178-79-179-35.ip.linodeusercontent.com/mitid/process.php
178.79.179.35200 OK 18 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/process.php
IP 178.79.179.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (805)
Hash 85129428f866803b28eab0f3b00b19ef
34adab7d52a501746a2bdfd91acfb7b1e1fd3ed4
e634ceb1d61e3d15b13d6c949d4a3318979667efc41003da240043fceb2f90d6
NIDS Severity Alert suricata medium ET PHISHING Possible Phish - Saved Website Comment Observed
GET /mitid/process.php HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5222
Expires: Tue, 28 Mar 2023 14:03:27 GMT
Date: Tue, 28 Mar 2023 12:36:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19719
Expires: Tue, 28 Mar 2023 18:05:04 GMT
Date: Tue, 28 Mar 2023 12:36:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 29fdbcd53b5646cfcdd46510063734c4
85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e
24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Backoff, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 12:28:03 GMT
content-type: application/json
age: 502
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17594
Expires: Tue, 28 Mar 2023 17:29:40 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6M/ztjw1776aDMjpIjwd6Ec3D7Ozsa3JyHvwWL4WV3156aKbiXs83EldbhPyrD1385zO8Gsm9dw=
x-amz-request-id: M7XHK477KCA68Y24
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 12:02:02 GMT
age: 2064
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
178.79.179.35200 OK 46 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
IP 178.79.179.35:0
File type assembler source, ASCII text
Hash d1aafd46c75fda47a8d4fc4292ec3fcc
d5570e9d09d74ca0b4495992fec5ef86573c4437
068ee6c88c6d2629f9a797dac9288490b736f0c944d9a46d566da7cd8f913a1b
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Sat, 06 Aug 2022 22:29:08 GMT
Accept-Ranges: bytes
Content-Length: 46070
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
178-79-179-35.ip.linodeusercontent.com/mitid/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
178.79.179.35404 Not Found 315 B URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
IP 178.79.179.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
178-79-179-35.ip.linodeusercontent.com/mitid/all/translateelement.css
178.79.179.35200 OK 19 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/translateelement.css
IP 178.79.179.35:0
File type ASCII text, with very long lines (18670)
Hash 15ab5dfc566a9a19f6e89a72b7819e43
064aac1e8bc5a26c5986e40659bc328157ec3b53
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/translateelement.css HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 18724
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
178-79-179-35.ip.linodeusercontent.com/mitid/all/no-connection-83f79e2367a313b468986e12a237c346.svg
178.79.179.35200 OK 5.0 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/no-connection-83f79e2367a313b468986e12a237c346.svg
IP 178.79.179.35:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4974), with no line terminators
Hash 83f79e2367a313b468986e12a237c346
6b0d0f5df661c328a99aefa3b9388507f35d7fba
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/no-connection-83f79e2367a313b468986e12a237c346.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 4974
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
178-79-179-35.ip.linodeusercontent.com/mitid/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
178.79.179.35200 OK 2.3 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
IP 178.79.179.35:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2285), with no line terminators
Hash 830ab2367a74a48b4e61ce97be19c0bd
79cde6c94cedde8c6ce414952a6f71841b890b77
6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2285
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
178-79-179-35.ip.linodeusercontent.com/mitid/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
178.79.179.35200 OK 3.1 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
IP 178.79.179.35:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3104), with no line terminators
Hash 9bbd07dc81f3c2a11d2c7735b416ee18
41ee4ad48472fd2f93f765b87c77a606a04e5a00
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3104
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
178-79-179-35.ip.linodeusercontent.com/mitid/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
178.79.179.35200 OK 3.1 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
IP 178.79.179.35:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3097), with no line terminators
Hash d0c0f9d25ebde42bbd552c8ad5363f01
97f08f3ee5a37bb5d291cf10fd8e5ce630467522
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3097
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
178-79-179-35.ip.linodeusercontent.com/mitid/all/translate_24dp.png
178.79.179.35200 OK 825 B URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/translate_24dp.png
IP 178.79.179.35:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 55ff382a8b09329e3230a1797eb8f5fd
