{"report_id":"1b680881-6ee6-4956-9caf-875a5706c920","version":6,"status":"done","tags":["fedex","logistics","phishing"],"date":"2023-12-05T07:30:46Z","url":{"schema":"http","addr":"stage.account.postnord.com/oauth2/auth","fqdn":"stage.account.postnord.com","domain":"postnord.com","tld":"com"},"ip":{"addr":"54.230.111.40","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"stage.account.postnord.com/oauth2/auth","fqdn":"stage.account.postnord.com","domain":"postnord.com","tld":"com"},"title":"Something went wrong"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:03:37Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"stage.account.postnord.com","ip":{"addr":"54.230.111.40","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2009-06-17","domain_rank":0,"first_seen":"2020-01-27 14:25:07","last_seen":"2023-09-18 15:05:34","alert_count":0,"request_count":4,"received_data":13872,"sent_data":2101,"comment":"","tags":null,"fingerprints":null},{"fqdn":"portal.postnord.com","ip":{"addr":"54.230.111.117","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2009-06-17","domain_rank":884845,"first_seen":"2019-07-04 12:12:02","last_seen":"2023-12-04 08:57:28","alert_count":2,"request_count":2,"received_data":38525,"sent_data":987,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"stage.account.postnord.com/oauth2/auth","fqdn":"stage.account.postnord.com","domain":"postnord.com","tld":"com"},"ip":{"addr":"54.230.111.40","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T07:30:34.755Z","timestamp":1701761434755,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stage.account.postnord.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sat, 26 Aug 2023 00:00:00 GMT","end":"Tue, 24 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC","sha256":"4A:0F:43:E6:EC:53:BA:D1:4E:22:23:3C:6D:CB:B5:AE:E7:10:AD:79:9F:3A:9B:05:39:0F:53:02:03:57:1B:FF"}}},"request":{"raw":"GET /oauth2/auth HTTP/1.1\r\nHost: stage.account.postnord.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 4818\r\ndate: Tue, 05 Dec 2023 07:30:28 GMT\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nset-cookie: language=en; Path=/\nPN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd; Max-Age=15778800; Path=/; Expires=Tue, 04 Jun 2024 22:30:28 GMT; HttpOnly; Secure\r\ncache-control: no-store\r\nx-cache: Error from cloudfront\r\nvia: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 5A70cGS5RMreKXs27HTDlxog2AQM9In2kDLBUcha4Dz5lTANyYACbw==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":null,"data":{"size":4818,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (511)","md5":"d755bbf2daf630b44a4aee3f9408a075","sha1":"866af4b2fa8ef7021672439279e182972d35fadd","sha256":"854fcce817f5b3ca852ff29b8a0969c9af4ef75685dfaa9553b56eea444262ff","sha512":"cf068b3a8a6ee0b2fca7b70275d641c02b402d00d12ad76159f1806a4bb96559212f98d077bbb93f38620251896c264713f1c8412bf0661777ad1a1f044d8dbd","ssdeep":"96:mrsbfDOqFq+bVDO7GDtDOHofzDb4F4TXvN+jvDPXgO:lDlDVDvDdgzXgO","tlshash":"e3a1e072c26621175b920d0933c7be099f46507f1009c4c8b29c55e4cfa799b49bbf9e","first_seen":"2023-12-05T08:30:47Z","last_seen":"2023-12-05T08:30:47Z","times_seen":1,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stage.account.postnord.com/oauth2/auth","fqdn":"stage.account.postnord.com","domain":"postnord.com","tld":"com"},"ip":{"addr":"54.230.111.40","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T07:30:34.755Z","timestamp":1701761434755,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stage.account.postnord.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sat, 26 Aug 2023 00:00:00 GMT","end":"Tue, 24 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC","sha256":"4A:0F:43:E6:EC:53:BA:D1:4E:22:23:3C:6D:CB:B5:AE:E7:10:AD:79:9F:3A:9B:05:39:0F:53:02:03:57:1B:FF"}}},"request":{"raw":"GET /oauth2/auth HTTP/1.1\r\nHost: stage.account.postnord.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: language=en; PN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 4795\r\ndate: Tue, 05 Dec 2023 07:30:29 GMT\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nset-cookie: language=en; Path=/\r\ncache-control: no-store\r\nx-cache: Error from cloudfront\r\nvia: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: VS0NwO6qgGBJX_U9gRG3geLC6GDWd3taFrpG1XptguGPFZmkK62kpg==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":null,"data":{"size":4795,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (511)","md5":"b8284ba80fec1eda24ad66b2054fdb78","sha1":"4fbcb0399881cfb35cf52902ce4f9f3ab9cb7aa2","sha256":"99bf059043956bb195d6253191c9b6ef9bf7faaec12c4b0d913dacc41e5c585c","sha512":"38662a39f89f6da93cd7984aa2209d38b76f1282f8b4ab9efd67eedf4d7017a14f265b34af831d73731247aefa1395726cfd03f795c1bdd51bea31209857cc8c","ssdeep":"96:mrsbfDOqFq+bVDO7GDtDOHofzDb4F4TXvN+jvDkgO:lDlDVDvDdgYgO","tlshash":"88a1ee72c25621175b920d0933c7bf099f8660bf1009c4c8b29c59e5cfa399b49bbf9e","first_seen":"2023-12-05T08:30:47Z","last_seen":"2023-12-05T08:30:47Z","times_seen":1,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"portal.postnord.com/fonts/PostNordSans-Regular.woff2","fqdn":"portal.postnord.com","domain":"postnord.com","tld":"com"},"ip":{"addr":"54.230.111.117","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://stage.account.postnord.com/oauth2/auth","date":"2023-12-05T07:30:35.084Z","timestamp":1701761435084,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal.postnord.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Tue, 14 Nov 2023 00:00:00 GMT","end":"Fri, 13 Dec 2024 23:59:59 GMT"},"fingerprint":{"sha1":"8C:F3:F1:3B:DB:EA:99:42:38:A4:85:CB:88:9E:15:9F:7E:B8:53:42","sha256":"B9:FF:F7:B1:90:3D:D9:CF:6E:2E:3E:0D:79:B7:7F:7A:28:51:EA:A2:7F:FB:B5:4E:1F:44:D7:A3:12:44:26:E8"}}},"request":{"raw":"GET /fonts/PostNordSans-Regular.woff2 HTTP/1.1\r\nHost: portal.postnord.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://stage.account.postnord.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: binary/octet-stream\r\ncontent-length: 18456\r\naccess-control-allow-methods: GET\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3000\r\ncache-control: max-age=604800\r\ndate: Tue, 05 Dec 2023 06:55:08 GMT\r\nlast-modified: Thu, 08 Jul 2021 12:32:44 GMT\r\nserver: nginx/1.18.0\r\nx-amz-version-id: DU8VIksKPOst..z0Wg7e2Os6h3pdkbjS\r\nx-ua-compatible: IE=Edge,chrome=1\r\netag: \"6e27090a4c7ad65ab906ec97e02eb795\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: GRyGVIVVA8IGwrT4lQgrPWKmN0vEhW8pv-sEE_p2TYgK1io6G59iPA==\r\nage: 2121\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18456,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 18456, version 1.13107\\012- data","md5":"6e27090a4c7ad65ab906ec97e02eb795","sha1":"5818906b1e545626d81224a483ae11d11d0f86af","sha256":"c3d6ac7c111917aa295e295cf90f5ab148f4b9b004bfcdfade7ad6ccca6da5cc","sha512":"59c566684853067f0d8b5c1bb6f84bc179fbcef0c28816f25470dcef2edbee93e5dffccbe433b8292c1b00058cf5fec4d2feaab2162771e80fb8135bee0f5afe","ssdeep":"384:SL0fHsbFXUXr3OQ28oUVLvHw0uKWqI0grq71jvqkAbpwdRW9s:SgEbFkXr32wVLfuKWy8qBukqmnOs","tlshash":"9d82d1a51cc504f19777a5fbd27a54733821e04dc297dbef18004c55ab0a285b326fb6","first_seen":"2023-04-17T18:46:10Z","last_seen":"2026-04-30T03:21:13.433813Z","times_seen":21,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":74,"dns":62,"connect":1,"send":0,"wait":25,"receive":1,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"portal.postnord.com/fonts/PostNordSans-Bold.woff2","fqdn":"portal.postnord.com","domain":"postnord.com","tld":"com"},"ip":{"addr":"54.230.111.117","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://stage.account.postnord.com/oauth2/auth","date":"2023-12-05T07:30:35.086Z","timestamp":1701761435086,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal.postnord.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Tue, 14 Nov 2023 00:00:00 GMT","end":"Fri, 13 Dec 2024 23:59:59 GMT"},"fingerprint":{"sha1":"8C:F3:F1:3B:DB:EA:99:42:38:A4:85:CB:88:9E:15:9F:7E:B8:53:42","sha256":"B9:FF:F7:B1:90:3D:D9:CF:6E:2E:3E:0D:79:B7:7F:7A:28:51:EA:A2:7F:FB:B5:4E:1F:44:D7:A3:12:44:26:E8"}}},"request":{"raw":"GET /fonts/PostNordSans-Bold.woff2 HTTP/1.1\r\nHost: portal.postnord.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://stage.account.postnord.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: binary/octet-stream\r\ncontent-length: 18684\r\naccess-control-allow-methods: GET\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3000\r\ncache-control: max-age=604800\r\ndate: Mon, 04 Dec 2023 21:48:36 GMT\r\nlast-modified: Thu, 08 Jul 2021 12:32:44 GMT\r\nserver: nginx/1.18.0\r\nx-amz-version-id: 6Ub5_ODE2ZbTSwAzMNj8rtAaTutdVb9E\r\nx-ua-compatible: IE=Edge,chrome=1\r\netag: \"cdbb430eb8a959e54d03839a49c2f293\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: EU0XqOuwleIsbZCRLQBYg_EIMaNdY1dXUDCHUVBQfRBFwsYb5HKkmA==\r\nage: 34913\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18684,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 18684, version 