Report - info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

Report Overview

Submitted URL
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php
IP
34.237.124.147
ASN
#14618 AMAZON-AES
Submitted
2023-02-08 12:35:00
Access
Website Title
Final URL
Tags
nordea financial phishing
urlquery detections
Phishing - Nordea

Detections

urlquery
17
Network Intrusion Detection
1
Threat Detection Systems
68

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.33.119.27
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341 B	736 B	93.184.220.29
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	357 B	712 B	216.58.211.3
whos.amung.us	12687	2014-04-02T16:27:13Z	2023-03-13T07:28:15Z	460 B	300 B	104.22.75.171
getpocket.cdn.mozilla.net	1369	2018-08-28T15:15:36Z	2023-03-13T08:02:38Z	435 B	46 kB	34.120.5.221
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	6.6 kB	226 kB	35.241.9.150
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	369 B	2.5 kB	142.250.74.99
ocsp.entrust.net	1208	2014-01-10T03:18:45Z	2023-03-13T05:09:58Z	680 B	3.9 kB	104.110.10.32
identify.nordea.com	764228	2018-07-30T08:32:10Z	2023-03-13T18:38:40Z	433 B	1.6 kB	158.233.249.231
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	680 B	1.9 kB	172.64.155.188
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.41.11.218
firefox-settings-attachments.cdn.mozilla.net	11509	2019-11-30T10:32:57Z	2023-03-13T08:38:30Z	412 B	808 kB	34.111.73.144
cdn.tynt.com	7260	2012-05-21T18:51:48Z	2023-03-13T08:41:50Z	385 B	8.8 kB	104.18.36.173
www.mitid.dk	unknown	2017-04-03T14:46:36Z	2023-03-13T06:54:49Z	3.2 kB	11 kB	23.72.139.49
de.tynt.com	1252	2013-08-06T03:33:59Z	2023-03-13T07:56:02Z	499 B	329 B	67.202.105.31
t.dtscout.com	11951	2017-01-30T05:52:42Z	2023-03-13T05:10:53Z	565 B	616 B	141.101.120.11
info.dan.ske.dokument.34-237-124-147.cprapid.com	unknown	2023-02-07T09:54:44Z	2023-03-10T23:25:33Z	8.1 kB	598 kB	34.237.124.147
detectportal.firefox.com	1601	2018-08-30T11:52:03Z	2023-03-13T05:09:11Z	606 B	426 B	34.107.221.82
ic.tynt.com	4300	2013-08-06T03:33:59Z	2023-03-13T08:58:22Z	2.2 kB	1.2 kB	67.202.105.31
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	56 kB	34.120.237.76
widgets.amung.us	12623	2012-05-21T21:25:54Z	2023-03-13T08:13:33Z	392 B	415 B	104.22.75.171
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	840 B	12 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-08 12:35:38	medium	34.237.124.147	Client IP	ET PHISHING Possible Phish - Saved Website Comment Observed

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php	Nordea Bank

PhishTank

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php	Other

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/empty-3857ebe69f653487f8c9d99adde4657f.svg	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/no-connection-83f79e2367a313b468986e12a237c346.svg	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/partials/js/jquery.js	Phishing
2023-02-08	medium	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/partials/status.php	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed
2023-02-08	medium	cprapid.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	unknown	0 B	2023-03-07	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 16:42:48 Times Seen36946262 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php	867 B	2023-03-08	2023-03-26
Pretty URL info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php IP 34.237.124.147 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:38:03 Last Seen2023-03-26 06:42:50 Times Seen28 Hash e26cd4a1a53b15cf659b81e92706903d 8ff0b24475dde1ecb051ba83a3677bcb0d741708 663068681c786ae1fa4fdac78efceec3b1cf871d5fc605f5c3235feee763dea0 Loading...

	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php	353 B	2023-03-08	2023-03-26
Pretty URL info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php IP 34.237.124.147 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:37:32 Last Seen2023-03-26 06:42:50 Times Seen29 Hash 590fd7e2d7034df5387e96e2471cabc7 e9e3e8ef330718a7c75c308005ef2b5723ad9379 95775fa596284ad90013b8210cfc32d9998b8b9bdaa83f9752ad2e7937f5997d Loading...

	whos.amung.us/pingjs/?k=holland001&t=Nordea%20identification&c=s&x=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&y=&a=0&d=1.053&v=27&r=3108	29 B	2023-03-13	2023-03-26
Pretty URL whos.amung.us/pingjs/?k=holland001&t=Nordea%20identification&c=s&x=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&y=&a=0&d=1.053&v=27&r=3108 IP 104.22.75.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:01:07 Last Seen2023-03-26 13:06:38 Times Seen2 Hash de6e6e4130f3e0ed99b8f7b195b25860 bf35806f56faedc07ccf36465dafecf22d4f5a9b 740a9f564cabf2f1c43a474e7c53f7d1398d21a98c958f11dd4ff4d13ff51fbd Loading...

	cdn.tynt.com/tc.js	18 kB	2023-03-12	2023-04-12
Pretty URL cdn.tynt.com/tc.js IP 104.18.36.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:00:16 Last Seen2023-04-12 18:52:43 Times Seen322 Hash 941b84de4e43aed4733ad9b8f717f06c ed1192d22b11e5c1c26d9b4b66d22a68a44977fe 9dab070ee75ce06cf5e8bb6ab989f0130e40f216a1a717d6a0538a57f5143fec Loading...