026ae089006a674da7dcc9bf6b986c5d59e75478
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/translate_24dp.png HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 825
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
178-79-179-35.ip.linodeusercontent.com/mitid/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
178.79.179.35200 OK 2.8 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
IP 178.79.179.35:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2846), with no line terminators
Hash 91ca9eec9eed6ed945355d650bb10d41
7178a477a6cc3271d5e2927cd2737af55804f576
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2846
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
178-79-179-35.ip.linodeusercontent.com/mitid/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
178.79.179.35200 OK 2.8 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
IP 178.79.179.35:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2803), with no line terminators
Hash f426cda35f41e4c0b7c30c814b5eb2ee
9f278c5bfbf5ddebc2a4d24e4441efa94dd36be7
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2803
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
178-79-179-35.ip.linodeusercontent.com/mitid/all/empty-3857ebe69f653487f8c9d99adde4657f.svg
178.79.179.35200 OK 1.6 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/empty-3857ebe69f653487f8c9d99adde4657f.svg
IP 178.79.179.35:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1642), with no line terminators
Hash 3857ebe69f653487f8c9d99adde4657f
134737f1f8882726ef1b50546546fa9d1479207c
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/empty-3857ebe69f653487f8c9d99adde4657f.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 1642
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
178-79-179-35.ip.linodeusercontent.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
178.79.179.35404 Not Found 315 B URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
IP 178.79.179.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
178-79-179-35.ip.linodeusercontent.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
178.79.179.35404 Not Found 315 B URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
IP 178.79.179.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
178-79-179-35.ip.linodeusercontent.com/mitid/all/banner.png
178.79.179.35200 OK 40 kB URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/all/banner.png
IP 178.79.179.35:0
File type PNG image data, 828 x 300, 4-bit colormap, non-interlaced\012- data
Hash 6629cb5350d6f3276b2dccc43bd3f397
63d964e5caaa541475a4c2da976871a9f9986067
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /mitid/all/banner.png HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Sat, 06 Aug 2022 21:35:04 GMT
Accept-Ranges: bytes
Content-Length: 40339
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.gstatic.com/images/branding/product/2x/translate_24dp.png
142.250.74.35200 OK 1.8 kB URL HTTP/1.1 www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP 142.250.74.35:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 1842
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 24 Mar 2023 17:28:52 GMT
Expires: Sat, 23 Mar 2024 17:28:52 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 14 Oct 2021 09:08:00 GMT
Content-Type: image/png
Vary: Origin
Age: 328054
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 1da572819548bbf3a8392e32cdbbefe4
d8e366b4427fe4e579eb805508d1179286293ea6
249abed8883d914391f1147ae141e0b32e396cfc07227148c312e4f47f958703
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "249ABED8883D914391F1147AE141E0B32E396CFC07227148C312E4F47F958703"
Last-Modified: Tue, 28 Mar 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3540
Expires: Tue, 28 Mar 2023 13:35:26 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 5b0e68529b387f71d767672102e46678
6f391a645b4a8ab6703351ea0be2e543de79dfb1
7e682979a2a6770e976820d426b8b7aedaff04965856e68c04fc486626fd9ab2
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "7E682979A2A6770E976820D426B8B7AEDAFF04965856E68C04FC486626FD9AB2"
Last-Modified: Tue, 28 Mar 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3593
Expires: Tue, 28 Mar 2023 13:36:19 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive
identify.nordea.com/assets/images/favicon.ico
158.233.249.230200 OK 1.2 kB URL HTTP/1.1 identify.nordea.com/assets/images/favicon.ico
IP 158.233.249.230:0
ASN #201271 Nordea Bank Abp
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 9a39921b4a8d93d5528b4ccdc5d76e91
104a457c782a4f1208b116660746296cb45dcbd6
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb
GET /assets/images/favicon.ico HTTP/1.1
Host: identify.nordea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Thu, 02 Mar 2023 05:24:33 GMT
Cache-Control: max-age=31536000
Content-Type: image/x-icon
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin
Content-Length: 1150
Strict-Transport-Security: max-age=157680000; includeSubDomains
