r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ec332b81a27117ce9c16b67a5a8e4fac
b6d2afa2c859d000ad830d3d8d73f57bac6ffce2
1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14377
Expires: Tue, 21 Mar 2023 15:03:09 GMT
Date: Tue, 21 Mar 2023 11:03:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 28774b36cf8bb6b054329393a33f6239
728313ddff6d5ceb6db3eb8445f039779616a140
08378fe6a897ab5a9c8d3bc2748c9670659d0d0d164317fdfac88d23fee78fa0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08378FE6A897AB5A9C8D3BC2748C9670659D0D0D164317FDFAC88D23FEE78FA0"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13017
Expires: Tue, 21 Mar 2023 14:40:29 GMT
Date: Tue, 21 Mar 2023 11:03:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4e6141892ec4705c6a0134f3157b969d
4169fdea42b0fa9cb565e14b8e8fdb293575c78e
905537ef3e3a4a9030391b44bd6ac6bb5d7c9ec752b1821d683dfbf483096163
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "905537EF3E3A4A9030391B44BD6AC6BB5D7C9EC752B1821D683DFBF483096163"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15001
Expires: Tue, 21 Mar 2023 15:13:34 GMT
Date: Tue, 21 Mar 2023 11:03:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 21 Mar 2023 10:14:57 GMT
content-type: application/json
age: 2916
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sZqcv4mGKAcsXbjve8JLOiNDO3Hde1JMcJ9I0E7Ko8AnUNJUpdtyo4hvk2xpzFqbdKL+edCjCks=
x-amz-request-id: 1BP249HA77XJ60XJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 21 Mar 2023 10:53:09 GMT
age: 624
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
20.199.42.181200 OK 8.6 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (369)
Hash 6b3317d3833f299a098c2a402ddd388f
53d1dd50db844e2424d62da4d6403c8ac6d4a02b
43c8735c6f8de8d8f53bec49686c65cb814e718c142a490028af8888f6fd3a70
Analyzer Verdict Alert openphish Nordea Bank
fortinet Phishing
quad9 Sinkholed
GET /id/finlogin.php HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 21 Mar 2023 11:03:33 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
20.199.42.181200 OK 49 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type assembler source, ASCII text, with CRLF line terminators
Hash b9ab7abda3db8f2401bc732f29b78460
1c256bdf0a2c5ed807765d851f08ee99d8f0a0ac
02cd70fbf63e9c61e1abc49a269c5dc62c829e69ac39b33552b6fc118995234b
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
quad9 Sinkholed
GET /id/all/styles.css HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Last-Modified: Mon, 12 Dec 2022 07:06:32 GMT
Accept-Ranges: bytes
Content-Length: 49064
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/partials/js/jquery.js
20.199.42.181200 OK 272 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/partials/js/jquery.js
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Size 272 kB (272155 bytes)
Hash 3f24e8505d471bd934a5a68b86971580
876bd436d3b3c1436a8ac17a654e38d062acf45e
4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /id/partials/js/jquery.js HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2021 08:11:28 GMT
Accept-Ranges: bytes
Content-Length: 272155
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/codes_app-a89defc476c5ea3f806b6f5360157e81.svg
20.199.42.181200 OK 1.4 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/codes_app-a89defc476c5ea3f806b6f5360157e81.svg
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1442), with no line terminators
Hash a89defc476c5ea3f806b6f5360157e81
640dcac46dbc76ee388429336d7c1b5212300c50
b88b6130e6d786e3793f9811c6ad215e23237c3875b1bd85330505dc8ff350f9
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /id/all/codes_app-a89defc476c5ea3f806b6f5360157e81.svg HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Last-Modified: Fri, 04 Nov 2022 10:41:59 GMT
Accept-Ranges: bytes
Content-Length: 1442
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png
20.199.42.181200 OK 40 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 828 x 300, 4-bit colormap, non-interlaced\012- data
Hash 6629cb5350d6f3276b2dccc43bd3f397
63d964e5caaa541475a4c2da976871a9f9986067
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
quad9 Sinkholed
GET /id/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Last-Modified: Mon, 07 Nov 2022 21:40:36 GMT
Accept-Ranges: bytes
Content-Length: 40339
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/assets/3defb92f3d1f7309bb86-28abb007069a4e48b1a0830fb5d4a822.svg
20.199.42.181404 Not Found 10 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/assets/3defb92f3d1f7309bb86-28abb007069a4e48b1a0830fb5d4a822.svg
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Hash 48ae1677bdd85f53e66a860263fb94b2
90421945d908e21e9589ec288cf387d94e38803c
69ea644a579b8a31d7c18f5337182a283a2aa747c729b4a8e412860ba116394b
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/3defb92f3d1f7309bb86-28abb007069a4e48b1a0830fb5d4a822.svg HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/assets/aa78d594083d0ccfefcf-d2c5355e1fcc507cd7b7389e87e6c9de.svg
20.199.42.181404 Not Found 10 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/assets/aa78d594083d0ccfefcf-d2c5355e1fcc507cd7b7389e87e6c9de.svg
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Hash 8225c5e50292cfa75c1b381eb0d559b3
ad0654c34508a69488b21db26093afaab77e4d8d
3e1430937dc90382e11d698fcecd1d3be3f2c575cc384c4e6c7335da723e503a
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/aa78d594083d0ccfefcf-d2c5355e1fcc507cd7b7389e87e6c9de.svg HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
20.199.42.181200 OK 31 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 31152, version 0.0\012- data
Hash 3a4d9a8b6adf39716f28af71fc9b030a
5d9acfd762ccd9a4a519951ad008f119741c513b
21a2a17b532837aeafeb95de9f252bfec714028517f79fb4143845ca4d23353c
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Last-Modified: Mon, 12 Dec 2022 06:59:54 GMT
Accept-Ranges: bytes
Content-Length: 31152
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
20.199.42.181200 OK 32 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 31772, version 0.0\012- data
Hash 11eca7aa5a85ec0c6cc3deba794b264e
9bd19e1a9d5859833cbd50f501444c8c2afec2e1
ff28a732b1fc6a547797b7a9a7c29025ae41b74cc5e208232418d9c41fb43c44
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Last-Modified: Mon, 12 Dec 2022 06:59:53 GMT
Accept-Ranges: bytes
Content-Length: 31772
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 21 Mar 2023 10:14:33 GMT
age: 2940
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/837ba80d0ba906e8c20d-4fa38d775a1f6b9179bc7c425ecaf7f4.woff
20.199.42.181200 OK 3.0 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/837ba80d0ba906e8c20d-4fa38d775a1f6b9179bc7c425ecaf7f4.woff
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 2988, version 1.0\012- data
Hash 4fa38d775a1f6b9179bc7c425ecaf7f4
999363e7db078097dd06c303a4fd09839da7cc6e
6252319c96777a4ce3952f63ec70735230c1c5c9392e81a9b3f9a8b2bc06c164
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /id/all/837ba80d0ba906e8c20d-4fa38d775a1f6b9179bc7c425ecaf7f4.woff HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/all/styles.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Last-Modified: Mon, 12 Dec 2022 06:59:56 GMT
Accept-Ranges: bytes
Content-Length: 2988
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/favicon.ico
20.199.42.181404 Not Found 10 kB URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/favicon.ico
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Hash d947e503b969568cae2b2e2b2759c9c2
e4e4e1430f3573d2d8b6bec9dac7527b2fd274d0
73e730440ffe32b733fc7c6d2677f076810111457ebab48960b640deda790106
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Tue, 21 Mar 2023 11:03:33 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4c195a3fc0c2abb831630cef1dcfa770
eda338de3063640556177b9db364c33193d7f6dc
c22eb0537cd79666b82fe61dd77fe9b0b3c059a4c65d405412acfc2c6800b444
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C22EB0537CD79666B82FE61DD77FE9B0B3C059A4C65D405412ACFC2C6800B444"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7146
Expires: Tue, 21 Mar 2023 13:02:39 GMT
Date: Tue, 21 Mar 2023 11:03:33 GMT
Connection: keep-alive
push.services.mozilla.com/
54.187.153.159101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.153.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yR8i5RniXcYlKLRM1r4PLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pD/XOrIm5nmsU4Vi66J4DytQ5Ec=
t.dtscout.com/i/?l=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&j=
141.101.120.10200 OK 8.0 kB URL HTTP/2 t.dtscout.com/i/?l=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&j=
IP 141.101.120.10:0
File type ASCII text, with very long lines (2077)
Hash 3fc3dcbe7cf76f6186f61b540d5b4607
c975a73822828f7432bdd111e3d092af76fc64db
dc4552a943633a8c4a4b73b3025138fe2da650d07461ba0912022367c468044d
GET /i/?l=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 21 Mar 2023 11:03:33 GMT
content-type: application/javascript
x-s: ger1
set-cookie: m=1; Domain=dtscout.com; Expires=Tue, 21-Mar-2023 12:26:53 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Tue, 21-Mar-2023 15:03:33 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1679396613; Domain=dtscout.com; Expires=Thu, 29-Jun-2023 11:03:33 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.558
expires: Tue, 21 Mar 2023 11:03:32 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rD7iQJ9q87kOsHTsfuBrgdQks6MrDWcvg1YoHR5wGe87yR6QOvHlqd9z%2FXCBw47tlREbh1h2VzirE1ujLJOFiNXEF3WOl2YN83JrQM9XPy3jUzfvPQJkVqeehmjuhEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ab5b5847c860a40-ARN
content-encoding: br
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&t=Nordea%20-%20Tunnistautuminen
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&t=Nordea%20-%20Tunnistautuminen
