worker.nu Open in urlscan Pro
2606:4700:3037::6815:3c13  Malicious Activity! Public Scan

Submitted URL: https://worker.nu/Mei/taxno/
Effective URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zt...
Submission Tags: 7385734
Submission: On December 15 via api from US — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 19 HTTP transactions. The main IP is 2606:4700:3037::6815:3c13, located in United States and belongs to CLOUDFLARENET, US. The main domain is worker.nu.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 14th 2021. Valid for: a year.
This is the only time worker.nu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Skatteetaten (Government)

Domain & IP information

IP Address AS Autonomous System
11 2606:4700:303... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
19 4
Domain Requested by
11 worker.nu worker.nu
4 www.skatteetaten.no worker.nu
1 siteimproveanalytics.com worker.nu
19 3

This site contains links to these domains. Also see Links.

Domain
skatt.skatteetaten.no
www.skatteetaten.no
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-02-14 -
2022-02-13
a year crt.sh
www.skatteetaten.no
DigiCert SHA2 Extended Validation Server CA
2020-05-19 -
2022-06-18
2 years crt.sh

This page contains 1 frames:

Primary Page: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Frame ID: E23D1AFEFC9D0FF8C6C4F638841D3587
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Se, endre eller levere skattemeldingen - Skatteetaten

Page URL History Show full URLs

  1. https://worker.nu/Mei/taxno/ Page URL
  2. https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0Ds... Page URL

Page Statistics

19
Requests

84 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

83 kB
Transfer

374 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://worker.nu/Mei/taxno/ Page URL
  2. https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
worker.nu/Mei/taxno/
204 B
890 B
Document
General
Full URL
https://worker.nu/Mei/taxno/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.26 PleskLin
Resource Hash
a216243d9f733981604abee86389c387f6e38bf49aa6c71f26d4eabeadc7431c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.26 PleskLin
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-cache-status
BYPASS
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mQ%2FKa%2FLqYE8%2BKSODbEecfujGz5MphKhXRU4CCTVor3jBY4FjGGvZOn68Ao4ElLHFm9JmPVxLkdOidgBNNLIMnDnuWGx1T9mTYtflu3xeZTPIYSxmX9%2FDiOL%2BizuiaXNeIVmPmW47iMk%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6be00b7258d04ecd-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Primary Request Login.php
worker.nu/Mei/taxno/
78 KB
17 KB
Document
General
Full URL
https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.26 PleskLin
Resource Hash
63442cbc4c968b7baba72c6542a3f76a8cdb0010dbc35f548d6dff723c87e8c2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.26 PleskLin
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-cache-status
BYPASS
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7OOc%2BWYFrlVR6dz6unaL8DYp%2FP6GmgWjyjNsWmcU5pk163WOYHa6mDIliX5l45zSAjepOIuGzx53k9qR%2Beo4AfG7D%2BCCOlm4mUBlLAouQ%2BqR9olrut9Dc%2Bz3y7k2J1fqiSRWn8QJqGo%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6be00b740c474ecd-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
main.c46eed4e027de49473d8.css
worker.nu/Mei/taxno/
281 KB
48 KB
Stylesheet
General
Full URL
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
489b7d9f562e2b352c27badf953f82891d32e5fd7251452e37d58e6efdaf7331

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7099
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 08 Jul 2021 22:06:02 GMT
server
cloudflare
etag
W/"60e776ca-4647f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05p4nm441hOXtROaqdXQiF4PG86qV6RYfY9mJpUfRSE4myOKYJiRvftgt6p51FbGrijjaC8EdHuMntsz2wwo4c%2BXdDJEPAgcjmUq%2B4YlXTs%2FKOtCieVgY8iU1Ui8Sfd%2BxHOVLY6%2Fm9k%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31536000
cf-ray
6be00b7478ef2bce-FRA
cf-bgj
minify
main.fb68a4625fe1f2ec2662.js
www.skatteetaten.no/static/dist/js/
0
0
Script
General
Full URL
https://www.skatteetaten.no/static/dist/js/main.fb68a4625fe1f2ec2662.js
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7bb8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

find.js
www.skatteetaten.no/static/epi/13.0.5/
6 KB
2 KB
Script
General
Full URL
https://www.skatteetaten.no/static/epi/13.0.5/find.js
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7bb8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d52e5ac6bb4e82696f569faccb9cab4fa274b5bdac8d84b844995f1e64aa1e53
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no *.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no *.psplugin.com https://*.boost.ai https://chat.puzzel.com https://www.google-analytics.com wss:;form-action 'self';font-src *.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
9315
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
request-context
appId=cid-v1:a5c522df-3967-46be-a865-b6ba3972561f
referrer-policy
strict-origin-when-cross-origin
x-robots-tag
all
last-modified
Mon, 01 Apr 2019 12:27:56 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"0ee995586e8d41:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
application/x-javascript
vary
Accept-Encoding
cache-control
public,max-age=2592000
content-security-policy
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no *.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no *.psplugin.com https://*.boost.ai https://chat.puzzel.com https://www.google-analytics.com wss:;form-action 'self';font-src *.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no
cf-ray
6be00b750909d725-FRA
access-control-expose-headers
Request-Context
gtm5445.html
worker.nu/www.googletagmanager.com/
0
0
Script
General
Full URL
https://worker.nu/www.googletagmanager.com/gtm5445.html?id=GTM-MF24FF5&gtm_auth=rWAeiYgG1IKauCLLja90-g&gtm_preview=env-2&gtm_cookies_win=x
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.26
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-edge-cache
cache, platform=WordPress
date
Wed, 15 Dec 2021 13:33:40 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.26
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Csao0CKVeFElbRUvETwpOacbZQvf1LF0kWUjsg0zcsSHD4Y9fb6UCCYDbctgz6D%2BQ7gh%2Frhq2Eq7ggxoxUacfg%2FuDgK3gbhYBwQJEVnT1DoawNeyVmOZNSXyXtTNOWgZlkr5OYswWXs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0
cf-ray
6be00b74c9992bce-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Wed, 11 Jan 1984 05:00:00 GMT
search.png
worker.nu/Mei/taxno/
636 B
1 KB
Image
General
Full URL
https://worker.nu/Mei/taxno/search.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
adb7447d3d8643bbb6d7a449cc0aa091162883eb5cca70902d71083773f7120e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
636
last-modified
Thu, 08 Jul 2021 21:05:50 GMT
server
cloudflare
etag
"60e768ae-27c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bE3l3LTrXkPMWdGStWszeC25SlnBV%2FzenXTi6WcUZ%2FwyizVcEYDbyZwAjyf22uLjBVuxPznRR9uqNxYyMf8JCqM0On%2FeBF0bMHuw7p0HcejYhmHp9Kr0WD5KZBY10r9JFaCxq3fMghU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6be00b74d9ac2bce-FRA
down.png
worker.nu/Mei/taxno/
160 B
753 B
Image
General
Full URL
https://worker.nu/Mei/taxno/down.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
3b920305b5555b3df56e54a6f16b99a300ddaf1d19d2342245bb6fe557f04fae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
160
last-modified
Thu, 08 Jul 2021 20:08:22 GMT
server
cloudflare
etag
"60e75b36-a0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OpBsNbA6Z1TAo78gUpbfe%2FIOfoqk0sMyh1zLoFqyyKXHSGZ53eCjXDHrcNfCYZzrW8NnwuRCitVILNZCKNOVZ7Sw7CAsE5VYIm23TTQvKFzamAc5tjlpQo5bZIwC3DCtEoPamF0QCSU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6be00b74d9b12bce-FRA
separator.png
www.skatteetaten.no/Static/img/header/
5 KB
5 KB
Image
General
Full URL
https://www.skatteetaten.no/Static/img/header/separator.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7bb8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c5bce78b7e7203a5e5974b829cd8999f9898c3bc7eab7ae186e35e09c6439bd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no *.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no *.psplugin.com https://*.boost.ai https://chat.puzzel.com https://www.google-analytics.com wss:;form-action 'self';font-src *.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
9315
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5147
x-xss-protection
1; mode=block
request-context
appId=cid-v1:a5c522df-3967-46be-a865-b6ba3972561f
referrer-policy
strict-origin-when-cross-origin
x-robots-tag
all
last-modified
Wed, 25 Oct 2017 13:34:20 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"0d634f6954dd31:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/png
vary
Accept-Encoding
cache-control
public,max-age=2592000
content-security-policy
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no *.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no *.psplugin.com https://*.boost.ai https://chat.puzzel.com https://www.google-analytics.com wss:;form-action 'self';font-src *.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no
accept-ranges
bytes
cf-ray
6be00b75090cd725-FRA
access-control-expose-headers
Request-Context
share.png
worker.nu/Mei/taxno/
208 B
802 B
Image
General
Full URL
https://worker.nu/Mei/taxno/share.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5bade42c621e5992fd06c518bfe8933d62933067c28072a3c4829b398d72f86b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
208
last-modified
Thu, 08 Jul 2021 19:46:44 GMT
server
cloudflare
etag
"60e75624-d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osy3GiZap9qpJW3bTNJ5C7r3ycBaBPsWwh8WFrFKiEHMEJE9ILPcJikEK456oyjtLDGSA5vSZAyzJGfCsCgu0%2FevI2ra4FyvI1YLDMjIZsEgBvf4dBJ0dqPc4V6JKGwUrtAxGDXLkGQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6be00b74d9b32bce-FRA
skeno.png
worker.nu/Mei/taxno/
206 B
803 B
Image
General
Full URL
https://worker.nu/Mei/taxno/skeno.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1b3918977afb3b7b699c67a0484526984d5b5a2bf8922ba44435ca96a01b4899

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
206
last-modified
Thu, 08 Jul 2021 19:45:32 GMT
server
cloudflare
etag
"60e755dc-ce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4sz1sjq%2FnYFeriTUmIw8119nZlbAejk%2FvVagpsfuUtWlYdwCV9%2FbWhhY92Ywsigh0eERhjTQFVQNj6fqIXr2o5KOKunixpV%2FXbvp4yLyt1NDJqqF%2Bpxhb7qGQa9z4xB7OuK2DForGMs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6be00b74d9b52bce-FRA
arrowUp.png
www.skatteetaten.no/Static/img/footer/
452 B
2 KB
Image
General
Full URL
https://www.skatteetaten.no/Static/img/footer/arrowUp.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7bb8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b75b8edbc42ef28dc74055ccfe8f9de796360ba1348d5edf0090bfdaa6331d82
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no *.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no *.psplugin.com https://*.boost.ai https://chat.puzzel.com https://www.google-analytics.com wss:;form-action 'self';font-src *.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
9315
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
452
x-xss-protection
1; mode=block
request-context
appId=cid-v1:a5c522df-3967-46be-a865-b6ba3972561f
referrer-policy
strict-origin-when-cross-origin
x-robots-tag
all
last-modified
Tue, 06 Feb 2018 08:04:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"05f1af219fd31:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; preload
content-type
image/png
vary
Accept-Encoding
cache-control
public,max-age=2592000
content-security-policy
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no *.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no *.psplugin.com https://*.boost.ai https://chat.puzzel.com https://www.google-analytics.com wss:;form-action 'self';font-src *.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no
accept-ranges
bytes
cf-ray
6be00b75090dd725-FRA
access-control-expose-headers
Request-Context
right.png
worker.nu/Mei/taxno/
178 B
777 B
Image
General
Full URL
https://worker.nu/Mei/taxno/right.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5a023daf13a4d9dc2ae2c82f8deb2aaea7a767d336ce97e2503c865f3444b1c3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
178
last-modified
Thu, 08 Jul 2021 20:28:10 GMT
server
cloudflare
etag
"60e75fda-b2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmvDmVq5ioGHZ8tYl0v9%2BuSPUxGZbceWgE6A2fGawll1L%2Ff7rKeaqKCy1v7Vx%2FT4PI0p2hCLwRBitRss8FqT9WN2Z7q1l9Of6paV2f9LPBWEL%2BAIUQ7Uj%2Bq1iwLW1E8767p68VIvJ%2BI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6be00b74d9b72bce-FRA
facebook.png
worker.nu/Mei/taxno/
852 B
1 KB
Image
General
Full URL
https://worker.nu/Mei/taxno/facebook.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
012defd84d353bc3963e5d480b03d952d820513923a0d291cc118568f191fe79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
852
last-modified
Thu, 08 Jul 2021 20:33:22 GMT
server
cloudflare
etag
"60e76112-354"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkQdDl9%2F19RG6KKd7s26m5PsHGpjLYiS5k%2BEDtakQV52zG81ZAKjFy5a7A4leroFSeKcFRTVJlwQwebTDAaRH41F%2BNiRzx8cHc4hLKBEOy8DqG80sVBxEe8WwXmHhy0f7PTtwKykQtM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6be00b74d9b92bce-FRA
twitter.png
worker.nu/Mei/taxno/
675 B
1 KB
Image
General
Full URL
https://worker.nu/Mei/taxno/twitter.png
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:3c13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1d921466500185cc98fe34a0cdbf4c1ca29d6430edecbae8681e6307375f1d50

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/Mei/taxno/main.c46eed4e027de49473d8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
675
last-modified
Thu, 08 Jul 2021 20:58:04 GMT
server
cloudflare
etag
"60e766dc-2a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BUhdj99YsKzh1DhaUS8o7cNRTKh72xdJHNyMzOx0Akv2J6Ii6m3spG7Z1qF09FRk0WMzA9tFouzMbhJ58D%2BRaGX6QewQLO7EwZP96hgTcz5sK2XpKJ1GRV2EuPKbVlCvfeIdSbhiRoI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
6be00b74d9ba2bce-FRA
materialdesignicons-webfont.woff2
www.skatteetaten.no/Static/dist-icons/fonts/
0
0

materialdesignicons-webfont.woff
www.skatteetaten.no/Static/dist-icons/fonts/
0
0

materialdesignicons-webfont.ttf
www.skatteetaten.no/Static/dist-icons/fonts/
0
0

siteanalyze_6003072.js
siteimproveanalytics.com/js/
48 B
861 B
Script
General
Full URL
https://siteimproveanalytics.com/js/siteanalyze_6003072.js
Requested by
Host: worker.nu
URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:91b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25c8b199a5f6d3460a77de071889a79adc5b85a8c67323694ab4f945bd874bb6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://worker.nu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 13:33:37 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4161
cf-ray
6be00b7698676937-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
68
x-amz-id-2
lBMaMVknS+yGI5UGoKt0v+JzscA7PZbLDbX3WXxjhmUwnSXpabzh16OKeqmNah3r60zNOAYp9es=
last-modified
Fri, 24 Sep 2021 22:03:08 GMT
server
cloudflare
etag
"33052c237892696e223329b6b9d23c35"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9AOH8Wu89XZilyYqEcNkubjs1EDUKFdjLr5dmKnSBKX6oMF%2BZRfllYaEA53XOLrHc5yCZHBNtimEbVW%2BJIxbJeOjrsUECH9OnLapwV%2FtvwMPSmFW7SnFG7KvukWSbUvOD%2FpmgXApNPJcXFEyt1zqneVyGAccTI%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
QB10300H8SNQQFA4
cache-control
max-age=86400, no-transform
accept-ranges
bytes
content-type
application/javascript; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.skatteetaten.no
URL
https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.woff2?v=5.5.55
Domain
www.skatteetaten.no
URL
https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.woff?v=5.5.55
Domain
www.skatteetaten.no
URL
https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.ttf?v=5.5.55

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Skatteetaten (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| dataLayer object| STATENS_INNKREVING undefined| script function| FindApi object| api

1 Cookies

Domain/Path Name / Value
worker.nu/ Name: PHPSESSID
Value: de60m1774vatqpppakp2kiepqr

8 Console Messages

Source Level URL
Text
javascript error URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Message:
Access to font at 'https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.woff2?v=5.5.55' from origin 'https://worker.nu' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.woff2?v=5.5.55
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Message:
Access to font at 'https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.woff?v=5.5.55' from origin 'https://worker.nu' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.woff?v=5.5.55
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://worker.nu/Mei/taxno/Login.php?sslchannel=true&sessionid=DJECYIxQaRO656TzRamiQyIzflm0DsJMJQZOrXNx19fLOxu5Zta944kFXQYVw22efUnT30oCE3lnHGsG
Message:
Access to font at 'https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.ttf?v=5.5.55' from origin 'https://worker.nu' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.skatteetaten.no/Static/dist-icons/fonts/materialdesignicons-webfont.ttf?v=5.5.55
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://www.skatteetaten.no/static/dist/js/main.fb68a4625fe1f2ec2662.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://worker.nu/www.googletagmanager.com/gtm5445.html?id=GTM-MF24FF5&gtm_auth=rWAeiYgG1IKauCLLja90-g&gtm_preview=env-2&gtm_cookies_win=x
Message:
Failed to load resource: the server responded with a status of 404 ()