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Pragma, Last-Modified, Cache-Control, Alert, Content-Type, ETag, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 12:14:35 GMT
age: 1311
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
whos.amung.us/pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694
104.22.75.171200 OK 49 B URL HTTP/1.1 whos.amung.us/pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694
IP 104.22.75.171:0
File type ASCII text, with no line terminators
Hash 20a887afd30a6f13693fc01668926eb1
08918dc913692bf6719086a7db0c76ad82ed44af
91ead65a08f9e402fe2a522e2001f5a442517f78b1c5d3240aceb7f41ca75193
GET /pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aefeb32181b0a2b-ARN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da5340ee69a1000f751686df9e716663
a5da880a61ed119790a7990bbdcc0c97eecf04f2
d1ff10bfe40f290935abe1feeb975a6af8cf310f9ce9d45bbf482a604da73560
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1FF10BFE40F290935ABE1FEEB975A6AF8CF310F9CE9D45BBF482A604DA73560"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10404
Expires: Tue, 28 Mar 2023 15:29:50 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.161.26.194101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.26.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rYslBJt/6kFYpCeS8XJEcg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tVPc+t3LE/PLVI9ILk3nSp4pI+o=
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
67.202.105.31200 OK 4 B URL HTTP/2 de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP 67.202.105.31:0
File type ASCII text, with no line terminators
Hash 350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
GET /deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
expires: Wed, 29 Mar 2023 12:36:27 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
content-type: application/javascript
content-length: 4
date: Tue, 28 Mar 2023 12:36:26 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6506
Expires: Tue, 28 Mar 2023 14:24:54 GMT
Date: Tue, 28 Mar 2023 12:36:28 GMT
Connection: keep-alive
widgets.amung.us/small.js
104.22.75.171200 OK 11 kB URL HTTP/2 widgets.amung.us/small.js
IP 104.22.75.171:0
Hash 78451eeb8a43ca88004dcf188203f1bb
47a2cbab95a22f73121ff659f0fb36edccdfcaa3
b754c87e17c80c5b0eb6cdd07086b376312b95dbface7a828d89b20b3dacf7a9
GET /small.js HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/x-javascript
last-modified: Thu, 12 Jan 2023 17:19:44 GMT
etag: W/"63c04130-2170"
expires: Wed, 29 Mar 2023 12:19:27 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 1019
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aefeb310df02d5f-ARN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6506
Expires: Tue, 28 Mar 2023 14:24:54 GMT
Date: Tue, 28 Mar 2023 12:36:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee9c83faa5fdb77ba988a41207800b0e
4ac4c600767de39c5134cb97f78fcb29a681ee18
9039f7232ada16ae6d8a447225a15ef949c705a6f9e7aa20b367d001cd88c94f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11894
x-amzn-requestid: 8b0857c4-1333-45b7-84de-cf3ea7a3240e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdburGzXoAMF2Cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc4-005cc42d48948a3e0ef56b08;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:12 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: fw1M0poEZrxuB51jVwizwBuvn_JY1jaEFXGsRor3wj-OSCfU-lUuIQ==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:05:18 GMT
etag: "4ac4c600767de39c5134cb97f78fcb29a681ee18"
content-type: image/jpeg
age: 52270
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: KAI78tfv0ATn1DQvBGyodBs9UWsIGdj1Fa50KowbUAO4ab2ceaYhMw==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:49:26 GMT
age: 53222
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: U1WnpJASpWxPY-8kq-3g3_dKqm5l6UqhA0xUYijO5FDLGAxI2mLthg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 06:36:07 GMT
age: 21621
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 2fb06f69-4757-4ba5-9f20-6e829127b931
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqWETgoAMFV5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca8-6421e38b3a0ac0590ffa8b52;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:44 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JZfiBSqQdWXqpaxSlepC6hEJ888ja6o10GW0KziDifD8KdTmDTn0eQ==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:05:18 GMT
age: 52270
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 789f11978a1149984408fbbb9a2b3f81
078bd523107096bab5e26d42b18e316c253f1ca7
7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqBGl0IAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Xz5zjv-po5mgSFz_kkZZ5Hvw9SxY-3d-J2DpvFWxM-iI4jXTsUbiyg==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:16:22 GMT
age: 8406
etag: "078bd523107096bab5e26d42b18e316c253f1ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F904edce6-7c76-4531-a179-4144164cbbd1.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F904edce6-7c76-4531-a179-4144164cbbd1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 18fd7af8779cf8321e52f92f5797ec7d