	info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php	238 B	2023-03-13	2023-03-26
Pretty URL info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php IP 34.237.124.147 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:54:04 Last Seen2023-03-26 13:40:42 Times Seen37 Hash ad4dea33ee672e4adad62ea649145d5f 50ea288b85c5b2a30c96edba267d6aea00cd63b6 42b0f3ec64cb7566fc27654ac9cae3093b1ec3b2d80d11783ade6df81a819371 Loading...

	widgets.amung.us/small.js	8.6 kB	2023-03-08	2024-04-14
Pretty URL widgets.amung.us/small.js IP 104.22.75.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:29:44 Last Seen2024-04-14 07:21:14 Times Seen2469 Hash a41caf5294227669425cd5135a26b2a0 a26a13f88c51c37b58fbd8a6b444e9b9150fae16 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1 Loading...

	de.tynt.com/deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php	4 B	2023-03-07	2024-04-10
Pretty URL de.tynt.com/deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php IP 67.202.105.31 ASN #32748 STEADFAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-10 18:49:13 Times Seen3069 Hash 350fd6ef6446635f7a8f608434a405ec a4b6c275ac2c80ec925b5c0c5c6abb79ba897356 d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179 Loading...

	t.dtscout.com/i/?l=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&j=	2.1 kB	2023-03-07	2024-04-18
Pretty URL t.dtscout.com/i/?l=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&j= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-18 07:35:28 Times Seen4392 Hash 51bd741af3fcc4984d1a753eebfa1141 534664acf69cbbb5c9b97c96b63dd37bdc580da2 3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c Loading...

	t.dtscout.com/pv/?_a=v&_h=info.dan.ske.dokument.34-237-124-147.cprapid.com&_ss=25r60yh3hv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2z7r&_cb=_dtspv.c	52 B	2023-03-09	2023-03-13
Pretty URL t.dtscout.com/pv/?_a=v&_h=info.dan.ske.dokument.34-237-124-147.cprapid.com&_ss=25r60yh3hv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2z7r&_cb=_dtspv.c IP 141.101.120.11 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 04:28:41 Last Seen2023-03-13 19:40:29 Times Seen1 Hash feb80709ff86e5472c134d35bbf84699 16cbe9ba1449b8e02fa4f3ba298bb33102c14667 b4bfe254f974ca5fca35ca997288d44b0b604e2836a283157a3470a4bc9457af Loading...

		Size	First Seen	Last Seen
	#1 Eval - b2c2041f8d99c45e0f21474fe4f8b7bc	17 B	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-18 09:23:47 Times Seen7384 Hash b2c2041f8d99c45e0f21474fe4f8b7bc 0b876666393469c726a2e3edbb29544c03a92154 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061 Loading...

	#2 Eval - 9c6f8328cad252c79720cdebcb48012b	226 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2023-05-06 00:45:04 Times Seen958 Hash 9c6f8328cad252c79720cdebcb48012b b853e7b92b0b23aa07f59b4816740de095331d47 bb037a2c6d9cf7fa65d8570beb76b1a31c360826ed6edb8612a584aa1918d62d Loading...

HTTP Transactions (80)

URL IP Response Size

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

34.237.124.147

200 OK

18 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (805)
Size
18 kB (17753 bytes)
Hash
4123c10d3ff4c71ef86528a3dfb211d0
56dafa2ee755a5a63721e87ddf685b5f23a7a33b
117cf3b06cf95ef6bfc7224b20f50b3c6bdc2d2b9a6c22d4954df9237438ef7e

Detections

Analyzer	Verdict	Alert
openphish	Nordea Bank
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET PHISHING Possible Phish - Saved Website Comment Observed

HTTP Headers

GET /id/dklogin.php HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:43 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f16201934a8441ad3d1df0e956536117
fb93a6f0de884a9b52a97244a670ee841c99fced
1a0b2ebd17d6f2ca323a216ef2007cc527e33ec694bd0e8411c96a704220b8be

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A0B2EBD17D6F2CA323A216EF2007CC527E33EC694BD0E8411C96A704220B8BE"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18953
Expires: Wed, 08 Feb 2023 17:50:37 GMT
Date: Wed, 08 Feb 2023 12:34:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6707
Expires: Wed, 08 Feb 2023 14:26:31 GMT
Date: Wed, 08 Feb 2023 12:34:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10060
Expires: Wed, 08 Feb 2023 15:22:24 GMT
Date: Wed, 08 Feb 2023 12:34:44 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

45 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
45 kB (44885 bytes)
Hash
d25d472e2f16b2e6b48b5b94172bab45
e40504e3b8e8591a0ac8ae7618f4fcb58f88a7ff
1cbd876c4006dcf3d36acb7d9bd949fe00db87aeddf95d4b7caa451793a93d18

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 5_ZQnWGjMSGhjX9rV_YAReQ66cx-YksMYoG7S8lSgyeHx_VCIvXO4Q==
content-encoding: gzip
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:29:47 GMT
age: 297
content-type: application/json
content-length: 44885
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: sPMK1XCxtKl1Ea0szQOo+6zgw0WlLpTKK4aNVFstpUEftmGF1YP9U+9CCNYfUZwDttiR9YIooFn3C/AtKjCHnw==
x-amz-request-id: KK1DWEPRPNQTD8WZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 12:23:44 GMT
age: 660
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 12:34:44 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 08 Feb 2023 11:47:25 GMT
Age: 2839
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php

34.237.124.147

200 OK

8.0 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (636), with CRLF line terminators
Size
8.0 kB (8001 bytes)
Hash
4430fa0d7c51a8b4be5ffd0368c0298f
3350fdf02618adb202c8f8e8b66a05a9f8e9f22c
083e3e49cdd471281fcb638a63e30c8c4ef11cdb4f12b0e7a7f21c3d7931de3f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/frame/mitlogin.php HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2237
Expires: Wed, 08 Feb 2023 13:12:01 GMT
Date: Wed, 08 Feb 2023 12:34:44 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 12:34:13 GMT
content-type: application/json
age: 31
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download

34.237.124.147

404 Not Found

10 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size
10 kB (10275 bytes)
Hash
80fa02dfd7b7c473ec8ee81949b42325
6dcd1e59bbacbc60baa95943d4acac94ed1787d8
e4c37264184668549a540ed6d98240b0a9f373f109e3d829330faaebac833ee1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/scripts-6db7f1f3edd0e72b01f4957bf91c3b91.js.download HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/translateelement.css

34.237.124.147

200 OK

19 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/translateelement.css
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (18670)
Size
19 kB (18724 bytes)
Hash
15ab5dfc566a9a19f6e89a72b7819e43
064aac1e8bc5a26c5986e40659bc328157ec3b53
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /id/all/translateelement.css HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 18724
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css

34.237.124.147

200 OK

46 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
assembler source, ASCII text
Size
46 kB (46240 bytes)
Hash
b4e3dd72fa889925a82bcf7bbf0efb38
f073ffd6720b2a76790083c6fc434c3560a6cc39
2bbe5dc049d7c24d18fa1623f48772832cbfa6f3281df6b41723b9bd7f3be7f9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /id/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Mon, 12 Dec 2022 07:05:57 GMT
Accept-Ranges: bytes
Content-Length: 46240
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitd.css

34.237.124.147

200 OK

56 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitd.css
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
HTML document, Unicode text, UTF-8 text, with very long lines (600), with CRLF line terminators
Size
56 kB (56031 bytes)
Hash
5a21067ac284a061587d007135e25e7d
8432c7216311654c790999d4abcdef357b75b6da
7d1472924fee85ca472092b52ca1e70ee4192dc3410a7e3d89a452e07aa6001e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /id/frame/mitd.css HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Mon, 10 Oct 2022 16:15:27 GMT
Accept-Ranges: bytes
Content-Length: 56031
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg

34.237.124.147

200 OK

3.1 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3104), with no line terminators
Size
3.1 kB (3104 bytes)
Hash
9bbd07dc81f3c2a11d2c7735b416ee18
41ee4ad48472fd2f93f765b87c77a606a04e5a00
a386a6170805a64ba2e46bcc37c79500b5207bd708b0d1da83cbcbc483e64cb7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/something-went-wrong-9bbd07dc81f3c2a11d2c7735b416ee18.svg HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3104
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg

34.237.124.147

200 OK

3.1 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3097), with no line terminators
Size
3.1 kB (3097 bytes)
Hash
d0c0f9d25ebde42bbd552c8ad5363f01
97f08f3ee5a37bb5d291cf10fd8e5ce630467522
4f98589b5ad297e797fc12ed5b90a5e9244a17dbc34c5cee66e01ae8c1455d2c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/cancel-d0c0f9d25ebde42bbd552c8ad5363f01.svg HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 3097
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg

34.237.124.147

200 OK

2.3 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2285), with no line terminators
Size
2.3 kB (2285 bytes)
Hash
830ab2367a74a48b4e61ce97be19c0bd
79cde6c94cedde8c6ce414952a6f71841b890b77
6bb27299ef7a2f71792920ae936f4f0800cf1a43ff5f8b4c835233fde4c1e387

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/nemid-830ab2367a74a48b4e61ce97be19c0bd.svg HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2285
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff

34.237.124.147

200 OK

32 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
Web Open Font Format, TrueType, length 31772, version 0.0\012- data
Size
32 kB (31772 bytes)
Hash
11eca7aa5a85ec0c6cc3deba794b264e
9bd19e1a9d5859833cbd50f501444c8c2afec2e1
ff28a732b1fc6a547797b7a9a7c29025ae41b74cc5e208232418d9c41fb43c44

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Mon, 12 Dec 2022 06:59:53 GMT
Accept-Ranges: bytes
Content-Length: 31772
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/banner.png

34.237.124.147

200 OK

40 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/banner.png
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 828 x 300, 4-bit colormap, non-interlaced\012- data
Size
40 kB (40339 bytes)
Hash
6629cb5350d6f3276b2dccc43bd3f397
63d964e5caaa541475a4c2da976871a9f9986067
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /id/all/banner.png HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Sat, 06 Aug 2022 15:35:04 GMT
Accept-Ranges: bytes
Content-Length: 40339
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/empty-3857ebe69f653487f8c9d99adde4657f.svg

34.237.124.147

200 OK

1.6 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/empty-3857ebe69f653487f8c9d99adde4657f.svg
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1642), with no line terminators
Size
1.6 kB (1642 bytes)
Hash
3857ebe69f653487f8c9d99adde4657f
134737f1f8882726ef1b50546546fa9d1479207c
d690ce1d3a1304fff86d11c4f38ad540da84949d881ea0c04b49bcc0f13483e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/empty-3857ebe69f653487f8c9d99adde4657f.svg HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 1642
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/no-connection-83f79e2367a313b468986e12a237c346.svg

34.237.124.147

200 OK

5.0 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/no-connection-83f79e2367a313b468986e12a237c346.svg
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4974), with no line terminators
Size
5.0 kB (4974 bytes)
Hash
83f79e2367a313b468986e12a237c346
6b0d0f5df661c328a99aefa3b9388507f35d7fba
3fc2607b1e133fb89affeca8fa96db25e9af2fa9d2f7960d2a9602df9e96ef72

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/no-connection-83f79e2367a313b468986e12a237c346.svg HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 4974
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 12:14:52 GMT
age: 1193
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff

34.237.124.147

200 OK

31 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
Web Open Font Format, TrueType, length 31152, version 0.0\012- data
Size
31 kB (31152 bytes)
Hash
3a4d9a8b6adf39716f28af71fc9b030a
5d9acfd762ccd9a4a519951ad008f119741c513b
21a2a17b532837aeafeb95de9f252bfec714028517f79fb4143845ca4d23353c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Mon, 12 Dec 2022 06:59:54 GMT
Accept-Ranges: bytes
Content-Length: 31152
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/translate_24dp.png

34.237.124.147

200 OK

825 B

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/translate_24dp.png
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
825 B (825 bytes)
Hash
55ff382a8b09329e3230a1797eb8f5fd
026ae089006a674da7dcc9bf6b986c5d59e75478
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /id/all/translate_24dp.png HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 825
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png

34.237.124.147

200 OK

40 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
PNG image data, 828 x 300, 4-bit colormap, non-interlaced\012- data
Size
40 kB (40339 bytes)
Hash
6629cb5350d6f3276b2dccc43bd3f397
63d964e5caaa541475a4c2da976871a9f9986067
9fc5b5c44107cfc6701be07fa5d5a4d7ab066607dd7ab6e9f396ac709e28424f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
quad9	Sinkholed

HTTP Headers

GET /id/all/5e73b3c67b0510c4c5cf-6629cb5350d6f3276b2dccc43bd3f397.png HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/styles-90d1ba6c2eef1d8f73fc94069cfe444b.css

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Mon, 07 Nov 2022 21:40:36 GMT
Accept-Ranges: bytes
Content-Length: 40339
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg

34.237.124.147

200 OK

2.8 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2846), with no line terminators
Size
2.8 kB (2846 bytes)
Hash
91ca9eec9eed6ed945355d650bb10d41
7178a477a6cc3271d5e2927cd2737af55804f576
8a22f5ea2bc34877a3334b91210c881523678eec1e915cf6a4ee261ba58121b1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/all/technical-error-91ca9eec9eed6ed945355d650bb10d41.svg HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/dklogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 14 May 2021 04:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2846
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL HTTP/1.1
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 1842
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 07 Feb 2023 15:42:37 GMT
Expires: Wed, 07 Feb 2024 15:42:37 GMT
Cache-Control: public, max-age=31536000
Age: 75128
Last-Modified: Thu, 14 Oct 2021 09:08:00 GMT
Content-Type: image/png

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ccea102d392ddcfb99024041654130a0
3b7c7c9b548e6040beba05c8d86e321afba6424e
e8351949e83b0d93dc2a36bbfa987d0728345182eac7242f0a1e3921924b6a9b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 213
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 12:34:45 GMT
Last-Modified: Wed, 08 Feb 2023 12:31:12 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9445
Expires: Wed, 08 Feb 2023 15:12:10 GMT
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
7d513ab7120e35e18f1d0346c8aa7270
ec8bdb63518f17f309604406b5462942d4bd1012
85d92dca682b8a918d423839c8f7c6464e14980f413eb2ce8ac37bd8f32cf81f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "85D92DCA682B8A918D423839C8F7C6464E14980F413EB2CE8AC37BD8F32CF81F"
Last-Modified: Wed, 08 Feb 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3444
Expires: Wed, 08 Feb 2023 13:32:09 GMT
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
73bb32ca0488baba090ea65f95495240
88c4c846bb3f935d6085f4df85e5682217a37817
91b50977e9a42956eeb9d08923bff74e512cff5c04bca65be24ec562b5d795d2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "91B50977E9A42956EEB9D08923BFF74E512CFF5C04BCA65BE24EC562B5D795D2"
Last-Modified: Wed, 08 Feb 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3468
Expires: Wed, 08 Feb 2023 13:32:33 GMT
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

identify.nordea.com/assets/images/favicon.ico

158.233.249.231

200 OK

1.2 kB

URL HTTP/1.1
identify.nordea.com/assets/images/favicon.ico
IP
158.233.249.231:0
ASN
#201271 Nordea Bank Abp

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
9a39921b4a8d93d5528b4ccdc5d76e91
104a457c782a4f1208b116660746296cb45dcbd6
53ce944ce5a3a9a312816854b4254f5b083d562c45ac63354a00add50fb88cdb

HTTP Headers

GET /assets/images/favicon.ico HTTP/1.1
Host: identify.nordea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:45 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Tue, 17 Jan 2023 05:19:05 GMT
Cache-Control: max-age=31536000
Content-Type: image/x-icon
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin
Content-Length: 1150
Strict-Transport-Security: max-age=157680000; includeSubDomains

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
52465cfb72adfadd9ddcdc40e0ec6baf
837057c1a4decf31f7a0eda4ce2294bc7b14b147
1280ea027add5e71a4646269cee9ed0329af61c557e5c3699d541cd9065c42b7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 17:29:17 GMT
Expires: Tue, 14 Feb 2023 17:29:16 GMT
Etag: "837057c1a4decf31f7a0eda4ce2294bc7b14b147"
Cache-Control: max-age=535470,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796466b81fa0b511-OSL

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/partials/js/jquery.js

34.237.124.147

200 OK

272 kB

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/partials/js/jquery.js
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with CRLF line terminators
Size
272 kB (272155 bytes)
Hash
3f24e8505d471bd934a5a68b86971580
876bd436d3b3c1436a8ac17a654e38d062acf45e
4ef5f864f89db7feaaaa5332c0a99d76076af49fef488806541ca2561e4cb379

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/partials/js/jquery.js HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:44 GMT
Server: Apache
Last-Modified: Fri, 05 Feb 2021 08:11:28 GMT
Accept-Ranges: bytes
Content-Length: 272155
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

push.services.mozilla.com/

52.41.11.218

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.11.218:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CD+21AlJv5o5BftR4xYFjw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iIwL6kf0OWQZX9ntZr7k5q3EMzg=

ocsp.pki.goog/s/gts1p5/97q-VzuQ-Mw

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/97q-VzuQ-Mw
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6bccbe9450527aaf9a3e91484a631e2d
7a55c43b2beffa45a7ae174699f32d4397288d7d
312970745a0926eb145e350c73b7963f43432ade59f423fe5b4aaa3a1b4938c1

HTTP Headers

POST /s/gts1p5/97q-VzuQ-Mw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 12:34:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 08 Feb 2023 11:47:25 GMT
Age: 2840
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675808113340%22

35.241.9.150

200 OK

22 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675808113340%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (21681), with no line terminators
Size
22 kB (21681 bytes)
Hash
55012e1b3af0fc95bfadb44668f148e8
606062404e89594c099a810cd299f1b105194bdc
0c2a171c78600c8a574746fc2d040e22284325bd944e38e8fd9e3f6f19ef1eeb

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221675808113340%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21681
via: 1.1 google
date: Wed, 08 Feb 2023 12:17:10 GMT
age: 1055
last-modified: Tue, 07 Feb 2023 22:15:13 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

whos.amung.us/pingjs/?k=holland001&t=Nordea%20identification&c=s&x=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&y=&a=0&d=1.053&v=27&r=3108

104.22.75.171

200 OK

49 B

URL HTTP/1.1
whos.amung.us/pingjs/?k=holland001&t=Nordea%20identification&c=s&x=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&y=&a=0&d=1.053&v=27&r=3108
IP
104.22.75.171:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
49 B (49 bytes)
Hash
a70c3bbe1404119fa28f9429ce852e4d
9d3f4acfb68c814e2eb4c244b08734d104e2e321
38e86471ea3382ff490a2a6342a429a2a429c5fbe6095342a2c07597eaf2612a

HTTP Headers

GET /pingjs/?k=holland001&t=Nordea%20identification&c=s&x=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&y=&a=0&d=1.053&v=27&r=3108 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:45 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796466baa90b09ab-ARN

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675773437082&_since=%221666204638208%22

35.241.9.150

200 OK

29 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675773437082&_since=%221666204638208%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (29137), with no line terminators
Size
29 kB (29137 bytes)
Hash
27dd1297c6266a7456f0ff3dba62f141
53994ca0a94ecbc35dfa12a3ea47c36f7aeb1a01
2f635d6800b663f8d80ec42481dae02446308fcc1876690b097f7028049dfa7c

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675773437082&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 29137
via: 1.1 google
date: Wed, 08 Feb 2023 12:24:40 GMT
age: 605
last-modified: Tue, 07 Feb 2023 12:37:17 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: u68T0NhyC9uJtOh8z4ag5tF1RLrcGTh0Uz16z99oaJ35hdGAgEoGGL7gip6qdkazFUKtrO4TZTg=
x-amz-request-id: 5VQHM210J4N744TW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 11:35:55 GMT
age: 3530
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 12:34:13 GMT
content-type: application/json
age: 32
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89ab7a8f2f51b53ecef0795c64f31534
7d86d1d99955320b9ec97f9819ef6ca8e0409a29
25f11a6100923f5f64e4b6069edfbba73d4188e6698fc6777b00c2d997020dc7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F11A6100923F5F64E4B6069EDFBBA73D4188E6698FC6777B00C2D997020DC7"
Last-Modified: Tue, 07 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8757
Expires: Wed, 08 Feb 2023 15:00:42 GMT
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
31a51dfff45e63ba8909bda3a3f2ca53
429a7ea67f57ea2c49699e650a09e09c1f983950
dc62d165a95afb87c345affd01d2e6a18d9f85647892b90d94500cb333f76a1c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 12:34:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 11:33:42 GMT
Expires: Sun, 12 Feb 2023 11:33:41 GMT
Etag: "429a7ea67f57ea2c49699e650a09e09c1f983950"
Cache-Control: max-age=341335,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796466bc2dc3b511-OSL

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin

34.111.73.144

200 OK

807 kB

URL HTTP/2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
34.111.73.144:0
ASN
#15169 GOOGLE

File type
data
Size
807 kB (807180 bytes)
Hash
914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857

HTTP Headers

GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: YNaVg0F+gnljkOhqi59PlWach7FQMtnIh5hWI5KdIxGvl/OukPWsFwMSN9Und3WDRjeiCDkZ9aI=
x-amz-request-id: EB9Z3YNXC05ZYBVY
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Sun, 05 Feb 2023 16:03:14 GMT
age: 246691
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675799860323&_since=%221666279968541%22

35.241.9.150

200 OK

78 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675799860323&_since=%221666279968541%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77652 bytes)
Hash
599e4b408d1ad854cb9be1385bf41b9a
32ffd647953aa074c42ee4bc0c449860156bb920
f6315e550e8b98dcd2b48f5fce2028ed7dafdc977e6d5e333de71c73080af38b

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675799860323&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 77652
via: 1.1 google
date: Wed, 08 Feb 2023 12:18:30 GMT
age: 975
last-modified: Tue, 07 Feb 2023 19:57:40 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn.tynt.com/tc.js

104.18.36.173

200 OK

8.4 kB

URL HTTP/2
cdn.tynt.com/tc.js
IP
104.18.36.173:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
8.4 kB (8402 bytes)
Hash
240ee5244aaa7c0d7459af1de9311e97
9582a1e7e640624fb90736d7940fe7159f552f79
a7ac279557029f6a848a66f8fcad5cf51269790a3e9bf51e99524744f9f192f3

HTTP Headers

GET /tc.js HTTP/1.1
Host: cdn.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:45 GMT
content-type: application/javascript
last-modified: Tue, 10 Jan 2023 20:39:00 GMT
vary: Accept-Encoding
etag: W/"63bdcce4-4571"
content-encoding: gzip
cf-cache-status: HIT
age: 199686
expires: Sat, 11 Feb 2023 12:34:45 GMT
cache-control: public, max-age=259200
server: cloudflare
cf-ray: 796466bc7e29b51e-OSL
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

35.241.9.150

200 OK

1.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1251), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
84877e5233cbfb37ee8e3a229a105c5a
1de2638f59470efebfeb21250ec19dcc6f2092cf
d3a86e1ca60b2a4b4ffc1fb159f17bf8e590072e2f8f141087cb42c3c612b1eb

HTTP Headers

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1251
via: 1.1 google
date: Wed, 08 Feb 2023 11:48:52 GMT
age: 2754
last-modified: Tue, 07 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22

35.241.9.150

200 OK

5.6 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (5628), with no line terminators
Size
5.6 kB (5628 bytes)
Hash
ba20fa4a4d0b101ba8c0184be4ab1114
f6babf918e8cd29dd4bae3b5cd1333d408671840
889093cfc512eaefd30a50503286ec7a6d0e46adbd05feeb71a0cb254ad5fefe

HTTP Headers

GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5628
via: 1.1 google
date: Wed, 08 Feb 2023 11:55:41 GMT
age: 2345
last-modified: Tue, 07 Feb 2023 01:41:06 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

681 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Size
681 B (681 bytes)
Hash
49248eff154dc4c57a2941a8ea08b148
f1c61090e04394494721aa17ddb4814293e66e89
674b33af069dc532553d499551583e97162232c880bb2f47bfe3787aeba2640c

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Wed, 08 Feb 2023 11:49:44 GMT
age: 2702
last-modified: Mon, 06 Feb 2023 16:36:54 GMT
etag: "1675701414813"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2

23.72.139.49

200 OK

4.6 kB

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff2
IP
23.72.139.49:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 55824, version 1.0\012- data
Size
4.6 kB (4634 bytes)
Hash
18bdb29206922f94fa34093d48450c18
e2d7f5de537020b5898c0065d62416c7cecd752e
3871139c0b5af661d1856c5d21d97cae2868a87e32d0517ca0faeb7c84079ec7

HTTP Headers

GET /assets/fonts/IBMPlexSans-Bold.woff2 HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://info.dan.ske.dokument.34-237-124-147.cprapid.com
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff2
Content-Length: 55824
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "da10-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14364
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

35.241.9.150

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
5fbaf2b7815ccde4e006732f60cf45c3
358f788e1494eb1777de83a84aa1e831c6189ec9
d95422b3bbfa32ed668a90e5db3f3dd703e46d69e169e82a1e014b64b6b2d703

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Wed, 08 Feb 2023 12:04:39 GMT
age: 1807
last-modified: Sat, 04 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&t=Nordea%20identification

67.202.105.31

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&t=Nordea%20identification
IP
67.202.105.31:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&t=Nordea%20identification HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx/1.16.1
date: Wed, 08 Feb 2023 12:34:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1675468864323&_since=%221666483264567%22

35.241.9.150

200 OK

52 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1675468864323&_since=%221666483264567%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (52267), with no line terminators
Size
52 kB (52267 bytes)
Hash
06e189dc52881e7f5616b0214ff59542
16bd38b5d24dbc7fb6d44561cad597d6f555cf52
3b59d876391dc2db99e43edcffa3ed5a184468b0c937ef6293fc392ed7426df8

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1675468864323&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 52267
via: 1.1 google
date: Wed, 08 Feb 2023 12:18:31 GMT
age: 975
last-modified: Sat, 04 Feb 2023 00:01:04 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22

35.241.9.150

200 OK

2.1 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (2144), with no line terminators
Size
2.1 kB (2144 bytes)
Hash
5cfd74fcbede0ee061689b95c597b11b
75d870f627cdc06f4cb7fa47751ae56c740da850
c68708f43d2bf28e3d619542c6fd7ab408f034a7f87de731ed11356efc4453eb

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2144
via: 1.1 google
date: Wed, 08 Feb 2023 12:09:04 GMT
age: 1542
last-modified: Thu, 02 Feb 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22

35.241.9.150

200 OK

22 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (22471), with no line terminators
Size
22 kB (22471 bytes)
Hash
86e5267005f7001a7a7fb7f25d7e02b9
67ea12312364541e026dfd85800ce5f4280601c5
9c469d6cd61cb4f4e3f06e980f86f3ee16cb4ec776ed105998810bcabbe12969

HTTP Headers

GET /v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 22471
via: 1.1 google
date: Wed, 08 Feb 2023 12:27:12 GMT
age: 454
last-modified: Thu, 02 Feb 2023 15:52:59 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&t=Nordea%20identification

67.202.105.31

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&t=Nordea%20identification
IP
67.202.105.31:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php&t=Nordea%20identification HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Wed, 08 Feb 2023 12:34:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1742), with no line terminators
Size
1.7 kB (1742 bytes)
Hash
22092e301760ed865af6ece6eb04b1be
557b52e40ec2d8f2fe080580a1858c8666791bf2
12afba8f5929ab372e9cffbbe57e8bb562c60fc0a98b751c69de1adc04fb4aea

HTTP Headers

GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1742
via: 1.1 google
date: Wed, 08 Feb 2023 12:33:14 GMT
age: 92
last-modified: Wed, 01 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

de.tynt.com/deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php

67.202.105.31

200 OK

4 B

URL HTTP/2
de.tynt.com/deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php
IP
67.202.105.31:0
ASN
#32748 STEADFAST

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

HTTP Headers

GET /deb/v2?id=w!holland001&dn=TC&cc=1&r=&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=86400
expires: Thu, 09 Feb 2023 12:34:46 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/javascript
content-length: 4
date: Wed, 08 Feb 2023 12:34:46 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php

67.202.105.31

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php
IP
67.202.105.31:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Wed, 08 Feb 2023 12:34:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15252
Expires: Wed, 08 Feb 2023 16:48:58 GMT
Date: Wed, 08 Feb 2023 12:34:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15252
Expires: Wed, 08 Feb 2023 16:48:58 GMT
Date: Wed, 08 Feb 2023 12:34:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15252
Expires: Wed, 08 Feb 2023 16:48:58 GMT
Date: Wed, 08 Feb 2023 12:34:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15252
Expires: Wed, 08 Feb 2023 16:48:58 GMT
Date: Wed, 08 Feb 2023 12:34:46 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce53bc9b-2505-4efd-9151-fa75ed70138a.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce53bc9b-2505-4efd-9151-fa75ed70138a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8703 bytes)
Hash
be9f475292d4b5b0502d4381ccdf455b
ecb943b48c822b086ea699d802f8f1bb5ee26651
ed22a5102709dc7a067107a6c0cde26931f7781065de9cee49e22de6b9086e31

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce53bc9b-2505-4efd-9151-fa75ed70138a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8703
x-amzn-requestid: 6456aa7d-11f7-4066-a833-9ac5312c0c24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7JGLTIAMFqdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c513-0679a75676cdc19251c81bdd;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DLVp9hiUjE2w5BiukFfUMALWxvcobbJcJRO-7CdXj3cy6rAdFhPRFQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:44:01 GMT
age: 53445
etag: "ecb943b48c822b086ea699d802f8f1bb5ee26651"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e2b00c2-f304-42e8-b98d-20fe408448f0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.4 kB (3379 bytes)
Hash
c65144dcdaf688643761916851b151c0
1419c4eefac8032e8cfaf2d65dd4a57bff5b25a1
974b5a62f2d051b2dd2c609f7bd08a4ef339dab0d31bccaa0f9898893c3ba6b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e2b00c2-f304-42e8-b98d-20fe408448f0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3379
x-amzn-requestid: 6f8c97bc-c1f9-4681-9544-f2863dc7f782
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f5aSYH47oAMF-ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e070db-4a730cd079f03c8b1cf77997;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 03:15:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Qnk0MflT4eIxNuooDKhm0uauKq1dYj1iG9O_prtNU8c0IoAwODZxig==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 04:27:19 GMT
age: 29247
etag: "1419c4eefac8032e8cfaf2d65dd4a57bff5b25a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4269 bytes)
Hash
33b061f03be149fea0df63b42a8ec226
e5e491c6ef8b6234450a34ee5df28b9a58a8ad43
a5970bbb40be173878cd2e920bd1a6ed27775fbdc222bb66ccbc5969984882f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4269
x-amzn-requestid: df152b3a-fa15-4dac-96f9-41b9ea8e5136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkQH5PoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c481-63636a42419209fb0c17eceb;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ViawdcUij4_pKnUmO34Oaqjmbtv19ModMaku0MWYTHDeLCR1ikzB_A==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 53563
etag: "e5e491c6ef8b6234450a34ee5df28b9a58a8ad43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10058 bytes)
Hash
a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1R4SRNvqhRHbrDZsGB06NJbBXf8WRgJEHmXTbop8pqf8etTJSlmQwQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:05 GMT
age: 52121
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13160 bytes)
Hash
003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qwSN-ztVJgRfu3bFIjYaVYV8Cnx77j1ugkRjqhRtRXdPju7AhEMg-A==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 05:30:12 GMT
age: 25474
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e586b8-49f5-40c3-b0d4-f6cdfc375a2b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9760 bytes)
Hash
18a84ae645223aba0709b5e16c0207f7
0b865e797846520ccc6fff6fb2ee38d8836bd2c0
b1e4868045f074a84e3de1d82ec3ae22f6d2a1a4131b2a40bcce7f3f5375aff7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e586b8-49f5-40c3-b0d4-f6cdfc375a2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9760
x-amzn-requestid: d5d8fdde-048f-4705-9fa4-99fd7d29d804
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f582DETSIAMFmEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a826-52a3b175584df1914260c8ae;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wUaruDuqNDIlR6CWz9G7DAofcvS7UNmtPM7C2ve-RRbp57J43rWPxQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 04:09:02 GMT
age: 30344
etag: "0b865e797846520ccc6fff6fb2ee38d8836bd2c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff

23.72.139.49

200 OK

3.7 kB

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff
IP
23.72.139.49:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format, TrueType, length 81900, version 0.0\012- data
Size
3.7 kB (3702 bytes)
Hash
eea147c5a3ea67f1eda92a11b76c3077
8ae7ea665cf9a16482107e4426abe0cda09d1e9a
e64798820fbc48386c775995fc783d733a4d8e5e0e3241f5c7395601c0a7afef

HTTP Headers

GET /assets/fonts/IBMPlexSans-Medium.woff HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://info.dan.ske.dokument.34-237-124-147.cprapid.com
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 81900
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "13fec-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php

67.202.105.31

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php
IP
67.202.105.31:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!holland001&lm=0&ts=1675859740243&dn=TC&iso=0&pu=http%3A%2F%2Finfo.dan.ske.dokument.34-237-124-147.cprapid.com%2Fid%2Fdklogin.php HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Wed, 08 Feb 2023 12:34:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

info.dan.ske.dokument.34-237-124-147.cprapid.com/id/partials/status.php

34.237.124.147

500 Internal Server Error

0 B

URL HTTP/1.1
info.dan.ske.dokument.34-237-124-147.cprapid.com/id/partials/status.php
IP
34.237.124.147:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nordea
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /id/partials/status.php HTTP/1.1
Host: info.dan.ske.dokument.34-237-124-147.cprapid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/id/frame/mitlogin.php

HTTP/1.1 500 Internal Server Error
Date: Wed, 08 Feb 2023 12:34:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=b52659e75743eddc7c90360f1b4bb941; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

widgets.amung.us/small.js

104.22.75.171

200 OK

0 B

URL HTTP/2
widgets.amung.us/small.js
IP
104.22.75.171:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /small.js HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:45 GMT
content-type: application/x-javascript
last-modified: Thu, 12 Jan 2023 17:19:22 GMT
etag: W/"63c0411a-2170"
expires: Thu, 09 Feb 2023 11:58:07 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 2197
vary: Accept-Encoding
server: cloudflare
cf-ray: 796466b9692d09a7-ARN
X-Firefox-Spdy: h2

www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff

23.72.139.49

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff
IP
23.72.139.49:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-SemiBold.woff HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://info.dan.ske.dokument.34-237-124-147.cprapid.com
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 82228
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "14134-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2

23.72.139.49

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-SemiBold.woff2
IP
23.72.139.49:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-SemiBold.woff2 HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://info.dan.ske.dokument.34-237-124-147.cprapid.com
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff2
Content-Length: 59692
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "e92c-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2

23.72.139.49

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Medium.woff2
IP
23.72.139.49:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-Medium.woff2 HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://info.dan.ske.dokument.34-237-124-147.cprapid.com
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff2
Content-Length: 59228
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "e75c-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14400
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff

23.72.139.49

200 OK

0 B

URL HTTP/1.1
www.mitid.dk/assets/fonts/IBMPlexSans-Bold.woff
IP
23.72.139.49:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/fonts/IBMPlexSans-Bold.woff HTTP/1.1
Host: www.mitid.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://info.dan.ske.dokument.34-237-124-147.cprapid.com
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Content-Type: font/woff
Content-Length: 77160
Last-Modified: Tue, 18 Oct 2022 12:49:48 GMT
ETag: "12d68-5eb4e86f91300"
Accept-Ranges: bytes
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Origin
Cache-Control: public, max-age=14364
Date: Wed, 08 Feb 2023 12:34:45 GMT
Connection: keep-alive

t.dtscout.com/pv/?_a=v&_h=info.dan.ske.dokument.34-237-124-147.cprapid.com&_ss=25r60yh3hv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2z7r&_cb=_dtspv.c

141.101.120.11

200 OK

0 B

URL HTTP/2
t.dtscout.com/pv/?_a=v&_h=info.dan.ske.dokument.34-237-124-147.cprapid.com&_ss=25r60yh3hv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2z7r&_cb=_dtspv.c
IP
141.101.120.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pv/?_a=v&_h=info.dan.ske.dokument.34-237-124-147.cprapid.com&_ss=25r60yh3hv&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2z7r&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://info.dan.ske.dokument.34-237-124-147.cprapid.com/
Cookie: m=1; oa=1; df=1675859685
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:46 GMT
content-type: application/javascript
x-t: 0.136
x-c: 0
expires: Wed, 08 Feb 2023 12:34:44 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ka94jcYKNnHyhx9e0l50QeGTcFa5RHCn%2FovkO0obzVSlryzwF8RTlFej94OVjkMe3Z1oToI%2Bj5oFXG2%2BEyuuy%2BHcjaKIdizCFbSlCYey0qPusjmZmGlClITevMrN45w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796466bc4abb09b5-ARN
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL