firefox.settings.services.mozilla.com/v1/
54.230.111.65200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VxpLWYAvRYw1PkUAjAm4c25Tp-BxQ0T2Wx7LZy30btIQIGGqVJ1vqg==
Age: 102691
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5515
Expires: Thu, 06 Oct 2022 21:50:44 GMT
Date: Thu, 06 Oct 2022 20:18:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11065
Expires: Thu, 06 Oct 2022 23:23:14 GMT
Date: Thu, 06 Oct 2022 20:18:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6sXfMo2DyhfGRozPmqop3wUATgXl0RWEHdgsvDRBQxtzitFYwM6vfRfO7zzHnPqFrOfba5uRB5DC5NY6eAHslw==
x-amz-request-id: 3QTSWJ6V76TY99S9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 19:30:54 GMT
age: 2875
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b648245efb72cd69e4ebd87e5ca135fa
33c6267fe9557226e509f288215cc9f4f78c037a
7c880f741a77fa51863b9cc00e32579e197aeeb91767e5f8b15a79a2eb36f734
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C880F741A77FA51863B9CC00E32579E197AEEB91767E5F8B15A79A2EB36F734"
Last-Modified: Wed, 05 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21557
Expires: Fri, 07 Oct 2022 02:18:06 GMT
Date: Thu, 06 Oct 2022 20:18:49 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/
109.71.253.24200 OK 25 kB URL HTTP/2 web8787.web07.bero-webspace.de/
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (25275)
Hash c3ad8bed4be6b88306758a24f449ad6d
2981037a823e0a069f8a6f574f3481461c3b941f
083cc18b9b49d6c87379d3357fb256067f851c626d9ccf7528f6f0a7b90817c0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET / HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:49 GMT
content-type: text/html; charset=UTF-8
content-length: 24808
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.32, PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource
109.71.253.24200 OK 1.5 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource
IP 109.71.253.24:0
Hash ce3962ff61c64d30be05d0f57e8bf3d0
948c113428bd8e071c89fbcbe0cbd1f303b4207d
54f983fd69daf585022ea02914e6bbbec2fee235b78ddfaf0874e96f39462e87
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/octet-stream
content-length: 1463
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: "633dc679-5b7"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/0
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/0
IP 109.71.253.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/0 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-length: 0
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: "0-5ea4d5d1b73ea"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/j.php
109.71.253.24200 OK 2.0 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/j.php
IP 109.71.253.24:0
File type ASCII text, with very long lines (2535)
Hash 68252acac8879c2fa1189d45b23b5ed6
f2a407e2ea95c719885c231c9ddd8b20f36740df
ac0866f3eabac6c7a50864fe3de79c0339c1cc984a0141bc06502a4c75ba7539
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/j.php HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: text/html; charset=UTF-8
content-length: 2007
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.32, PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource(1)
109.71.253.24200 OK 82 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource(1)
IP 109.71.253.24:0
File type HTML document, ASCII text, with very long lines (558)
Hash a2a82860a6ff16765a4e5302b7df6ef8
e119c23241e2e865362a7d93e77652cc03fb2867
e900793533d5a24861457658acd88eefaf284309e5e5f8a049b9468af341abf2
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource(1) HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/octet-stream
content-length: 81728
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "633dc67a-13f40"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/pixel.gif
109.71.253.24200 OK 35 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/pixel.gif
IP 109.71.253.24:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Analyzer Verdict Alert openphish Deutsche Telekom
GET /Tmob/pixel.gif HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: image/gif
content-length: 35
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: "23-5ea4d5db6f794"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/456228845279132
109.71.253.24200 OK 261 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/456228845279132
IP 109.71.253.24:0
File type ASCII text, with very long lines (64471)
Size 261 kB (260964 bytes)
Hash 9eb15265ebeec54fad2c80298b8b5989
dcaf33bd450152f7c6f5bdc5c61dfd112ed0f6c1
667b0a2734580b913c271c71708d39c2fb527a79edd19f1ba4d4de26c382203d