dea3b15ef5ad129e736eac0787861c2f635da044
142485409b9fad01710d2a2aa96deccbb953e0a4f00cdac7bf2af9d98390d04a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F904edce6-7c76-4531-a179-4144164cbbd1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8394
x-amzn-requestid: 7f842fb6-0dfe-4eae-a9b5-59a3394552ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cb7VkFtRoAMF-xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64217289-78aaa1b73a3d10530672a56d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 10:40:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: TpfXXxs_lllcGY0OKhNeNBuTKohudBPyMQ24kClp5yMIhJ3Hs6WYIw==
via: 1.1 304b956e2039e07753fa39109152d594.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:59:51 GMT
age: 5797
etag: "dea3b15ef5ad129e736eac0787861c2f635da044"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
178-79-179-35.ip.linodeusercontent.com/mitid/5.php
178.79.179.35200 OK 498 B URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/5.php
IP 178.79.179.35:0
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e90c6d176a7f2163edd8aa7deedcdceb
5dca58b40478e7437d2c01d3452e4adeba1f373a
a1bade7bb61d3881b235bcf148539879ef3ea4d0239b711c67110e14779cdd35
GET /mitid/5.php HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
178-79-179-35.ip.linodeusercontent.com/favicon.ico
178.79.179.35404 Not Found 315 B URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/favicon.ico
IP 178.79.179.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
GET /favicon.ico HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/5.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:30 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
whos.amung.us/pingjs/?k=aircash123&t=Finish%20verification&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&y=&a=0&d=0.183&v=27&r=3311
104.22.75.171200 OK 49 B URL HTTP/1.1 whos.amung.us/pingjs/?k=aircash123&t=Finish%20verification&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&y=&a=0&d=0.183&v=27&r=3311
IP 104.22.75.171:0
File type ASCII text, with no line terminators
Hash 20a887afd30a6f13693fc01668926eb1
08918dc913692bf6719086a7db0c76ad82ed44af
91ead65a08f9e402fe2a522e2001f5a442517f78b1c5d3240aceb7f41ca75193
GET /pingjs/?k=aircash123&t=Finish%20verification&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&y=&a=0&d=0.183&v=27&r=3311 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:31 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aefeb4d9f840a2b-ARN
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&t=Finish%20verification
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&t=Finish%20verification
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&t=Finish%20verification HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c
141.101.120.11200 OK 1 B URL HTTP/2 t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c
IP 141.101.120.11:0
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
GET /pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=2; oa=2; df=1680006986
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:31 GMT
content-type: application/javascript
x-t: 0.095
x-c: 0
expires: Tue, 28 Mar 2023 12:36:30 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OPXozD8wHl1Z3EsXTAWAXC%2Fn3fXCAN9iPeRrmXmXbDseKHzE84hAYrDnocAq956cFGWf%2FKlYLlRwhECpSsSFKdRMcbLhlOldy%2Bp5CAARKJ2GWn2rLYJtBQz%2Bk%2BTTs6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb4dcde309b3-ARN
content-encoding: br
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
67.202.105.31200 OK 4 B URL HTTP/2 de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP 67.202.105.31:0
File type ASCII text, with no line terminators
Hash 350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
GET /deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=86400
expires: Wed, 29 Mar 2023 12:36:31 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
content-type: application/javascript
content-length: 4
date: Tue, 28 Mar 2023 12:36:30 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 1da572819548bbf3a8392e32cdbbefe4
d8e366b4427fe4e579eb805508d1179286293ea6
249abed8883d914391f1147ae141e0b32e396cfc07227148c312e4f47f958703
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "249ABED8883D914391F1147AE141E0B32E396CFC07227148C312E4F47F958703"
Last-Modified: Tue, 28 Mar 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3492
Expires: Tue, 28 Mar 2023 13:34:44 GMT
Date: Tue, 28 Mar 2023 12:36:32 GMT
Connection: keep-alive
www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
23.36.79.11200 OK 30 kB URL HTTP/2 www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (63496)
Hash 19a7a47e2ec02061a9f95727b8d2c6b3
14ae8242f8c11d768ba74af4309d1e51fba08868
72b20d4d78dde7a46df14630a312db7752f5912de04d19dc97cb29243f58a793
GET /privat/produkter/kort/scenarier-betalingskrav.html HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=utf-8
