www.postennorge.no Open in urlscan Pro
51.107.209.39 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.postennorge.no/
Effective URL:
https://www.postennorge.no/
Submission: On October 31 via api (October 31st 2022, 9:24:55 am UTC) from US — Scanned from NO

Summary HTTP 15 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 15 HTTP transactions. The main IP is 51.107.209.39, located in Oslo, Norway and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.postennorge.no.
TLS certificate: Issued by Buypass Class 2 CA 5 on May 25th 2022. Valid for: 6 months.

This is the only time www.postennorge.no was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Posten Norge (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 8	51.107.209.39 51.107.209.39	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	104.16.85.20 104.16.85.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.173.12 172.64.173.12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.73.195.171 3.73.195.171	16509 (AMAZON-02) (AMAZON-02)
15	4

8 51.107.209.39 (Oslo, Norway) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.postennorge.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.85.20 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.173.12 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.73.195.171 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-195-171.eu-central-1.compute.amazonaws.com

6015663.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	postennorge.no 1 redirects www.postennorge.no	750 KB
6	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 387	171 KB
1	siteimproveanalytics.io 6015663.global.siteimproveanalytics.io	474 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 3160	13 KB
15	4

	Domain	Requested by
8	www.postennorge.no	1 redirects www.postennorge.no
6	cdn.jsdelivr.net	www.postennorge.no cdn.jsdelivr.net
1	6015663.global.siteimproveanalytics.io
1	siteimproveanalytics.com	www.postennorge.no
15	4

This site contains links to these domains. Also see Links.

Domain
id.posten.no
www.posten.no
www.bring.no

Subject Issuer	Validity	Valid
www.postennorge.no Buypass Class 2 CA 5	`2022-05-25` - `2022-11-20`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.global.r1.siteimproveanalytics.io Amazon	`2022-09-09` - `2023-10-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.postennorge.no/
Frame ID: 48216D6E2D4FE3D1E32AA21639AC3635
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Velkommen til Posten Norge ASSøkNOT_TRANSLATEDLukke meny

Page URL History Show full URLs

http://www.postennorge.no/ HTTP 301
https://www.postennorge.no/ Page URL

Detected technologies

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

935 kB
Transfer

1334 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://id.posten.no/minside
Title: Min side

Search URL Search Domain Scan URL

URL: https://www.posten.no/
Title: For private – Posten.no

Search URL Search Domain Scan URL

URL: https://www.bring.no/
Title: For bedrifter – Bring.no

Search URL Search Domain Scan URL

URL: https://www.posten.no/kundeservice
Title: Posten kundeservice

Search URL Search Domain Scan URL

URL: https://www.bring.no/kundeservice
Title: Bring kundeservice

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.postennorge.no/ HTTP 301
https://www.postennorge.no/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.postennorge.no/
Redirect Chain

http://www.postennorge.no/
https://www.postennorge.no/

39 KB
9 KB

714ms
638ms

Document
text/html

51.107.209.39
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.postennorge.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.107.209.39 Oslo, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

765c50d9eee71459b2b1b6bafbe0a9e35776c25112be9d9e1f6aee70227bbce0

Security Headers

Name	Value
Content-Security-Policy	default-src https://play.google.com/ https://www.youtube-nocookie.com https://www.google.com/ https://policy.app.cookieinformation.com/ https://form.typeform.com 'self'; connect-src https://uatoebsws.posten.no https://adressesok.posten.no https://posten.boost.ai https://policy.app.cookieinformation.com/ https://cdn.jsdelivr.net https://js.arcgis.com https://www.arcgis.com https://geocode.arcgis.com https://services.geodataonline.no https://basemaps.arcgis.com https://static.arcgis.com https://cdn.arcgis.com https://vector.services.geodataonline.no https://ws.geonorge.no https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com http://cfvod.kaltura.com http://cdnapisec.kaltura.com 'self'; base-uri 'self'; form-action https://tracking.bring.com 'self'; script-src https://cdnapisec.kaltura.com https://cdnapi.kaltura.com https://posten.boost.ai https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://posten-bring.force.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data; worker-src blob:; media-src blob:
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src https://play.google.com/ https://www.youtube-nocookie.com https://www.google.com/ https://policy.app.cookieinformation.com/ https://form.typeform.com 'self'; connect-src https://uatoebsws.posten.no https://adressesok.posten.no https://posten.boost.ai https://policy.app.cookieinformation.com/ https://cdn.jsdelivr.net https://js.arcgis.com https://www.arcgis.com https://geocode.arcgis.com https://services.geodataonline.no https://basemaps.arcgis.com https://static.arcgis.com https://cdn.arcgis.com https://vector.services.geodataonline.no https://ws.geonorge.no https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com http://cfvod.kaltura.com http://cdnapisec.kaltura.com 'self'; base-uri 'self'; form-action https://tracking.bring.com 'self'; script-src https://cdnapisec.kaltura.com https://cdnapi.kaltura.com https://posten.boost.ai https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://posten-bring.force.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data; worker-src blob:; media-src blob:
content-type: text/html
date: Mon, 31 Oct 2022 09:24:48 GMT
server: Apache
strict-transport-security: max-age=63072000
transfer-encoding: chunked
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
location: https://www.postennorge.no/
strict-transport-security: max-age=63072000

