payment.norwegian.com Open in urlscan Pro
2606:4700::6812:c06a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://payment.norwegian.com/
Submission: On December 13 via manual (December 13th 2024, 3:36:38 pm UTC) from GB — Scanned from GB

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 6 domains to perform 35 HTTP transactions. The main IP is 2606:4700::6812:c06a, located in United States and belongs to CLOUDFLARENET, US. The main domain is payment.norwegian.com.
TLS certificate: Issued by E5 on November 3rd 2024. Valid for: 3 months.

This is the only time payment.norwegian.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2606:4700::68... 2606:4700::6812:c06a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:235... 2600:9000:2359:c400:f:1b37:e600:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.234.25.89 3.234.25.89	14618 (AMAZON-AES) (AMAZON-AES)
5	34.225.5.197 34.225.5.197	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	143.204.98.8 143.204.98.8	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:225... 2600:9000:2251:d400:7:bffe:c3c0:21	16509 (AMAZON-02) (AMAZON-02)
35	10

17 2606:4700::6812:c06a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

payment.norwegian.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2359:c400:f:1b37:e600:93a1 (United States)

ASN16509 (AMAZON-02, US)

e11233f1926a.cdn4.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.234.25.89 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-234-25-89.compute-1.amazonaws.com

cbe38545452c4b6bb09c0aa64b6fc269-e11233f1926a.cdn.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.225.5.197 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-5-197.compute-1.amazonaws.com

cdn0.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-8.fra50.r.cloudfront.net

cdn3.forter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2251:d400:7:bffe:c3c0:21 (United States)

ASN16509 (AMAZON-02, US)

d3nocrch4qti4v.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	norwegian.com 1 redirects payment.norwegian.com	911 KB
10	forter.com e11233f1926a.cdn4.forter.com cbe38545452c4b6bb09c0aa64b6fc269-e11233f1926a.cdn.forter.com cdn0.forter.com — Cisco Umbrella Rank: 4475 cdn3.forter.com — Cisco Umbrella Rank: 3911	167 KB
3	cloudfront.net d3nocrch4qti4v.cloudfront.net	844 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	274 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3353
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 617	7 KB
35	6

	Domain	Requested by
17	payment.norwegian.com	1 redirects payment.norwegian.com static.cloudflareinsights.com
5	cdn0.forter.com	e11233f1926a.cdn4.forter.com
3	d3nocrch4qti4v.cloudfront.net
3	cdn3.forter.com	e11233f1926a.cdn4.forter.com
2	www.googletagmanager.com	payment.norwegian.com www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	cbe38545452c4b6bb09c0aa64b6fc269-e11233f1926a.cdn.forter.com	e11233f1926a.cdn4.forter.com
1	e11233f1926a.cdn4.forter.com	payment.norwegian.com
1	static.cloudflareinsights.com	payment.norwegian.com
35	9

This site contains no links.

Subject Issuer	Validity	Valid
payment.norwegian.com E5	`2024-11-03` - `2025-02-01`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-11-01` - `2025-01-30`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.cdn4.forter.com Amazon RSA 2048 M03	`2024-08-08` - `2025-09-06`	a year	crt.sh
*.cdn.forter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-10` - `2025-08-10`	a year	crt.sh
cdn0.forter.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-07-10` - `2025-07-08`	a year	crt.sh
cdn3.forter.com Amazon RSA 2048 M02	`2024-06-19` - `2025-07-18`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://payment.norwegian.com/
Frame ID: 184FB26C0B152710640561590A514F29
Requests: 32 HTTP requests in this frame

Frame: https://payment.norwegian.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js
Frame ID: 1809B883EA87EA1F14621C39A7971049
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Payment | Norwegian

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Forter (Analytics) Expand

Overall confidence: 100%
Detected patterns

forter\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

35
Requests

91 %
HTTPS

67 %
IPv6

6
Domains

9
Subdomains

10
IPs

2
Countries

1359 kB
Transfer

5201 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://payment.norwegian.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://payment.norwegian.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js