etag: "c1e0d260661b9f7c76da9be8930b4bc4"
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
vary: Accept-Encoding
x-ua-compatible: IE=edge,chrome=1
content-security-policy: default-src 'self';script-src 'nonce-6abbfbbc-ea66-438b-ae95-a321b95e4083' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-6abbfbbc-ea66-438b-ae95-a321b95e4083' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk;
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 30311
cache-control: public, max-age=54
expires: Tue, 28 Mar 2023 12:37:26 GMT
date: Tue, 28 Mar 2023 12:36:32 GMT
set-cookie: DC=1; expires=Tue, 28-Mar-2023 13:36:32 GMT; path=/; secure
X-Firefox-Spdy: h2
t.dtscout.com/pv/
141.101.120.11200 OK 28 kB IP 141.101.120.11:0
Hash f504db8484b1b5c3f4943716c5e95c39
d27c82303953682af878d45375231669656d1ea9
ff65d2eb4bef87a65e789ad4a8a2c78f0cc49b42c1eda5dee01c7e2911681183
POST /pv/ HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------375712462442140473692825590875
Content-Length: 1218
Origin: http://178-79-179-35.ip.linodeusercontent.com
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=2; oa=2; df=1680006986
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:32 GMT
content-type: application/javascript
x-t: 0.077
x-c: 0
expires: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0%2FheLhGHTNkZJlrVCOJPyabVnek6oe8c1qFpQIzXvV9yy4Ks4ZgqLuyh8lykTj2tWICm3x1SMlkONPKwzo4QSKEEbCXuVjKRYJRGFc23CBCdVWmFw%2BU11KVy2%2BVDL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb58ab8f09b3-ARN
content-encoding: br
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4
23.36.79.11200 OK 27 kB URL HTTP/2 www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26880, version 1.0\012- data
Hash e4238b12ce44d3a6d5c8333b38c4298d
8c4c85f9964f31cb4904a00f2fc5501e6e8fc0d6
962695be3ac30a381a39861a4b3cac34209df3bd49d1e3ce1e65e0c086ecf99b
GET /static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26880
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6900"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 26903
cache-control: max-age=42176077
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4
23.36.79.11200 OK 27 kB URL HTTP/2 www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 27028, version 1.0\012- data
Hash 759c2f6eccd87b8657a155c8cd161b46
d51db8f054d32c1e25755028b610824b610cea22
487d05d845237fd795518d20db7915ec762d88777d7ccace66faeadc860121fc
GET /static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 27028
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6994"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 27051
cache-control: max-age=42176115
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4
23.36.79.11200 OK 26 kB URL HTTP/2 www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26420, version 1.0\012- data
Hash b2a3a37db81e59cd5f6ed9c2a66f8b87
a2e2f41d02b1882b31ce09d3ca78bb51146d6b03
1223a7bdfc606583426e3e59e2342c6ba43521f17659b4add018a1ce1d2865b8
GET /static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26420
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6734"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 26443
cache-control: max-age=42176075
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017/assets/fonts/iconfont.woff2?v=3.76.4
23.36.79.11200 OK 17 kB URL HTTP/2 www.nordea.dk/static/dotxx2017/assets/fonts/iconfont.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 16632, version 1.0\012- data
Hash 091709292e0410ed9590122bc4a4e877
a657e25591e7f99254a2bd61474c987881918cbf
a710afb3858f788445a7c35cefdb6100f83fcade40f95dcb52d1f2c56604dd3d
GET /static/dotxx2017/assets/fonts/iconfont.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 16632
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-40f8"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 16651
cache-control: max-age=42176119
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/static-client/client.js?v=3.76.4
23.36.79.11200 OK 21 kB URL HTTP/2 www.nordea.dk/static-client/client.js?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 849e2c5e3f9247a87fd239c698215d9e
40be6f234eed22b5a8ebc2f91f9cc93177d792ed
883f1fddbcf39dcf34231fcbea705ff7035c463628a04bc2d6d4974ec140dc91
GET /static-client/client.js?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript
cteonnt-length: 81898
last-modified: Wed, 08 Mar 2023 08:57:42 GMT
etag: "64084e06-13fea"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 20969
cache-control: max-age=42176080
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
23.36.79.11200 OK 38 kB URL HTTP/2 www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (59837)
Hash 86bcb5dcb39bf89d84e205e085e40735
60c8c3178646b49bf7c9f087d97a7118652e5e13
ad5009a5e41bee6ef27f3a1b8c6f21ccb0caaea12fe8d0d73ff77ecc33b3ea91
GET /static/dotxx2017/css/main.css?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/css
cteonnt-length: 198234
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-3065a"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 37700
cache-control: max-age=42176080
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/static-client/vendors~client.js?v=3.76.4
23.36.79.11200 OK 94 kB URL HTTP/2 www.nordea.dk/static-client/vendors~client.js?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (31725)
Hash 1ee800a5fcbdfb4f50e7c7635fc034b7
50de0f9f2d46a4f3e52111be7efaf4daf0ac9e8f
93db517bfbe36e8624f878a4f7d1ecb0edbdd0e243c5147ef54642fb2355359e
GET /static-client/vendors~client.js?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript
cteonnt-length: 278167
last-modified: Wed, 08 Mar 2023 08:57:42 GMT
etag: "64084e06-43e97"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
cache-control: max-age=42176049
date: Tue, 28 Mar 2023 12:36:32 GMT
content-length: 93521
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017/js/main.js?v=3.76.4
23.36.79.11200 OK 100 kB URL HTTP/2 www.nordea.dk/static/dotxx2017/js/main.js?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type HTML document, Unicode text, UTF-8 text, with very long lines (65472)
Size 100 kB (100427 bytes)
Hash efa48c355b5dcdfa1c71cb8018a56745
5970bc4974a266e258aa14b60878b353365da2c2
997623b56e0758877e187bf5c4f40fca7e35995ef7e4539cebbd9d51295fba68
GET /static/dotxx2017/js/main.js?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript
cteonnt-length: 308723
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-4b5f3"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
cache-control: max-age=42176120
date: Tue, 28 Mar 2023 12:36:32 GMT
content-length: 100427
X-Firefox-Spdy: h2
www.nordea.dk/Images/144-169221/Nordea-logo%20(2017).svg
23.36.79.11200 OK 912 B URL HTTP/2 www.nordea.dk/Images/144-169221/Nordea-logo%20(2017).svg
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cac2129584b1516c71a8eca39acc70d2
94a2249aab0f00920ce0ccccf306edc7abf80d00
f2628593d0441ddf76ceaa546b9afeeb32e5555dad0622c1a4c7a09735abeb1c
GET /Images/144-169221/Nordea-logo%20(2017).svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: 1493022695000
server: nginx
content-type: image/svg+xml
ntcoent-length: 1915
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Mon, 24 Apr 2017 08:31:35 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 912
vary: Accept-Encoding
cache-control: public, max-age=16528
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/Images/144-200667/facebook.svg
23.36.79.11200 OK 307 B URL HTTP/2 www.nordea.dk/Images/144-200667/facebook.svg
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (389)
Hash 490fc502c22cd50855905e76e893b032
d881a7547ee552cba04b34cbd747653701d02670
4ca54ef5d219e8955eb21701daad5856b468cc67b85f42b6e489e8d9fa6c0e56
GET /Images/144-200667/facebook.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: 1649233900000
server: nginx
content-type: image/svg+xml
ntcoent-length: 493
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:31:40 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 307
vary: Accept-Encoding
cache-control: public, max-age=7569
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/Images/144-200668/linkedin.svg
23.36.79.11200 OK 499 B URL HTTP/2 www.nordea.dk/Images/144-200668/linkedin.svg
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (864)
Hash edcb0a76922f4e5b5cf1a05dc6862ba8
f75ea67bd1e28ed918dd6e0aa220a6cec3ad4320
fe9381b4d983fd1fe7fb9c88f9deb6e2eb724a62791583b0a82475c819508b44
GET /Images/144-200668/linkedin.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: 1649233978000
server: nginx
content-type: image/svg+xml
ntcoent-length: 968
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:32:58 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 499
vary: Accept-Encoding
cache-control: public, max-age=16464
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/Images/144-200669/twitter.svg
23.36.79.11200 OK 764 B URL HTTP/2 www.nordea.dk/Images/144-200669/twitter.svg
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1431)
Hash 4375ae9e854d3264324c86cd3e34743b
acf3352f10bccb0bc98c120f32f04cd87ae368f6
c63f9568629dba72601adc7d8f00114bea662d512b17cda0126e63d7809d88b9
GET /Images/144-200669/twitter.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: 1649233998000
server: nginx
content-type: image/svg+xml
ntcoent-length: 1535
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:33:18 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 764
vary: Accept-Encoding
cache-control: public, max-age=16555
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/Images/144-200670/youtube.svg
23.36.79.11200 OK 470 B URL HTTP/2 www.nordea.dk/Images/144-200670/youtube.svg
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (756)
Hash 50fa3d39c40b2e977e7ccd4fc4dc638d
c2fff674d5b098c5e7ffd707b716ceec18c0089a
dd1cac1c51cc67df03ddfede65adaa8ff0b73c0fb18767feff324328ca451e40
GET /Images/144-200670/youtube.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: 1649234016000
server: nginx
content-type: image/svg+xml
ntcoent-length: 860
