Overview

URLprivatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php
IP 20.208.129.85 (Switzerland)
ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-25 12:34:21 UTC
StatusLoading report..
IDS alerts0
Blocklist alert10
urlquery alerts
5
Phishing - Nordea
Tags None

Domain Summary (15)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ic.tynt.com (6) 4300 2013-08-06 01:33:59 UTC 2022-11-25 07:09:35 UTC 67.202.105.33
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
t.dtscout.com (2) 11951 2017-01-30 04:52:42 UTC 2022-11-25 05:33:23 UTC 172.64.163.7
r3.o.lencr.org (5) 344 No data No data 23.36.76.226
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.165.41.15
de.tynt.com (1) 1252 2013-08-06 01:33:59 UTC 2022-11-25 07:38:33 UTC 67.202.105.33
widgets.amung.us (1) 12623 2012-05-21 19:25:54 UTC 2022-11-25 07:21:18 UTC 104.22.74.171
privatekunde.cert.info.id.20-208-129-85.cprapid.com (13) 0 2022-11-25 08:05:52 UTC 2022-11-25 12:34:06 UTC 20.208.129.85 Domain (cprapid.com) ranked at: 377998
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-25 06:03:02 UTC 34.102.187.140
whos.amung.us (1) 12687 2017-01-30 05:21:57 UTC 2022-11-25 05:55:19 UTC 172.67.8.141
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
cdn.tynt.com (1) 7260 2012-06-26 16:52:03 UTC 2020-04-02 22:41:03 UTC 172.64.151.83
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-25 05:51:47 UTC 34.117.237.239
ocsp.sectigo.com (2) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/partials/js/jquery.js Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/all/bankidno-4ea3 (...) Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/assets/aa78d594083d0ccf (...) Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/assets/3defb92f3d1f7309 (...) Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/assets/837ba80d0ba906e8 (...) Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/assets/aa1ee103968475b4 (...) Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/assets/b90f1e1b93f3b23d (...) Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/partials/status.php Phishing
2022-11-25 2 privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/partials/status.php Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 20.208.129.85
Date UQ / IDS / BL URL IP
2022-12-05 15:35:05 +0000 17 - 0 - 15 privatekunde.cert.info.id.20-208-129-85.cprap (...) 20.208.129.85
2022-12-03 12:35:23 +0000 17 - 0 - 15 privatekunde.cert.info.id.20-208-129-85.cprap (...) 20.208.129.85
2022-11-30 15:35:07 +0000 17 - 0 - 15 privatekunde.cert.info.id.20-208-129-85.cprap (...) 20.208.129.85
2022-11-30 09:34:31 +0000 7 - 0 - 11 privatekunde.cert.info.id.20-208-129-85.cprap (...) 20.208.129.85
2022-11-30 09:34:29 +0000 16 - 0 - 15 privatekunde.cert.info.id.20-208-129-85.cprap (...) 20.208.129.85


Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK
Date UQ / IDS / BL URL IP
2023-02-04 02:06:36 +0000 0 - 3 - 2 www.officested.com/nam/25a51937-6bbd-469d-9e2 (...) 13.107.238.53
2023-02-04 01:54:13 +0000 0 - 0 - 4 agrogonzamex.com/iccu 104.214.119.79
2023-02-04 01:52:57 +0000 0 - 0 - 1 deuqnxiesrct.z13.web.core.windows.net/index.html 52.239.221.97
2023-02-04 01:48:56 +0000 0 - 0 - 1 duri.squaremoo.com/ 20.189.78.99
2023-02-04 01:35:15 +0000 0 - 3 - 0 iujas.israa.edu.ps/ 20.223.144.241


Last 5 reports on domain: cprapid.com
Date UQ / IDS / BL URL IP
2023-02-04 01:32:46 +0000 10 - 0 - 15 cert.login.info.doc.3-145-14-244.cprapid.com/ (...) 3.145.14.244
2023-02-04 01:31:57 +0000 35 - 1 - 22 cert.login.info.doc.3-145-14-244.cprapid.com/ (...) 3.145.14.244
2023-02-04 01:12:45 +0000 16 - 1 - 28 www.mitid-approve.20-203-169-150.cprapid.com/ (...) 20.203.169.150
2023-02-04 01:02:47 +0000 13 - 0 - 23 www.mitid-approve.20-203-169-150.cprapid.com/ (...) 20.203.169.150
2023-02-03 23:57:28 +0000 10 - 0 - 13 cert.login.info.doc.3-145-14-244.cprapid.com/ (...) 3.145.14.244