35 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
payment.norwegian.com/ 25 KB
12 KB 344ms
272ms Document
text/html 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb41948f81501e25a4db357cff4eae989328c6907e1ebb35ec2c38dafb6538e6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: no-cache,no-store
cf-cache-status: DYNAMIC
cf-ray: 8f1707c86a69634d-LHR
content-encoding: br
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
content-type: text/html; charset=utf-8
date: Fri, 13 Dec 2024 15:36:33 GMT
expires: -1
permissions-policy: camera=(), microphone=()
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC"
vary: Accept-Encoding
x-content-type-options: nosniff
x-correlation-id: PPXT1X20241213X163633X229116D
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 NewNasStyles.css
payment.norwegian.com/Styles/ 328 KB
44 KB 66ms
64ms Stylesheet
text/css 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Styles/NewNasStyles.css?v=Fil-bbJgKvbSQg5D3XNpDcvbm_HOr9FSStWIwnRDHnY

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16297e6db2602af6d2420e43dd73690dcbdb9bf1ceafd1524ad588c274431e76

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db3a01746c4bdb-gzip"
age: 7157
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/css
last-modified: Mon, 18 Nov 2024 21:33:06 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707ca2ca3634d-LHR
permissions-policy: camera=(), microphone=()
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 lib.js Show response
payment.norwegian.com/Scripts/ 3 MB
755 KB 69ms
67ms Script
text/javascript 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Scripts/lib.js?v=J4sJmsPen7_BcgpnBddrISG5lialUXejqtkJ5qZBWJU

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

278b099ac3de9fbfc1720a6705d76b2121b99626a55177a3aad909e6a6415895

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db3a01730ac1eb-gzip"
age: 501
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/javascript
last-modified: Mon, 18 Nov 2024 21:33:04 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707ca2ca5634d-LHR
permissions-policy: camera=(), microphone=()
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 instant.js Show response
payment.norwegian.com/Scripts/ 129 B
234 B 95ms
94ms Script
text/javascript 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Scripts/instant.js?v=jq47As8-M6KGPpel3bmRE6i14Lr6ojCkMubVLasJGls

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8eae3b02cf3e33a2863e97a5ddb99113a8b5e0bafaa230a432e6d52dab091a5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db3a0173382881-gzip"
age: 7156
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/javascript
last-modified: Mon, 18 Nov 2024 21:33:04 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707ca2ca8634d-LHR
permissions-policy: camera=(), microphone=()
accept-ranges: bytes
content-length: 126
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 lang.en-GB.js Show response
payment.norwegian.com/Scripts/ 8 KB
3 KB 64ms
63ms Script
text/javascript 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Scripts/lang.en-GB.js?v=5QzJ00wVO50eQDnd8Ba1gY20AxBFsWuKpaxFnWrxEZs

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e50cc9d34c153b9d1e4039ddf016b5818db4031045b16b8aa5ac459d6af1119b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db3a00c8c01ab9-gzip"
age: 7157
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/javascript
last-modified: Mon, 18 Nov 2024 21:28:18 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707ca2cac634d-LHR
permissions-policy: camera=(), microphone=()
accept-ranges: bytes
content-length: 3026
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 templates.js Show response
payment.norwegian.com/Scripts/ 75 KB
12 KB 65ms
64ms Script
text/javascript 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Scripts/templates.js?v=Z56LmkBLOXXJg3Du4NiBjvN23dgOS78AGUjdob8smzk

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

679e8b9a404b3975c98370eee0d8818ef376ddd80e4bbf001948dda1bf2c9b39

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db3a0173390337-gzip"
age: 7156
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/javascript
last-modified: Mon, 18 Nov 2024 21:33:04 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707ca2cad634d-LHR
permissions-policy: camera=(), microphone=()
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 visa_logo_bw.png
payment.norwegian.com/icons/scheme/ 6 KB
6 KB 91ms
91ms Image
image/webp 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payment.norwegian.com/icons/scheme/visa_logo_bw.png

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1d25d33e4106409795549beea593e4c5f4755fd770a62e76dfdd401be3d59ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

cf-bgj: imgq:100,h2pri
etag: "1db3a00767ea6cf"
age: 2480
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=17103
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: image/webp
content-disposition: inline; filename="visa_logo_bw.webp"
vary: Accept
last-modified: Mon, 18 Nov 2024 21:26:00 GMT
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707ca2cae634d-LHR
permissions-policy: camera=(), microphone=()
accept-ranges: bytes
content-length: 6124
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 mastercard_logo_bw.png
payment.norwegian.com/icons/scheme/ 1 KB
1 KB 93ms
93ms Image
image/webp 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payment.norwegian.com/icons/scheme/mastercard_logo_bw.png

