Report - 178-79-179-35.ip.linodeusercontent.com/mitid/process.php

Report Overview

Submitted URL
178-79-179-35.ip.linodeusercontent.com/mitid/process.php
IP
178.79.179.35
ASN
#63949 Linode, LLC
Submitted
2023-03-28 12:36:37
Access
public
Website Title
Final URL
Tags
nordea financial phishing
urlquery detections
Phishing - Nordea

Detections

urlquery
16
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606 B	127 B	35.161.26.194
de.tynt.com	1252	2013-08-06T03:33:59Z	2023-03-29T12:44:24Z	972 B	808 B	67.202.105.31
policy.cookiereports.com	102108	2012-10-04T10:10:48Z	2023-03-29T19:49:01Z	381 B	25 kB	34.107.253.133
identify.nordea.com	764228	2018-07-30T08:32:10Z	2023-03-29T19:51:27Z	423 B	1.6 kB	158.233.249.230
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333 B	391 B	34.117.237.239
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-29T09:13:03Z	359 B	2.5 kB	142.250.74.35
ocsp.entrust.net	1208	2014-01-10T03:18:45Z	2023-03-29T05:40:35Z	1.0 kB	5.9 kB	104.110.10.32
whos.amung.us	12687	2014-04-02T16:27:13Z	2023-03-29T12:52:10Z	865 B	600 B	104.22.75.171
ic.tynt.com	4300	2013-08-06T03:33:59Z	2023-03-29T12:59:06Z	4.8 kB	2.7 kB	67.202.105.33
widgets.amung.us	12623	2012-05-21T21:25:54Z	2023-03-29T12:31:46Z	382 B	11 kB	104.22.75.171
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782 B	2.4 kB	35.241.9.150
www.nordea.dk	931221	2015-06-10T11:53:30Z	2023-03-29T11:55:10Z	10 kB	521 kB	23.36.79.11
t.dtscout.com	11951	2017-01-30T05:52:42Z	2023-03-29T12:31:47Z	2.8 kB	31 kB	141.101.120.11
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	2.0 kB	5.3 kB	23.36.76.226
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3.2 kB	60 kB	34.120.237.76
178-79-179-35.ip.linodeusercontent.com	unknown	2023-01-03T19:06:55Z	2023-03-28T14:36:25Z	8.2 kB	152 kB	178.79.179.35
ocsp.usertrust.com	899	2012-05-21T17:43:18Z	2023-03-29T05:12:11Z	342 B	1.0 kB	104.18.32.68
tags.tiqcdn.com	969	2013-01-15T06:04:26Z	2023-03-29T05:57:07Z	1.2 kB	86 kB	54.230.111.26

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-28 12:36:46	medium	178.79.179.35	Client IP	ET PHISHING Possible Phish - Saved Website Comment Observed

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	178-79-179-35.ip.linodeusercontent.com/mitid/process.php	238 B	2023-03-13	2023-03-29
Pretty URL 178-79-179-35.ip.linodeusercontent.com/mitid/process.php IP 178.79.179.35 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:14:33 Last Seen2023-03-29 23:34:16 Times Seen9 Hash 0f3d8f77af81f8f74739cc2864050522 eed3978de423da613e8c4b64a09cba26b190b8a4 43b8f8d7f9244dcf8323a39bcb4ef57a6ec355a5d77c1579999c943b7a16ec11 Loading...

	www.nordea.dk/static-client/vendors~client.js?v=3.76.4	278 kB	2023-03-29	2023-05-26
Pretty URL www.nordea.dk/static-client/vendors~client.js?v=3.76.4 IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:34:15 Last Seen2023-05-26 15:42:53 Times Seen10 Hash ca89bfc546de3432e676fff90ba0950b 0b0bc8cb6926ee3e0e9e668d55d24462745dedca 21c67d90ec4cb9185e2d912e7210dcea60934816508588ddddf105ab5e3895dd Loading...

	tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js	3.6 kB	2023-03-29	2023-10-22
Pretty URL tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js IP 54.230.111.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:02 Last Seen2023-10-22 22:45:00 Times Seen12 Hash 9445c56d3218404842854537625d133c ccfea113426ad28e30af4d10909d435e2e767401 78d9deb23954772dc46a329f547892f8dc6b60e37928b3e412e090c39d8c0010 Loading...

	policy.cookiereports.com/735544c3_panel-da-dk.js	134 kB	2023-03-29	2023-03-29
Pretty URL policy.cookiereports.com/735544c3_panel-da-dk.js IP 34.107.253.133 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:02 Last Seen2023-03-29 23:34:16 Times Seen3 Hash a29f7ef11f8a6dd3652b868c630ba927 001a59cebd3a31658fdcb88404bd26e9a5b3faa9 80ffbdd57dd7ddd890c00f715e2abb5bffea49690702104ba279cf71cbcd79e3 Loading...

	widgets.amung.us/small.js	8.6 kB	2023-03-08	2024-05-10
Pretty URL widgets.amung.us/small.js IP 104.22.75.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:29:44 Last Seen2024-05-10 22:34:40 Times Seen2577 Hash a41caf5294227669425cd5135a26b2a0 a26a13f88c51c37b58fbd8a6b444e9b9150fae16 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1 Loading...

	t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c	52 B	2023-03-29	2023-03-29
Pretty URL t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c IP 141.101.120.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:34:16 Last Seen2023-03-29 23:34:16 Times Seen1 Hash 430211f528569a1e0134707993318e7d bb17a07b7a61d45512a061099a9e153b91ff766f bda0e2059c9835a01d4582170289ebebdb98a5486eb0c61e07766c62530123e9 Loading...

	www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html	97 kB	2023-03-29	2023-03-29
Pretty URL www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:34:15 Last Seen2023-03-29 23:34:16 Times Seen2 Hash 58b00347ba1d4c5cf7893f90855299d4 e9b123812444164008474b2d4ed02b43e22e3a94 13849e677f0eaa95cf8e2ca23edfd126f14b3fde8cc2afdcc7eb35294d566bbf Loading...

	www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html	1.3 kB	2023-03-29	2023-05-02
Pretty URL www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:02 Last Seen2023-05-02 16:40:15 Times Seen6 Hash 4b751f2e6e785b19744b40e476fe645d e9b8bdfaf2a78516dd916a832ae3652dca68da69 92bbfb7d05b1c8d296678eb2efa93baa5807472c2ab9c01283b7a976517af92f Loading...

