Report - www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php

Report Overview

Submitted URL
www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
IP
20.203.169.150
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-02-03 15:37:43
Access
Website Title
Final URL
Tags
nordea financial phishing
urlquery detections
Phishing - Nordea

Detections

urlquery
16
Network Intrusion Detection
1
Threat Detection Systems
54

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	64 kB	34.120.237.76
www.mitid-approve.20-203-169-150.cprapid.com	unknown	2023-01-24T03:12:24Z	2023-03-12T01:58:31Z	7.5 kB	213 kB	20.203.169.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
whos.amung.us	12687	2014-04-02T16:27:13Z	2023-03-13T07:28:15Z	431 B	295 B	104.22.75.171
t.dtscout.com	11951	2017-01-30T05:52:42Z	2023-03-13T05:10:53Z	1.0 kB	9.4 kB	141.101.120.10
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	680 B	1.9 kB	172.64.155.188
www.mitid.dk	unknown	2017-04-03T14:46:36Z	2023-03-13T06:54:49Z	3.1 kB	12 kB	95.100.107.87
ic.tynt.com	4300	2013-08-06T03:33:59Z	2023-03-13T08:58:22Z	2.2 kB	1.2 kB	67.202.105.34
widgets.amung.us	12623	2012-05-21T21:25:54Z	2023-03-13T08:13:33Z	388 B	414 B	104.22.75.171
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	337 B	1.4 kB	35.241.9.150
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	357 B	712 B	142.250.74.163
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	34.217.224.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-03 15:38:04	medium	20.203.169.150	Client IP	ET PHISHING Possible Phish - Saved Website Comment Observed

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/empty-3857ebe69f653487f8c9d99adde4657f.svg	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/no-connection-83f79e2367a313b468986e12a237c346.svg	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff	Phishing
2023-02-03	medium	www.mitid-approve.20-203-169-150.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed
2023-02-03	medium	cprapid.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	whos.amung.us/pingjs/?k=nord11&t=MITiD&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&y=&a=0&d=0.636&v=27&r=8065	24 B	2023-03-13	2023-03-13
Pretty URL whos.amung.us/pingjs/?k=nord11&t=MITiD&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&y=&a=0&d=0.636&v=27&r=8065 IP 104.22.75.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:55:18 Last Seen2023-03-13 15:55:18 Times Seen1 Hash 989692346f70c44a369b438c0e20d7a9 3ba5a8d408d79c3a1d526690698da68ddd571300 0e6bca3cca9af54f559244be2bc933bf733d5f66d259c870df7e455cc6b71670 Loading...

	t.dtscout.com/i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&j=	2.1 kB	2023-03-07	2024-04-19
Pretty URL t.dtscout.com/i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&j= IP 141.101.120.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-19 11:03:11 Times Seen4396 Hash 51bd741af3fcc4984d1a753eebfa1141 534664acf69cbbb5c9b97c96b63dd37bdc580da2 3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c Loading...

	cdn.tynt.com/tc.js	18 kB	2023-03-12	2023-04-12
Pretty URL cdn.tynt.com/tc.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:00:16 Last Seen2023-04-12 18:52:43 Times Seen322 Hash 941b84de4e43aed4733ad9b8f717f06c ed1192d22b11e5c1c26d9b4b66d22a68a44977fe 9dab070ee75ce06cf5e8bb6ab989f0130e40f216a1a717d6a0538a57f5143fec Loading...

	t.dtscout.com/pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=4bfr9p3w68&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1flg&_cb=_dtspv.c	52 B	2023-03-13	2023-03-13
Pretty URL t.dtscout.com/pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=4bfr9p3w68&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1flg&_cb=_dtspv.c IP 141.101.120.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:55:18 Last Seen2023-03-13 15:55:18 Times Seen1 Hash da8fd09742034504a36e78e4ff5dd26a 4ee13b2ee8b8b107b90e13a0594d039b5c851987 b9957c0d13e1368341e5e7477a6918d6622ab212f8d46981ef9e290344ac24bd Loading...

	de.tynt.com/deb/v2?id=w!nord11&dn=TC&cc=1&r=&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php	4 B	2023-03-07	2024-04-19
Pretty URL de.tynt.com/deb/v2?id=w!nord11&dn=TC&cc=1&r=&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-19 09:17:17 Times Seen3072 Hash 350fd6ef6446635f7a8f608434a405ec a4b6c275ac2c80ec925b5c0c5c6abb79ba897356 d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179 Loading...

	www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php	234 B	2023-03-08	2023-03-25
Pretty URL www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php IP 20.203.169.150 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:52:12 Last Seen2023-03-25 22:45:56 Times Seen2 Hash 5572e6f7336a7a8823b965c31a6c2f5e 2378028bdb3cec9df9fea70b8367217a8ce8d97a 06b5c81f1ccc6b5703c7d3ef7fd990fbdd5ded5a661917ec32be41f7bb18e1cc Loading...

	widgets.amung.us/small.js	8.6 kB	2023-03-08	2024-04-18
Pretty URL widgets.amung.us/small.js IP 104.22.75.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:29:44 Last Seen2024-04-18 21:04:49 Times Seen2470 Hash a41caf5294227669425cd5135a26b2a0 a26a13f88c51c37b58fbd8a6b444e9b9150fae16 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9c6f8328cad252c79720cdebcb48012b	226 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2023-05-06 00:45:04 Times Seen958 Hash 9c6f8328cad252c79720cdebcb48012b b853e7b92b0b23aa07f59b4816740de095331d47 bb037a2c6d9cf7fa65d8570beb76b1a31c360826ed6edb8612a584aa1918d62d Loading...

	#2 Eval - b2c2041f8d99c45e0f21474fe4f8b7bc	17 B	2023-03-07	2024-04-19
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-19 13:33:24 Times Seen7408 Hash b2c2041f8d99c45e0f21474fe4f8b7bc 0b876666393469c726a2e3edbb29544c03a92154 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061 Loading...

HTTP Transactions (50)

URL IP Response Size

www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php

20.203.169.150

200 OK

24 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (805), with CRLF line terminators
Size
24 kB (24418 bytes)
Hash
70dfea9414cf5354d93a82628a5ebf5b
df664443c5c0ce9188798badba07679f59c212b6
c835b780a6943a3578188b6f4055446b40479012ec87b17d40ee19cf20ba16c2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phish - Saved Website Comment Observed

HTTP Headers

GET /nord1/login.php HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:32 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6364
Expires: Fri, 03 Feb 2023 17:23:37 GMT
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4775
Expires: Fri, 03 Feb 2023 16:57:08 GMT
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 15:36:11 GMT
content-type: application/json
age: 82
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6664
Expires: Fri, 03 Feb 2023 17:28:37 GMT
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: FOQWum59yhIljicSjuKNLqOQ6c4IqOsRwDWkRQa00cegCVwga7Z7y5LOAxsrslmCNFK2TL9rGAlpBLNnS2HPGA==
x-amz-request-id: VEYW5WH6B9QJQ7Y7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 14:52:27 GMT
age: 2706
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 15:37:33 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css

20.203.169.150

200 OK

46 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
assembler source, ASCII text
Size
46 kB (46070 bytes)
Hash
d1aafd46c75fda47a8d4fc4292ec3fcc
d5570e9d09d74ca0b4495992fec5ef86573c4437
068ee6c88c6d2629f9a797dac9288490b736f0c944d9a46d566da7cd8f913a1b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /nord1/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Sat, 06 Aug 2022 19:29:08 GMT
Accept-Ranges: bytes
Content-Length: 46070
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/translateelement.css

20.203.169.150

200 OK

19 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/translateelement.css
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (18670)
Size
19 kB (18724 bytes)
Hash
15ab5dfc566a9a19f6e89a72b7819e43
064aac1e8bc5a26c5986e40659bc328157ec3b53
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /nord1/all/translateelement.css HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 18724
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download

20.203.169.150

404 Not Found

315 B

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.mitid-approve.20-203-169-150.cprapid.com/nord1/mitd.css

20.203.169.150

200 OK

56 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/mitd.css
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, Unicode text, UTF-8 text, with very long lines (600), with CRLF line terminators
Size
56 kB (56031 bytes)
Hash
5a21067ac284a061587d007135e25e7d
8432c7216311654c790999d4abcdef357b75b6da
7d1472924fee85ca472092b52ca1e70ee4192dc3410a7e3d89a452e07aa6001e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /nord1/mitd.css HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Mon, 31 Oct 2022 19:47:18 GMT
Accept-Ranges: bytes
Content-Length: 56031
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/empty-3857ebe69f653487f8c9d99adde4657f.svg

20.203.169.150

200 OK

1.6 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/empty-3857ebe69f653487f8c9d99adde4657f.svg
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1642), with no line terminators
Size
1.6 kB (1642 bytes)
Hash
3857ebe69f653487f8c9d99adde4657f
134737f1f8882726ef1b50546546fa9d1479207c
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/empty-3857ebe69f653487f8c9d99adde4657f.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 1642
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg

20.203.169.150

200 OK

3.1 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3104), with no line terminators
Size
3.1 kB (3104 bytes)
Hash
9bbd07dc81f3c2a11d2c7735b416ee18
41ee4ad48472fd2f93f765b87c77a606a04e5a00
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3104
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/translate_24dp.png

20.203.169.150

200 OK

825 B

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/translate_24dp.png
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
825 B (825 bytes)
Hash
55ff382a8b09329e3230a1797eb8f5fd
026ae089006a674da7dcc9bf6b986c5d59e75478
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /nord1/all/translate_24dp.png HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 825
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/no-connection-83f79e2367a313b468986e12a237c346.svg

20.203.169.150

200 OK

5.0 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/no-connection-83f79e2367a313b468986e12a237c346.svg
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4974), with no line terminators
Size
5.0 kB (4974 bytes)
Hash
83f79e2367a313b468986e12a237c346
6b0d0f5df661c328a99aefa3b9388507f35d7fba
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/no-connection-83f79e2367a313b468986e12a237c346.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 4974
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg

20.203.169.150

200 OK

2.3 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2285), with no line terminators
Size
2.3 kB (2285 bytes)
Hash
830ab2367a74a48b4e61ce97be19c0bd
79cde6c94cedde8c6ce414952a6f71841b890b77
6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2285
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg

20.203.169.150

200 OK

2.8 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2803), with no line terminators
Size
2.8 kB (2803 bytes)
Hash
f426cda35f41e4c0b7c30c814b5eb2ee
9f278c5bfbf5ddebc2a4d24e4441efa94dd36be7
037024a96d014cbe884a9f81804ceadc25bd1e49d0d9018de09acddac997afbf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/service-break-f426cda35f41e4c0b7c30c814b5eb2ee.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2803
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg

20.203.169.150

200 OK

3.1 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3097), with no line terminators
Size
3.1 kB (3097 bytes)
Hash
d0c0f9d25ebde42bbd552c8ad5363f01
97f08f3ee5a37bb5d291cf10fd8e5ce630467522
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3097
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg

20.203.169.150

200 OK

2.8 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2846), with no line terminators
Size
2.8 kB (2846 bytes)
Hash
91ca9eec9eed6ed945355d650bb10d41
7178a477a6cc3271d5e2927cd2737af55804f576
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /nord1/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/login.php
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 07:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2846
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/banner.png

20.203.169.150

200 OK

40 kB

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/banner.png
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 828 x 300, 4-bit colormap, non-interlaced\012- data
Size
40 kB (40339 bytes)
Hash
6629cb5350d6f3276b2dccc43bd3f397
63d964e5caaa541475a4c2da976871a9f9986067
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /nord1/all/banner.png HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Last-Modified: Sat, 06 Aug 2022 18:35:04 GMT
Accept-Ranges: bytes
Content-Length: 40339
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

www.mitid-approve.20-203-169-150.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

20.203.169.150

404 Not Found

315 B

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /assets/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.mitid-approve.20-203-169-150.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff

20.203.169.150

404 Not Found

315 B

URL HTTP/1.1
www.mitid-approve.20-203-169-150.cprapid.com/assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
IP
20.203.169.150:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /assets/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff HTTP/1.1
Host: www.mitid-approve.20-203-169-150.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/nord1/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
Cookie: PHPSESSID=684a2c5d5f282b701c8b0f947bc326f2

HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 15:37:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff

95.100.107.87

200 OK

4.0 kB

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff
IP
95.100.107.87:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format, TrueType, length 81900, version 0.0\012- data
Size
4.0 kB (4031 bytes)
Hash
8495a93e8cd2c174647d0b893ec1f58c
04f303e296b975934fed8bb1d8054e6de1650683
d6133e2136b6efc6feb82330e15e77b7bb9805b3aeb238875b41cd8d37f04264

HTTP Headers

GET /assets/fonts/IBMPlexSans-Medium.woff HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mitid-approve.20-203-169-150.cprapid.com
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 81900
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "13fec-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff

95.100.107.87

200 OK

5.5 kB

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff
IP
95.100.107.87:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format, TrueType, length 82228, version 0.0\012- data
Size
5.5 kB (5544 bytes)
Hash
7238f417332c89c2272bf3ef233c7507
c6fc3a42c7ba3bea54dc34f084e72d40d85cb650
98a596c72371a2ba25e6c70e0ad0b5de266d5fd90ff1fbf3ae869d01f0a4e533

HTTP Headers

GET /assets/fonts/IBMPlexSans-SemiBold.woff HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mitid-approve.20-203-169-150.cprapid.com
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 82228
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "14134-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
dd3ecc2b0ec33bb211d9dbb65094b1f9
ec9bdb65c44665d6d322d816c051fc5d3fe68527
070627370037a357bed7d1ca8af8ee03bb26b10d8a502aec7daddde951428f67

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 17:29:19 GMT
Expires: Tue, 07 Feb 2023 17:29:18 GMT
Etag: "ec9bdb65c44665d6d322d816c051fc5d3fe68527"
Cache-Control: max-age=351704,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793c3fa21936b506-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5462
Expires: Fri, 03 Feb 2023 17:08:35 GMT
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/97q-VzuQ-Mw

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/97q-VzuQ-Mw
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2e2ac28df5e696fe1c96317234c6ff3b
05a6204e4e720e064d21421394eed847e9d31b98
0224db9340d590e9225ece2570c849812b600bd09a0e58f2551f42fa6587e6f7

HTTP Headers

POST /s/gts1p5/97q-VzuQ-Mw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 15:37:33 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

whos.amung.us/pingjs/?k=nord11&t=MITiD&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&y=&a=0&d=0.636&v=27&r=8065

104.22.75.171

200 OK

44 B

URL HTTP/1.1
whos.amung.us/pingjs/?k=nord11&t=MITiD&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&y=&a=0&d=0.636&v=27&r=8065
IP
104.22.75.171:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
44 B (44 bytes)
Hash
97a4b8dbf7738eb36ceb2f038bd39e85
5c511391df18c6f5221338591918905f9a05ee5d
0921123a63184729cf508ff8353447f7b4d12a9071e5dee47e1ec01a25c96964

HTTP Headers

GET /pingjs/?k=nord11&t=MITiD&c=s&x=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&y=&a=0&d=0.636&v=27&r=8065 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:34 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793c3fa38d3c0a24-ARN

push.services.mozilla.com/

34.217.224.186

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.217.224.186:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kJYrrzUC5X+MIRn2DfY2mw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AqgivHieSOyDeHiSXavhQh2o2r8=

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f778d551c0863c1a21556c8505894dff
2eeaa5eaa20a00dcd52e5912430d5a0819495c78
6eeff9b51275defc26c45f86df2f82a3cb5cce699667c36437d76daebffd2369

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 15:37:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 23:33:41 GMT
Expires: Wed, 08 Feb 2023 23:33:40 GMT
Etag: "2eeaa5eaa20a00dcd52e5912430d5a0819495c78"
Cache-Control: max-age=459965,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793c3fa51cebb506-OSL

t.dtscout.com/i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&j=

141.101.120.10

200 OK

7.8 kB

URL HTTP/2
t.dtscout.com/i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&j=
IP
141.101.120.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2077)
Size
7.8 kB (7755 bytes)
Hash
444a19b6b32834c28fb9abfaa2f418cb
72d01b45d2a2877530f90ae67fa365be9d90349e
da561ae96447eed797fec3df795482f007cbfd096100316effb0415b49e7d1eb

HTTP Headers

GET /i/?l=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Feb 2023 15:37:34 GMT
content-type: application/javascript
x-s: mtl3
set-cookie: m=1; Domain=dtscout.com; Expires=Fri, 03-Feb-2023 17:00:54 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Fri, 03-Feb-2023 19:37:34 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1675438654; Domain=dtscout.com; Expires=Sun, 14-May-2023 15:37:34 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.481
expires: Fri, 03 Feb 2023 15:37:33 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QQi4bZETCFsCzD2QQTkVdYtJyVoahxP3i97hPkn5o9loNX47A9WrHTWm4SGgTR65Kz%2BtUfLtgeY7ClMl3raOX7YhMgn3OWPjI%2BHvGj6dI6yiWxu%2FUqWg5bN8yVcnhVA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793c3fa36aa22df5-ARN
content-encoding: br
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&t=MITiD

67.202.105.34

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&t=MITiD
IP
67.202.105.34:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php&t=MITiD HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:37:35 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php

67.202.105.34

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php
IP
67.202.105.34:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:37:35 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

t.dtscout.com/pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=4bfr9p3w68&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1flg&_cb=_dtspv.c

141.101.120.10

200 OK

56 B

URL HTTP/2
t.dtscout.com/pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=4bfr9p3w68&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1flg&_cb=_dtspv.c
IP
141.101.120.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
56 B (56 bytes)
Hash
a7d8ee9255ed732a0634e25424bdbef8
38adf37adc2a5bb429fdfbd1f6d6a5a45d033709
472c38125a13af5443e41658db03c7507dd857a44a2abd8f73948c40a9daf809

HTTP Headers

GET /pv/?_a=v&_h=mitid-approve.20-203-169-150.cprapid.com&_ss=4bfr9p3w68&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=1flg&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Cookie: m=1; oa=1; df=1675438654
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 15:37:34 GMT
content-type: application/javascript
x-t: 0.165
x-c: 0
expires: Fri, 03 Feb 2023 15:37:33 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygQnh1SaZrLB5k0BYG6THrUlj7v9nhu6YbC1hLUDCwemKDdkK%2FgHOBqDs9xl0qDUpvk2XXDa6ljxyRdpTcXEcE7K3LuEk0gDBBeAyi6ItFwc047VIr85Tbx9eMdfCIo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793c3fa51c692df5-ARN
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6025
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 15:37:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6025
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 15:37:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6025
Expires: Fri, 03 Feb 2023 17:18:00 GMT
Date: Fri, 03 Feb 2023 15:37:35 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10796 bytes)
Hash
3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vUJO-Pt9Hi1ndrCQQT1nNCGT7oDOYBpA8-EawHanESoZAsZv32dQdg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 00:25:04 GMT
age: 54751
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 04:53:21 GMT
age: 38654
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13065 bytes)
Hash
cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 20c6f462-0f1f-44d1-9b6b-6afbc4e79e8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpYpcELtIAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da07d5-44cd803c0feba28919b0a9ec;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 06:33:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T3PhGRcHX1X2hn8K_4587fXBrEyuY5Em-b9Jg41uH4uyQXeFoRBIYg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:55:01 GMT
age: 63754
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5641 bytes)
Hash
d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:28:50 GMT
age: 61725
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10166 bytes)
Hash
2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G0R-0w9HtLB5OXb-w-RyR9QCnrddkS29FqF_GeAQa1CRWkqaUJwQoA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:27:53 GMT
age: 61782
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6791 bytes)
Hash
e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T-OEFTj1rywKfBhEUUD0Rc6pFbk-gyFsETr_fjDQR5WGHAVOBgrB9A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 19:18:01 GMT
age: 73174
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php

67.202.105.34

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php
IP
67.202.105.34:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:37:35 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php

67.202.105.34

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php
IP
67.202.105.34:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!nord11&lm=0&ts=1675438685902&dn=TC&iso=0&pu=http%3A%2F%2Fwww.mitid-approve.20-203-169-150.cprapid.com%2Fnord1%2Flogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Fri, 03 Feb 2023 15:37:35 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff

95.100.107.87

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff
IP
95.100.107.87:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-Bold.woff HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mitid-approve.20-203-169-150.cprapid.com
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 77160
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "12d68-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2

95.100.107.87

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2
IP
95.100.107.87:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-Medium.woff2 HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mitid-approve.20-203-169-150.cprapid.com
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff2
Content-Length: 59228
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "e75c-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2

95.100.107.87

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2
IP
95.100.107.87:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-Bold.woff2 HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mitid-approve.20-203-169-150.cprapid.com
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff2
Content-Length: 55824
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "da10-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2

95.100.107.87

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2
IP
95.100.107.87:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-SemiBold.woff2 HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.mitid-approve.20-203-169-150.cprapid.com
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff2
Content-Length: 59692
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "e92c-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Fri, 03 Feb 2023 15:37:33 GMT
Connection: keep-alive

widgets.amung.us/small.js

104.22.75.171

200 OK

0 B

URL HTTP/2
widgets.amung.us/small.js
IP
104.22.75.171:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /small.js HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.mitid-approve.20-203-169-150.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Feb 2023 15:37:33 GMT
content-type: application/x-javascript
last-modified: Thu, 12 Jan 2023 17:19:48 GMT
etag: W/"63c04134-2170"
expires: Sat, 04 Feb 2023 15:29:30 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 483
vary: Accept-Encoding
server: cloudflare
cf-ray: 793c3fa279280a41-ARN
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (50)