www.postennorge.no
Open in
urlscan Pro
51.107.209.39
Malicious Activity!
Public Scan
Effective URL: https://www.postennorge.no/
Submission: On October 31 via api from US — Scanned from NO
Summary
TLS certificate: Issued by Buypass Class 2 CA 5 on May 25th 2022. Valid for: 6 months.
This is the only time www.postennorge.no was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Posten Norge (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 51.107.209.39 51.107.209.39 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
6 | 104.16.85.20 104.16.85.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.64.173.12 172.64.173.12 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 3.73.195.171 3.73.195.171 | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-195-171.eu-central-1.compute.amazonaws.com
6015663.global.siteimproveanalytics.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
postennorge.no
1 redirects
www.postennorge.no |
750 KB |
6 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 387 |
171 KB |
1 |
siteimproveanalytics.io
6015663.global.siteimproveanalytics.io |
474 B |
1 |
siteimproveanalytics.com
siteimproveanalytics.com — Cisco Umbrella Rank: 3160 |
13 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
8 | www.postennorge.no |
1 redirects
www.postennorge.no
|
6 | cdn.jsdelivr.net |
www.postennorge.no
cdn.jsdelivr.net |
1 | 6015663.global.siteimproveanalytics.io | |
1 | siteimproveanalytics.com |
www.postennorge.no
|
15 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
id.posten.no |
www.posten.no |
www.bring.no |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.postennorge.no Buypass Class 2 CA 5 |
2022-05-25 - 2022-11-20 |
6 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
*.global.r1.siteimproveanalytics.io Amazon |
2022-09-09 - 2023-10-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.postennorge.no/
Frame ID: 48216D6E2D4FE3D1E32AA21639AC3635
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Velkommen til Posten Norge ASSøkNOT_TRANSLATEDLukke menyPage URL History Show full URLs
-
http://www.postennorge.no/
HTTP 301
https://www.postennorge.no/ Page URL
Detected technologies
jsDelivr (CDN) ExpandDetected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Min side
Search URL Search Domain Scan URL
Title: For private – Posten.no
Search URL Search Domain Scan URL
Title: For bedrifter – Bring.no
Search URL Search Domain Scan URL
Title: Posten kundeservice
Search URL Search Domain Scan URL
Title: Bring kundeservice
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.postennorge.no/
HTTP 301
https://www.postennorge.no/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.postennorge.no/ Redirect Chain
|
39 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
posten.css
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ |
215 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
barn-skaterpaa-fortau-postbil-i-gata.jfif.jpeg
www.postennorge.no/_/image/7c8511d1-72d7-4303-95a2-7cbbf3b37d0f:db432e71cf396443a95a8ab2558d56c5acc9f0a0/width-800/ |
103 KB 103 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
el-sykkel-gr%C3%B8nn-urbant.jpg.jpeg
www.postennorge.no/_/image/72f90ffa-d296-47da-88c5-bb5ca0526805:b1ebe3a09d274fbfd484aca62c6951d128e47827/width-800/ |
137 KB 137 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ |
160 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.min.js
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ |
485 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Kvinne-smiler-i-Autostore-PMM-65754-%20Foto_Aksel_Jermstad.jpg.jpeg
www.postennorge.no/_/image/fae9bb14-8272-4ed4-8225-08c301cf8819:6697313d90f92daf3c065b79291b7aa7457ab2a7/width-800/ |
60 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pakker-pa-postterminal.jfif.jpeg
www.postennorge.no/_/image/af3e56e7-08c3-4830-b178-395339f16a39:6f64aa37b8f67dcf7132f3596a51f000e9339d8d/width-800/ |
151 KB 152 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vr-briller.jpg.jpeg
www.postennorge.no/_/image/28646171-8da7-4446-bccd-d7f2f29d37d0:0b7b944efb23bb299e0a7cc2b25e02c5fa903e3c/width-800/ |
44 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Regular.woff2
cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Medium.woff2
cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postdame-med-tralle-cropped.jfif
www.postennorge.no/_/image/75b0fae7-6399-4680-8612-c52310d79fb9:90c02d26195ac462ccd17b1453a4df91819d955e/width-2500/ |
244 KB 244 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
svg-sprite.svg
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/ |
79 KB 27 KB |
XHR
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
siteanalyze_6015663.js
siteimproveanalytics.com/js/ |
45 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image.aspx
6015663.global.siteimproveanalytics.io/ |
34 B 474 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Posten Norge (Transportation)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| hedwig object| FontAwesomeConfig object| ___FONT_AWESOME___ function| replaceLastPathofUrl string| src string| spriteUrl function| loadIcons object| _sz2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.postennorge.no/ | Name: nmstat Value: 616adb85-f422-6b34-880c-43eb35dc2583 |
|
6015663.global.siteimproveanalytics.io/ | Name: AWSALBCORS Value: GcSBZuJH3OfP+ya2Sy3VX8Gjvyjg0aJGkLj5KcVI9Szlh4ObAft6kErEsNB6mPAkByTgRsup5XTcpSewc9D0dIK3rZ9o0TwEa9zgCMBV7wr6OGqtxrcEtl87b1OQ |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src https://play.google.com/ https://www.youtube-nocookie.com https://www.google.com/ https://policy.app.cookieinformation.com/ https://form.typeform.com 'self'; connect-src https://uatoebsws.posten.no https://adressesok.posten.no https://posten.boost.ai https://policy.app.cookieinformation.com/ https://cdn.jsdelivr.net https://js.arcgis.com https://www.arcgis.com https://geocode.arcgis.com https://services.geodataonline.no https://basemaps.arcgis.com https://static.arcgis.com https://cdn.arcgis.com https://vector.services.geodataonline.no https://ws.geonorge.no https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com http://cfvod.kaltura.com http://cdnapisec.kaltura.com 'self'; base-uri 'self'; form-action https://tracking.bring.com 'self'; script-src https://cdnapisec.kaltura.com https://cdnapi.kaltura.com https://posten.boost.ai https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://posten-bring.force.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data; worker-src blob:; media-src blob: |
Strict-Transport-Security | max-age=63072000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
6015663.global.siteimproveanalytics.io
cdn.jsdelivr.net
siteimproveanalytics.com
www.postennorge.no
104.16.85.20
172.64.173.12
3.73.195.171
51.107.209.39
0534da325a4e5f653d2339ad4341b25c0e82a8a47cb60c72f8323f5bec6392c5
12b77684ea22d187248cad57dde2f70d73d56d7200d617d037e405e6f1865672
1b92491bfcbb457aa48f6c9b6adf0f4a6be0fd6594634126b7788919bd3b734d
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2ac0a3f69b90c2fcfef978d81a1957d923234a0c20f13cec68fa0e40c076b44d
34ba719e7f615b8acccbbb7deff55e38e8d5a71234d7d459ddb816340b2cd970
4c2e9f86b66c458df2f832363c3744f5d3ce86c123b361d8c3f8eb93304fc0c4
765c50d9eee71459b2b1b6bafbe0a9e35776c25112be9d9e1f6aee70227bbce0
999df38f0a76b5f67171450b83ecdba9f3c1a12865407fd3cec9025d17b6c34c
b38ee804606cfb5640f70f824ffeaa1e29f4ef09c736221f3ccdcd495dd049ef
cf68c53d856262189ed0167adb6ddd94cb90c3df0561057deb6820b2f22d0584
db603ebe29c314fd1d9922d8e52593e895cfbeae0ee195715cb9a3083da50bad
decc880478312433effc906c9d468cdbd24bd5a774ef5bcb0cff588c28bc7b50
eee2d3fb136d9492bdfc979268e15b655b8547e7a25d15e6f4e66a6bda5343bc
f660ca0badb23ddca91dd3b86c7a538d64c5acab3327a981942f792484ef631f