www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
200 OK 25 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3565), with CRLF line terminators
Hash ff0ab37729847684bbb1ec000111281f
1596be761b9fde96a66452befbb07bba964b9b57
8ac6a924f61f48a6ce0ff43052532f3e76281f5d02342ea0be89dfa2fc886363
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/login.php HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6500
Expires: Fri, 03 Feb 2023 17:23:37 GMT
Date: Fri, 03 Feb 2023 15:35:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4911
Expires: Fri, 03 Feb 2023 16:57:08 GMT
Date: Fri, 03 Feb 2023 15:35:17 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6800
Expires: Fri, 03 Feb 2023 17:28:37 GMT
Date: Fri, 03 Feb 2023 15:35:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 14:43:35 GMT
content-type: application/json
age: 3102
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rZDR07trzmzaXfCnlffi6Y7kGkj2FAw8wTlt1nzniH//cc9C36aueCPtAlCnXVYF7w1yRt56QJg=
x-amz-request-id: 2BAEP44CQJNVQ4HY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 15:23:35 GMT
age: 702
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 15:35:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/styles-8c6738c3c6c5b3bad3f9a4e729acc38c.css
200 OK 37 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/styles-8c6738c3c6c5b3bad3f9a4e729acc38c.css
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (36841)
Hash 81ffe4ca005985e67e46753b6dca0435
b252f420d1f1b71b3401d574290f7fbe945dc4fa
5b0d3bf71a9ae36d04599f18a1ab6656ec0b39e12d1415a61a0612e33771421a
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
quad9 Sinkholed
GET /nordea_no/image/styles-8c6738c3c6c5b3bad3f9a4e729acc38c.css HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 36842
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
200 OK 3.1 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3097), with no line terminators
Hash d0c0f9d25ebde42bbd552c8ad5363f01
97f08f3ee5a37bb5d291cf10fd8e5ce630467522
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/image/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 3097
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
200 OK 2.8 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2803), with no line terminators
Hash f426cda35f41e4c0b7c30c814b5eb2ee
9f278c5bfbf5ddebc2a4d24e4441efa94dd36be7
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/image/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 2803
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
200 OK 3.1 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3104), with no line terminators
Hash 9bbd07dc81f3c2a11d2c7735b416ee18
41ee4ad48472fd2f93f765b87c77a606a04e5a00
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/image/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 3104
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
200 OK 2.8 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2846), with no line terminators
Hash 91ca9eec9eed6ed945355d650bb10d41
7178a477a6cc3271d5e2927cd2737af55804f576
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/image/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 2846
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg
200 OK 2.8 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2837), with no line terminators
Hash 4ea331ae4c5bc3a12e6cf8340862d4c0
aca48d5374050d44a748c0930b97ee49bed6b6a2
8e983af3546212ed1e62b9c26c00f0f3a4c6fa7c17c9b852cd2910f8b425f8d3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/image/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 2837
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/no-connection-83f79e2367a313b468986e12a237c346.svg
200 OK 5.0 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/no-connection-83f79e2367a313b468986e12a237c346.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4974), with no line terminators
Hash 83f79e2367a313b468986e12a237c346
6b0d0f5df661c328a99aefa3b9388507f35d7fba
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/image/no-connection-83f79e2367a313b468986e12a237c346.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 4974
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/empty-3857ebe69f653487f8c9d99adde4657f.svg
200 OK 1.6 kB URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/empty-3857ebe69f653487f8c9d99adde4657f.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1642), with no line terminators
Hash 3857ebe69f653487f8c9d99adde4657f
134737f1f8882726ef1b50546546fa9d1479207c