	whos.amung.us/pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694	29 B	2023-03-29	2023-03-29
Pretty URL whos.amung.us/pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694 IP 104.22.75.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:34:16 Last Seen2023-03-29 23:34:16 Times Seen1 Hash 4d3d727365776c1fccfc9c4bd6018eb8 29b19f4ee17d6971fd74e3fde43ca69268ab4e5c 99f34709e6e383ca362141ef743835527ebe95376640fa23028f2f5176f786b8 Loading...

	t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c	0 B	2023-03-07	2024-05-11
Pretty URL t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c IP 141.101.120.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 04:14:20 Times Seen37534576 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html	229 B	2023-03-09	2024-04-24
Pretty URL www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:18:58 Last Seen2024-04-24 23:11:29 Times Seen12 Hash 914fcc560f29c00ec911ff117eddd258 b553d6fa07bd7f61e649945c64f0b99ecb2a1ac2 1c6d48e74d72d37b94523c093f2763b4940bb3b1bc0bae6d18d20c3ea2ea7f24 Loading...

	www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html	227 B	2023-03-29	2023-05-02
Pretty URL www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:02 Last Seen2023-05-02 16:40:15 Times Seen6 Hash cbde92f86b84e833b80cac04ebb2b6cc 76f32f0b1c10b3b13acad1e9274002de46d471b9 06ce5478d2ed1fcf1d6fa5ed843bcc98d849a97dd6b86d137d15624bf37941df Loading...

	www.nordea.dk/static/dotxx2017/js/main.js?v=3.76.4	309 kB	2023-03-29	2023-03-29
Pretty URL www.nordea.dk/static/dotxx2017/js/main.js?v=3.76.4 IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:02 Last Seen2023-03-29 23:34:16 Times Seen3 Hash 2737e8a0208b03c58d4c77f5cdb1da29 ec00fecb88aca31f0c089b5a36094de4148481ef d2572ae7b754d97afccce6eab1cf00ea3c59fa6c33e54c9419c97098c20b2447 Loading...

	tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js	311 kB	2023-03-29	2023-10-22
Pretty URL tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js IP 54.230.111.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:02 Last Seen2023-10-22 22:45:00 Times Seen11 Hash b08d61d95dff66a9e118970454bcb02c 3c66cb50334695dc39874f2568876e3386563058 d28db05934e71832c598527c3c141ff1aba7ec78c450831bc36ee19d02bd56ea Loading...

	t.dtscout.com/i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j=	2.1 kB	2023-03-07	2024-05-11
Pretty URL t.dtscout.com/i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j= IP 141.101.120.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-11 01:51:40 Times Seen4544 Hash 51bd741af3fcc4984d1a753eebfa1141 534664acf69cbbb5c9b97c96b63dd37bdc580da2 3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c Loading...

	cdn.tynt.com/tc.js	18 kB	2023-03-26	2023-06-01
Pretty URL cdn.tynt.com/tc.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 06:14:32 Last Seen2023-06-01 00:32:07 Times Seen1872 Hash 569be2758b9d2b1b2b12b32cb4e77722 c899cb2adea760c6cdb2d471a7408ddbc811e363 b1804777ba20dafab3f354093af8b20442bec0eb61b2d34ea8a735a3bfefa278 Loading...

	de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php	4 B	2023-03-07	2024-05-10
Pretty URL de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php IP 67.202.105.31 ASN #32748 STEADFAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-10 23:18:16 Times Seen3085 Hash 350fd6ef6446635f7a8f608434a405ec a4b6c275ac2c80ec925b5c0c5c6abb79ba897356 d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179 Loading...

	www.nordea.dk/static-client/client.js?v=3.76.4	82 kB	2023-03-29	2023-05-26
Pretty URL www.nordea.dk/static-client/client.js?v=3.76.4 IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:34:16 Last Seen2023-05-26 15:42:53 Times Seen9 Hash 1eb57aa3d69b4dfc96fa4680259b467c 47f04326778b4bc19e6c3b44da14b429acfe9b99 5d3560276141616abc39ccc66faedfe4ddcee0d2e836b7faf2890e5aff96d8ba Loading...

	www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html	299 B	2023-03-29	2023-03-29
Pretty URL www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html IP 23.36.79.11 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:02 Last Seen2023-03-29 23:34:16 Times Seen3 Hash 396acd58aa9e385efaf35fd41b5415b0 1d60efc2c7d27ee76c3cec77f5e56f6b489f8c76 909c5114b21c1910d8550700c21052dc2e5b34204e96ebf10fab4c2181f39ca1 Loading...

	tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013	2 B	2023-03-07	2024-05-11
Pretty URL tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013 IP 54.230.111.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-11 02:07:32 Times Seen23598 Hash 7bc0ee636b3b83484fc3b9348863bd22 ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610 a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9c6f8328cad252c79720cdebcb48012b	226 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2023-05-06 00:45:04 Times Seen958 Hash 9c6f8328cad252c79720cdebcb48012b b853e7b92b0b23aa07f59b4816740de095331d47 bb037a2c6d9cf7fa65d8570beb76b1a31c360826ed6edb8612a584aa1918d62d Loading...

	#2 Eval - b2c2041f8d99c45e0f21474fe4f8b7bc	17 B	2023-03-07	2024-05-11
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-11 00:03:14 Times Seen7492 Hash b2c2041f8d99c45e0f21474fe4f8b7bc 0b876666393469c726a2e3edbb29544c03a92154 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061 Loading...

HTTP Transactions (84)

URL IP Response Size

178-79-179-35.ip.linodeusercontent.com/mitid/process.php

178.79.179.35

200 OK

18 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/process.php
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (805)
Size
18 kB (18217 bytes)
Hash
85129428f866803b28eab0f3b00b19ef
34adab7d52a501746a2bdfd91acfb7b1e1fd3ed4
e634ceb1d61e3d15b13d6c949d4a3318979667efc41003da240043fceb2f90d6

Detections

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phish - Saved Website Comment Observed

HTTP Headers

GET /mitid/process.php HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5222
Expires: Tue, 28 Mar 2023 14:03:27 GMT
Date: Tue, 28 Mar 2023 12:36:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19719
Expires: Tue, 28 Mar 2023 18:05:04 GMT
Date: Tue, 28 Mar 2023 12:36:25 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
29fdbcd53b5646cfcdd46510063734c4
85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e
24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Backoff, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Mar 2023 12:28:03 GMT
content-type: application/json
age: 502
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17594
Expires: Tue, 28 Mar 2023 17:29:40 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 6M/ztjw1776aDMjpIjwd6Ec3D7Ozsa3JyHvwWL4WV3156aKbiXs83EldbhPyrD1385zO8Gsm9dw=
x-amz-request-id: M7XHK477KCA68Y24
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Mar 2023 12:02:02 GMT
age: 2064
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css