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/456228845279132 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/octet-stream
content-length: 260964
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: "633dc66f-3fb64"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/cs
109.71.253.24200 OK 66 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/cs
IP 109.71.253.24:0
File type ASCII text, with no line terminators
Hash 5745fbf6759e6c2e17a379d6c54aa610
612fb56b2636e1da2f93e94c2e84ace08be5c190
2047b330025aeb9baf6d8899f3c024cfb94b30c2aade6348bc5538c89b1f46bd
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/cs HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-length: 66
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:20 GMT
etag: "42-5ea4d5d2d7531"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/SsoKeepAlive.aspx
109.71.253.24200 OK 665 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/SsoKeepAlive.aspx
IP 109.71.253.24:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c9e7bbf8e4f0db12c1fb302ff61d97a7
4e7702417228017514c7299c72f56ad46102ba55
d2edd898d01f9497f81b4433d604796a1f459c3356c8359d510f304d3b95c2ec
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/SsoKeepAlive.aspx HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-length: 665
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "299-5ea4d5dd0e810"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-medium.woff2
20.56.240.229200 OK 43 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-medium.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 43424, version 1.0\012- data
Hash 75f1236f41f04366b0831c6214d88e60
9a93a0336fea9ef4e15882a4855e228763481ce5
726419fe5c7c9ac329980a8ca1c940ecf108d83ec2f9a5f9246a2028dbc314f9
GET /Assets/fonts/teleneo-medium.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/x-font-woff2
content-length: 43424
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=6064f59633d44046b21ff8403ed1b3fe; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=6064f59633d44046b21ff8403ed1b3fe; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-extrabold.woff2
20.56.240.229200 OK 45 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-extrabold.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 45280, version 1.0\012- data
Hash 0cd6336ea943729127d85cf7fb0dd221
bdc2b0a4caece4f1d934828a74806f2a84c7ffac
764e82bdd36d6484aaee4d1bdcdaf19f0bab21ca54c134c87e544196e1781e8f
GET /Assets/fonts/teleneo-extrabold.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/x-font-woff2
content-length: 45280
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-regular.woff2
20.56.240.229200 OK 42 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-regular.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 42484, version 1.0\012- data
Hash b98e83c526edfde70471d7ffaec30bd5
42cc68a16b2906a1a9d54d99ff70ea13a83a8cda
ce0c7cdaa1383a3289869599a393ce7654c81d779f1b1a5b86535fcfe1d71dfb
GET /Assets/fonts/teleneo-regular.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/x-font-woff2
content-length: 42484
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-bold.woff2
20.56.240.229200 OK 43 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-bold.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 43420, version 1.0\012- data
Hash 0995525e8fccca524b245e828f6032d2
5021ac4ae3272367246e030fd48cc1fc43711c9e
9e748f9462ea64f78d1b928c4f6f71d430e1f78ec324e6f725994dc95199912a
GET /Assets/fonts/teleneo-bold.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/x-font-woff2
content-length: 43420
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=26235fe3b1d7620aa1d9659efb6a96ec; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=26235fe3b1d7620aa1d9659efb6a96ec; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531
20.56.240.229200 OK 12 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 12136, version 1.0\012- data
Hash 11036cec78bf749628348942ead7bbfa
36f72f7382c322809206601977eca37a61139139
fff2eedd42999130d898497fb9da979b7296799f2c3e67f2b025bf9424776ac5
GET /Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/x-font-woff2
content-length: 12136
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b76baca110487e4389424f1415b7d570; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b76baca110487e4389424f1415b7d570; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
20.56.240.229200 OK 240 B URL HTTP/2 www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 02c9f01b4726c74fa72f55c79eb3b4b7
fe7cbf43d20ee438193e98d3b3fcbf591665714f
d0166f644d8d61d76ae32bb06d71231f23d8447dc3e9e329ce98e65624e12648
GET /Assets/static/t-mobile-logo-white.svg HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: image/svg+xml
content-length: 240
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b76baca110487e4389424f1415b7d570; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b76baca110487e4389424f1415b7d570; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.65200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 06 Oct 2022 19:29:41 GMT
Expires: Thu, 06 Oct 2022 20:07:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GL0URKEa5ckB4qywfNHKVKppRrhs82vbnFQQ3RbF_GlbdqA0JJg-9w==
Age: 2949
web8787.web07.bero-webspace.de/Tmob/piwik.js.download
109.71.253.24200 OK 24 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/piwik.js.download
IP 109.71.253.24:0
Hash 6b440140e8e22e9ef50b8cf3c49a43e4
40c3fcbf8a9699b8eb007ff263e46e4eb4b439de
e8b368757d244e39630c3d271d537bc24607d8a67ffe3807c8bfc93d97682aab
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/piwik.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: W/"633dc679-11b60"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/survey_tmnl_zakelijk.js.download
109.71.253.24200 OK 1.4 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/survey_tmnl_zakelijk.js.download
IP 109.71.253.24:0
File type HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash 005f1159f74ced0c35052723234c8829
11085192acb5304500e0c38806146d39f56652d6
09d2f98241d7c41ffa41e61ac8ad582a6994cc5db7c27fee877c6fad6ff3cc2b
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/survey_tmnl_zakelijk.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:31 GMT
etag: W/"633dc67b-122e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/t-mobile-logo.svg
109.71.253.24200 OK 455 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/t-mobile-logo.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (455), with no line terminators
Hash 064fbd1126e17c68886137554600bec0
bcb9e3a933f877bce70ec2a084877aeedaa6f3da
c1a60e60a303b0a287c8a32e5538c6d79814c120fbbbdd82e29411272c941590
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/t-mobile-logo.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: image/svg+xml
content-length: 455
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:32 GMT
etag: "1c7-5ea4d5de24d18"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
img.en25.com/i/elqCfg.min.js
104.110.12.118200 OK 2.2 kB URL HTTP/1.1 img.en25.com/i/elqCfg.min.js
IP 104.110.12.118:0
File type ASCII text, with very long lines (6080), with no line terminators
Hash 653932b9065b662394993fd19677a932
854c6c3b96fc647f07bf9a1698387d1253bcb61c
ba8a6983167c051ebdd701cb59293a88346b84f2a9802f59ecc75ca49f383a7d
GET /i/elqCfg.min.js HTTP/1.1
Host: img.en25.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/x-javascript
Last-Modified: Tue, 12 Jul 2022 22:09:35 GMT
Accept-Ranges: bytes
ETag: "a2d639123c96d81:0"
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: no-store
Expires: Thu, 06 Oct 2022 20:18:50 GMT
Date: Thu, 06 Oct 2022 20:18:50 GMT
Content-Length: 2183
Connection: keep-alive
web8787.web07.bero-webspace.de/Tmob/f(3).txt
109.71.253.24200 OK 7.5 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(3).txt
IP 109.71.253.24:0
File type ASCII text, with very long lines (12680)
Hash 3dc2d3a6fa1184602a8fc40df91f77d5
67d56d61e76575f0a5748a1a3d1a4654cd80466c
add83dc48939e2e7e6fe5a02905124a81acee238d314d67299271474209d6749
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(3).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-4aac"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/help-tip.svg
109.71.253.24200 OK 486 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/help-tip.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (486), with no line terminators
Hash 4d96dbbf6ef6fae6bf73494cd4b5f485
50f7a10deb38af77b4665a915fde6ac311e14e07
87e946f3cf423b9be2b52d90a0a9d4e9f6dd815f964ffd0c0962fb7ca9c1bcaf
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/help-tip.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: image/svg+xml
content-length: 486
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: "1e6-5ea4d5d8c1f0f"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/password-visible.svg
109.71.253.24200 OK 520 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/password-visible.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (520), with no line terminators