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de4a36ca0717461243bb6b2608f0022e1e3de9c5a5fd339016499ac1bbe67358

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

cf-bgj: imgq:100,h2pri
etag: "1db3a00767ef35b"
age: 2480
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=5979
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: image/webp
content-disposition: inline; filename="mastercard_logo_bw.webp"
vary: Accept
last-modified: Mon, 18 Nov 2024 21:26:00 GMT
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707ca2cb5634d-LHR
permissions-policy: camera=(), microphone=()
accept-ranges: bytes
content-length: 1060
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 amex_logo_bw.png
payment.norwegian.com/icons/scheme/ 3 KB
3 KB 75ms
74ms Image
image/webp 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payment.norwegian.com/icons/scheme/amex_logo_bw.png

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c82ab3b3fd343b4f552ca6c2eaa9940d67eba8af0ad561cf0770829c5562625

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

cf-bgj: imgq:100,h2pri
etag: "1db3a00767edd8a"
age: 4876
cf-cache-status: HIT
x-content-type-options: nosniff
cf-polished: origFmt=png, origSize=14730
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: image/webp
content-disposition: inline; filename="amex_logo_bw.webp"
vary: Accept
last-modified: Mon, 18 Nov 2024 21:26:00 GMT
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707cadd70634d-LHR
permissions-policy: camera=(), microphone=()
accept-ranges: bytes
content-length: 3406
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 shared.min.js Show response
payment.norwegian.com/Scripts/ 60 KB
17 KB 69ms
68ms Script
text/javascript 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Scripts/shared.min.js?v=gYhzGnQuldqJmhM6uBSwv9WiVEoj8s6tszCz7AbeCgc

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8188731a742e95da899a133ab814b0bfd5a2544a23f2ceadb330b3ec06de0a07

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db3a017338d96d-gzip"
age: 7157
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/javascript
last-modified: Mon, 18 Nov 2024 21:33:04 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707caed7a634d-LHR
permissions-policy: camera=(), microphone=()
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 app-payment.min.js Show response
payment.norwegian.com/Scripts/ 71 KB
18 KB 48ms
48ms Script
text/javascript 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Scripts/app-payment.min.js?v=a2mYa9lAaFPZY4pmEFyYHP8UYuTTIl8EwyWe0O2cgkE

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b69986bd9406853d9638a66105c981cff1462e4d3225f04c3259ed0ed9c8241

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1db3a0097decd0d-gzip"
age: 7156
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/javascript
last-modified: Mon, 18 Nov 2024 21:26:56 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707cb5dff634d-LHR
permissions-policy: camera=(), microphone=()
accept-ranges: bytes
content-length: 18282
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 99ms
40ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: payment.norwegian.com
URL: https://payment.norwegian.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://payment.norwegian.com
Referer: https://payment.norwegian.com/

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2024.6.1"
cross-origin-resource-policy: cross-origin
cf-ray: 8f1707cbcbd1ccc1-LHR
access-control-allow-origin: *
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 582 KB
154 KB 178ms
96ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NVL4JDR

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f626d550bd518caa1836aff995235cf81a884330fa2c99b020d8a56135d3574f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: gzip
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 13 Dec 2024 15:36:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 15:36:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 13 Dec 2024 15:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 156752
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 apercu_regular_pro-web.woff2
payment.norwegian.com/Content/webfonts/ 34 KB
34 KB 61ms
60ms Font
font/woff2 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/Content/webfonts/apercu_regular_pro-web.woff2

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/Styles/NewNasStyles.css?v=Fil-bbJgKvbSQg5D3XNpDcvbm_HOr9FSStWIwnRDHnY

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af5a56f0a9eb13d4238b5780ddf731237e65492bba73a37f4896edcec9a46562

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://payment.norwegian.com
Referer: https://payment.norwegian.com/Styles/NewNasStyles.css?v=Fil-bbJgKvbSQg5D3XNpDcvbm_HOr9FSStWIwnRDHnY