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&t=Nordea%20-%20Tunnistautuminen HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 21 Mar 2023 11:03:34 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
de.tynt.com/deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
67.202.105.33200 OK 4 B URL HTTP/2 de.tynt.com/deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
IP 67.202.105.33:0
File type ASCII text, with no line terminators
Hash 350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
GET /deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=86400
expires: Wed, 22 Mar 2023 11:03:34 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
content-type: application/javascript
content-length: 4
date: Tue, 21 Mar 2023 11:03:34 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 21 Mar 2023 11:03:34 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 21 Mar 2023 11:03:34 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!holland001&lm=0&ts=1679396616928&dn=TC&iso=0&pu=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 21 Mar 2023 11:03:34 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13998
Expires: Tue, 21 Mar 2023 14:56:53 GMT
Date: Tue, 21 Mar 2023 11:03:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13998
Expires: Tue, 21 Mar 2023 14:56:53 GMT
Date: Tue, 21 Mar 2023 11:03:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13998
Expires: Tue, 21 Mar 2023 14:56:53 GMT
Date: Tue, 21 Mar 2023 11:03:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13998
Expires: Tue, 21 Mar 2023 14:56:53 GMT
Date: Tue, 21 Mar 2023 11:03:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc78f90b-41af-4ead-ad86-702e5fda80ad.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc78f90b-41af-4ead-ad86-702e5fda80ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2b8211ace94cc818c0b092a0f8c24c7e
785e7ca94d770a89c2d738d38c880d676bf14652
f14171e1bf278f881e63d81884e84b0395f37871bfdad187c57ee8b1c337602d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc78f90b-41af-4ead-ad86-702e5fda80ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10326
x-amzn-requestid: 21739424-faef-436b-9024-5354854b622c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CGWI8E4poAMFsvg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418d09f-1627c1db7ff0c2f05f9c4e6e;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 21:31:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: RIABIQaX9GWt0kbVqf4YeCZOVYYZRq0I31xV_YXoi4TQKvAQqY7ftA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:45:17 GMT
age: 47898
etag: "785e7ca94d770a89c2d738d38c880d676bf14652"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e5f234aedfabd736b50fef3017380f9
71672a6c3523d9999522e005091863d07ea0e94a
3314df7a93e317d509aeffc1cde69ec450ddad116a27dc197db1abce966da344
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6511
x-amzn-requestid: 82d12180-bdcb-4ce0-8588-4239ee27f236
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CGWI_E_eoAMF3sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418d09f-2f5df7cd5f6cee4762703d29;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 21:31:11 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: sTt0-W1XE7yUFGFXg2nPnKw5tKKkrw-cH_TCIbQy8JL-k0QtCNZS8w==
via: 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:52:08 GMT
age: 47487
etag: "71672a6c3523d9999522e005091863d07ea0e94a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a940b362660fdee25faaa51e08c439b
85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c
18b99e3e890fdc959421c895ce343b8b3ed88819c83fa0009823e8ded23458f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8195
x-amzn-requestid: c6844a50-a6b2-4ef4-ad28-f1a0fbcec14f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDFESEDGoAMFQ8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417821b-22fa560d4b7811c233fe07fa;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:43:55 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hZeMhs-Z5fNn0pvRUSkNcGau_K6EG9EQtDktbLUth0uEveafUgCxeQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 85ee490c179dc0af42b771f11421073e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 22:07:00 GMT
age: 46595
etag: "85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c02b9c1-0ea5-472c-95e9-5fcd5cf9d11d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c02b9c1-0ea5-472c-95e9-5fcd5cf9d11d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 08f2d83ce4f0d9158f2414065924955d
76d9b0d87b9ad6f6b5ec225d46eb04154cf113c5
9d11c0726d38515d1f847423ccccbb7b06b14c65e6776741d30d5f4b5bd9cc39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c02b9c1-0ea5-472c-95e9-5fcd5cf9d11d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7714
x-amzn-requestid: 3c48be36-11d4-4e6d-a376-b73f5836ccaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDDUuEcXIAMFbUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64177f51-15606b16594e67e74234c992;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:32:01 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EZb5UlE1ggV28LSzY0AauVJaJ69-EuzM9aUSJA-unn2Ys3sQpTNTBg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 82c2ab57bc9900898383f6b70681b9e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:57:10 GMT
age: 47185
etag: "76d9b0d87b9ad6f6b5ec225d46eb04154cf113c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59eb1d88-9afd-445f-bf6b-f7edc71a4aff.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59eb1d88-9afd-445f-bf6b-f7edc71a4aff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 20e0cf109126f01b80e30c2d40549641
db5eb3144ed0ac478abdf10d270f43d9cc391bc8
7f6eed19068600b6276764a56214b719bf5ed441515dec178cb692f401d1fc46
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59eb1d88-9afd-445f-bf6b-f7edc71a4aff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9492
x-amzn-requestid: 812019e6-0484-471d-ba54-235f77118772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CFAazGLQIAMFc_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64184778-7f71615e4ddf5c5c4defb735;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 11:46:00 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: PvDhwh79wdNB-IFpt3I3i7B1k5kq_iRdlbe4z6W3Z-rpFhaQg9jhyg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 06:59:02 GMT
age: 14673
etag: "db5eb3144ed0ac478abdf10d270f43d9cc391bc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c47b1c0-04b4-4401-ac29-0541c79f9785.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c47b1c0-04b4-4401-ac29-0541c79f9785.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00d5824792d2b97182c7fe2f91880eee
75e82060efb997641f24c68ebc70d0828ba90311
bc5e9cf1d7d78b14e595705eee550f5d6acd712feb4b3a9e428ae4ce863edc58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c47b1c0-04b4-4401-ac29-0541c79f9785.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3835
x-amzn-requestid: 8f05ddb5-6a3c-4902-a3a0-f40a9e59394b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CGWI-GjWIAMFTsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418d09f-26854db13f914e1579b9e752;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 21:31:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: nPGp--k2s14M2YR095tI4Y5BjuEyNY4NWF9Nb0Pck3HWn6xapRy9Gw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:51:42 GMT
age: 47513
etag: "75e82060efb997641f24c68ebc70d0828ba90311"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/partials/status.php
20.199.42.181500 Internal Server Error 0 B URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/partials/status.php
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /id/partials/status.php HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 500 Internal Server Error
Date: Tue, 21 Mar 2023 11:03:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c9559098f858b0383d3bdee4b477acbd; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/partials/status.php
20.199.42.181500 Internal Server Error 0 B URL HTTP/1.1 certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/partials/status.php
IP 20.199.42.181:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /id/partials/status.php HTTP/1.1
Host: certificate.privat.dokument.opdate.20-199-42-181.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/id/finlogin.php
Cookie: PHPSESSID=c9559098f858b0383d3bdee4b477acbd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 500 Internal Server Error
Date: Tue, 21 Mar 2023 11:03:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
widgets.amung.us/small.js
188.114.98.234200 OK 0 B URL HTTP/2 widgets.amung.us/small.js
IP 188.114.98.234:0
GET /small.js HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 21 Mar 2023 11:03:33 GMT
content-type: application/x-javascript
last-modified: Thu, 12 Jan 2023 17:19:48 GMT
etag: W/"63c04134-2170"
expires: Wed, 22 Mar 2023 10:44:27 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 1146
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ab5b583a801b4ff-OSL
X-Firefox-Spdy: h2
whos.amung.us/pingjs/?k=holland001&t=Nordea%20-%20Tunnistautuminen&c=s&x=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&y=&a=0&d=1.011&v=27&r=6814
188.114.98.234200 OK 0 B URL HTTP/2 whos.amung.us/pingjs/?k=holland001&t=Nordea%20-%20Tunnistautuminen&c=s&x=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&y=&a=0&d=1.011&v=27&r=6814
IP 188.114.98.234:0
GET /pingjs/?k=holland001&t=Nordea%20-%20Tunnistautuminen&c=s&x=https%3A%2F%2Fcertificate.privat.dokument.opdate.20-199-42-181.cprapid.com%2Fid%2Ffinlogin.php&y=&a=0&d=1.011&v=27&r=6814 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://certificate.privat.dokument.opdate.20-199-42-181.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 21 Mar 2023 11:03:34 GMT
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7ab5b584d9bdb4ff-OSL
X-Firefox-Spdy: h2