Hash 3e85f308dff85584aa28a6b56bb79446
c5f4f199cbcf5165e311cee561990fed668d3311
b1fe151c052fda7b315efa93296fd926f6c6d817bbb9a92e3639559cd75db033
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/password-visible.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: image/svg+xml
content-length: 520
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:28 GMT
etag: "208-5ea4d5da999c6"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/service.svg
109.71.253.24200 OK 22 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/service.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (21702), with no line terminators
Hash cf3a634d8ca76c0e96d7c9abadf06767
211868f43b2e3a9fcf180404f06b2baccda04e1b
f04f698de192c79b8710580277c5001e153bfbca997fe9341f4b05b760eed096
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/service.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: image/svg+xml
content-length: 21702
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "633dc67a-54c6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
109.71.253.24200 OK 12 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 11452, version 1.0\012- data
Hash 10f73228373cb0aab0b046cd73773f8d
e619917e1aec14c58baf4c2e88565105a50baa61
ba734482c11fc34553bb4938ac10b2a7be4cae10200ff112369fd41b9a7edb01
GET /Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: font/woff2
content-length: 11452
last-modified: Wed, 05 Oct 2022 18:01:32 GMT
etag: "633dc67c-2cbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1128
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:50 GMT
Last-Modified: Thu, 06 Oct 2022 20:00:02 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 892af9380f4e26ded86f0d891577e478
e5fea912a2be7f4a8892b405e1c9989c3990a327
050f2d72053d81b7584dd08beaa1f0977882f0e0258429ba0ceffc658e0d5050
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 20:18:50 GMT
Last-Modified: Thu, 06 Oct 2022 18:44:46 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u5WWxle1iuA5aIAeVH1KoShAuboSUGmklbcrnEOEDoOP1bbxHDfqcw==
Age: 5644
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67b8f29c7fe36a4eead85f82855bc0c2
2c18e7c8d2808aaca655d773a3ae5de2a3d5e279
e146960305c92bc09b85c3e1d3bbcefe014e9b74f689a9ed548dab504b71d2fd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:50 GMT
Server: ECS (amb/6BA2)
Content-Length: 471
web8787.web07.bero-webspace.de/Tmob/linkid.js.download
109.71.253.24200 OK 126 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/linkid.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (1335)
Size 126 kB (126444 bytes)
Hash bb3bebcf66485f720aa7d6cfffde9c8f
4ea63d13ccffcddce7dbb13d8ec4e4d94cdf602b
5b6f87775e15a5bb00228138c96f3b20525ab107ed56e6e84dc12c6d211dc0b4
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/linkid.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: W/"633dc677-621"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-medium.woff2
109.71.253.24200 OK 43 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-medium.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 43424, version 1.0\012- data
Hash 75f1236f41f04366b0831c6214d88e60
9a93a0336fea9ef4e15882a4855e228763481ce5
726419fe5c7c9ac329980a8ca1c940ecf108d83ec2f9a5f9246a2028dbc314f9
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-medium.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: font/woff2
content-length: 43424
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a9a0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-bold.woff2
109.71.253.24200 OK 43 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-bold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 43420, version 1.0\012- data
Hash 0995525e8fccca524b245e828f6032d2
5021ac4ae3272367246e030fd48cc1fc43711c9e
9e748f9462ea64f78d1b928c4f6f71d430e1f78ec324e6f725994dc95199912a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-bold.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: font/woff2
content-length: 43420
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a99c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-regular.woff2
109.71.253.24200 OK 42 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-regular.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 42484, version 1.0\012- data
Hash b98e83c526edfde70471d7ffaec30bd5
42cc68a16b2906a1a9d54d99ff70ea13a83a8cda
ce0c7cdaa1383a3289869599a393ce7654c81d779f1b1a5b86535fcfe1d71dfb
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-regular.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: font/woff2
content-length: 42484
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a5f4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download
109.71.253.24200 OK 50 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (48067)
Hash 81a3c359d628284942e5c7a714c0028a
85695ecc260c5f593ba4456f982d31417fe50a05
a85e4bb3dd218b6ad5b2dd8455c78e7d7f8663f8704fe1c1066fc5bf0b65a9be
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:32 GMT
etag: W/"633dc67c-26ed0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-extrabold.woff2
109.71.253.24200 OK 45 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-extrabold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 45280, version 1.0\012- data
Hash 0cd6336ea943729127d85cf7fb0dd221
bdc2b0a4caece4f1d934828a74806f2a84c7ffac
764e82bdd36d6484aaee4d1bdcdaf19f0bab21ca54c134c87e544196e1781e8f
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-extrabold.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: font/woff2
content-length: 45280
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-b0e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=466&optin=disabled&elq1pcGUID=FC27794714E74A2C95F654B810C38F76
192.29.192.112200 OK 49 B URL HTTP/1.1 founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=466&optin=disabled&elq1pcGUID=FC27794714E74A2C95F654B810C38F76
IP 192.29.192.112:0
ASN #31898 ORACLE-BMC-31898
File type GIF image data, version 89a, 1 x 1\012- data
Hash dbefe00673f01d8b0f2791f3e30565cc
6b3227ad1a39504f155cb0117293a44ab3cbec3a
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
GET /visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=466&optin=disabled&elq1pcGUID=FC27794714E74A2C95F654B810C38F76 HTTP/1.1
Host: founders.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web8787.web07.bero-webspace.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: image/gif
Expires: -1
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Set-Cookie: ELOQUA=GUID=FC27794714E74A2C95F654B810C38F76; domain=t-mobile.nl; expires=Mon, 06-Nov-2023 21:18:50 GMT; path=/
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Thu, 06 Oct 2022 20:18:50 GMT
Content-Length: 49
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0d82dd0666d9050c03ca7bd37dbc80e9
21774e61901e247a76755d915ac24c39ddbbf276
0a567164eadcc6de3089cb7d9177520b451eece345311b0e0277ca9adb370b83
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:18:51 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 06:14:34 GMT
Expires: Thu, 13 Oct 2022 06:14:33 GMT
Etag: "21774e61901e247a76755d915ac24c39ddbbf276"
Cache-Control: max-age=553542,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756116abb8e7b509-OSL
globessl.ocsp.sectigo.com/
104.18.32.68200 OK 472 B URL HTTP/1.1 globessl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash d0b3813c1c7b0f5ea1dcab4b474397b2
d930174415918ceb10fc1ba3c7bddcf41cc2ca1b
6b66aa809ba66d61d2bca51a7199d3e45d7bfb4a97a202a366b2f2b2b901154c
POST / HTTP/1.1
Host: globessl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:18:51 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 11:03:27 GMT
Expires: Mon, 10 Oct 2022 11:03:26 GMT
Etag: "d930174415918ceb10fc1ba3c7bddcf41cc2ca1b"
Cache-Control: max-age=311675,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756116abd8550b61-OSL
web8787.web07.bero-webspace.de/Tmob/bat.js.download
109.71.253.24200 OK 8.5 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/bat.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (30065), with no line terminators
Hash 2114cc29795a7c31e5ebee54e9c7ea6d
2009662f34e60420a04cb718bab7f80c0d82d069
11916d0e9d920fef832b8e608be1e0ff163501573970c4b2c14632ea4011b49a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/bat.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:20 GMT
etag: W/"633dc670-7571"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