Response headers

cf-cache-status: HIT
etag: "1db3a00c8c082a8"
age: 5783
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:33 GMT
content-type: font/woff2
last-modified: Mon, 18 Nov 2024 21:28:18 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707cbae46634d-LHR
permissions-policy: camera=(), microphone=()
accept-ranges: bytes
content-length: 34728
x-xss-protection: 1; mode=block
server: cloudflare

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0996e1e27267e75e64247fd46b750a73181b917fc53ee492b7a73fd83ebd94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ccc0202979747b3c3117505f1865144425260c039263ab1a3b9ac1f0d496e8c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 script.js Show response
e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/ 354 KB
164 KB 137ms
43ms Script
application/javascript 2600:9000:2359:c400:f:1b37:e600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2359:c400:f:1b37:e600:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

dd7404c20dda55c55c90a666f5ffb4c6ba060b458b4452852ee5924a7a51b97f

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://payment.norwegian.com
Referer: https://payment.norwegian.com/

Response headers

strict-transport-security: max-age=86400; includeSubDomains
x-amz-cf-id: A3wOc_i8P6RikI3T6ECyk8vww4-pl4ifsj5kErA-7A_je1oIRnbjsg==
cache-control: private, immutable, max-age=31536000
timing-allow-origin: *
content-encoding: br
etag: W/"a9dde01e42128e9704ce59db355a2179"
via: 1.1 172c1df55a41f1a1b144f3711399cfc4.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 15:36:34 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 13 Dec 2024 14:33:10 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA60-P10

GET
H2

200

main.js Show response
payment.norwegian.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/ Frame 1809
Redirect Chain

https://payment.norwegian.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://payment.norwegian.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?

8 KB
4 KB

45ms
45ms

Script
application/javascript

2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/

Protocol

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83537418658ef7ccb5fea78c1c98009c775bf5ac87bf7c3d183b21960b3fcf5e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: br
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707cc6f3d634d-LHR
permissions-policy: camera=(), microphone=()
date: Fri, 13 Dec 2024 15:36:34 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

Redirect headers

content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-ray: 8f1707cc1ee0634d-LHR
permissions-policy: camera=(), microphone=()
access-control-allow-origin: *
content-length: 0
date: Fri, 13 Dec 2024 15:36:33 GMT
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H2 200 8f1707c86a69634d Show response
payment.norwegian.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 1809 0
620 B 52ms
48ms XHR
text/plain 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/cdn-cgi/challenge-platform/h/g/jsd/r/8f1707c86a69634d

Requested by

Host: payment.norwegian.com
URL: https://payment.norwegian.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707cd0fe7634d-LHR
permissions-policy: camera=(), microphone=()
content-length: 0
date: Fri, 13 Dec 2024 15:36:34 GMT
x-xss-protection: 1; mode=block
content-type: text/plain; charset=UTF-8
server: cloudflare
x-frame-options: SAMEORIGIN

GET 88a6d9dc-0300-48c6-8868-4acddad6f56b
https://payment.norwegian.com/ Frame 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 360 KB
120 KB 60ms
59ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XMQZZ1BMXF&l=dataLayer&cx=c&gtm=45He4cb0v76365325za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NVL4JDR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5b9fbf597da9315a513fa2a8503360d200fb2b7214ba5723d548d7856ecdd405

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 13 Dec 2024 15:36:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 15:36:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 122639
x-xss-protection: 0
server: Google Tag Manager

GET f3c49162-a15b-442c-b1ff-eefcb2dc552e
https://payment.norwegian.com/ Frame 0
0

POST
H/1.1 200
OK prop.json
cbe38545452c4b6bb09c0aa64b6fc269-e11233f1926a.cdn.forter.com/ 2 B
629 B 323ms
101ms Ping
application/json 3.234.25.89
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cbe38545452c4b6bb09c0aa64b6fc269-e11233f1926a.cdn.forter.com/prop.json
Requested by: Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.234.25.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-25-89.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://payment.norwegian.com/

Response headers

ETag: "2-62925a2bb207a"
Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Date: Fri, 13 Dec 2024 15:36:34 GMT
Last-Modified: Fri, 13 Dec 2024 12:04:40 GMT
Content-Type: application/json
Access-Control-Allow-Headers: origin, x-requested-with, content-type, x-csrf-token
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Timing-Allow-Origin: *
Pragma: no-cache
Connection: close
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://payment.norwegian.com
Content-Length: 2
Server: Apache