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-26 12:37:15 +0000 13 - 0 - 11 rewards.info.clients.35-176-87-79.cprapid.com (...) 35.176.87.79
2022-12-26 11:03:12 +0000 13 - 0 - 11 rewards.info.clients.35-176-87-79.cprapid.com (...) 35.176.87.79
2022-12-19 18:34:41 +0000 15 - 0 - 10 rewards.info.clients.35-176-87-79.cprapid.com (...) 35.176.87.79
2022-12-19 18:34:49 +0000 13 - 0 - 10 rewards.info.clients.35-176-87-79.cprapid.com (...) 35.176.87.79
2022-12-19 18:31:04 +0000 13 - 0 - 9 rewards.info.clients.35-176-87-79.cprapid.com (...) 35.176.87.79

JavaScript

Executed Scripts (10)

Executed Evals (2)
#1 JavaScript::Eval (size: 17) - SHA256: 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061
/*@cc_on!@*/
false
#2 JavaScript::Eval (size: 226) - SHA256: bb037a2c6d9cf7fa65d8570beb76b1a31c360826ed6edb8612a584aa1918d62d
({
    '0': [0, -15, 5, 8],
    '1': [-5, -15, 3, 8],
    '2': [-8, -15, 5, 8],
    '3': [-13, -15, 5, 8],
    '4': [-18, -15, 5, 8],
    '5': [-23, -15, 5, 8],
    '6': [-28, -15, 5, 8],
    '7': [-33, -15, 5, 8],
    '8': [-38, -15, 5, 8],
    '9': [-43, -15, 5, 8],
    ',': [-48, -15, 2, 8],
    'o': [-50, -15, 24, 8]
})

Executed Writes (0)


HTTP Transactions (45)


Request Response
                                        
                                            GET /MITID/swelogin.php HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         20.208.129.85
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (369), with CRLF line terminators
Size:   8770
Md5:    ebad5160fe710d1e6d19850920ad10c5
Sha1:   30615ae4fc0c5856a0de6d05ffa6546e2bc88afa
Sha256: f9e8b8811834a55b4f392f7a94502335bebe4b9b2507e0ae7acb4f967bafcaa0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2562
Expires: Fri, 25 Nov 2022 13:16:52 GMT
Date: Fri, 25 Nov 2022 12:34:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5784
Cache-Control: max-age=171208
Date: Fri, 25 Nov 2022 12:34:10 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 12:07:38 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 12:17:26 GMT
cache-control: public,max-age=3600
age: 1004
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4420
Expires: Fri, 25 Nov 2022 13:47:50 GMT
Date: Fri, 25 Nov 2022 12:34:10 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: FkcDNhjmGBvklbBVO2Y2ud2rcEpDZ6jTBPh8pXYwtRQqiU/W/L+h3mtXATVSW+TmS/QF89hhpRQ=
x-amz-request-id: BYA5KP3P05QNJWQ7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 11:40:47 GMT
age: 3203
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 12:34:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /MITID/all/styles.css HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php

search
                                         20.208.129.85
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Last-Modified: Mon, 07 Nov 2022 21:46:55 GMT
Accept-Ranges: bytes
Content-Length: 49082
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  assembler source, ASCII text, with CRLF line terminators
Size:   49082
Md5:    8c210e9eb7c26a840f2d82f1ba868387
Sha1:   d4d80a9ab19e03c2de9b55226e4e85310553061e
Sha256: afc49c3eb8e9be9fd54e9158e209eff2e81683530ea503b256fcd9f8775e05cb

Alerts:
  urlquery:
    - Phishing - Nordea
                                        
                                            GET /MITID/partials/js/jquery.js HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php

search
                                         20.208.129.85
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2021 08:11:28 GMT
Accept-Ranges: bytes
Content-Length: 272155
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   272155
Md5:    3f24e8505d471bd934a5a68b86971580
Sha1:   876bd436d3b3c1436a8ac17a654e38d062acf45e
Sha256: 4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379