1.13107\\012- data","md5":"cdbb430eb8a959e54d03839a49c2f293","sha1":"e4d1299f89c0e38ddd10f7c38efb62f558b0c2d5","sha256":"925c29d9c349984b2c2fa129f9123515d42dddfb9c59fe08a6ac8eb85123d4e6","sha512":"4b111103ca980cad9fb92f9f30e47589b5f28f0dcd1e4069fb3afbbcc7d407b9bbc67f7357ca7dd3c7b1e67427f24c4282c1d5b91b04157161cb8644391f67d5","ssdeep":"384:zrD1jUhFer6hsvMYh5ADeJjHW0G+oT/KQcQaRrkbQRVel9qmFybd5Pzfe:Qk6hKZ5weTroTyQc/dRVel8Bb/fe","tlshash":"6f82c0c42c2656d39a9787231ec82ca5d02079e41cf7f98571ca8095beea7636e0a1f2","first_seen":"2023-04-17T18:46:10Z","last_seen":"2026-04-30T03:21:13.465947Z","times_seen":21,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":72,"dns":61,"connect":3,"send":0,"wait":26,"receive":1,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - FedEx","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with FedEx phishing","tags":["fedex","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"stage.account.postnord.com/favicon.ico","fqdn":"stage.account.postnord.com","domain":"postnord.com","tld":"com"},"ip":{"addr":"54.230.111.40","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://stage.account.postnord.com/oauth2/auth","date":"2023-12-05T07:30:35.272Z","timestamp":1701761435272,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stage.account.postnord.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sat, 26 Aug 2023 00:00:00 GMT","end":"Tue, 24 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC","sha256":"4A:0F:43:E6:EC:53:BA:D1:4E:22:23:3C:6D:CB:B5:AE:E7:10:AD:79:9F:3A:9B:05:39:0F:53:02:03:57:1B:FF"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: stage.account.postnord.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: language=en; PN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html\r\ncontent-length: 134\r\nlocation: https://stage.account.postnord.com:443/public/stage_favicon.ico\r\nserver: awselb/2.0\r\ndate: Tue, 05 Dec 2023 07:30:29 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: KASyHcLutZAGV8hL8GPgCP6sQ6FwxyleAXHY_IFJ1Tbm-iUYtbjBNw==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":134,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with CRLF line terminators","md5":"4aa7a432bb447f094408f1bd6229c605","sha1":"1965c4952cc8c082a6307ed67061a57aab6632fa","sha256":"34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a","sha512":"497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c","ssdeep":"","tlshash":"7ac02bad57001cc8b4a7373850c25060e0ec002013c5041101b00507f04e0578dc12c0","first_seen":"2023-04-05T03:18:50Z","last_seen":"2025-06-28T17:36:01.176521Z","times_seen":12686,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stage.account.postnord.com/public/stage_favicon.ico","fqdn":"stage.account.postnord.com","domain":"postnord.com","tld":"com"},"ip":{"addr":"54.230.111.40","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://stage.account.postnord.com/oauth2/auth","date":"2023-12-05T07:30:35.419Z","timestamp":1701761435419,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stage.account.postnord.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sat, 26 Aug 2023 00:00:00 GMT","end":"Tue, 24 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"8C:E6:70:51:FE:9B:D3:9C:8E:2B:59:A9:08:C6:4F:D4:0A:45:BB:BC","sha256":"4A:0F:43:E6:EC:53:BA:D1:4E:22:23:3C:6D:CB:B5:AE:E7:10:AD:79:9F:3A:9B:05:39:0F:53:02:03:57:1B:FF"}}},"request":{"raw":"GET /public/stage_favicon.ico HTTP/1.1\r\nHost: stage.account.postnord.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: language=en; PN-V1-SESSION-ID=e0d8ef3f-9ec5-427b-87a5-5268be01aabd\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ndate: Tue, 05 Dec 2023 07:30:29 GMT\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Mon, 04 Dec 2023 23:53:00 GMT\r\netag: W/\"46f-18c373fda8c\"\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: EuxTlsTaNtScLLNY2L_Qq0v13-EVhDNlA5c7gNGuZIWDv96WF3ZtqQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1135,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document text\\012- exported SGML document, ASCII text, with very long lines (1205), with no line terminators","md5":"ad6cbbce0d0e20e441fe4ce0f515c43f","sha1":"950f044bd269e0788c3df32122ab377613359125","sha256":"2cc3aa2b317896e15027254c86f9bfdb46a3adc47dcad764ea70a3c0ae983c51","sha512":"bb13156505632e053f834481a2fc6e390f5e65948c88db30174b229fe38c0eaaa120873810f2321815d59098f1b418a12bb2b2dc538f87aea59b3c4d3dc633f7","ssdeep":"","tlshash":"e8210c0bac34f24f3b009a2b9172317d4466fc0c8d918cac30c591ae98f4bf50987371","first_seen":"2023-12-05T08:30:47Z","last_seen":"2023-12-05T08:30:47Z","times_seen":1,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}