178.79.179.35

200 OK

46 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
assembler source, ASCII text
Size
46 kB (46070 bytes)
Hash
d1aafd46c75fda47a8d4fc4292ec3fcc
d5570e9d09d74ca0b4495992fec5ef86573c4437
068ee6c88c6d2629f9a797dac9288490b736f0c944d9a46d566da7cd8f913a1b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Sat, 06 Aug 2022 22:29:08 GMT
Accept-Ranges: bytes
Content-Length: 46070
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

178-79-179-35.ip.linodeusercontent.com/mitid/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download

178.79.179.35

404 Not Found

315 B

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

178-79-179-35.ip.linodeusercontent.com/mitid/all/translateelement.css

178.79.179.35

200 OK

19 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/translateelement.css
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
ASCII text, with very long lines (18670)
Size
19 kB (18724 bytes)
Hash
15ab5dfc566a9a19f6e89a72b7819e43
064aac1e8bc5a26c5986e40659bc328157ec3b53
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/translateelement.css HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 18724
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

178-79-179-35.ip.linodeusercontent.com/mitid/all/no-connection-83f79e2367a313b468986e12a237c346.svg

178.79.179.35

200 OK

5.0 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/no-connection-83f79e2367a313b468986e12a237c346.svg
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4974), with no line terminators
Size
5.0 kB (4974 bytes)
Hash
83f79e2367a313b468986e12a237c346
6b0d0f5df661c328a99aefa3b9388507f35d7fba
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/no-connection-83f79e2367a313b468986e12a237c346.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 4974
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

178-79-179-35.ip.linodeusercontent.com/mitid/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg

178.79.179.35

200 OK

2.3 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2285), with no line terminators
Size
2.3 kB (2285 bytes)
Hash
830ab2367a74a48b4e61ce97be19c0bd
79cde6c94cedde8c6ce414952a6f71841b890b77
6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2285
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

178-79-179-35.ip.linodeusercontent.com/mitid/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg

178.79.179.35

200 OK

3.1 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3104), with no line terminators
Size
3.1 kB (3104 bytes)
Hash
9bbd07dc81f3c2a11d2c7735b416ee18
41ee4ad48472fd2f93f765b87c77a606a04e5a00
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3104
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

178-79-179-35.ip.linodeusercontent.com/mitid/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg

178.79.179.35

200 OK

3.1 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3097), with no line terminators
Size
3.1 kB (3097 bytes)
Hash
d0c0f9d25ebde42bbd552c8ad5363f01
97f08f3ee5a37bb5d291cf10fd8e5ce630467522
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3097
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

178-79-179-35.ip.linodeusercontent.com/mitid/all/translate_24dp.png

178.79.179.35

200 OK

825 B

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/translate_24dp.png
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
825 B (825 bytes)
Hash
55ff382a8b09329e3230a1797eb8f5fd
026ae089006a674da7dcc9bf6b986c5d59e75478
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/translate_24dp.png HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 825
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

178-79-179-35.ip.linodeusercontent.com/mitid/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg

178.79.179.35

200 OK

2.8 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2846), with no line terminators
Size
2.8 kB (2846 bytes)
Hash
91ca9eec9eed6ed945355d650bb10d41
7178a477a6cc3271d5e2927cd2737af55804f576
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2846
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

178-79-179-35.ip.linodeusercontent.com/mitid/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg

178.79.179.35

200 OK

2.8 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2803), with no line terminators
Size
2.8 kB (2803 bytes)
Hash
f426cda35f41e4c0b7c30c814b5eb2ee
9f278c5bfbf5ddebc2a4d24e4441efa94dd36be7
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2803
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

178-79-179-35.ip.linodeusercontent.com/mitid/all/empty-3857ebe69f653487f8c9d99adde4657f.svg

178.79.179.35

200 OK

1.6 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/empty-3857ebe69f653487f8c9d99adde4657f.svg
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1642), with no line terminators
Size
1.6 kB (1642 bytes)
Hash
3857ebe69f653487f8c9d99adde4657f
134737f1f8882726ef1b50546546fa9d1479207c
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/empty-3857ebe69f653487f8c9d99adde4657f.svg HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/process.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 10:23:30 GMT
Accept-Ranges: bytes
Content-Length: 1642
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

178-79-179-35.ip.linodeusercontent.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff

178.79.179.35

404 Not Found

315 B

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

178-79-179-35.ip.linodeusercontent.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

178.79.179.35

404 Not Found

315 B

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

178-79-179-35.ip.linodeusercontent.com/mitid/all/banner.png

178.79.179.35

200 OK

40 kB

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/all/banner.png
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
PNG image data, 828 x 300, 4-bit colormap, non-interlaced\012- data
Size
40 kB (40339 bytes)
Hash
6629cb5350d6f3276b2dccc43bd3f397
63d964e5caaa541475a4c2da976871a9f9986067
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /mitid/all/banner.png HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Server: Apache
Last-Modified: Sat, 06 Aug 2022 21:35:04 GMT
Accept-Ranges: bytes
Content-Length: 40339
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.35

200 OK

1.8 kB

URL HTTP/1.1
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 1842
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 24 Mar 2023 17:28:52 GMT
Expires: Sat, 23 Mar 2024 17:28:52 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 14 Oct 2021 09:08:00 GMT
Content-Type: image/png
Vary: Origin
Age: 328054

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
1da572819548bbf3a8392e32cdbbefe4
d8e366b4427fe4e579eb805508d1179286293ea6
249abed8883d914391f1147ae141e0b32e396cfc07227148c312e4f47f958703

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "249ABED8883D914391F1147AE141E0B32E396CFC07227148C312E4F47F958703"
Last-Modified: Tue, 28 Mar 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3540
Expires: Tue, 28 Mar 2023 13:35:26 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
5b0e68529b387f71d767672102e46678
6f391a645b4a8ab6703351ea0be2e543de79dfb1
7e682979a2a6770e976820d426b8b7aedaff04965856e68c04fc486626fd9ab2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "7E682979A2A6770E976820D426B8B7AEDAFF04965856E68C04FC486626FD9AB2"
Last-Modified: Tue, 28 Mar 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3593
Expires: Tue, 28 Mar 2023 13:36:19 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive

identify.nordea.com/assets/images/favicon.ico

158.233.249.230

200 OK

1.2 kB

URL HTTP/1.1
identify.nordea.com/assets/images/favicon.ico
IP
158.233.249.230:0
ASN
#201271 Nordea Bank Abp

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
9a39921b4a8d93d5528b4ccdc5d76e91
104a457c782a4f1208b116660746296cb45dcbd6
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb

HTTP Headers

GET /assets/images/favicon.ico HTTP/1.1
Host: identify.nordea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Thu, 02 Mar 2023 05:24:33 GMT
Cache-Control: max-age=31536000
Content-Type: image/x-icon
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin
Content-Length: 1150
Strict-Transport-Security: max-age=157680000; includeSubDomains

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Pragma, Last-Modified, Cache-Control, Alert, Content-Type, ETag, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Mar 2023 12:14:35 GMT
age: 1311
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

whos.amung.us/pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694

104.22.75.171

200 OK

49 B

URL HTTP/1.1
whos.amung.us/pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694
IP
104.22.75.171:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
49 B (49 bytes)
Hash
20a887afd30a6f13693fc01668926eb1
08918dc913692bf6719086a7db0c76ad82ed44af
91ead65a08f9e402fe2a522e2001f5a442517f78b1c5d3240aceb7f41ca75193

HTTP Headers

GET /pingjs/?k=aircash123&t=Processing&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&y=&a=0&d=0.596&v=27&r=6694 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:26 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aefeb32181b0a2b-ARN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
da5340ee69a1000f751686df9e716663
a5da880a61ed119790a7990bbdcc0c97eecf04f2
d1ff10bfe40f290935abe1feeb975a6af8cf310f9ce9d45bbf482a604da73560

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1FF10BFE40F290935ABE1FEEB975A6AF8CF310F9CE9D45BBF482A604DA73560"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10404
Expires: Tue, 28 Mar 2023 15:29:50 GMT
Date: Tue, 28 Mar 2023 12:36:26 GMT
Connection: keep-alive

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.161.26.194

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.26.194:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rYslBJt/6kFYpCeS8XJEcg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tVPc+t3LE/PLVI9ILk3nSp4pI+o=

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&t=Processing HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php

67.202.105.31

200 OK

4 B

URL HTTP/2
de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP
67.202.105.31:0
ASN
#32748 STEADFAST

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

HTTP Headers

GET /deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=86400
expires: Wed, 29 Mar 2023 12:36:27 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
content-type: application/javascript
content-length: 4
date: Tue, 28 Mar 2023 12:36:26 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007007346&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:27 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6506
Expires: Tue, 28 Mar 2023 14:24:54 GMT
Date: Tue, 28 Mar 2023 12:36:28 GMT
Connection: keep-alive

widgets.amung.us/small.js

104.22.75.171

200 OK

11 kB

URL HTTP/2
widgets.amung.us/small.js
IP
104.22.75.171:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
11 kB (10860 bytes)
Hash
78451eeb8a43ca88004dcf188203f1bb
47a2cbab95a22f73121ff659f0fb36edccdfcaa3
b754c87e17c80c5b0eb6cdd07086b376312b95dbface7a828d89b20b3dacf7a9

HTTP Headers

GET /small.js HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/x-javascript
last-modified: Thu, 12 Jan 2023 17:19:44 GMT
etag: W/"63c04130-2170"
expires: Wed, 29 Mar 2023 12:19:27 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 1019
vary: Accept-Encoding
server: cloudflare
cf-ray: 7aefeb310df02d5f-ARN
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6506
Expires: Tue, 28 Mar 2023 14:24:54 GMT
Date: Tue, 28 Mar 2023 12:36:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11894 bytes)
Hash
ee9c83faa5fdb77ba988a41207800b0e
4ac4c600767de39c5134cb97f78fcb29a681ee18
9039f7232ada16ae6d8a447225a15ef949c705a6f9e7aa20b367d001cd88c94f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11894
x-amzn-requestid: 8b0857c4-1333-45b7-84de-cf3ea7a3240e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdburGzXoAMF2Cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc4-005cc42d48948a3e0ef56b08;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:12 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: fw1M0poEZrxuB51jVwizwBuvn_JY1jaEFXGsRor3wj-OSCfU-lUuIQ==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:05:18 GMT
etag: "4ac4c600767de39c5134cb97f78fcb29a681ee18"
content-type: image/jpeg
age: 52270
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10744 bytes)
Hash
ada29e049501b12a35b0bcc5f68e3e57
5c1ba9bffbcc9007e7f119dbb3197db34a12f8da
b45583b5845129386a456e03fbdba25305c8d6d9fb5a8f01d783816ced080629

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb739a909-c509-4c7a-b5a6-250435d88a54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10744
x-amzn-requestid: d693d820-7eed-47a3-9b0b-8f43c141bd3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbogF0poAMFTAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-22ab350146e8a3a606f74c42;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: KAI78tfv0ATn1DQvBGyodBs9UWsIGdj1Fa50KowbUAO4ab2ceaYhMw==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 21:49:26 GMT
age: 53222
etag: "5c1ba9bffbcc9007e7f119dbb3197db34a12f8da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5556 bytes)
Hash
c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: U1WnpJASpWxPY-8kq-3g3_dKqm5l6UqhA0xUYijO5FDLGAxI2mLthg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 06:36:07 GMT
age: 21621
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7537 bytes)
Hash
5fdd8a3f935830ca9e5ffdb5824acebc
39caaddec703fdad962d03fff8687bad2c1df4ad
6fe6301fb3610c3e8a9b62671579db53189bb62ead4cf5ab30a1f1e0b90b8ca2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd937575-8f71-4732-8bca-faaeed83b6a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7537
x-amzn-requestid: 2fb06f69-4757-4ba5-9f20-6e829127b931
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqWETgoAMFV5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca8-6421e38b3a0ac0590ffa8b52;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:44 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JZfiBSqQdWXqpaxSlepC6hEJ888ja6o10GW0KziDifD8KdTmDTn0eQ==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 22:05:18 GMT
age: 52270
etag: "39caaddec703fdad962d03fff8687bad2c1df4ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8961 bytes)
Hash
789f11978a1149984408fbbb9a2b3f81
078bd523107096bab5e26d42b18e316c253f1ca7
7974980290443b64126f512686261150cd27331cb7b32a96d1167a97d046e8a3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F858e946a-2e67-4e7b-b78f-763226855b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 9277e35d-8fe8-482e-b65c-b132dfcbd87e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqBGl0IAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca6-7869936b33cbf3633c68e7ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Xz5zjv-po5mgSFz_kkZZ5Hvw9SxY-3d-J2DpvFWxM-iI4jXTsUbiyg==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:16:22 GMT
age: 8406
etag: "078bd523107096bab5e26d42b18e316c253f1ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F904edce6-7c76-4531-a179-4144164cbbd1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8394 bytes)
Hash
18fd7af8779cf8321e52f92f5797ec7d
dea3b15ef5ad129e736eac0787861c2f635da044
142485409b9fad01710d2a2aa96deccbb953e0a4f00cdac7bf2af9d98390d04a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F904edce6-7c76-4531-a179-4144164cbbd1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8394
x-amzn-requestid: 7f842fb6-0dfe-4eae-a9b5-59a3394552ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cb7VkFtRoAMF-xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64217289-78aaa1b73a3d10530672a56d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 10:40:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: TpfXXxs_lllcGY0OKhNeNBuTKohudBPyMQ24kClp5yMIhJ3Hs6WYIw==
via: 1.1 304b956e2039e07753fa39109152d594.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:59:51 GMT
age: 5797
etag: "dea3b15ef5ad129e736eac0787861c2f635da044"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