Alerts:
  urlquery:
    - Phishing - Nordea
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /MITID/all/bankidno-4ea331ae4c5bc3a12e6cf8340862d4c0.svg HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php

search
                                         20.208.129.85
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 15:51:12 GMT
Accept-Ranges: bytes
Content-Length: 2837
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2837), with no line terminators
Size:   2837
Md5:    4ea331ae4c5bc3a12e6cf8340862d4c0
Sha1:   aca48d5374050d44a748c0930b97ee49bed6b6a2
Sha256: 8e983af3546212ed1e62b9c26c00f0f3a4c6fa7c17c9b852cd2910f8b425f8d3

Alerts:
  urlquery:
    - Phishing - Nordea
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/aa78d594083d0ccfefcf-d2c5355e1fcc507cd7b7389e87e6c9de.svg HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/all/styles.css

search
                                         20.208.129.85
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10295
Md5:    b25fbf85932c710127e7491979ef5c8b
Sha1:   8e4f8fd14a9aa564d5d71156dc151923a72e06f4
Sha256: 5d8991d9436d2c43bfa6d552610a4485aaa16d9329a85aa6a04aa1d3ee30465c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /MITID/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/all/styles.css

search
                                         20.208.129.85
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Last-Modified: Mon, 07 Nov 2022 21:40:36 GMT
Accept-Ranges: bytes
Content-Length: 40339
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 828 x 300, 4-bit colormap, non-interlaced\012- data
Size:   40339
Md5:    6629cb5350d6f3276b2dccc43bd3f397
Sha1:   63d964e5caaa541475a4c2da976871a9f9986067
Sha256: 9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f

Alerts:
  urlquery:
    - Phishing - Nordea
                                        
                                            GET /assets/3defb92f3d1f7309bb86-28abb007069a4e48b1a0830fb5d4a822.svg HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/all/styles.css

search
                                         20.208.129.85
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10295
Md5:    c21048c4815df8c75249e13b46b29753
Sha1:   ab0c6cf8ee38d241b0ccf893d1916b1356abeca0
Sha256: 165c3b204463cef315e6bb2f12ab222ee9eb2f741a6fc4f07eb71b1b1bf2b986

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/837ba80d0ba906e8c20d-4fa38d775a1f6b9179bc7c425ecaf7f4.woff HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/all/styles.css

search
                                         20.208.129.85
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10297
Md5:    4e00042d0d5f17e4c8c12c8eea79c728
Sha1:   87ce1f687eb13f2828b2f20bbd913b5501946766
Sha256: 93fcf8bddb347acc813366764a920de1d42a5be2794c8ee7030225254a4ab954

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/all/styles.css

search
                                         20.208.129.85
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10297
Md5:    92ad8eb53d4bf889ca195da1546cd6ab
Sha1:   83d7611071ade09f10aad4046b20df2c229c6382
Sha256: 10ee417dcd2cc9a5cd448c3e89cb3828f7d8f0a47ac136248c385b5c6601d558

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/all/styles.css

search
                                         20.208.129.85
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 12:34:10 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10297
Md5:    3286b423d20630c6b499fca3ee696196
Sha1:   98930c6629dc95112e29a55c6a721af267ca4601
Sha256: 5b6494538493498a27cc0f6bb1861f4f9a639037dc7b730c40dea04259a3de49

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 12:11:11 GMT
cache-control: public,max-age=3600
age: 1380
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php

search
                                         20.208.129.85
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 12:34:11 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10189
Md5:    8dd7d819ba0834be5e48f7539610c382
Sha1:   de03a76769252934f7fb8832a48fb2f90a3c5380
Sha256: 8e09e7363727af05173213459072b454117a5a051a2d394caf44d37e67ab568c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 12:34:11 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 17:29:14 GMT
Expires: Tue, 29 Nov 2022 17:29:13 GMT
Etag: "6e8350d5568779051aa70e2eea1d3e9789e2eb50"
Cache-Control: max-age=362701,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fa6ac36ecfb50c-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5520
Cache-Control: max-age=165880
Date: Fri, 25 Nov 2022 12:34:11 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:38:51 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7b4Cduz5TB+OXeNn3cz5nw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.165.41.15
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: B5MPuk3bFwSwV/BzWfkSVwQI9as=

                                        
                                            GET /pingjs/?k=nord0098&t=Nordea%20-%20Tunnistautuminen&c=s&x=http%3A%2F%2Fprivatekunde.cert.info.id.20-208-129-85.cprapid.com%2FMITID%2Fswelogin.php&y=&a=0&d=0.781&v=27&r=4175 HTTP/1.1 
Host: whos.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/

search
                                         172.67.8.141
HTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 12:34:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fa6ac4f8d2b529-OSL