GET
H/1.1 200
OK prop.json Show response
cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/ 20 B
365 B 485ms
253ms XHR
application/json 34.225.5.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/prop.json?_=1734104194290
Requested by: Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.225.5.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-5-197.compute-1.amazonaws.com
Software: /
Resource Hash: 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: no-cache
Timing-Allow-Origin: *
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: -1
Access-Control-Allow-Origin: https://payment.norwegian.com
Date: Fri, 13 Dec 2024 15:36:34 GMT
Content-Type: application/json
Vary: Origin

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 103ms
33ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XMQZZ1BMXF&gtm=45je4cb0v9172276097z876365325za200zb76365325&_p=1734104193620&gcs=G100&gcd=13q3q3q3q5l1&npa=1&dma_cps=-&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=170476268.1734104194&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&cu=GBP&dl=https%3A%2F%2Fpayment.norwegian.com%2F&dr=&sid=1734104194&sct=1&seg=0&dt=Payment%20%7C%20Norwegian&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=GB&ep.content_type=payment&ep.gtm_event_trigger=gtm.js&ep.country_code=GB&ep.event_group=content&tfd=1098
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XMQZZ1BMXF&l=dataLayer&cx=c&gtm=45He4cb0v76365325za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://payment.norwegian.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 15:36:34 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 rum Show response
payment.norwegian.com/cdn-cgi/ 0
152 B 63ms
61ms XHR
text/plain 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type: application/json
Referer: https://payment.norwegian.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
x-content-type-options: nosniff
cf-ray: 8f1707ced9d5634d-LHR
access-control-allow-origin: https://payment.norwegian.com
date: Fri, 13 Dec 2024 15:36:34 GMT
vary: Origin
server: cloudflare
x-frame-options: DENY

GET
H2 200 favicon_new.ico
payment.norwegian.com/ 1 KB
390 B 48ms
48ms Other
image/x-icon 2606:4700::6812:c06a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.norwegian.com/favicon_new.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c06a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7af4b1ec73e8b0610fb9ac069e62cb310e26e5d1a6c08f9ad414c6b66a687fcb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"1db3a00767ee07e"
age: 4877
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 15:36:34 GMT
content-type: image/x-icon
last-modified: Mon, 18 Nov 2024 21:26:00 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
cache-control: public
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f1707cee9ed634d-LHR
permissions-policy: camera=(), microphone=()
x-xss-protection: 1; mode=block
server: cloudflare

GET
H/1.1 200
OK prop.json Show response
cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/ 20 B
365 B 107ms
107ms XHR
application/json 34.225.5.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/prop.json?_=1734104194779
Requested by: Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.225.5.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-5-197.compute-1.amazonaws.com
Software: /
Resource Hash: 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: no-cache
Timing-Allow-Origin: *
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: -1
Access-Control-Allow-Origin: https://payment.norwegian.com
Date: Fri, 13 Dec 2024 15:36:34 GMT
Content-Type: application/json
Vary: Origin

GET
H/1.1 200
OK prop.json Show response
cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/ 20 B
365 B 108ms
107ms XHR
application/json 34.225.5.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/prop.json?_=1734104195033
Requested by: Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.225.5.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-5-197.compute-1.amazonaws.com
Software: /
Resource Hash: 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: no-cache
Timing-Allow-Origin: *
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: -1
Access-Control-Allow-Origin: https://payment.norwegian.com
Date: Fri, 13 Dec 2024 15:36:35 GMT
Content-Type: application/json
Vary: Origin

POST
H/1.1 200
OK wpt.json Show response
cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/ 20 B
446 B 107ms
106ms XHR
application/json 34.225.5.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/wpt.json
Requested by: Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.225.5.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-5-197.compute-1.amazonaws.com
Software: /
Resource Hash: 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json; charset=UTF-8
Referer: https://payment.norwegian.com/

Response headers

Cache-Control: private, no-cache, no-store
Timing-Allow-Origin: *
Pragma: no-cache
ETag: W/"14-Y53wuE/mmbSikKcT/WualL1N65U"
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: -1
Access-Control-Allow-Origin: https://payment.norwegian.com
Content-Length: 20
Keep-Alive: timeout=10
Date: Fri, 13 Dec 2024 15:36:35 GMT
Content-Type: application/json; charset=utf-8
Vary: Origin