tmobile.blueconic.net/DG/DEFAULT/rest/rpc/?requests=%5B%7B%22method%22%3A%22getProfile%22%2C%22params%22%3A%22null%22%2C%22id%22%3A%221665087530560%22%7D%2C%7B%22method%22%3A%22setProperties%22%2C%22params%22%3A%22%7B%5C%22properties%5C%22%3A%7B%5C%22language%5C%22%3A%5B%5C%22en%5C%22%5D%2C%5C%22currentscreenwidth%5C%22%3A%5B1280%5D%2C%5C%22currentscreenheight%5C%22%3A%5B1024%5D%2C%5C%22currentresolution%5C%22%3A%5B%5C%221280x1024%5C%22%5D%2C%5C%22entrypage%5C%22%3A%5B%5C%22https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F%5C%22%5D%2C%5C%22testgroup%5C%22%3A%5B1%5D%7D%2C%5C%22sources%5C%22%3A%7B%5C%22listenerinteractiontype%5C%22%3A%5B%5C%22language%5C%22%2C%5C%22currentscreenwidth%5C%22%2C%5C%22currentscreenheight%5C%22%2C%5C%22currentresolution%5C%22%2C%5C%22entrypage%5C%22%5D%2C%5C%22testgroup_prelistener%5C%22%3A%5B%5C%22testgroup%5C%22%5D%7D%7D%22%2C%22id%22%3A%221665087530561%22%7D%2C%7B%22method%22%3A%22addProperties%22%2C%22params%22%3A%22%7B%5C%22properties%5C%22%3A%7B%5C%22resolution%5C%22%3A%5B%5C%221280x1024%5C%22%5D%7D%2C%5C%22sources%5C%22%3A%7B%5C%22listenerinteractiontype%5C%22%3A%5B%5C%22resolution%5C%22%5D%7D%7D%22%2C%22id%22%3A%221665087530562%22%7D%2C%7B%22method%22%3A%22createEvent%22%2C%22params%22%3A%22%7B%5C%22type%5C%22%3A%5B%5C%22PAGEVIEW%5C%22%5D%2C%5C%22referrer%5C%22%3A%5B%5C%22%5C%22%5D%2C%5C%22profile%5C%22%3A%5B%5D%7D%22%2C%22id%22%3A%221665087530563%22%7D%5D&referer=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-10-06T20%3A18%3A51%2B00%3A00&callback=bc_json115
52.30.150.207200 OK 34 B URL HTTP/2 tmobile.blueconic.net/DG/DEFAULT/rest/rpc/?requests=%5B%7B%22method%22%3A%22getProfile%22%2C%22params%22%3A%22null%22%2C%22id%22%3A%221665087530560%22%7D%2C%7B%22method%22%3A%22setProperties%22%2C%22params%22%3A%22%7B%5C%22properties%5C%22%3A%7B%5C%22language%5C%22%3A%5B%5C%22en%5C%22%5D%2C%5C%22currentscreenwidth%5C%22%3A%5B1280%5D%2C%5C%22currentscreenheight%5C%22%3A%5B1024%5D%2C%5C%22currentresolution%5C%22%3A%5B%5C%221280x1024%5C%22%5D%2C%5C%22entrypage%5C%22%3A%5B%5C%22https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F%5C%22%5D%2C%5C%22testgroup%5C%22%3A%5B1%5D%7D%2C%5C%22sources%5C%22%3A%7B%5C%22listenerinteractiontype%5C%22%3A%5B%5C%22language%5C%22%2C%5C%22currentscreenwidth%5C%22%2C%5C%22currentscreenheight%5C%22%2C%5C%22currentresolution%5C%22%2C%5C%22entrypage%5C%22%5D%2C%5C%22testgroup_prelistener%5C%22%3A%5B%5C%22testgroup%5C%22%5D%7D%7D%22%2C%22id%22%3A%221665087530561%22%7D%2C%7B%22method%22%3A%22addProperties%22%2C%22params%22%3A%22%7B%5C%22properties%5C%22%3A%7B%5C%22resolution%5C%22%3A%5B%5C%221280x1024%5C%22%5D%7D%2C%5C%22sources%5C%22%3A%7B%5C%22listenerinteractiontype%5C%22%3A%5B%5C%22resolution%5C%22%5D%7D%7D%22%2C%22id%22%3A%221665087530562%22%7D%2C%7B%22method%22%3A%22createEvent%22%2C%22params%22%3A%22%7B%5C%22type%5C%22%3A%5B%5C%22PAGEVIEW%5C%22%5D%2C%5C%22referrer%5C%22%3A%5B%5C%22%5C%22%5D%2C%5C%22profile%5C%22%3A%5B%5D%7D%22%2C%22id%22%3A%221665087530563%22%7D%5D&referer=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-10-06T20%3A18%3A51%2B00%3A00&callback=bc_json115
IP 52.30.150.207:0
File type ASCII text, with no line terminators
Hash 0654ee65f66b5ca2c1f9dc8ae7695067
b060a4aace4d570e394276155c54a8e8486e55c8
8b6baee8edbcb375a0a68a17539948e739f5cc67dd185983699619f7e351f6e1
GET /DG/DEFAULT/rest/rpc/?requests=%5B%7B%22method%22%3A%22getProfile%22%2C%22params%22%3A%22null%22%2C%22id%22%3A%221665087530560%22%7D%2C%7B%22method%22%3A%22setProperties%22%2C%22params%22%3A%22%7B%5C%22properties%5C%22%3A%7B%5C%22language%5C%22%3A%5B%5C%22en%5C%22%5D%2C%5C%22currentscreenwidth%5C%22%3A%5B1280%5D%2C%5C%22currentscreenheight%5C%22%3A%5B1024%5D%2C%5C%22currentresolution%5C%22%3A%5B%5C%221280x1024%5C%22%5D%2C%5C%22entrypage%5C%22%3A%5B%5C%22https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F%5C%22%5D%2C%5C%22testgroup%5C%22%3A%5B1%5D%7D%2C%5C%22sources%5C%22%3A%7B%5C%22listenerinteractiontype%5C%22%3A%5B%5C%22language%5C%22%2C%5C%22currentscreenwidth%5C%22%2C%5C%22currentscreenheight%5C%22%2C%5C%22currentresolution%5C%22%2C%5C%22entrypage%5C%22%5D%2C%5C%22testgroup_prelistener%5C%22%3A%5B%5C%22testgroup%5C%22%5D%7D%7D%22%2C%22id%22%3A%221665087530561%22%7D%2C%7B%22method%22%3A%22addProperties%22%2C%22params%22%3A%22%7B%5C%22properties%5C%22%3A%7B%5C%22resolution%5C%22%3A%5B%5C%221280x1024%5C%22%5D%7D%2C%5C%22sources%5C%22%3A%7B%5C%22listenerinteractiontype%5C%22%3A%5B%5C%22resolution%5C%22%5D%7D%7D%22%2C%22id%22%3A%221665087530562%22%7D%2C%7B%22method%22%3A%22createEvent%22%2C%22params%22%3A%22%7B%5C%22type%5C%22%3A%5B%5C%22PAGEVIEW%5C%22%5D%2C%5C%22referrer%5C%22%3A%5B%5C%22%5C%22%5D%2C%5C%22profile%5C%22%3A%5B%5D%7D%22%2C%22id%22%3A%221665087530563%22%7D%5D&referer=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-10-06T20%3A18%3A51%2B00%3A00&callback=bc_json115 HTTP/1.1
Host: tmobile.blueconic.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: AWSALBCORS=27zUVJ2HJdHCQfFdDtVvq6w/BxctUW/Mq76cPilL8Rt6poxj++6g4it8GvHjfI86bs1GMz1GUCFGDtXD4AiXu3RwCh1w3j/of9S789xIrvYneVX4GDatcZA09ji1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 34