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   47
Md5:    c4fee5cdf51b650eac49c9c70d925460
Sha1:   e4f739ac60f7b48bcc5edfacb417973dcbd2c469
Sha256: 77c2c8da9052ffc98b05daed7a4317af04eaf011964a1f91bbc36cc78d55d621
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 12:34:11 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 23:33:45 GMT
Expires: Wed, 30 Nov 2022 23:33:44 GMT
Etag: "306e1db159c6462ac16527788f772c0615f3741d"
Cache-Control: max-age=470972,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fa6ac71bd7b50c-OSL

                                        
                                            GET /pv/?_a=v&_h=privatekunde.cert.info.id.20-208-129-85.cprapid.com&_ss=6eqg8jd5od&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=5zfc&_cb=_dtspv.c HTTP/1.1 
Host: t.dtscout.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Cookie: m=1; oa=1; df=1669379651
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.163.7
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 25 Nov 2022 12:34:11 GMT
x-t: 0.148
x-c: 0
expires: Fri, 25 Nov 2022 12:34:10 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QnNTN5cMwrkXr%2Be7wR5TAiKSNnJAxyrWRAsoXmMvnRQLc14LIReaN33wicHCNUsaJHl0lAbbU9sGYdYKporag4gqqvK%2BAdDmi0cFm99Dy%2BBRBiDZBOJFv%2FrZo6SwMo7W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6ac5ff7276f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   54
Md5:    0802cd4499a9701d5f5229562a3cab80
Sha1:   8b0bf3d10707f73621228f55c65582b51bd740e3
Sha256: 405c65ebc19a8855114e06b35b82e7f0eefbde1b42e8dae5dbe597f455e405a5
                                        
                                            GET /b/p?id=w!nord0098&lm=0&ts=1669379651192&dn=TC&iso=0&t=Nordea%20-%20Tunnistautuminen HTTP/1.1 
Host: ic.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         67.202.105.33
HTTP/2 204 No Content
                                        
server: nginx/1.16.1
date: Fri, 25 Nov 2022 12:34:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

                                        
                                            GET /deb/v2?id=w!nord0098&dn=TC&cc=1&r= HTTP/1.1 
Host: de.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         67.202.105.33
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: max-age=86400
expires: Sat, 26 Nov 2022 12:34:12 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 4
date: Fri, 25 Nov 2022 12:34:11 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    350fd6ef6446635f7a8f608434a405ec
Sha1:   a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
Sha256: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
                                        
                                            GET /b/p?id=w!nord0098&lm=0&ts=1669379651192&dn=TC&iso=0&t=Nordea%20-%20Tunnistautuminen HTTP/1.1 
Host: ic.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         67.202.105.33
HTTP/2 204 No Content
                                        
server: nginx/1.16.1
date: Fri, 25 Nov 2022 12:34:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

                                        
                                            GET /b/p?id=w!nord0098&lm=0&ts=1669379651192&dn=TC&iso=0 HTTP/1.1 
Host: ic.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         67.202.105.33
HTTP/2 204 No Content
                                        
server: nginx/1.16.1
date: Fri, 25 Nov 2022 12:34:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

                                        
                                            GET /b/p?id=w!nord0098&lm=0&ts=1669379651192&dn=TC&iso=0 HTTP/1.1 
Host: ic.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         67.202.105.33
HTTP/2 204 No Content
                                        
server: nginx/1.16.1
date: Fri, 25 Nov 2022 12:34:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8252
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 12:34:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8252
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 12:34:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8252
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 12:34:12 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 02:07:28 GMT
age: 37604
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q53jN1uOtSdeThbk2_0UF6Rl3g4_-_TW7uK1_6Z5oDwSTSRk8XRjyQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:08 GMT
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
age: 53944
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8006
Md5:    8b6ee13d43732f7c764a49500d092865
Sha1:   5d15fd672e968d59b541e4d5d0d01cd5e69f4075
Sha256: fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11401
x-amzn-requestid: 3bc374eb-7d70-4b95-94a7-2ad06cae4726
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCtHcmoAMFxgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-333793987245ff9e741b9aed;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K4A6bdVv0gauO3YWTEPWMS6fhuB9CZ6o5dUL-O6G5-NzqOGQRzQLUw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:30:31 GMT
age: 50621
etag: "4b131a189db1b615e2519a28cad83d78297ab67f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11401
Md5:    eb94ecb5881a7e49d964e4287d11e7a4
Sha1:   4b131a189db1b615e2519a28cad83d78297ab67f
Sha256: f3693e29eb7b72361093434142e3f18969c1a0b02350fab430fa29c7c127bd1a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11249
x-amzn-requestid: 8f679d7f-2ea5-4e47-b78d-79af59435a62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFPHYHkAIAMFpBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec562-26108a785e910dc3355d58f1;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NKwpIdw2RZNZNh69AF5GNvunA_QfRGClvzcRP3zYwn7c8BLBlt097g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 08:37:15 GMT
age: 14217
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11249
Md5:    481c033b9ffd030ff0de6e35cf788b47
Sha1:   85d3baad9217af2b5d75c019d2ef95dbb919a788
Sha256: 02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 52767
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11743
Md5:    8784bb7a8b88736a6016f712e3183bf3
Sha1:   b0ddc1555d2506177adcdcea77864d75f1245d07
Sha256: 8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:47:08 GMT
age: 53224
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /b/p?id=w!nord0098&lm=0&ts=1669379651192&dn=TC&iso=0 HTTP/1.1 
Host: ic.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         67.202.105.33
HTTP/2 204 No Content
                                        
server: nginx/1.16.1
date: Fri, 25 Nov 2022 12:34:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

                                        
                                            GET /b/p?id=w!nord0098&lm=0&ts=1669379651192&dn=TC&iso=0 HTTP/1.1 
Host: ic.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         67.202.105.33
HTTP/2 204 No Content
                                        
server: nginx/1.16.1
date: Fri, 25 Nov 2022 12:34:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

                                        
                                            GET /MITID/partials/status.php HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php

search
                                         20.208.129.85
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 12:34:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ba676a2b4d1e0d3706e7d287b83a897e; path=/
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /MITID/partials/status.php HTTP/1.1 
Host: privatekunde.cert.info.id.20-208-129-85.cprapid.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/MITID/swelogin.php
Cookie: PHPSESSID=ba676a2b4d1e0d3706e7d287b83a897e

search
                                         20.208.129.85
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 12:34:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /small.js HTTP/1.1 
Host: widgets.amung.us
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.22.74.171
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Fri, 25 Nov 2022 12:34:11 GMT
last-modified: Fri, 11 Nov 2022 22:14:31 GMT
etag: W/"636ec947-2170"
expires: Sat, 26 Nov 2022 12:14:01 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 1210
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fa6ac3dcbc0a2d-ARN
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /i/?l=http%3A%2F%2Fprivatekunde.cert.info.id.20-208-129-85.cprapid.com%2FMITID%2Fswelogin.php&j= HTTP/1.1 
Host: t.dtscout.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.64.163.7
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 25 Nov 2022 12:34:11 GMT
x-s: mtl3
set-cookie: m=1; Domain=dtscout.com; Expires=Fri, 25-Nov-2022 13:57:31 GMT; Max-Age=5000; Path=/; SameSite=None; Secure oa=1; Domain=dtscout.com; Expires=Fri, 25-Nov-2022 16:34:11 GMT; Max-Age=14400; Path=/; SameSite=None; Secure df=1669379651; Domain=dtscout.com; Expires=Sun, 05-Mar-2023 12:34:11 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.761
expires: Fri, 25 Nov 2022 12:34:10 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ad7HGhtjhexlnP4CbdwqgL8Zz67iMFzo0l%2Fhqf91%2FD9eguo49ZWGFj75c2Iv9q1B%2FBsoebjPopO5zYC2N04kmKKr9GgsPStd%2FbB0gVBtX9gXwQLeP3iub%2BkHRqZzm94o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6ac48c8076f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /tc.js HTTP/1.1 
Host: cdn.tynt.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://privatekunde.cert.info.id.20-208-129-85.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.64.151.83
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 25 Nov 2022 12:34:11 GMT
last-modified: Thu, 21 Jul 2022 14:57:29 GMT
vary: Accept-Encoding
etag: W/"62d96959-4599"
content-encoding: gzip
cf-cache-status: HIT
age: 76156
expires: Mon, 28 Nov 2022 12:34:11 GMT
cache-control: public, max-age=259200
server: cloudflare
cf-ray: 76fa6ac77c73b509-OSL
X-Firefox-Spdy: h2


--- Additional Info ---