GET
H2 200 posten.css
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ 215 KB
31 KB 424ms
45ms Stylesheet
text/css 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/posten.css

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ac0a3f69b90c2fcfef978d81a1957d923234a0c20f13cec68fa0e40c076b44d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3928
x-jsd-version: 11.9.5
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19172-FRA, cache-yyz4521-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"35ae7-VIUJ2giFc9+RlRgcbyfbUh4mbO8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LicEK0c0pwo%2BqKiMRIVYJ4YzgYwuwb6MAfypdDEFWz0GyEmeqoXILr%2FY2dATIUgNhlcLNboJPhwkXn%2Fy2ksy%2FgMjjVLQLnMXW%2B85bf%2F7FYrmyBhBY%2B7jaSaARPzKS4KqDiI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 762b5700aaa10af6-OSL

GET
H/1.1 200
OK barn-skaterpaa-fortau-postbil-i-gata.jfif.jpeg
www.postennorge.no/_/image/7c8511d1-72d7-4303-95a2-7cbbf3b37d0f:db432e71cf396443a95a8ab2558d56c5acc9f0a0/width-800/ 103 KB
103 KB 90ms
90ms Image
image/jpeg 51.107.209.39
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postennorge.no/_/image/7c8511d1-72d7-4303-95a2-7cbbf3b37d0f:db432e71cf396443a95a8ab2558d56c5acc9f0a0/width-800/barn-skaterpaa-fortau-postbil-i-gata.jfif.jpeg

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.107.209.39 Oslo, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

999df38f0a76b5f67171450b83ecdba9f3c1a12865407fd3cec9025d17b6c34c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
content-security-policy: default-src 'none'; base-uri 'none'; form-action 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: Apache
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=31536000, immutable
content-length: 105209
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK el-sykkel-gr%C3%B8nn-urbant.jpg.jpeg
www.postennorge.no/_/image/72f90ffa-d296-47da-88c5-bb5ca0526805:b1ebe3a09d274fbfd484aca62c6951d128e47827/width-800/ 137 KB
137 KB 190ms
114ms Image
image/jpeg 51.107.209.39
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postennorge.no/_/image/72f90ffa-d296-47da-88c5-bb5ca0526805:b1ebe3a09d274fbfd484aca62c6951d128e47827/width-800/el-sykkel-gr%C3%B8nn-urbant.jpg.jpeg

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.107.209.39 Oslo, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

cf68c53d856262189ed0167adb6ddd94cb90c3df0561057deb6820b2f22d0584

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
content-security-policy: default-src 'none'; base-uri 'none'; form-action 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: Apache
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=31536000, immutable
content-length: 140270
x-xss-protection: 1; mode=block

GET
H2 200 main.js Show response
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ 160 KB
53 KB 409ms
56ms Script
application/javascript 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12b77684ea22d187248cad57dde2f70d73d56d7200d617d037e405e6f1865672

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3956
x-jsd-version: 11.9.5
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19165-FRA, cache-yyz4574-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"28181-2EKNrg/BGxLC+Dxm4axLofxXAq8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4q4a0%2FspBDM0NgdOr3VyCE66ldGFGlpibIFbBgTWphH1K9ByCoECirvheR0W0OjGfF8tJtbEQFX04tkHezroD%2F1SWQ3tqGXDausAdU5D9hFHTAin1mYSVos9TC0bYnSTd0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 762b5700aaa30af6-OSL

GET
H2 200 icons.min.js Show response
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ 485 B
1 KB 395ms
42ms Script
application/javascript 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f660ca0badb23ddca91dd3b86c7a538d64c5acab3327a981942f792484ef631f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3956
x-jsd-version: 11.9.5
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19147-FRA, cache-yyz4522-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"1e5-WAbOTOVCBaDeieReJgLvn/XKjp4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bJkKzzTXI4TVUVVuHolAF7WadUEAe7q%2FFDMsunRq77xe0kYjzh%2BI55zacTVbP0BOwpfraFewpwZzs6d4%2ByDSOMJ3VcO8chTEJXDEldjKfc7bbJwML2zAFAYsKdXbTsSRFrI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 762b5700aaa40af6-OSL

GET
H/1.1 200
OK Kvinne-smiler-i-Autostore-PMM-65754-%20Foto_Aksel_Jermstad.jpg.jpeg
www.postennorge.no/_/image/fae9bb14-8272-4ed4-8225-08c301cf8819:6697313d90f92daf3c065b79291b7aa7457ab2a7/width-800/ 60 KB
60 KB 113ms
112ms Image
image/jpeg 51.107.209.39
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postennorge.no/_/image/fae9bb14-8272-4ed4-8225-08c301cf8819:6697313d90f92daf3c065b79291b7aa7457ab2a7/width-800/Kvinne-smiler-i-Autostore-PMM-65754-%20Foto_Aksel_Jermstad.jpg.jpeg?quality=80

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.107.209.39 Oslo, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

4c2e9f86b66c458df2f832363c3744f5d3ce86c123b361d8c3f8eb93304fc0c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
content-security-policy: default-src 'none'; base-uri 'none'; form-action 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: Apache
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=31536000, immutable
content-length: 61175
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK pakker-pa-postterminal.jfif.jpeg
www.postennorge.no/_/image/af3e56e7-08c3-4830-b178-395339f16a39:6f64aa37b8f67dcf7132f3596a51f000e9339d8d/width-800/ 151 KB
152 KB 111ms
110ms Image
image/jpeg 51.107.209.39
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postennorge.no/_/image/af3e56e7-08c3-4830-b178-395339f16a39:6f64aa37b8f67dcf7132f3596a51f000e9339d8d/width-800/pakker-pa-postterminal.jfif.jpeg?quality=80

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.107.209.39 Oslo, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

b38ee804606cfb5640f70f824ffeaa1e29f4ef09c736221f3ccdcd495dd049ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
content-security-policy: default-src 'none'; base-uri 'none'; form-action 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: Apache
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=31536000, immutable
content-length: 155079
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK vr-briller.jpg.jpeg
www.postennorge.no/_/image/28646171-8da7-4446-bccd-d7f2f29d37d0:0b7b944efb23bb299e0a7cc2b25e02c5fa903e3c/width-800/ 44 KB
44 KB 213ms
135ms Image
image/jpeg 51.107.209.39
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postennorge.no/_/image/28646171-8da7-4446-bccd-d7f2f29d37d0:0b7b944efb23bb299e0a7cc2b25e02c5fa903e3c/width-800/vr-briller.jpg.jpeg?quality=80

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.107.209.39 Oslo, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

decc880478312433effc906c9d468cdbd24bd5a774ef5bcb0cff588c28bc7b50

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
content-security-policy: default-src 'none'; base-uri 'none'; form-action 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: Apache
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=31536000, immutable
content-length: 45133
x-xss-protection: 1; mode=block

GET
H2 200 PostenSans-Regular.woff2
cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts/ 29 KB
29 KB 416ms
43ms Font
font/woff2 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts/PostenSans-Regular.woff2

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34ba719e7f615b8acccbbb7deff55e38e8d5a71234d7d459ddb816340b2cd970

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.postennorge.no/
Origin: https://www.postennorge.no
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 27805
x-jsd-version: 11.9.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29396
x-served-by: cache-fra19124-FRA, cache-bma1626-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"72d4-3ZLkipcf/7LbIwJY7bCRJzDtYC4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1vk%2FkCm2MufWqngrTHCUyueFeqtc4mtg%2BELsV2SYkgDgt%2BAnJC%2FsLZIWT0g8YbV5scu4TjAnVBwQlQFdhRkjv6c%2FWgA0WS8KOeZEAgibDg1IHKo%2FzNce05mAecpPyeNB%2B4%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 762b57038900b503-OSL

GET
H2 200 PostenSans-Medium.woff2
cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts/ 29 KB
29 KB 423ms
50ms Font
font/woff2 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts/PostenSans-Medium.woff2

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b92491bfcbb457aa48f6c9b6adf0f4a6be0fd6594634126b7788919bd3b734d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.postennorge.no/
Origin: https://www.postennorge.no
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 12196
x-jsd-version: 11.9.0
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29292
x-served-by: cache-fra19151-FRA, cache-itm18848-ITM
x-jsd-version-type: version
server: cloudflare
etag: W/"726c-ixU6fATbwupzAJGKd8zi2ao2Z4E"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YXwwjV%2FnXT4Tuwn9oSxqWSjJAFyTsvK6HhBegQ2Xqnzt4zjwt6wW0dcIOMCF6jh%2FsoqiSX3pEWh92cbIGhongJ3UzL7Lw4J6nDrj4bAUGI1oTw5PYBMn1TBxu2Cweosuqqw%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 762b57038903b503-OSL

GET
H/1.1 200
OK postdame-med-tralle-cropped.jfif
www.postennorge.no/_/image/75b0fae7-6399-4680-8612-c52310d79fb9:90c02d26195ac462ccd17b1453a4df91819d955e/width-2500/ 244 KB
244 KB 233ms
154ms Image
image/jpeg 51.107.209.39
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postennorge.no/_/image/75b0fae7-6399-4680-8612-c52310d79fb9:90c02d26195ac462ccd17b1453a4df91819d955e/width-2500/postdame-med-tralle-cropped.jfif?quality=70

Requested by

Host: www.postennorge.no
URL: https://www.postennorge.no/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.107.209.39 Oslo, Norway, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

0534da325a4e5f653d2339ad4341b25c0e82a8a47cb60c72f8323f5bec6392c5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
content-security-policy: default-src 'none'; base-uri 'none'; form-action 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
server: Apache
x-frame-options: DENY
content-type: image/jpeg
cache-control: public, max-age=31536000, immutable
content-length: 249625
x-xss-protection: 1; mode=block

GET
H2 200 svg-sprite.svg Show response
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ 79 KB
27 KB 409ms
78ms XHR
image/svg+xml 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/svg-sprite.svg

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db603ebe29c314fd1d9922d8e52593e895cfbeae0ee195715cb9a3083da50bad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3927
x-jsd-version: 11.9.5
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19134-FRA, cache-yyz4562-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"13b1b-ZZLHwm+MMyVGp1RzaHe2X3UhjcU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=etcMGInKUn%2F1hfDC6psfSTKQgZnXCLWBn7iTmu2%2Fn2%2FmNzIdFAR8yI7CF7c34a1GpayY6eKP9c0hTSBZnJkwdhL5TXgLuJknPFqiWbgIBwwCKCWTzioW5K62kxvNrltM2Gk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 762b57038905b503-OSL

GET
H2 200 siteanalyze_6015663.js Show response
siteimproveanalytics.com/js/ 45 KB
13 KB 476ms
62ms Script
application/javascript 172.64.173.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6015663.js
Requested by: Host: www.postennorge.no
URL: https://www.postennorge.no/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.173.12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eee2d3fb136d9492bdfc979268e15b655b8547e7a25d15e6f4e66a6bda5343bc

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 09:24:49 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: ZQ56H35VXS0GVH6Z
age: 5402
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13042
x-amz-id-2: bihZ8iVhMXxzI1tgpUqkYk2f8GQwL4hvN9q4IKSJXjq02QuXc+daEIKI24fpZaac4VjNSBsdnzo=
last-modified: Fri, 28 Oct 2022 09:22:26 GMT
server: cloudflare
etag: "af35bcc97462bd4632490939f3e0bca4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZRRcl6onCcU8DW9QtUAPQajEjgUy4n4ZFWirW26RIVOtP7XZb2qYHOSyjx83%2FzWy%2BE0l8GdP60h3GmBCouTgXkcIBxgZV3jrbTl2zZHq%2BEE8S9mEQa3xwjktLVRqP%2Fz0y9NJYwzWaHItrs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 762b57041b9b7539-LHR