set-cookie: AWSALB=EQ5DiqKmoGSpnZKYPIvgRJbsqnap+5OIsEeXU/ADcwUrTg5+WDfLie8A4t++PceBwfAcOc3X3WmIJe7tRvatJtl/6OTNAxj/v5UY6VaZzyGDyToBGF1/Vo2FviV8; Expires=Thu, 13 Oct 2022 20:18:51 GMT; Path=/
AWSALBCORS=EQ5DiqKmoGSpnZKYPIvgRJbsqnap+5OIsEeXU/ADcwUrTg5+WDfLie8A4t++PceBwfAcOc3X3WmIJe7tRvatJtl/6OTNAxj/v5UY6VaZzyGDyToBGF1/Vo2FviV8; Expires=Thu, 13 Oct 2022 20:18:51 GMT; Path=/; SameSite=None; Secure
server: -
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
p3p: policyref="", CP="DSP"
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash db49968cf340bbccb3bb2b2a3ba6a03f
170e219d68fa0c9fc22a7e4e5f48c57d4774507e
ed2d38010ef90d172fd90945188896647502ab30b8e51c4610583f8fe1a6a026
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 20:18:51 GMT
Last-Modified: Thu, 06 Oct 2022 18:54:06 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -1l6O6EBWhex80wPa6LGvscKDn3u-c3EYIbhZN5OFfvrklBAUBgR8w==
Age: 5085
6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1686&prev=1665087614670&luid=38afb9f3-6cb5-de98-ba97-56101003c3a6&rnd=9458
18.158.197.63200 OK 34 B URL HTTP/2 6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1686&prev=1665087614670&luid=38afb9f3-6cb5-de98-ba97-56101003c3a6&rnd=9458
IP 18.158.197.63:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
GET /image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1686&prev=1665087614670&luid=38afb9f3-6cb5-de98-ba97-56101003c3a6&rnd=9458 HTTP/1.1
Host: 6004843.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=RO8wvR517u1wmSuHcw+Iw43hYMhiJAH1EiccPE0UUclj3CpqzI0VODfsHHoCTX3kXpiMbO6UTFMKxTXXQAi7DteXv8XgnH11LsGzGf+yJQ7nuuahBcphXdAAZl2f; Expires=Thu, 13 Oct 2022 20:18:51 GMT; Path=/
AWSALBCORS=RO8wvR517u1wmSuHcw+Iw43hYMhiJAH1EiccPE0UUclj3CpqzI0VODfsHHoCTX3kXpiMbO6UTFMKxTXXQAi7DteXv8XgnH11LsGzGf+yJQ7nuuahBcphXdAAZl2f; Expires=Thu, 13 Oct 2022 20:18:51 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Thu, 06 Oct 2022 20:18:51 UTC
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/Icons/favicon-16x16.png
20.56.240.229200 OK 353 B URL HTTP/2 www.t-mobile.nl/Assets/Icons/favicon-16x16.png
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 5b6ecdca49f836b8b107f22fcc4a9aa0
541307d5bbd92e81a63817f67d2584baf6e90541
86fd31831eeb75a2d2efe569da286f8d766004bc433681b94f897e3e0d72527a
GET /Assets/Icons/favicon-16x16.png HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b76baca110487e4389424f1415b7d570
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: image/png
content-length: 353
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/Icons/favicon-196x196.png
20.56.240.229200 OK 16 kB URL HTTP/2 www.t-mobile.nl/Assets/Icons/favicon-196x196.png
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced\012- data
Hash d7d78ef91cb5d6bb980fbd6a7c56967f
e4723fa7917e47974e499ed60794e7f460052944
fd4baf2fba1106e46df6e5fccb130d95a5097d414bff1f4f1d86c2c48b373bf0
GET /Assets/Icons/favicon-196x196.png HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b76baca110487e4389424f1415b7d570
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: image/png
content-length: 16259
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ecc594c8ad8a58175abca6f74592cad0
bc3eb5409877f214ca5d45c39d39754fd80997ae
4376e30946f541ed958cbbff449d18b6acb24608aa48fa078440cb99291dc7d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 929
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Last-Modified: Thu, 06 Oct 2022 20:03:22 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.210200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14746
date: Thu, 06 Oct 2022 20:18:51 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: WTBx2uc4HwL7SgZVYzIRJKfU15GG+4E2/24UIe0NPIS4WhI82zGXsDQV2bXdtU4q+vLPZTAKTE8M6SywByj8WQ==
content-length: 26840
x-fb-trip-id: 1904183273
date: Thu, 06 Oct 2022 20:18:51 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash babb0d09b27851a7c080c2843211eb91
cf41327a7f5a83c8343e85741bc34cb53050449a
adc4ea8ee48fd9337d951234bd345899ddb116cad409265ee2cf01733ac82e84
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11376
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=18311372F70B60A91E990147F6FE616C; domain=.bing.com; expires=Tue, 31-Oct-2023 20:18:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CB23415FFF7E436BB5DAA3884FEB2FEF Ref B: OSL30EDGE0110 Ref C: 2022-10-06T20:18:51Z
date: Thu, 06 Oct 2022 20:18:50 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9af8f77271c0e690e9e16aa0eaf74ee2
55dbe79b278130d3d7aadc5e65d0145717a5ab37
