fe75bd9e3817e5c5dbf10bf
c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3
cb238c09237ae5265e1e15866daec1303be27d1796290a9769f7acd8d19f69ca
e2d7a8ee8690f916ad00bc5fca2d97a31c8348052934e250759030399cfbfaec
efdbfa8999a18d90ec8be45ffb7bf1689caf0f11c42ad13bafdc800e7846ed60
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d