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:33:36 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 470
vary: Accept-Encoding
cache-control: public, max-age=7525
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017//assets/fonts/iconfont.woff2?v=3.76.4
23.36.79.11200 OK 17 kB URL HTTP/2 www.nordea.dk/static/dotxx2017//assets/fonts/iconfont.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 16632, version 1.0\012- data
Hash 0eef6a13aa8328cbc98b7bea77d41a1b
3a8f0de1c3a00143c1f4c399028d509abcc622a9
b52149a5f5515c938dd8ae51d66dcb808ea1d4cfb0c4f03acf60cf57bb147e8b
GET /static/dotxx2017//assets/fonts/iconfont.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 16632
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-40f8"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176118
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 16632
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4
23.36.79.11200 OK 26 kB URL HTTP/2 www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26420, version 1.0\012- data
Hash f63e5b9578e42abb9cdd6334133d35fc
b587b0b87c9f3df735d85d829435f80633012138
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff
GET /static/dotxx2017//assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26420
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6734"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176074
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 26420
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js
54.230.111.26200 OK 84 kB URL HTTP/2 tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js
IP 54.230.111.26:0
File type ASCII text, with very long lines (24400)
Hash 2e0125f8d8be7455af994e15f5ce2209
10fe018a3c47375ad2dd0fb287f1cff66ad66454
049ea7cc3b568d8bf7ae51cf8ec7545bb7f23f9eeafd73880abdcd91d08a7f8a
GET /utag/nordea/op-web/prod/utag.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 10 Mar 2023 18:10:27 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ytLjm_CC5K9C0lHkIzna8JY_cobSRsuL
server: AmazonS3
content-encoding: br
date: Tue, 28 Mar 2023 12:35:08 GMT
etag: W/"b08d61d95dff66a9e118970454bcb02c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: R1AioRftqgAaGAtVhGGIxduwDlRlBmyJ4LRh_PEa9ofYKWZaUGWf0A==
age: 85
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Medium.woff2?v=3.76.4
23.36.79.11200 OK 27 kB URL HTTP/2 www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Medium.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 27448, version 1.0\012- data
Hash 63fc54e6b6bf4ff9de25e8c0a3373767
02dbf65899927f4ffb0f9bbc23b77e84401e769e
1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245
GET /static/dotxx2017//assets/fonts/NordeaSansLarge-Medium.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 27448
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6b38"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176096
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 27448
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4
23.36.79.11200 OK 27 kB URL HTTP/2 www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26880, version 1.0\012- data
Hash 20d225e66a86f9298f99431e56d3542b
0000cbacaa66fb1a53227a9c05a08a7b71dd8c72
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03
GET /static/dotxx2017//assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26880
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6900"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176076
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 26880
X-Firefox-Spdy: h2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4
23.36.79.11200 OK 27 kB URL HTTP/2 www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 27028, version 1.0\012- data
Hash a52e67defee146cb49d91dac2e261ffe
6f40bb5cabf69d6baf7f0fa9dbbb2dd3f4ae2a77
c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3
GET /static/dotxx2017//assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 27028
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6994"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176114
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 27028
X-Firefox-Spdy: h2
policy.cookiereports.com/735544c3_panel-da-dk.js
34.107.253.133200 OK 25 kB URL HTTP/2 policy.cookiereports.com/735544c3_panel-da-dk.js
IP 34.107.253.133:0
File type ASCII text, with very long lines (603)
Hash 17f5519fbae327ffa9cfa3757f7a251e
f3bfb57ab68a4ce325df6a6cd76e4d79b922c41e
398c646e1a0ec229384ffdee5fda05020e8de6996cb8f401aae0e6b6297e4959
GET /735544c3_panel-da-dk.js HTTP/1.1
Host: policy.cookiereports.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-encoding: gzip
via: 1.1 google
date: Tue, 28 Mar 2023 12:20:46 GMT
cache-control: public,max-age=3600
content-type: application/javascript
vary: Accept-Encoding
content-length: 25042
age: 947
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 1148260cf673356c5bac0d2e02586908
499d4b57a6397b8edbd71f905c8531923f71e307
25fc881eb14ffb7c71517e9c032cfa0b624ed6be5aaace3467831e53c1112d9d