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /nordea_no/image/empty-3857ebe69f653487f8c9d99adde4657f.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/login.php
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 14:33:20 GMT
Accept-Ranges: bytes
Content-Length: 1642
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
www.mitid-approve.20-203-169-150.cprapid.com/assets/a85818c8c2c809dedd4b-5dbb8bc48bceea15838b7a4f36dffdd1.jpg
404 Not Found 315 B URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/assets/a85818c8c2c809dedd4b-5dbb8bc48bceea15838b7a4f36dffdd1.jpg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
quad9 Sinkholed
GET /assets/a85818c8c2c809dedd4b-5dbb8bc48bceea15838b7a4f36dffdd1.jpg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/styles-8c6738c3c6c5b3bad3f9a4e729acc38c.css
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.mitid-approve.20-203-169-150.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
404 Not Found 315 B URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/styles-8c6738c3c6c5b3bad3f9a4e729acc38c.css
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.mitid-approve.20-203-169-150.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
404 Not Found 315 B URL HTTP/1.1 www.mitid-approve.20-203-169-150.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Nordea
fortinet Phishing
quad9 Sinkholed
GET /assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nordea_no/image/styles-8c6738c3c6c5b3bad3f9a4e729acc38c.css
Cookie: PHPSESSID=964efa6472be821c0aba634c6fea4bf1
HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 15:35:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.sectigo.com/
200 OK 472 B IP
Hash dd3ecc2b0ec33bb211d9dbb65094b1f9
ec9bdb65c44665d6d322d816c051fc5d3fe68527
070627370037a357bed7d1ca8af8ee03bb26b10d8a502aec7daddde951428f67
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 17:29:19 GMT
Expires: Tue, 07 Feb 2023 17:29:18 GMT
Etag: "ec9bdb65c44665d6d322d816c051fc5d3fe68527"
Cache-Control: max-age=351840,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793c3c4f3887b515-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 14:49:06 GMT
age: 2771
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/97q-VzuQ-Mw
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/97q-VzuQ-Mw
IP
Hash 2e2ac28df5e696fe1c96317234c6ff3b
05a6204e4e720e064d21421394eed847e9d31b98
0224db9340d590e9225ece2570c849812b600bd09a0e58f2551f42fa6587e6f7
POST /s/gts1p5/97q-VzuQ-Mw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 15:35:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5597
Expires: Fri, 03 Feb 2023 17:08:35 GMT
Date: Fri, 03 Feb 2023 15:35:18 GMT
Connection: keep-alive
whos.amung.us/pingjs/?k=canno&t=Nordea%20-%20Norway&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&y=&a=0&d=0.527&v=27&r=2556
200 OK 43 B URL HTTP/1.1 whos.amung.us/pingjs/?k=canno&t=Nordea%20-%20Norway&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&y=&a=0&d=0.527&v=27&r=2556
IP
File type ASCII text, with no line terminators
Hash 5a18e73c31effc715817d94f9d81a15c
bed71764ea2aa95edf4ccd913feb10622efe695e
e4e287eac53f1f90b1557ad08b958316fbcfa43729c55c331b4540da91fe1535
GET /pingjs/?k=canno&t=Nordea%20-%20Norway&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&y=&a=0&d=0.527&v=27&r=2556 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:18 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793c3c51fb5898ea-ARN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +iD6XgPtqNEEMmrPhGfiOQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1jYHPMvAJJUoKeNnLtT7kJTFpVE=
ocsp.sectigo.com/
200 OK 471 B IP
Hash f778d551c0863c1a21556c8505894dff
2eeaa5eaa20a00dcd52e5912430d5a0819495c78
6eeff9b51275defc26c45f86df2f82a3cb5cce699667c36437d76daebffd2369
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:35:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 23:33:41 GMT
Expires: Wed, 08 Feb 2023 23:33:40 GMT
Etag: "2eeaa5eaa20a00dcd52e5912430d5a0819495c78"
Cache-Control: max-age=460101,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793c3c535eccb515-OSL
t.dtscout.com/pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=2x5rpp8hgv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1ujr&_cb=_dtspv.c
200 OK 52 B URL HTTP/2 t.dtscout.com/pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=2x5rpp8hgv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1ujr&_cb=_dtspv.c
IP
File type ASCII text, with no line terminators
Hash 1eb1f75510cdebc02170dbeecc9fc8d9
7aa9323de857bb15d6e4726219b883b7577540c6
7ac4178316c9d8d3743cdc64294e0da273dde5a1910d527937e30f11d8002d02
GET /pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=2x5rpp8hgv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1ujr&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Cookie: m=1; oa=1; df=1675438518
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 15:35:18 GMT
content-type: application/javascript
x-t: 0.887
x-c: 0
expires: Fri, 03 Feb 2023 15:35:17 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lthgmdqtVGOXvRuwbGEM0Et3f%2Blu6vmGX%2BsZTzLlMZqIRk%2BM66NwDYzyN2DRj1CTiyTEGu%2BILunrIp3kJ8t3VWyZXq4strUfFZgLxoupog9KU9PeOTpOTc13AXzZ3MU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793c3c535f8e16a5-ARN
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 15:35:19 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 15:35:19 GMT
Connection: keep-alive
ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&t=Nordea%20-%20Norway
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&t=Nordea%20-%20Norway
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&t=Nordea%20-%20Norway HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:35:19 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
de.tynt.com/deb/v2?id=w!canno&dn=TC&cc=1&r=&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
200 OK 4 B URL HTTP/2 de.tynt.com/deb/v2?id=w!canno&dn=TC&cc=1&r=&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
IP
File type ASCII text, with no line terminators
Hash 350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
GET /deb/v2?id=w!canno&dn=TC&cc=1&r=&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
expires: Sat, 04 Feb 2023 15:35:19 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/javascript
content-length: 4
date: Fri, 03 Feb 2023 15:35:19 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6161
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 15:35:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 63450
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPgaBSGyLJQnN0ofVRFniW2LqzgKVWchSKYSjYCmuPtpL9Ner81ARQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:14:03 GMT
age: 62476
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 64038
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 63325
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 64038
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:35:19 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:35:19 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!canno&lm=0&ts=1675438550402&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:35:19 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
widgets.amung.us/small.js
200 OK 0 B URL HTTP/2 widgets.amung.us/small.js
IP
GET /small.js HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 15:35:17 GMT
content-type: application/x-javascript
last-modified: Thu, 12 Jan 2023 17:19:26 GMT
etag: W/"63c0411e-2170"
expires: Sat, 04 Feb 2023 14:58:46 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 2191
vary: Accept-Encoding
server: cloudflare
cf-ray: 793c3c507eb2b4f4-OSL
X-Firefox-Spdy: h2
t.dtscout.com/i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&j=
200 OK 0 B URL HTTP/2 t.dtscout.com/i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&j=
IP
GET /i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnordea_no%2Flogin.php&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 15:35:18 GMT
content-type: application/javascript
x-s: mtl3
set-cookie: m=1; Domain=dtscout.com; Expires=Fri, 03-Feb-2023 16:58:38 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Fri, 03-Feb-2023 19:35:18 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1675438518; Domain=dtscout.com; Expires=Sun, 14-May-2023 15:35:18 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.707
expires: Fri, 03 Feb 2023 15:35:17 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gEmValXilsE%2FfW7VXnqWeMfUfk4c6qWzjfWBpd9XLE6EB8DgLl0mK%2FPAf4GxwLhLQEi3iNcZ35agmjPQC19Z4b4tdKK3Ah019Alop%2FMMqWx7nBI%2FIuYZr2c2UtOfN%2FI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793c3c51de3a16a5-ARN
content-encoding: br
X-Firefox-Spdy: h2
cdn.tynt.com/tc.js
200 OK 0 B IP
GET /tc.js HTTP/1.1
Host: cdn.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 15:35:18 GMT
content-type: application/javascript
last-modified: Tue, 10 Jan 2023 20:39:00 GMT
vary: Accept-Encoding
etag: W/"63bdcce4-4571"
content-encoding: gzip
cf-cache-status: HIT
age: 37742
expires: Mon, 06 Feb 2023 15:35:18 GMT
cache-control: public, max-age=259200
server: cloudflare
cf-ray: 793c3c578bf10b02-OSL
X-Firefox-Spdy: h2
20.203.169.150
172.64.151.83
104.22.74.171
23.36.76.226