urlscan.io logo urlscan.io
SecurityTrails logo

nordea.unikreference.com Open in urlscan Pro
138.197.190.28  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://v.ht/NordeaID
Effective URL: https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT...
Submission: On April 04 via manual from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 10 domains to perform 24 HTTP transactions. The main IP is 138.197.190.28, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is nordea.unikreference.com.
TLS certificate: Issued by R3 on April 4th 2023. Valid for: 3 months.
This is the only time nordea.unikreference.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nordea (Banking)

Domain & IP information

1    69.61.26.123 (Atlanta, United States)

ASN141518 (SUBHOST-AS-IN Subhosting Innovations Pvt Ltd, IN)
v.ht
1    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
1    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.fi
1    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
332e568cf45e928884a4d62bd871bb41.safeframe.googlesyndication.com
1    99.192.153.170 (United States)

ASN27589 (MOJOHOST, US)
PTR: cs2190.mojohost.com
www.sheltercovefishinglodge.com
1    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
8    138.197.190.28 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
nordea.unikreference.com
Apex Domain
Subdomains		 Transfer
8 unikreference.com
nordea.unikreference.com
66 KB
4 googlesyndication.com
332e568cf45e928884a4d62bd871bb41.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 111
tpc.googlesyndication.com — Cisco Umbrella Rank: 145
26 KB
3 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 201
125 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
20 KB
1 sheltercovefishinglodge.com
www.sheltercovefishinglodge.com
322 B
1 google.com
adservice.google.com — Cisco Umbrella Rank: 90
www.google.com Failed
456 B
1 google.fi
adservice.google.fi — Cisco Umbrella Rank: 306082
531 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
44 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 198
26 KB
1 v.ht
v.ht
2 KB
24 10
Domain Requested by
8 nordea.unikreference.com 1 redirects nordea.unikreference.com
3 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
2 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
1 www.sheltercovefishinglodge.com v.ht
1 332e568cf45e928884a4d62bd871bb41.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.fi securepubads.g.doubleclick.net
1 www.googletagmanager.com v.ht
1 www.googletagservices.com v.ht
1 v.ht
0 www.google.com Failed tpc.googlesyndication.com
24 13

This site contains no links.

Subject Issuer Validity Valid
www.v.ht
R3		 2023-03-01 -
2023-05-30		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
*.google.fi
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
mail.sheltercovefishinglodge.com
R3		 2023-03-20 -
2023-06-18		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
nordea.unikreference.com
R3		 2023-04-04 -
2023-07-03		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
Frame ID: BFCC1F47F2249126F2C4145FE1F2CF5A
Requests: 20 HTTP requests in this frame

Frame: https://332e568cf45e928884a4d62bd871bb41.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9D511DD303950698D84203340E40C622
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D69410D68A1872C4133B587D00490DE8
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F9CF64F37E5A4D85DEA61632192E9E7E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nordea - Tunnistautuminen

Page URL History Show full URLs

  1. https://v.ht/NordeaID Page URL
  2. https://www.sheltercovefishinglodge.com/zk.html Page URL
  3. https://nordea.unikreference.com/Suomi/ HTTP 302
    https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxN... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

24
Requests

92 %
HTTPS

75 %
IPv6

10
Domains

13
Subdomains

13
IPs

2
Countries

310 kB
Transfer

786 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://v.ht/NordeaID Page URL
  2. https://www.sheltercovefishinglodge.com/zk.html Page URL
  3. https://nordea.unikreference.com/Suomi/ HTTP 302
    https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
NordeaID
v.ht/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://v.ht/NordeaID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.61.26.123 Atlanta, United States, ASN141518 (SUBHOST-AS-IN Subhosting Innovations Pvt Ltd, IN),
Reverse DNS
Software
Hotcores.com /
Resource Hash
c4c21f443a689d71bc5af3a4049af887b7c7860d96b6c88562904c9533e69500
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1
accept-language
fi-FI,fi;q=0.9

Response headers

Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; Charset=UTF-8;charset=UTF-8
Date
Tue, 04 Apr 2023 07:14:00 GMT
I-AM
Gamma
Pragma
no-cache
Server
Hotcores.com
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex, nofollow
gpt.js
www.googletagservices.com/tag/js/ 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: v.ht
URL: https://v.ht/NordeaID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
63cf832d71f5982c79af24ea945160025aa54e0cffe86b7169bb45811446bd62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:21 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25711
x-xss-protection
0
server
cafe
etag
764 / 19451 / m202303280101 / config-hash: 8099576212240570919
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 04 Apr 2023 07:19:21 GMT
js
www.googletagmanager.com/gtag/ 		113 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-31510493-3
Requested by
Host: v.ht
URL: https://v.ht/NordeaID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3ef15cdacaa713a1211ca254e314990730ff73d2076341cb0d22f34fc3d89c5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44965
x-xss-protection
0
last-modified
Tue, 04 Apr 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 04 Apr 2023 07:19:21 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 04 Apr 2023 06:55:30 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
1431
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Tue, 04 Apr 2023 08:55:30 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/ 		397 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/pubads_impl.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a2f95610260cf64dd25b8eae0f74d5794e3609a8854cc78532dc3e796ce3d83d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 03 Apr 2023 15:19:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
57566
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
126061
x-xss-protection
0
server
cafe
etag
16234491604082075955
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 02 Apr 2024 15:19:56 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		26 B
572 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=v.ht
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
19dc99a8224767e303208b156949a2c7b99e67dbe02ef9aa078fecaa28d3616e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30
x-xss-protection
0
expires
Tue, 04 Apr 2023 07:19:22 GMT
collect
www.google-analytics.com/j/ 		1 B
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=97907341&t=pageview&_s=1&dl=https%3A%2F%2Fv.ht%2FNordeaID&ul=en-us&de=UTF-8&dt=NordeaID&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1861698458&gjid=902551741&cid=1709420900.1680592762&tid=UA-31510493-3&_gid=647847543.1680592762&_r=1&gtm=457e3430&jsscut=1&z=1169554317
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://v.ht/
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 04 Apr 2023 07:19:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://v.ht
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.fi/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.fi/adsid/integrator.js?domain=v.ht
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v.ht
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		644 B
690 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4381636658581948&correlator=1707075373812001&output=ldjh&gdfp_req=1&vrg=202303280101&ptt=17&impl=fif&iu_parts=5837603%2CVht_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&ifi=1&adks=495576698&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1680592762272&lmt=1680592762&dlt=1680592761498&idt=746&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fv.ht%2FNordeaID&frm=20&vis=1&psz=300x63&msz=0x0&fws=128&ohw=0&ga_vid=1709420900.1680592762&ga_sid=1680592762&ga_hid=97907341&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4c569bfe928de1986e99dab9e6a6b118cc14fef423d274e7662f8e694d430878
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:22 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
326
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://v.ht
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
332e568cf45e928884a4d62bd871bb41.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9D51 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://332e568cf45e928884a4d62bd871bb41.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v.ht/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 04 Apr 2023 07:19:22 GMT
expires
Wed, 03 Apr 2024 07:19:22 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zk.html
www.sheltercovefishinglodge.com/ 		205 B
322 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sheltercovefishinglodge.com/zk.html
Requested by
Host: v.ht
URL: https://v.ht/NordeaID
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
99.192.153.170 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
cs2190.mojohost.com
Software
Apache/2 /
Resource Hash
bd26b27cfc0e1fe670bd17ff2563dd4c8502a60daaad794ce6e4785e679b36b9

Request headers

Referer
https://v.ht/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
176
content-type
text/html
date
Tue, 04 Apr 2023 07:19:23 GMT
etag
"cd-5f86a6566a1c0-gzip"
last-modified
Mon, 03 Apr 2023 08:32:15 GMT
server
Apache/2
vary
Accept-Encoding,User-Agent
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202303280101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11195
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202303280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://v.ht/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 04 Apr 2023 07:19:23 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D694 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v.ht/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1
accept-language
fi-FI,fi;q=0.9

Response headers

accept-ranges
bytes
age
13189
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 04 Apr 2023 03:39:34 GMT
expires
Wed, 03 Apr 2024 03:39:34 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame F9CF 		0
0
YzZmA7a08v9f087fwqUDZorL-7TBHmPOgPW1cUS8ffQ.js
pagead2.googlesyndication.com/bg/ Frame D694 		0
0
Primary Request Nordea-log.php
nordea.unikreference.com/Suomi/
Redirect Chain
  • https://nordea.unikreference.com/Suomi/
  • https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPU...
12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.190.28 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
420ecfe983450dae3af224eb7c444a29f078207db53b627852c5325adf7fac5a

Request headers

Referer
https://www.sheltercovefishinglodge.com/zk.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1
accept-language
fi-FI,fi;q=0.9

Response headers

content-encoding
gzip
content-length
3267
content-type
text/html; charset=UTF-8
date
Tue, 04 Apr 2023 07:19:23 GMT
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/7.4.33 PleskLin

Redirect headers

content-length
4
content-type
text/html; charset=UTF-8
date
Tue, 04 Apr 2023 07:19:23 GMT
location
Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
server
nginx
x-powered-by
PHP/7.4.33 PleskLin
styles-6af237f07b117508ecc428f538073c25.css
nordea.unikreference.com/Suomi/assets/ 		28 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nordea.unikreference.com/Suomi/assets/styles-6af237f07b117508ecc428f538073c25.css
Requested by
Host: nordea.unikreference.com
URL: https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.190.28 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
8eb4e6e7d53f792bf2dbc6c8e4377299884db4b427694d3d9857de4eb9aa0107

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:23 GMT
content-encoding
br
last-modified
Tue, 13 Apr 2021 16:10:20 GMT
server
nginx
etag
W/"6075c26c-70b0"
x-powered-by
PleskLin
content-type
text/css
service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
nordea.unikreference.com/Suomi/assets/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nordea.unikreference.com/Suomi/assets/images/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
Requested by
Host: nordea.unikreference.com
URL: https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.190.28 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:23 GMT
last-modified
Tue, 13 Apr 2021 16:10:20 GMT
server
nginx
etag
"6075c26c-af3"
x-powered-by
PleskLin
content-type
image/svg+xml
accept-ranges
bytes
content-length
2803
code_calculator-6af4aa53625a02dcb8b5cfd7ac2d30bd.svg
nordea.unikreference.com/Suomi/assets/images/ 		671 B
844 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nordea.unikreference.com/Suomi/assets/images/code_calculator-6af4aa53625a02dcb8b5cfd7ac2d30bd.svg
Requested by
Host: nordea.unikreference.com
URL: https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.190.28 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
23c76e6a9df05e6f95e1384fbf5566300447cf8a2e658af4de19bb52c14eeadf

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nordea.unikreference.com/Suomi/Nordea-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBDcmlPUy85Mi4wLjQ1MTUuOTAgTW9iaWxlLzE1RTE0OCBTYWZhcmkvNjA0LjExODUuMjA0LjEuMTgzMjAyMzpBcHI6VHVl
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:23 GMT
last-modified
Tue, 13 Apr 2021 16:10:20 GMT
server
nginx
x-accel-version
0.01
etag
"29f-5bfdcdde47300"
x-powered-by
PleskLin
content-type
image/svg+xml
accept-ranges
bytes
content-length
671
564d0ff0f3578b7128a458ef269b286a.jpg
nordea.unikreference.com/Suomi/assets/ 		808 B
808 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nordea.unikreference.com/Suomi/assets/564d0ff0f3578b7128a458ef269b286a.jpg
Requested by
Host: nordea.unikreference.com
URL: https://nordea.unikreference.com/Suomi/assets/styles-6af237f07b117508ecc428f538073c25.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.190.28 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://nordea.unikreference.com/Suomi/assets/styles-6af237f07b117508ecc428f538073c25.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:23 GMT
content-encoding
br
last-modified
Tue, 04 Apr 2023 05:26:13 GMT
server
nginx
etag
W/"328-5f87be9f44632"
content-type
text/html
c233a817ad142919d728ebf4c8b3d54c.woff2
nordea.unikreference.com/Suomi/assets/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nordea.unikreference.com/Suomi/assets/c233a817ad142919d728ebf4c8b3d54c.woff2
Requested by
Host: nordea.unikreference.com
URL: https://nordea.unikreference.com/Suomi/assets/styles-6af237f07b117508ecc428f538073c25.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.190.28 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03

Request headers

Referer
https://nordea.unikreference.com/Suomi/assets/styles-6af237f07b117508ecc428f538073c25.css
Origin
https://nordea.unikreference.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:23 GMT
last-modified
Tue, 13 Apr 2021 16:10:20 GMT
server
nginx
etag
"6075c26c-6900"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
26880
7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
nordea.unikreference.com/Suomi/assets/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://nordea.unikreference.com/Suomi/assets/7bc117ce8cbf2ce4b08a7ed17d16cf89.woff2
Requested by
Host: nordea.unikreference.com
URL: https://nordea.unikreference.com/Suomi/assets/styles-6af237f07b117508ecc428f538073c25.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
138.197.190.28 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff

Request headers

Referer
https://nordea.unikreference.com/Suomi/assets/styles-6af237f07b117508ecc428f538073c25.css
Origin
https://nordea.unikreference.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/92.0.4515.90 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 04 Apr 2023 07:19:23 GMT
last-modified
Tue, 13 Apr 2021 16:10:20 GMT
server
nginx
etag
"6075c26c-6734"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
26420

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com
URL
https://www.google.com/recaptcha/api2/aframe
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/bg/YzZmA7a08v9f087fwqUDZorL-7TBHmPOgPW1cUS8ffQ.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nordea (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

6 Cookies

Domain/Path Name / Value
.v.ht/ Name: _ga
Value: GA1.2.1709420900.1680592762
.v.ht/ Name: _gid
Value: GA1.2.647847543.1680592762
.v.ht/ Name: _gat_gtag_UA_31510493_3
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.v.ht/ Name: __gads
Value: ID=3a49ff0924fd2d1b:T=1680592762:S=ALNI_MbL5h3YbYYyIIlq1AG_EFsJaaSLyg
.v.ht/ Name: __gpi
Value: UID=00000bd09552500f:T=1680592762:RT=1680592762:S=ALNI_MaEPquw1k3mC2BNdV0fKXdzq7xaqA

1 Console Messages

Source Level URL
Text
network error URL: https://nordea.unikreference.com/Suomi/assets/564d0ff0f3578b7128a458ef269b286a.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

332e568cf45e928884a4d62bd871bb41.safeframe.googlesyndication.com
adservice.google.com
adservice.google.fi
nordea.unikreference.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
v.ht
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.sheltercovefishinglodge.com
pagead2.googlesyndication.com
www.google.com
138.197.190.28
2001:4860:4802:38::178
2a00:1450:4001:800::2002
2a00:1450:4001:803::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:811::2001
2a00:1450:4001:813::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
69.61.26.123
99.192.153.170
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
19dc99a8224767e303208b156949a2c7b99e67dbe02ef9aa078fecaa28d3616e
23c76e6a9df05e6f95e1384fbf5566300447cf8a2e658af4de19bb52c14eeadf
3ef15cdacaa713a1211ca254e314990730ff73d2076341cb0d22f34fc3d89c5d
420ecfe983450dae3af224eb7c444a29f078207db53b627852c5325adf7fac5a
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4c569bfe928de1986e99dab9e6a6b118cc14fef423d274e7662f8e694d430878
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
63cf832d71f5982c79af24ea945160025aa54e0cffe86b7169bb45811446bd62
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8eb4e6e7d53f792bf2dbc6c8e4377299884db4b427694d3d9857de4eb9aa0107
a2f95610260cf64dd25b8eae0f74d5794e3609a8854cc78532dc3e796ce3d83d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
bd26b27cfc0e1fe670bd17ff2563dd4c8502a60daaad794ce6e4785e679b36b9
c4c21f443a689d71bc5af3a4049af887b7c7860d96b6c88562904c9533e69500