GET
H2 200 image.aspx
6015663.global.siteimproveanalytics.io/ 34 B
474 B 220ms
57ms Image
image/gif 3.73.195.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6015663.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.postennorge.no%2F&title=Velkommen%20til%20Posten%20Norge%20AS&res=1600x1200&accountid=6015663&rt=2057&prev=616adb85-f422-6b34-880c-43eb35dc2583&luid=593565cd-9361-dfee-bf18-6fed899273b7&rnd=52420
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.73.195.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-73-195-171.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.postennorge.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type: image/gif
date: Mon, 31 Oct 2022 09:24:50 GMT
cache-control: max-age=0
content-length: 34
expires: Mon, 31 Oct 2022 09:24:50 UTC

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Posten Norge (Transportation)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.postennorge.no/	1970-01-20 16:42:48	Name: nmstat Value: 616adb85-f422-6b34-880c-43eb35dc2583
			6015663.global.siteimproveanalytics.io/	1970-01-20 07:16:53	Name: AWSALBCORS Value: GcSBZuJH3OfP+ya2Sy3VX8Gjvyjg0aJGkLj5KcVI9Szlh4ObAft6kErEsNB6mPAkByTgRsup5XTcpSewc9D0dIK3rZ9o0TwEa9zgCMBV7wr6OGqtxrcEtl87b1OQ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https://play.google.com/ https://www.youtube-nocookie.com https://www.google.com/ https://policy.app.cookieinformation.com/ https://form.typeform.com 'self'; connect-src https://uatoebsws.posten.no https://adressesok.posten.no https://posten.boost.ai https://policy.app.cookieinformation.com/ https://cdn.jsdelivr.net https://js.arcgis.com https://www.arcgis.com https://geocode.arcgis.com https://services.geodataonline.no https://basemaps.arcgis.com https://static.arcgis.com https://cdn.arcgis.com https://vector.services.geodataonline.no https://ws.geonorge.no https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com http://cfvod.kaltura.com http://cdnapisec.kaltura.com 'self'; base-uri 'self'; form-action https://tracking.bring.com 'self'; script-src https://cdnapisec.kaltura.com https://cdnapi.kaltura.com https://posten.boost.ai https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://posten-bring.force.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data; worker-src blob:; media-src blob:
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6015663.global.siteimproveanalytics.io
cdn.jsdelivr.net
siteimproveanalytics.com
www.postennorge.no
104.16.85.20
172.64.173.12
3.73.195.171
51.107.209.39
0534da325a4e5f653d2339ad4341b25c0e82a8a47cb60c72f8323f5bec6392c5
12b77684ea22d187248cad57dde2f70d73d56d7200d617d037e405e6f1865672
1b92491bfcbb457aa48f6c9b6adf0f4a6be0fd6594634126b7788919bd3b734d
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2ac0a3f69b90c2fcfef978d81a1957d923234a0c20f13cec68fa0e40c076b44d
34ba719e7f615b8acccbbb7deff55e38e8d5a71234d7d459ddb816340b2cd970
4c2e9f86b66c458df2f832363c3744f5d3ce86c123b361d8c3f8eb93304fc0c4
765c50d9eee71459b2b1b6bafbe0a9e35776c25112be9d9e1f6aee70227bbce0
999df38f0a76b5f67171450b83ecdba9f3c1a12865407fd3cec9025d17b6c34c
b38ee804606cfb5640f70f824ffeaa1e29f4ef09c736221f3ccdcd495dd049ef
cf68c53d856262189ed0167adb6ddd94cb90c3df0561057deb6820b2f22d0584
db603ebe29c314fd1d9922d8e52593e895cfbeae0ee195715cb9a3083da50bad
decc880478312433effc906c9d468cdbd24bd5a774ef5bcb0cff588c28bc7b50
eee2d3fb136d9492bdfc979268e15b655b8547e7a25d15e6f4e66a6bda5343bc
f660ca0badb23ddca91dd3b86c7a538d64c5acab3327a981942f792484ef631f

www.postennorge.no Open in urlscan Pro 51.107.209.39 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

4 Countries

935 kBTransfer

1334 kBSize

2 Cookies

5 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

www.postennorge.no Open in urlscan Pro
51.107.209.39 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

935 kB
Transfer

1334 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!