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 26 Mar 2023 18:22:53 GMT
Expires: Sun, 02 Apr 2023 18:22:52 GMT
Etag: "499d4b57a6397b8edbd71f905c8531923f71e307"
Cache-Control: max-age=600711,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 14
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7aefeb5acf60b517-OSL
www.nordea.dk/Images/144-338818/favicon.ico
23.36.79.11200 OK 5.4 kB URL HTTP/2 www.nordea.dk/Images/144-338818/favicon.ico
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 7b0e9c3c0c240e33000b35fc69659c8e
5d737ba498cba22fe1f3a6d8cbd7c3b87c1863dc
96aa03e2f9057c9ab306902c1967181055e1ed4a897a7f1060441037e4d08e70
GET /Images/144-338818/favicon.ico HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: 1574773786000
server: nginx
content-type: image/x-icon
content-length: 5430
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Tue, 26 Nov 2019 13:09:46 GMT
strict-transport-security: max-age=157680000
cache-control: public, max-age=8642
date: Tue, 28 Mar 2023 12:36:33 GMT
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013
54.230.111.26200 OK 2 B URL HTTP/2 tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013
IP 54.230.111.26:0
File type ASCII text, with no line terminators
Hash 7bc0ee636b3b83484fc3b9348863bd22
ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
GET /utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
accept-ranges: bytes
server: AmazonS3
date: Tue, 28 Mar 2023 12:28:01 GMT
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cfbvbM80EkZbwFAH6lvMB0DieD9oWW4LkC4mBlo6ycNjhfEu4t2L1Q==
age: 513
X-Firefox-Spdy: h2
tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js
54.230.111.26200 OK 0 B URL HTTP/2 tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js
IP 54.230.111.26:0
GET /utag/nordea/op-web/prod/utag.sync.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 10 Mar 2023 18:10:27 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: vTOUw0gS08Ufhov4s1wnDrbQg4PMHMaR
server: AmazonS3
content-encoding: br
date: Tue, 28 Mar 2023 12:33:23 GMT
etag: W/"9445c56d3218404842854537625d133c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EYTFEkhuPrC_WVh3qKGfEAzcD0NHdIGgxZzT0Ul7UI3LpKnio4k-vA==
age: 191
X-Firefox-Spdy: h2
178-79-179-35.ip.linodeusercontent.com/mitid/card.php
178.79.179.35302 Found 0 B URL HTTP/1.1 178-79-179-35.ip.linodeusercontent.com/mitid/card.php
IP 178.79.179.35:0
GET /mitid/card.php HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 28 Mar 2023 12:36:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: 5.php
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
t.dtscout.com/i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j=
141.101.120.11200 OK 0 B URL HTTP/2 t.dtscout.com/i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j=
IP 141.101.120.11:0
GET /i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/javascript
x-s: ger1
set-cookie: m=1; Domain=dtscout.com; Expires=Tue, 28-Mar-2023 13:59:46 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Tue, 28-Mar-2023 16:36:26 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1680006986; Domain=dtscout.com; Expires=Thu, 06-Jul-2023 12:36:26 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.982
expires: Tue, 28 Mar 2023 12:36:25 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hKWKvHBpYbGivSxXSPPXjtGejoZqylVCEny4tQ%2FfifPoJZ5UdP9sC88Yv%2BJkvce0JLyLFmKWBkPNpxOX3khI4692BRNi6vz7CNCk9tIOAPq5N%2BBN0XQHsAa6ppZxoA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb31ab7509b3-ARN
content-encoding: br
X-Firefox-Spdy: h2
t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c
141.101.120.11200 OK 0 B URL HTTP/2 t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c
IP 141.101.120.11:0
GET /pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=1; oa=1; df=1680006986
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/javascript
x-t: 0.192
x-c: 0
expires: Tue, 28 Mar 2023 12:36:25 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaMxYyFyqBnVxVWUtCfxtvrXHy5ajDcgIZcPrcG4wNBicOsGQZDwgzD6rIeQPTYpemWuI01eJcDR2KRXePTpMjnLteyFRK%2B2fZVJJGEY1dvYdh%2Fk%2FXegVTEC00cmaGQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb325cfc09b3-ARN
content-encoding: br
X-Firefox-Spdy: h2
t.dtscout.com/pv/
141.101.120.11200 OK 0 B IP 141.101.120.11:0
POST /pv/ HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------90997088224958640464175100965
Content-Length: 1207
Origin: http://178-79-179-35.ip.linodeusercontent.com
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=1; oa=1; df=1680006986
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:30 GMT
content-type: application/javascript
x-t: 0.128
x-c: 0
expires: Tue, 28 Mar 2023 12:36:29 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5FrQQvvvg2fMPsBbW6uAVgIcIXdFV6HgBqFj9AmFyxmOLtFCWVsFWeva9%2FQKwy2XUi8i3iAW2UiYrJjYYxQC0uD6sygZj7WFGnnzcsbEjnWbHijIO7MgABfqzInBJY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb4bb98209b3-ARN
content-encoding: br
X-Firefox-Spdy: h2