178-79-179-35.ip.linodeusercontent.com/mitid/5.php

178.79.179.35

200 OK

498 B

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/5.php
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
498 B (498 bytes)
Hash
e90c6d176a7f2163edd8aa7deedcdceb
5dca58b40478e7437d2c01d3452e4adeba1f373a
a1bade7bb61d3881b235bcf148539879ef3ea4d0239b711c67110e14779cdd35

HTTP Headers

GET /mitid/5.php HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

178-79-179-35.ip.linodeusercontent.com/favicon.ico

178.79.179.35

404 Not Found

315 B

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/favicon.ico
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/mitid/5.php
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354

HTTP/1.1 404 Not Found
Date: Tue, 28 Mar 2023 12:36:30 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

whos.amung.us/pingjs/?k=aircash123&t=Finish%20verification&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&y=&a=0&d=0.183&v=27&r=3311

104.22.75.171

200 OK

49 B

URL HTTP/1.1
whos.amung.us/pingjs/?k=aircash123&t=Finish%20verification&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&y=&a=0&d=0.183&v=27&r=3311
IP
104.22.75.171:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
49 B (49 bytes)
Hash
20a887afd30a6f13693fc01668926eb1
08918dc913692bf6719086a7db0c76ad82ed44af
91ead65a08f9e402fe2a522e2001f5a442517f78b1c5d3240aceb7f41ca75193

HTTP Headers

GET /pingjs/?k=aircash123&t=Finish%20verification&c=s&x=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&y=&a=0&d=0.183&v=27&r=3311 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:31 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aefeb4d9f840a2b-ARN

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&t=Finish%20verification

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&t=Finish%20verification
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php&t=Finish%20verification HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c

141.101.120.11

200 OK

1 B

URL HTTP/2
t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c
IP
141.101.120.11:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

HTTP Headers

GET /pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=2&_ls=4&_cc=no&_pl=d&_b=firefox%40105&_cbid=22y0&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=2; oa=2; df=1680006986
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:31 GMT
content-type: application/javascript
x-t: 0.095
x-c: 0
expires: Tue, 28 Mar 2023 12:36:30 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OPXozD8wHl1Z3EsXTAWAXC%2Fn3fXCAN9iPeRrmXmXbDseKHzE84hAYrDnocAq956cFGWf%2FKlYLlRwhECpSsSFKdRMcbLhlOldy%2Bp5CAARKJ2GWn2rLYJtBQz%2Bk%2BTTs6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb4dcde309b3-ARN
content-encoding: br
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php

67.202.105.31

200 OK

4 B

URL HTTP/2
de.tynt.com/deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP
67.202.105.31:0
ASN
#32748 STEADFAST

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

HTTP Headers

GET /deb/v2?id=w!aircash123&dn=TC&cc=1&r=&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: max-age=86400
expires: Wed, 29 Mar 2023 12:36:31 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
content-type: application/javascript
content-length: 4
date: Tue, 28 Mar 2023 12:36:30 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php

67.202.105.33

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php
IP
67.202.105.33:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!aircash123&lm=0&ts=1680007011675&dn=TC&iso=0&pu=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2F5.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
1da572819548bbf3a8392e32cdbbefe4
d8e366b4427fe4e579eb805508d1179286293ea6
249abed8883d914391f1147ae141e0b32e396cfc07227148c312e4f47f958703

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "249ABED8883D914391F1147AE141E0B32E396CFC07227148C312E4F47F958703"
Last-Modified: Tue, 28 Mar 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3492
Expires: Tue, 28 Mar 2023 13:34:44 GMT
Date: Tue, 28 Mar 2023 12:36:32 GMT
Connection: keep-alive

www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html

23.36.79.11

200 OK

30 kB

URL HTTP/2
www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (63496)
Size
30 kB (30311 bytes)
Hash
19a7a47e2ec02061a9f95727b8d2c6b3
14ae8242f8c11d768ba74af4309d1e51fba08868
72b20d4d78dde7a46df14630a312db7752f5912de04d19dc97cb29243f58a793

HTTP Headers

GET /privat/produkter/kort/scenarier-betalingskrav.html HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=utf-8
etag: "c1e0d260661b9f7c76da9be8930b4bc4"
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
vary: Accept-Encoding
x-ua-compatible: IE=edge,chrome=1
content-security-policy: default-src 'self';script-src 'nonce-6abbfbbc-ea66-438b-ae95-a321b95e4083' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-6abbfbbc-ea66-438b-ae95-a321b95e4083' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk;
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 30311
cache-control: public, max-age=54
expires: Tue, 28 Mar 2023 12:37:26 GMT
date: Tue, 28 Mar 2023 12:36:32 GMT
set-cookie: DC=1; expires=Tue, 28-Mar-2023 13:36:32 GMT; path=/; secure
X-Firefox-Spdy: h2

t.dtscout.com/pv/

141.101.120.11

200 OK

28 kB

URL HTTP/2
t.dtscout.com/pv/
IP
141.101.120.11:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
28 kB (27472 bytes)
Hash
f504db8484b1b5c3f4943716c5e95c39
d27c82303953682af878d45375231669656d1ea9
ff65d2eb4bef87a65e789ad4a8a2c78f0cc49b42c1eda5dee01c7e2911681183

HTTP Headers

POST /pv/ HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------375712462442140473692825590875
Content-Length: 1218
Origin: http://178-79-179-35.ip.linodeusercontent.com
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=2; oa=2; df=1680006986
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:32 GMT
content-type: application/javascript
x-t: 0.077
x-c: 0
expires: Tue, 28 Mar 2023 12:36:31 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0%2FheLhGHTNkZJlrVCOJPyabVnek6oe8c1qFpQIzXvV9yy4Ks4ZgqLuyh8lykTj2tWICm3x1SMlkONPKwzo4QSKEEbCXuVjKRYJRGFc23CBCdVWmFw%2BU11KVy2%2BVDL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb58ab8f09b3-ARN
content-encoding: br
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4

23.36.79.11

200 OK

27 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 26880, version 1.0\012- data
Size
27 kB (26903 bytes)
Hash
e4238b12ce44d3a6d5c8333b38c4298d
8c4c85f9964f31cb4904a00f2fc5501e6e8fc0d6
962695be3ac30a381a39861a4b3cac34209df3bd49d1e3ce1e65e0c086ecf99b

HTTP Headers

GET /static/dotxx2017/assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26880
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6900"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 26903
cache-control: max-age=42176077
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4

23.36.79.11

200 OK

27 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 27028, version 1.0\012- data
Size
27 kB (27051 bytes)
Hash
759c2f6eccd87b8657a155c8cd161b46
d51db8f054d32c1e25755028b610824b610cea22
487d05d845237fd795518d20db7915ec762d88777d7ccace66faeadc860121fc

HTTP Headers

GET /static/dotxx2017/assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 27028
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6994"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 27051
cache-control: max-age=42176115
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4

23.36.79.11

200 OK

26 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 26420, version 1.0\012- data
Size
26 kB (26443 bytes)
Hash
b2a3a37db81e59cd5f6ed9c2a66f8b87
a2e2f41d02b1882b31ce09d3ca78bb51146d6b03
1223a7bdfc606583426e3e59e2342c6ba43521f17659b4add018a1ce1d2865b8

HTTP Headers

GET /static/dotxx2017/assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26420
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6734"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 26443
cache-control: max-age=42176075
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017/assets/fonts/iconfont.woff2?v=3.76.4

23.36.79.11

200 OK

17 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017/assets/fonts/iconfont.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 16632, version 1.0\012- data
Size
17 kB (16651 bytes)
Hash
091709292e0410ed9590122bc4a4e877
a657e25591e7f99254a2bd61474c987881918cbf
a710afb3858f788445a7c35cefdb6100f83fcade40f95dcb52d1f2c56604dd3d

HTTP Headers

GET /static/dotxx2017/assets/fonts/iconfont.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 16632
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-40f8"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 16651
cache-control: max-age=42176119
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/static-client/client.js?v=3.76.4

23.36.79.11

200 OK

21 kB

URL HTTP/2
www.nordea.dk/static-client/client.js?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (20969 bytes)
Hash
849e2c5e3f9247a87fd239c698215d9e
40be6f234eed22b5a8ebc2f91f9cc93177d792ed
883f1fddbcf39dcf34231fcbea705ff7035c463628a04bc2d6d4974ec140dc91

HTTP Headers

GET /static-client/client.js?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
cteonnt-length: 81898
last-modified: Wed, 08 Mar 2023 08:57:42 GMT
etag: "64084e06-13fea"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 20969
cache-control: max-age=42176080
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4

23.36.79.11

200 OK

38 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (59837)
Size
38 kB (37700 bytes)
Hash
86bcb5dcb39bf89d84e205e085e40735
60c8c3178646b49bf7c9f087d97a7118652e5e13
ad5009a5e41bee6ef27f3a1b8c6f21ccb0caaea12fe8d0d73ff77ecc33b3ea91

HTTP Headers

GET /static/dotxx2017/css/main.css?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/css
cteonnt-length: 198234
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-3065a"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 37700
cache-control: max-age=42176080
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/static-client/vendors~client.js?v=3.76.4

23.36.79.11

200 OK

94 kB

URL HTTP/2
www.nordea.dk/static-client/vendors~client.js?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (31725)
Size
94 kB (93521 bytes)
Hash
1ee800a5fcbdfb4f50e7c7635fc034b7
50de0f9f2d46a4f3e52111be7efaf4daf0ac9e8f
93db517bfbe36e8624f878a4f7d1ecb0edbdd0e243c5147ef54642fb2355359e

HTTP Headers

GET /static-client/vendors~client.js?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
cteonnt-length: 278167
last-modified: Wed, 08 Mar 2023 08:57:42 GMT
etag: "64084e06-43e97"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
cache-control: max-age=42176049
date: Tue, 28 Mar 2023 12:36:32 GMT
content-length: 93521
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017/js/main.js?v=3.76.4

23.36.79.11

200 OK

100 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017/js/main.js?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
HTML document, Unicode text, UTF-8 text, with very long lines (65472)
Size
100 kB (100427 bytes)
Hash
efa48c355b5dcdfa1c71cb8018a56745
5970bc4974a266e258aa14b60878b353365da2c2
997623b56e0758877e187bf5c4f40fca7e35995ef7e4539cebbd9d51295fba68

HTTP Headers

GET /static/dotxx2017/js/main.js?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
cteonnt-length: 308723
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-4b5f3"
vary: Accept-Encoding
accept-ranges: bytes
strict-transport-security: max-age=157680000
content-encoding: gzip
cache-control: max-age=42176120
date: Tue, 28 Mar 2023 12:36:32 GMT
content-length: 100427
X-Firefox-Spdy: h2

www.nordea.dk/Images/144-169221/Nordea-logo%20(2017).svg

23.36.79.11

200 OK

912 B

URL HTTP/2
www.nordea.dk/Images/144-169221/Nordea-logo%20(2017).svg
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
912 B (912 bytes)
Hash
cac2129584b1516c71a8eca39acc70d2
94a2249aab0f00920ce0ccccf306edc7abf80d00
f2628593d0441ddf76ceaa546b9afeeb32e5555dad0622c1a4c7a09735abeb1c

HTTP Headers

GET /Images/144-169221/Nordea-logo%20(2017).svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: 1493022695000
server: nginx
content-type: image/svg+xml
ntcoent-length: 1915
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Mon, 24 Apr 2017 08:31:35 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 912
vary: Accept-Encoding
cache-control: public, max-age=16528
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/Images/144-200667/facebook.svg

23.36.79.11

200 OK

307 B

URL HTTP/2
www.nordea.dk/Images/144-200667/facebook.svg
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (389)
Size
307 B (307 bytes)
Hash
490fc502c22cd50855905e76e893b032
d881a7547ee552cba04b34cbd747653701d02670
4ca54ef5d219e8955eb21701daad5856b468cc67b85f42b6e489e8d9fa6c0e56

HTTP Headers

GET /Images/144-200667/facebook.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: 1649233900000
server: nginx
content-type: image/svg+xml
ntcoent-length: 493
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:31:40 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 307
vary: Accept-Encoding
cache-control: public, max-age=7569
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/Images/144-200668/linkedin.svg

23.36.79.11

200 OK

499 B

URL HTTP/2
www.nordea.dk/Images/144-200668/linkedin.svg
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (864)
Size
499 B (499 bytes)
Hash
edcb0a76922f4e5b5cf1a05dc6862ba8
f75ea67bd1e28ed918dd6e0aa220a6cec3ad4320
fe9381b4d983fd1fe7fb9c88f9deb6e2eb724a62791583b0a82475c819508b44

HTTP Headers

GET /Images/144-200668/linkedin.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: 1649233978000
server: nginx
content-type: image/svg+xml
ntcoent-length: 968
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:32:58 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 499
vary: Accept-Encoding
cache-control: public, max-age=16464
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/Images/144-200669/twitter.svg

23.36.79.11

200 OK

764 B

URL HTTP/2
www.nordea.dk/Images/144-200669/twitter.svg
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1431)
Size
764 B (764 bytes)
Hash
4375ae9e854d3264324c86cd3e34743b
acf3352f10bccb0bc98c120f32f04cd87ae368f6
c63f9568629dba72601adc7d8f00114bea662d512b17cda0126e63d7809d88b9

HTTP Headers

GET /Images/144-200669/twitter.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: 1649233998000
server: nginx
content-type: image/svg+xml
ntcoent-length: 1535
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:33:18 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 764
vary: Accept-Encoding
cache-control: public, max-age=16555
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/Images/144-200670/youtube.svg

23.36.79.11

200 OK

470 B

URL HTTP/2
www.nordea.dk/Images/144-200670/youtube.svg
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (756)
Size
470 B (470 bytes)
Hash
50fa3d39c40b2e977e7ccd4fc4dc638d
c2fff674d5b098c5e7ffd707b716ceec18c0089a
dd1cac1c51cc67df03ddfede65adaa8ff0b73c0fb18767feff324328ca451e40

HTTP Headers

GET /Images/144-200670/youtube.svg HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: 1649234016000
server: nginx
content-type: image/svg+xml
ntcoent-length: 860
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:33:36 GMT
strict-transport-security: max-age=157680000
content-encoding: gzip
content-length: 470
vary: Accept-Encoding
cache-control: public, max-age=7525
date: Tue, 28 Mar 2023 12:36:32 GMT
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017//assets/fonts/iconfont.woff2?v=3.76.4

23.36.79.11

200 OK

17 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017//assets/fonts/iconfont.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 16632, version 1.0\012- data
Size
17 kB (16632 bytes)
Hash
0eef6a13aa8328cbc98b7bea77d41a1b
3a8f0de1c3a00143c1f4c399028d509abcc622a9
b52149a5f5515c938dd8ae51d66dcb808ea1d4cfb0c4f03acf60cf57bb147e8b

HTTP Headers

GET /static/dotxx2017//assets/fonts/iconfont.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 16632
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-40f8"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176118
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 16632
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4

23.36.79.11

200 OK

26 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 26420, version 1.0\012- data
Size
26 kB (26420 bytes)
Hash
f63e5b9578e42abb9cdd6334133d35fc
b587b0b87c9f3df735d85d829435f80633012138
a93f6086756b2a2e94db8aaf795faab950a315cd9a8e32c5b0df707636dedfff

HTTP Headers

GET /static/dotxx2017//assets/fonts/NordeaSansSmall-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26420
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6734"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176074
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 26420
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js

54.230.111.26

200 OK

84 kB

URL HTTP/2
tags.tiqcdn.com/utag/nordea/op-web/prod/utag.js
IP
54.230.111.26:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (24400)
Size
84 kB (83842 bytes)
Hash
2e0125f8d8be7455af994e15f5ce2209
10fe018a3c47375ad2dd0fb287f1cff66ad66454
049ea7cc3b568d8bf7ae51cf8ec7545bb7f23f9eeafd73880abdcd91d08a7f8a

HTTP Headers

GET /utag/nordea/op-web/prod/utag.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 10 Mar 2023 18:10:27 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ytLjm_CC5K9C0lHkIzna8JY_cobSRsuL
server: AmazonS3
content-encoding: br
date: Tue, 28 Mar 2023 12:35:08 GMT
etag: W/"b08d61d95dff66a9e118970454bcb02c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: R1AioRftqgAaGAtVhGGIxduwDlRlBmyJ4LRh_PEa9ofYKWZaUGWf0A==
age: 85
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Medium.woff2?v=3.76.4

23.36.79.11

200 OK

27 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Medium.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 27448, version 1.0\012- data
Size
27 kB (27448 bytes)
Hash
63fc54e6b6bf4ff9de25e8c0a3373767
02dbf65899927f4ffb0f9bbc23b77e84401e769e
1084fee790a347896f8f0d5fa521211d9789f6ab250940b5bd402aa052d5e245

HTTP Headers

GET /static/dotxx2017//assets/fonts/NordeaSansLarge-Medium.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 27448
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6b38"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176096
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 27448
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4

23.36.79.11

200 OK

27 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 26880, version 1.0\012- data
Size
27 kB (26880 bytes)
Hash
20d225e66a86f9298f99431e56d3542b
0000cbacaa66fb1a53227a9c05a08a7b71dd8c72
443bd1fde75a477eaae12ba7828c6cb67608e14bbda783027fca2540c3bb0b03

HTTP Headers

GET /static/dotxx2017//assets/fonts/NordeaSansSmall-Medium.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 26880
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6900"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176076
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 26880
X-Firefox-Spdy: h2

www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4

23.36.79.11

200 OK

27 kB

URL HTTP/2
www.nordea.dk/static/dotxx2017//assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 27028, version 1.0\012- data
Size
27 kB (27028 bytes)
Hash
a52e67defee146cb49d91dac2e261ffe
6f40bb5cabf69d6baf7f0fa9dbbb2dd3f4ae2a77
c4658ca9543287896f9c56bdeb38ca5ae3182ecc20a1e2d345cf0bf7ab11fca3

HTTP Headers

GET /static/dotxx2017//assets/fonts/NordeaSansLarge-Regular.woff2?v=3.76.4 HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nordea.dk/static/dotxx2017/css/main.css?v=3.76.4
Cookie: DC=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: font/woff2
cteonnt-length: 27028
last-modified: Wed, 08 Mar 2023 08:50:26 GMT
etag: "64084c52-6994"
strict-transport-security: max-age=157680000
vary: Accept-Encoding
cache-control: max-age=42176114
date: Tue, 28 Mar 2023 12:36:33 GMT
content-length: 27028
X-Firefox-Spdy: h2

policy.cookiereports.com/735544c3_panel-da-dk.js

34.107.253.133

200 OK

25 kB

URL HTTP/2
policy.cookiereports.com/735544c3_panel-da-dk.js
IP
34.107.253.133:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (603)
Size
25 kB (25042 bytes)
Hash
17f5519fbae327ffa9cfa3757f7a251e
f3bfb57ab68a4ce325df6a6cd76e4d79b922c41e
398c646e1a0ec229384ffdee5fda05020e8de6996cb8f401aae0e6b6297e4959

HTTP Headers

GET /735544c3_panel-da-dk.js HTTP/1.1
Host: policy.cookiereports.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Apache
content-encoding: gzip
via: 1.1 google
date: Tue, 28 Mar 2023 12:20:46 GMT
cache-control: public,max-age=3600
content-type: application/javascript
vary: Accept-Encoding
content-length: 25042
age: 947
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.usertrust.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1148260cf673356c5bac0d2e02586908
499d4b57a6397b8edbd71f905c8531923f71e307
25fc881eb14ffb7c71517e9c032cfa0b624ed6be5aaace3467831e53c1112d9d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Mar 2023 12:36:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 26 Mar 2023 18:22:53 GMT
Expires: Sun, 02 Apr 2023 18:22:52 GMT
Etag: "499d4b57a6397b8edbd71f905c8531923f71e307"
Cache-Control: max-age=600711,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 14
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7aefeb5acf60b517-OSL

www.nordea.dk/Images/144-338818/favicon.ico

23.36.79.11

200 OK

5.4 kB

URL HTTP/2
www.nordea.dk/Images/144-338818/favicon.ico
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
7b0e9c3c0c240e33000b35fc69659c8e
5d737ba498cba22fe1f3a6d8cbd7c3b87c1863dc
96aa03e2f9057c9ab306902c1967181055e1ed4a897a7f1060441037e4d08e70

HTTP Headers

GET /Images/144-338818/favicon.ico HTTP/1.1
Host: www.nordea.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/privat/produkter/kort/scenarier-betalingskrav.html
Cookie: DC=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
etag: 1574773786000
server: nginx
content-type: image/x-icon
content-length: 5430
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
last-modified: Tue, 26 Nov 2019 13:09:46 GMT
strict-transport-security: max-age=157680000
cache-control: public, max-age=8642
date: Tue, 28 Mar 2023 12:36:33 GMT
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013

54.230.111.26

200 OK

2 B

URL HTTP/2
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013
IP
54.230.111.26:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
7bc0ee636b3b83484fc3b9348863bd22
ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

HTTP Headers

GET /utag/tiqapp/utag.v.js?a=nordea/op-web/202301240904&cb=1680007014013 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
accept-ranges: bytes
server: AmazonS3
date: Tue, 28 Mar 2023 12:28:01 GMT
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cfbvbM80EkZbwFAH6lvMB0DieD9oWW4LkC4mBlo6ycNjhfEu4t2L1Q==
age: 513
X-Firefox-Spdy: h2

tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js

54.230.111.26

200 OK

0 B

URL HTTP/2
tags.tiqcdn.com/utag/nordea/op-web/prod/utag.sync.js
IP
54.230.111.26:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /utag/nordea/op-web/prod/utag.sync.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nordea.dk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 10 Mar 2023 18:10:27 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: vTOUw0gS08Ufhov4s1wnDrbQg4PMHMaR
server: AmazonS3
content-encoding: br
date: Tue, 28 Mar 2023 12:33:23 GMT
etag: W/"9445c56d3218404842854537625d133c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EYTFEkhuPrC_WVh3qKGfEAzcD0NHdIGgxZzT0Ul7UI3LpKnio4k-vA==
age: 191
X-Firefox-Spdy: h2

178-79-179-35.ip.linodeusercontent.com/mitid/card.php

178.79.179.35

302 Found

0 B

URL HTTP/1.1
178-79-179-35.ip.linodeusercontent.com/mitid/card.php
IP
178.79.179.35:0
ASN
#63949 Linode, LLC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /mitid/card.php HTTP/1.1
Host: 178-79-179-35.ip.linodeusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=fdb5f86d2233fc98deaeb952ef45d354
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Tue, 28 Mar 2023 12:36:30 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: 5.php
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

t.dtscout.com/i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j=

141.101.120.11

200 OK

0 B

URL HTTP/2
t.dtscout.com/i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j=
IP
141.101.120.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /i/?l=http%3A%2F%2F178-79-179-35.ip.linodeusercontent.com%2Fmitid%2Fprocess.php&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/javascript
x-s: ger1
set-cookie: m=1; Domain=dtscout.com; Expires=Tue, 28-Mar-2023 13:59:46 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Tue, 28-Mar-2023 16:36:26 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1680006986; Domain=dtscout.com; Expires=Thu, 06-Jul-2023 12:36:26 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.982
expires: Tue, 28 Mar 2023 12:36:25 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hKWKvHBpYbGivSxXSPPXjtGejoZqylVCEny4tQ%2FfifPoJZ5UdP9sC88Yv%2BJkvce0JLyLFmKWBkPNpxOX3khI4692BRNi6vz7CNCk9tIOAPq5N%2BBN0XQHsAa6ppZxoA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb31ab7509b3-ARN
content-encoding: br
X-Firefox-Spdy: h2

t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c

141.101.120.11

200 OK

0 B

URL HTTP/2
t.dtscout.com/pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c
IP
141.101.120.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pv/?_a=v&_h=178-79-179-35.ip.linodeusercontent.com&_ss=4yhj6t4ncd&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=13ru&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=1; oa=1; df=1680006986
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:26 GMT
content-type: application/javascript
x-t: 0.192
x-c: 0
expires: Tue, 28 Mar 2023 12:36:25 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaMxYyFyqBnVxVWUtCfxtvrXHy5ajDcgIZcPrcG4wNBicOsGQZDwgzD6rIeQPTYpemWuI01eJcDR2KRXePTpMjnLteyFRK%2B2fZVJJGEY1dvYdh%2Fk%2FXegVTEC00cmaGQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb325cfc09b3-ARN
content-encoding: br
X-Firefox-Spdy: h2

t.dtscout.com/pv/

141.101.120.11

200 OK

0 B

URL HTTP/2
t.dtscout.com/pv/
IP
141.101.120.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /pv/ HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------90997088224958640464175100965
Content-Length: 1207
Origin: http://178-79-179-35.ip.linodeusercontent.com
Connection: keep-alive
Referer: http://178-79-179-35.ip.linodeusercontent.com/
Cookie: m=1; oa=1; df=1680006986
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Mar 2023 12:36:30 GMT
content-type: application/javascript
x-t: 0.128
x-c: 0
expires: Tue, 28 Mar 2023 12:36:29 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5FrQQvvvg2fMPsBbW6uAVgIcIXdFV6HgBqFj9AmFyxmOLtFCWVsFWeva9%2FQKwy2XUi8i3iAW2UiYrJjYYxQC0uD6sygZj7WFGnnzcsbEjnWbHijIO7MgABfqzInBJY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7aefeb4bb98209b3-ARN
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML