Submitted URL: http://omatsivut.tfbank.fi/
Effective URL: https://omatsivut.tfbank.fi/
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On October 20 via api from IT — Scanned from FI

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 29 HTTP transactions. The main IP is 185.195.94.212, located in Sweden and belongs to BBN, SE. The main domain is omatsivut.tfbank.fi.
TLS certificate: Issued by E5 on October 20th 2024. Valid for: 3 months.
This is the only time omatsivut.tfbank.fi was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 185.195.94.212 42649 (BBN)
1 172.217.16.200 15169 (GOOGLE)
8 20.50.88.245 8075 (MICROSOFT...)
1 185.195.94.202 42649 (BBN)
29 5
Apex Domain
Subdomains
Transfer
17 tfbank.fi
omatsivut.tfbank.fi
3 MB
8 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 785
662 B
1 tfbank.se
prodcustomerdataapi.tfbank.se
939 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
78 KB
0 hotjar.com Failed
static.hotjar.com Failed
0 google-analytics.com Failed
www.google-analytics.com Failed
29 6
Domain Requested by
17 omatsivut.tfbank.fi omatsivut.tfbank.fi
8 dc.services.visualstudio.com omatsivut.tfbank.fi
1 prodcustomerdataapi.tfbank.se omatsivut.tfbank.fi
1 www.googletagmanager.com omatsivut.tfbank.fi
0 static.hotjar.com Failed www.googletagmanager.com
0 www.google-analytics.com Failed www.googletagmanager.com
29 6

This site contains links to these domains. Also see Links.

Domain
tfbank.fi
Subject Issuer Validity Valid
omatsivut.tfbank.fi
E5
2024-10-20 -
2025-01-18
3 months crt.sh
*.google-analytics.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 04
2024-09-08 -
2025-09-03
a year crt.sh
*.tfbank.se
GlobalSign RSA OV SSL CA 2018
2024-04-15 -
2025-05-17
a year crt.sh

This page contains 1 frames:

Primary Page: https://omatsivut.tfbank.fi/
Frame ID: 131A338725A4B77C08A92E2D4222BB2C
Requests: 25 HTTP requests in this frame

Screenshot

Page Title

Omat sivut | TF Bank

Page URL History Show full URLs

  1. http://omatsivut.tfbank.fi/ HTTP 307
    https://omatsivut.tfbank.fi/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js

Page Statistics

29
Requests

93 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

5
IPs

3
Countries

3646 kB
Transfer

6540 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://omatsivut.tfbank.fi/ HTTP 307
    https://omatsivut.tfbank.fi/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
omatsivut.tfbank.fi/
Redirect Chain
  • http://omatsivut.tfbank.fi/
  • https://omatsivut.tfbank.fi/
584 B
2 KB
Document
General
Full URL
https://omatsivut.tfbank.fi/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
e1e25c252919992d67016862e6be126151e4c4ded40a92502160ef9d9a1336f2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
469
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Content-Type
text/html
Date
Sun, 20 Oct 2024 23:00:58 GMT
ETag
"0cb2f74efdb1:0"
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Permissions-Policy
camera=(self)
Referrer-Policy
same-origin
Server
baffin-bay-inlet
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=14515200
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN

Redirect headers

Location
https://omatsivut.tfbank.fi/
Non-Authoritative-Reason
HttpsUpgrades
main.12ba9f65.js
omatsivut.tfbank.fi/static/js/
1 MB
444 KB
Script
General
Full URL
https://omatsivut.tfbank.fi/static/js/main.12ba9f65.js
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
d28b01828d6e70e2f00ea59cf97f48f7ef5558addc26dbf3a6d6c623c58ed7b6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/

Response headers

Content-Encoding
gzip
ETag
"0cb2f74efdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:00:59 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Server
baffin-bay-inlet
main.0748c953.css
omatsivut.tfbank.fi/static/css/
149 KB
37 KB
Stylesheet
General
Full URL
https://omatsivut.tfbank.fi/static/css/main.0748c953.css
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
26be3b391b6f42037fa6e2b048098ac5f5737a1794efaaf1402bf952bc821873
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/

Response headers

Content-Encoding
gzip
ETag
"0cb2f74efdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:00:59 GMT
Content-Type
text/css
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
36341
Server
baffin-bay-inlet
gtm.js
www.googletagmanager.com/
217 KB
78 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5PHJMBM&l=PageDataLayer&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
8e7573b0f6f9f03ee2d25c488a5943c04f3ef43c9f0ae5bbc8d4f702e200ff09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Sun, 20 Oct 2024 23:01:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 20 Oct 2024 23:01:01 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 20 Oct 2024 21:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
79423
x-xss-protection
0
server
Google Tag Manager
378.cee02c3a.chunk.css
omatsivut.tfbank.fi/static/css/
44 KB
34 KB
Stylesheet
General
Full URL
https://omatsivut.tfbank.fi/static/css/378.cee02c3a.chunk.css
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/main.12ba9f65.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
35eb950befd209380d97c625695b11bb335d5e423af9162e847c48810c597e97
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/

Response headers

Content-Encoding
gzip
ETag
"0cb2f74efdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:01:00 GMT
Content-Type
text/css
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
34030
Server
baffin-bay-inlet
378.32e21912.chunk.js
omatsivut.tfbank.fi/static/js/
2 MB
930 KB
Script
General
Full URL
https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/main.12ba9f65.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
8e6384b5786da97b0886bab8a8f2f445424d5fdb83a720fe7c1098defa89306c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/

Response headers

Content-Encoding
gzip
ETag
"0cb2f74efdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:01:00 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Server
baffin-bay-inlet
442.2f4bed2d.chunk.css
omatsivut.tfbank.fi/static/css/
189 KB
82 KB
Stylesheet
General
Full URL
https://omatsivut.tfbank.fi/static/css/442.2f4bed2d.chunk.css
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/main.12ba9f65.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
08983ee86185c5c80d281e30391437e5f10ec2e895c3c3b80aaa633ce5b2b84b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/

Response headers

Content-Encoding
gzip
ETag
"0cb2f74efdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:01:01 GMT
Content-Type
text/css
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Server
baffin-bay-inlet
442.b8579fc7.chunk.js
omatsivut.tfbank.fi/static/js/
376 KB
145 KB
Script
General
Full URL
https://omatsivut.tfbank.fi/static/js/442.b8579fc7.chunk.js
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/main.12ba9f65.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
ee105d57d992f41cad69041c552c8c0feb3be72337e8ab77344d2917b3d8774b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/

Response headers

Content-Encoding
gzip
ETag
"0cb2f74efdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:01:01 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Server
baffin-bay-inlet
analytics.js
www.google-analytics.com/
0
0

hotjar-2594649.js
static.hotjar.com/c/
0
0

translation.json
omatsivut.tfbank.fi/locales/fi/
21 KB
10 KB
Fetch
General
Full URL
https://omatsivut.tfbank.fi/locales/fi/translation.json
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
f30002bf75f7eb29b4263d73c6c0452bb21b19be62cfb4ca004576c521e45828
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

request-id
|a46fbbdc825b4d5f8aabeaeec70c33bb.95dfe2c5dffc43d2
traceparent
00-a46fbbdc825b4d5f8aabeaeec70c33bb-95dfe2c5dffc43d2-01
Referer
https://omatsivut.tfbank.fi/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Content-Encoding
gzip
ETag
"0c353a64cfdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:01:03 GMT
Content-Type
application/json
Last-Modified
Wed, 25 Sep 2024 13:13:02 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
9238
Server
baffin-bay-inlet
meta.json
omatsivut.tfbank.fi/
19 B
1 KB
Fetch
General
Full URL
https://omatsivut.tfbank.fi/meta.json
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
701d838178929148f2eb418c3c97c99636c033fc2efa6874d65299f6df4929d2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

request-id
|a46fbbdc825b4d5f8aabeaeec70c33bb.ff9f4b34233542bd
traceparent
00-a46fbbdc825b4d5f8aabeaeec70c33bb-ff9f4b34233542bd-01
Referer
https://omatsivut.tfbank.fi/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Content-Encoding
gzip
ETag
"02bae14dfdb1:0"
X-Content-Type-Options
nosniff
Date
Sun, 20 Oct 2024 23:01:03 GMT
Content-Type
application/json
Last-Modified
Wed, 25 Sep 2024 13:21:50 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Connection
keep-alive
Referrer-Policy
same-origin
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
139
Server
baffin-bay-inlet
track
dc.services.visualstudio.com/v2/
96 B
154 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
8ab3c52b7f756c147a42dfc42966e9b4b1cdbaae9b2439def033a20d5b8611da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json
Sdk-Context
appId

Response headers

strict-transport-security
max-age=31536000
access-control-allow-origin
*
date
Sun, 20 Oct 2024 23:01:04 GMT
content-type
application/json; charset=utf-8
server
Microsoft-HTTPAPI/2.0
x-content-type-options
nosniff
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://omatsivut.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Sun, 20 Oct 2024 23:01:03 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
favicon.ico
omatsivut.tfbank.fi/
1 KB
2 KB
Other
General
Full URL
https://omatsivut.tfbank.fi/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
1431b53f53544a5c47d19c148c9624b389fa5722f3605e22afd7161e3c5e0b24
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"0c353a64cfdb1:0"
Connection
keep-alive
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
1150
Date
Sun, 20 Oct 2024 23:01:03 GMT
Content-Type
image/x-icon
Last-Modified
Wed, 25 Sep 2024 13:13:02 GMT
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
next
prodcustomerdataapi.tfbank.se/api/customerservice/maintenance/
0
939 B
XHR
General
Full URL
https://prodcustomerdataapi.tfbank.se/api/customerservice/maintenance/next?market=Finland
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.202 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=14515200

Request headers

Referer
Accept-Language
fi
Accept
application/json, text/plain, */*
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=14515200
Access-Control-Expose-Headers
x-contenttype
api-supported-versions
1.0
Connection
keep-alive
Request-Context
appId=cid-v1:90efdaad-7981-4750-b06c-44c489670db0
Access-Control-Allow-Origin
*
Date
Sun, 20 Oct 2024 23:01:05 GMT
X-Powered-By
ASP.NET
Server
baffin-bay-inlet
favicon.ico
omatsivut.tfbank.fi/
1 KB
0
Other
General
Full URL
https://omatsivut.tfbank.fi/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
1431b53f53544a5c47d19c148c9624b389fa5722f3605e22afd7161e3c5e0b24
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/login

Response headers

Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"0c353a64cfdb1:0"
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
1150
Date
Sun, 20 Oct 2024 23:01:03 GMT
Content-Type
image/x-icon
Last-Modified
Wed, 25 Sep 2024 13:13:02 GMT
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
tfbank21-logo-white.799bf51a13cdf5ad3702fad22db4f40d.svg
omatsivut.tfbank.fi/static/media/
3 KB
4 KB
Image
General
Full URL
https://omatsivut.tfbank.fi/static/media/tfbank21-logo-white.799bf51a13cdf5ad3702fad22db4f40d.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
a1c5ae128a15c00c005f02cab2836792f33932f4ff2b4ffde7dda864641d169e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/login

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"0cb2f74efdb1:0"
Connection
keep-alive
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
3048
Date
Sun, 20 Oct 2024 23:01:04 GMT
Content-Type
image/svg+xml
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
tfbank21-logo-symbol-white.09b8947dc04f9234e2f3ebdf3211be66.svg
omatsivut.tfbank.fi/static/media/
893 B
2 KB
Image
General
Full URL
https://omatsivut.tfbank.fi/static/media/tfbank21-logo-symbol-white.09b8947dc04f9234e2f3ebdf3211be66.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
61005b093700502390f55675aff651e43cd4158810125024f1b43ef76ac1695d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/login

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"0cb2f74efdb1:0"
Connection
keep-alive
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
893
Date
Sun, 20 Oct 2024 23:01:04 GMT
Content-Type
image/svg+xml
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
woman_hanging_outside_car_window.9b0506a76f7b5929e85d.webp
omatsivut.tfbank.fi/static/media/
2 MB
2 MB
Image
General
Full URL
https://omatsivut.tfbank.fi/static/media/woman_hanging_outside_car_window.9b0506a76f7b5929e85d.webp
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/css/442.2f4bed2d.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
a6bcbccd8410b2044e7a005c74c71c09c8ffc2021f516b191c84f2744e6f3cc1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/static/css/442.2f4bed2d.chunk.css

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"0cb2f74efdb1:0"
Connection
keep-alive
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
1600548
Date
Sun, 20 Oct 2024 23:01:04 GMT
Content-Type
image/webp
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
signicat-fi-logo2_2.2280d7937253c66c7206.svg
omatsivut.tfbank.fi/static/media/
10 KB
4 KB
Image
General
Full URL
https://omatsivut.tfbank.fi/static/media/signicat-fi-logo2_2.2280d7937253c66c7206.svg
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/css/442.2f4bed2d.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
7054e3119cfe6e7d3fa20570caf2488bde4358f4303fd11b3e07f29ed0dc742b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/static/css/442.2f4bed2d.chunk.css

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Content-Encoding
gzip
ETag
W/"0cb2f74efdb1:0"
Connection
keep-alive
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Date
Sun, 20 Oct 2024 23:01:04 GMT
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Content-Type
image/svg+xml
Vary
Accept-Encoding
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
Raleway-VariableFont_wght.575ec9e676c7a85494bb.ttf
omatsivut.tfbank.fi/static/media/
302 KB
304 KB
Font
General
Full URL
https://omatsivut.tfbank.fi/static/media/Raleway-VariableFont_wght.575ec9e676c7a85494bb.ttf
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/css/main.0748c953.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
8e7948221210e0bff86b70de2a2e893e24e0d9c5a16a5db0aa47834b88bf1998
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://omatsivut.tfbank.fi
Referer
https://omatsivut.tfbank.fi/static/css/main.0748c953.css

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=14515200
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"0cb2f74efdb1:0"
Connection
keep-alive
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
309720
Date
Sun, 20 Oct 2024 23:01:05 GMT
Content-Type
application/octet-stream
Last-Modified
Wed, 25 Sep 2024 13:22:54 GMT
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://omatsivut.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Sun, 20 Oct 2024 23:01:03 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
200 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
f26ff9e4fe340b565bdf85f93fae8a93dac5c1e10510457c2814dd2208504ad2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json
Sdk-Context
appId

Response headers

strict-transport-security
max-age=31536000
access-control-allow-origin
*
date
Sun, 20 Oct 2024 23:01:04 GMT
content-type
application/json; charset=utf-8
server
Microsoft-HTTPAPI/2.0
x-content-type-options
nosniff
favicon.ico
omatsivut.tfbank.fi/
1 KB
0
Other
General
Full URL
https://omatsivut.tfbank.fi/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.212 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
1431b53f53544a5c47d19c148c9624b389fa5722f3605e22afd7161e3c5e0b24
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://omatsivut.tfbank.fi/login

Response headers

Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"0c353a64cfdb1:0"
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
1150
Date
Sun, 20 Oct 2024 23:01:03 GMT
Content-Type
image/x-icon
Last-Modified
Wed, 25 Sep 2024 13:13:02 GMT
Server
baffin-bay-inlet
X-Frame-Options
SAMEORIGIN
track
dc.services.visualstudio.com/v2/
96 B
154 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
67c986a62c39dd0654c8ec366d60720ed2d6041fcff3f27b0b37923a7718ba30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json
Sdk-Context
appId

Response headers

strict-transport-security
max-age=31536000
access-control-allow-origin
*
date
Sun, 20 Oct 2024 23:01:04 GMT
content-type
application/json; charset=utf-8
server
Microsoft-HTTPAPI/2.0
x-content-type-options
nosniff
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://omatsivut.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Sun, 20 Oct 2024 23:01:03 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
154 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: omatsivut.tfbank.fi
URL: https://omatsivut.tfbank.fi/static/js/378.32e21912.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
67c986a62c39dd0654c8ec366d60720ed2d6041fcff3f27b0b37923a7718ba30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json
Sdk-Context
appId

Response headers

strict-transport-security
max-age=31536000
access-control-allow-origin
*
date
Sun, 20 Oct 2024 23:01:04 GMT
content-type
application/json; charset=utf-8
server
Microsoft-HTTPAPI/2.0
x-content-type-options
nosniff
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://omatsivut.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Sun, 20 Oct 2024 23:01:04 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google-analytics.com
URL
https://www.google-analytics.com/analytics.js
Domain
static.hotjar.com
URL
https://static.hotjar.com/c/hotjar-2594649.js?sv=7

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkmypages_webui object| __localeData__ function| clearImmediate function| setImmediate object| PageDataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings string| __reactRouterVersion object| __dynProto$Gbl object| FontAwesomeConfig object| ___FONT_AWESOME___ object| regeneratorRuntime

6 Cookies

Domain/Path Name / Value
.omatsivut.tfbank.fi/ Name: TiPMix
Value: 61.9902756204248
.omatsivut.tfbank.fi/ Name: x-ms-routing-name
Value: self
.omatsivut.tfbank.fi/ Name: ARRAffinity
Value: 1a93607e9fcb97085e8118866770525e13b7dd2091a9c6f61c90879ccfd37bf7
.omatsivut.tfbank.fi/ Name: ARRAffinitySameSite
Value: 1a93607e9fcb97085e8118866770525e13b7dd2091a9c6f61c90879ccfd37bf7
omatsivut.tfbank.fi/ Name: ai_user
Value: F19YeSXbiHpjbHSYSwLSsD|2024-10-20T23:01:03.440Z
omatsivut.tfbank.fi/ Name: ai_session
Value: h890vk0CoSBDhhQ7c71xwH|1729465263593|1729465263593

3 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-5PHJMBM&l=PageDataLayer&gtm_auth=&gtm_preview=&gtm_cookies_win=x(Line 91)
Message:
Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-5PHJMBM&l=PageDataLayer&gtm_auth=&gtm_preview=&gtm_cookies_win=x(Line 91)
Message:
Refused to load the script 'https://static.hotjar.com/c/hotjar-2594649.js?sv=7' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
intervention info URL: https://omatsivut.tfbank.fi/login
Message:
Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://omatsivut.tfbank.fi/static/media/Raleway-VariableFont_wght.575ec9e676c7a85494bb.ttf

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://login-eu-c1.cc.sinch.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com https://content01.tfbank.se; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dc.services.visualstudio.com
omatsivut.tfbank.fi
prodcustomerdataapi.tfbank.se
static.hotjar.com
www.google-analytics.com
www.googletagmanager.com
static.hotjar.com
www.google-analytics.com
172.217.16.200
185.195.94.202
185.195.94.212
20.50.88.245
08983ee86185c5c80d281e30391437e5f10ec2e895c3c3b80aaa633ce5b2b84b
1431b53f53544a5c47d19c148c9624b389fa5722f3605e22afd7161e3c5e0b24
26be3b391b6f42037fa6e2b048098ac5f5737a1794efaaf1402bf952bc821873
35eb950befd209380d97c625695b11bb335d5e423af9162e847c48810c597e97
61005b093700502390f55675aff651e43cd4158810125024f1b43ef76ac1695d
67c986a62c39dd0654c8ec366d60720ed2d6041fcff3f27b0b37923a7718ba30
701d838178929148f2eb418c3c97c99636c033fc2efa6874d65299f6df4929d2
7054e3119cfe6e7d3fa20570caf2488bde4358f4303fd11b3e07f29ed0dc742b
8ab3c52b7f756c147a42dfc42966e9b4b1cdbaae9b2439def033a20d5b8611da
8e6384b5786da97b0886bab8a8f2f445424d5fdb83a720fe7c1098defa89306c
8e7573b0f6f9f03ee2d25c488a5943c04f3ef43c9f0ae5bbc8d4f702e200ff09
8e7948221210e0bff86b70de2a2e893e24e0d9c5a16a5db0aa47834b88bf1998
a1c5ae128a15c00c005f02cab2836792f33932f4ff2b4ffde7dda864641d169e
a6bcbccd8410b2044e7a005c74c71c09c8ffc2021f516b191c84f2744e6f3cc1
d28b01828d6e70e2f00ea59cf97f48f7ef5558addc26dbf3a6d6c623c58ed7b6
e1e25c252919992d67016862e6be126151e4c4ded40a92502160ef9d9a1336f2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee105d57d992f41cad69041c552c8c0feb3be72337e8ab77344d2917b3d8774b
f26ff9e4fe340b565bdf85f93fae8a93dac5c1e10510457c2814dd2208504ad2
f30002bf75f7eb29b4263d73c6c0452bb21b19be62cfb4ca004576c521e45828