OPTIONS
H/1.1 204
No Content wpt.json
cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/ Frame 0
0 106ms
105ms Preflight 34.225.5.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn0.forter.com/e11233f1926a/cbe38545452c4b6bb09c0aa64b6fc269/wpt.json
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.225.5.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-5-197.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://payment.norwegian.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 0
Date: Fri, 13 Dec 2024 15:36:35 GMT
Keep-Alive: timeout=10
Vary: Access-Control-Request-Headers

POST
H2 200 events
cdn3.forter.com/ 0
372 B 220ms
134ms Ping
text/plain 143.204.98.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.forter.com/events

Requested by

Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-8.fra50.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain; charset=gzip+enc
Referer: https://payment.norwegian.com/

Response headers

strict-transport-security: max-age=86400; includeSubDomains
cache-control: private, no-cache, no-store
timing-allow-origin: *
pragma: no-cache
via: 1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
expires: -1
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: vTAvWCS6ITT0KZpXr08T9jE3Gl43LQGeq9jByauNrTlumWYSgviZWw==
date: Fri, 13 Dec 2024 15:36:35 GMT
x-amz-cf-pop: FRA50-C1
vary: Origin
access-control-allow-origin: *

GET
H2 200 logo_small.gif
d3nocrch4qti4v.cloudfront.net/ 48 B
280 B 132ms
42ms Image
image/gif 2600:9000:2251:d400:7:bffe:c3c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3nocrch4qti4v.cloudfront.net/logo_small.gif?dfpadname=&check=1734104195364
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d400:7:bffe:c3c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 0a66aa00275ce9c21012bcc686cc4016ed3f0ef6addb4b0d18dfb3489d7632b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-cache: FunctionGeneratedResponse from cloudfront
content-length: 48
x-amz-cf-id: zrm2rBuggc1EtPis6GDwWcVEt1ZUYZhnsFmVGO3gMqtfs5yhZ4MqkA==
date: Fri, 13 Dec 2024 15:36:35 GMT
content-type: image/gif
x-amz-cf-pop: FRA60-P3
server: CloudFront

GET
H2 200 logo_medium.gif
d3nocrch4qti4v.cloudfront.net/ 48 B
283 B 130ms
40ms Image
image/gif 2600:9000:2251:d400:7:bffe:c3c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3nocrch4qti4v.cloudfront.net/logo_medium.gif?check=1734104195364&refererPageDetail=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d400:7:bffe:c3c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 0a66aa00275ce9c21012bcc686cc4016ed3f0ef6addb4b0d18dfb3489d7632b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-cache: FunctionGeneratedResponse from cloudfront
content-length: 48
x-amz-cf-id: ZfT2zPV9LKq0DIDjiB1FNq-EIh1HvNeLxY6dXTs31psVgrBGLvDQlQ==
date: Fri, 13 Dec 2024 15:36:35 GMT
content-type: image/gif
x-amz-cf-pop: FRA60-P3
server: CloudFront

GET
H2 200 logo_large.gif
d3nocrch4qti4v.cloudfront.net/ 48 B
281 B 130ms
41ms Image
image/gif 2600:9000:2251:d400:7:bffe:c3c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3nocrch4qti4v.cloudfront.net/logo_large.gif?1734104195364&-linkd-32.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:d400:7:bffe:c3c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 0a66aa00275ce9c21012bcc686cc4016ed3f0ef6addb4b0d18dfb3489d7632b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://payment.norwegian.com/

Response headers

via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-cache: FunctionGeneratedResponse from cloudfront
content-length: 48
x-amz-cf-id: KetFWM6Sz-D6giJp0QLyQcnOGU_gvpueH13x0bz0gwraW8njvKGZ0w==
date: Fri, 13 Dec 2024 15:36:35 GMT
content-type: image/gif
x-amz-cf-pop: FRA60-P3
server: CloudFront

POST
H2 200 events
cdn3.forter.com/ 0
369 B 137ms
135ms Ping
text/plain 143.204.98.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.forter.com/events

Requested by

Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-8.fra50.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain; charset=gzip+enc
Referer: https://payment.norwegian.com/

Response headers

strict-transport-security: max-age=86400; includeSubDomains
cache-control: private, no-cache, no-store
timing-allow-origin: *
pragma: no-cache
via: 1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
expires: -1
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: A60_M4j2zkvtqe90XtBO-i12HLDJ9RO1uh9dZ4vEvgrOo7TFMMR_mg==
date: Fri, 13 Dec 2024 15:36:36 GMT
x-amz-cf-pop: FRA50-C1
vary: Origin
access-control-allow-origin: *

POST
H3 200 events
cdn3.forter.com/ 0
282 B 131ms
130ms Ping
text/plain 143.204.98.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.forter.com/events

Requested by

Host: e11233f1926a.cdn4.forter.com
URL: https://e11233f1926a.cdn4.forter.com/sn/e11233f1926a/sha256-3XQEwg3aVcVckKZm9f%2B0xroGC0WLRFKFLuWSSnpRuX8%3D/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

143.204.98.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-8.fra50.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain; charset=gzip+enc
Referer: https://payment.norwegian.com/

Response headers

strict-transport-security: max-age=86400; includeSubDomains
cache-control: private, no-cache, no-store
timing-allow-origin: *
pragma: no-cache
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
expires: -1
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 0
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 15:36:37 GMT
x-amz-cf-pop: FRA50-C1
vary: Origin
x-amz-cf-id: brKul26ylplrzyTsjbC87Sf7cpD8QYr_JFk1RJ9Z7FdWlgfdBVu9PQ==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: payment.norwegian.com
URL: blob:https://payment.norwegian.com/88a6d9dc-0300-48c6-8868-4acddad6f56b

Domain: payment.norwegian.com
URL: blob:https://payment.norwegian.com/f3c49162-a15b-442c-b1ff-eefcb2dc552e

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
payment.norwegian.com/	1969-12-31 23:59:59	Name: .AspNetCore.Antiforgery.ps Value: CfDJ8Me3mNd31CZOkrTJdi7h1cQrOmwPUjPBIHHD306x3qiTPdemlSCAm62sRLvTyPTMDYepvm7peDSxbwc6WpzAr_GoD1juwvy-7tIDWsFSxIcNJdM5OaHPMFNx0CbRvlyreTtUTDfcQ2ACmqADMH_cSYU
payment.norwegian.com/	1969-12-31 23:59:59	Name: XSRF-TOKEN Value: CfDJ8Me3mNd31CZOkrTJdi7h1cQuabBmaEnU4D5QK9HYdQTQ_NOZSKA3_B10s0TF5zJW2bUm_4R0eS_sgp3jSIEctOJJ0IzAND82yqKrQiO75fzo9NannFWRdFtsJclyP6o-ZWc6uyhoob2eu-8qu9sZGpc
payment.norwegian.com/	1969-12-31 23:59:59	Name: .AspNetCore.Session Value: CfDJ8Me3mNd31CZOkrTJdi7h1cQ9cT2KMmPMn%2Fex8bJTYPSsl15Vmf7aER%2BBMG1i2%2BqDRQBwp1GEhS%2FSYZ9I1cJ%2BNQFZG8P0e9DpMSDTFqrg3GIfeYvbY5r9%2FPDFVXhJshoFzj46WCiZz5IAa3sFALC367j7TT7iAXIrqhAUvSMZs9HW
.norwegian.com/	1970-01-21 01:41:45	Name: __cf_bm Value: liqHPz_4B.9mySlvBVuTHZNMQpTJEr4lCzinFxi.ge0-1734104193-1.0.1.1-bR9MsEYjiGHaUIQIw1zTckNd.BPOVTz1yLE0bDzXyttypMPRsydbZap_Re4gHLatu4mazyDwcKebhMBUbqLcPQ
.norwegian.com/	1970-01-21 10:27:20	Name: cf_clearance Value: JLq_Th1fQyfhvcBbA5Q40RklaL8pFaBK6r4Q1Ddxmik-1734104194-1.2.1.1-WJSf5zLcY0w0w8RhpxO8qPGRyed7xR4D8vJzOIgjUX1XVGlDOXX8bAoATM7ZpoIEPjfK688BL8XeFHKoJ.oOh8_7fuiJwMeamLpa2.JfFjrdiVUru_HDTnwtkTzuzInXV6DoNqCkyHINbgP5CFmLtzzQmxbH4rCYDBW57UTsXDncWphWf4c7sOYY0hEFjZAWg1irNdVVKuowCe9IFwr3uai878RJ4LAqhQ4NLsyZAqd6QlZfme5hjr57tdh8EVqyevpn1SuMryy.arYn7SxEAjAlECIzYafVgIIpY7dg97YUI8aI7C6bWLvbK3x2xqm42k5vQsV6gsLuWJ1xMCFRycr8e1N0fHgqp3kmT6MXM7c.an3Fb9a8ybBdvL6StC0.
.norwegian.com/	1970-01-21 11:17:44	Name: forterToken Value: cbe38545452c4b6bb09c0aa64b6fc269_1734104193908__UDF43-m4_21ck_

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' https://tc243.resdesktop.altea.amadeus.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cbe38545452c4b6bb09c0aa64b6fc269-e11233f1926a.cdn.forter.com
cdn0.forter.com
cdn3.forter.com
d3nocrch4qti4v.cloudfront.net
e11233f1926a.cdn4.forter.com
payment.norwegian.com
region1.google-analytics.com
static.cloudflareinsights.com
www.googletagmanager.com
payment.norwegian.com
143.204.98.8
2001:4860:4802:32::36
2600:9000:2251:d400:7:bffe:c3c0:21
2600:9000:2359:c400:f:1b37:e600:93a1
2606:4700::6810:5049
2606:4700::6812:c06a
2a00:1450:4001:809::2008
3.234.25.89
34.225.5.197
0a66aa00275ce9c21012bcc686cc4016ed3f0ef6addb4b0d18dfb3489d7632b5
16297e6db2602af6d2420e43dd73690dcbdb9bf1ceafd1524ad588c274431e76
278b099ac3de9fbfc1720a6705d76b2121b99626a55177a3aad909e6a6415895
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5b9fbf597da9315a513fa2a8503360d200fb2b7214ba5723d548d7856ecdd405
5c82ab3b3fd343b4f552ca6c2eaa9940d67eba8af0ad561cf0770829c5562625
679e8b9a404b3975c98370eee0d8818ef376ddd80e4bbf001948dda1bf2c9b39
6b69986bd9406853d9638a66105c981cff1462e4d3225f04c3259ed0ed9c8241
6ccc0202979747b3c3117505f1865144425260c039263ab1a3b9ac1f0d496e8c
7af4b1ec73e8b0610fb9ac069e62cb310e26e5d1a6c08f9ad414c6b66a687fcb
8188731a742e95da899a133ab814b0bfd5a2544a23f2ceadb330b3ec06de0a07
83537418658ef7ccb5fea78c1c98009c775bf5ac87bf7c3d183b21960b3fcf5e
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8eae3b02cf3e33a2863e97a5ddb99113a8b5e0bafaa230a432e6d52dab091a5b
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
a1d25d33e4106409795549beea593e4c5f4755fd770a62e76dfdd401be3d59ea
af5a56f0a9eb13d4238b5780ddf731237e65492bba73a37f4896edcec9a46562
cb41948f81501e25a4db357cff4eae989328c6907e1ebb35ec2c38dafb6538e6
dd7404c20dda55c55c90a666f5ffb4c6ba060b458b4452852ee5924a7a51b97f
de4a36ca0717461243bb6b2608f0022e1e3de9c5a5fd339016499ac1bbe67358
e0996e1e27267e75e64247fd46b750a73181b917fc53ee492b7a73fd83ebd94f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50cc9d34c153b9d1e4039ddf016b5818db4031045b16b8aa5ac459d6af1119b
f626d550bd518caa1836aff995235cf81a884330fa2c99b020d8a56135d3574f

payment.norwegian.com Open in urlscan Pro 2606:4700::6812:c06a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

35 Requests

91 %HTTPS

67 %IPv6

6 Domains

9 Subdomains

10 IPs

2 Countries

1359 kBTransfer

5201 kBSize

6 Cookies

0 Outgoing links

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

payment.norwegian.com Open in urlscan Pro
2606:4700::6812:c06a Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

91 %
HTTPS

67 %
IPv6

6
Domains

9
Subdomains

10
IPs

2
Countries

1359 kB
Transfer

5201 kB
Size

6
Cookies

35 HTTP transactions
2 data transactions