70d1811348837e459897bb24afedfc721ac95bd06d81b7830aa0f4adca1418ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 40a4de06678d96242b71d5318f2fd4ef
546a7d1d92df81916f14155943427b5453ae3924
aed9af25ae57c181702a137d48cb00f5b30297180161451de3b628359dc9ec6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
web8787.web07.bero-webspace.de/Tmob/ec.js.download
109.71.253.24200 OK 1.2 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/ec.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (523)
Hash cd76e40851bb70c91b30cb3a95cce9b4
2ff9c812186210cf15a4a3dec6c26b7dfb2da5be
551c713a44584ceacb6d4c23f1211199ab11d616c45890ae8ad1e5fadbb6e92d
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/ec.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:22 GMT
etag: W/"633dc672-adb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
216.58.211.2200 OK 3.2 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (2812)
Hash 4d25fcd5db1b3e587056df29eceda987
f39f02656e6d83d8c5d56d9a2dc7dd503c8dfb08
c1ea615501bde8bb26af7731ca7118379c587f2f799c13d7b76b11434b502ffc
GET /pagead/js/r20210414/r20110914/elements/html/omrhp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Thu, 06 Oct 2022 20:18:51 GMT
expires: Thu, 20 Oct 2022 20:18:51 GMT
cache-control: public, max-age=1209600
content-type: text/javascript; charset=UTF-8
etag: 10699485926258732851
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 3181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ecc594c8ad8a58175abca6f74592cad0
bc3eb5409877f214ca5d45c39d39754fd80997ae
4376e30946f541ed958cbbff449d18b6acb24608aa48fa078440cb99291dc7d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 929
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Last-Modified: Thu, 06 Oct 2022 20:03:22 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
216.58.207.195200 OK 42 B URL HTTP/2 www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 216.58.207.195:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 20:18:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 20:18:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/signals/config/456228845279132?v=2.9.84&r=stable
31.13.72.12200 OK 86 kB URL HTTP/2 connect.facebook.net/signals/config/456228845279132?v=2.9.84&r=stable
IP 31.13.72.12:0
File type ASCII text, with very long lines (64471)
Hash f1c9202b99f9338606dcc1060041eb25
97657916e5a2fd54747863e44a5ff7498c633385
0a7efa76bae11f752e7139ae6505a3422bd9e8e668a03587253a8d2b14f221f5
GET /signals/config/456228845279132?v=2.9.84&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: TnDY1JrUkVBo0woRgC9qZh1a9FBrH2a7zZ5RRT6oOpqV7u4NH6R5TkswciAc4g9SmxZ/lAMKpTik9vHCsms+oA==
content-length: 86200
x-fb-trip-id: 1904183273
date: Thu, 06 Oct 2022 20:18:51 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:18:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:18:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:18:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9af8f77271c0e690e9e16aa0eaf74ee2
55dbe79b278130d3d7aadc5e65d0145717a5ab37
70d1811348837e459897bb24afedfc721ac95bd06d81b7830aa0f4adca1418ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:18:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/p/action/5318565.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/5318565.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5318565.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=0C1AB1C6695B693D3CD9A3F368AE6805; domain=.bing.com; expires=Tue, 31-Oct-2023 20:18:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D64AAAE8ADBC4982A9A9F76DAC90C591 Ref B: OSL30EDGE0110 Ref C: 2022-10-06T20:18:51Z
date: Thu, 06 Oct 2022 20:18:50 GMT
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js
34.96.102.137200 OK 49 kB URL HTTP/2 dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js
IP 34.96.102.137:0
File type ASCII text, with very long lines (47951)
Hash 8a3c2f31ac2ab8f73e6904f121e377c7
7b131427ab3ce9e6c4168a0788e1ff79437694c4
220e4c176ee75db48f4f16c9e5afba1e4a44c312faaf8d7e0167f4265927c57a
GET /web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: application/javascript; charset=UTF-8
content-length: 49255
last-modified: Thu, 06 Oct 2022 17:58:04 GMT
content-encoding: br
etag: "633f172c-c067"
server: gams1
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&rl=&if=false&ts=1665087531488&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665087531487.1396307928&it=1665087531369&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&rl=&if=false&ts=1665087531488&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665087531487.1396307928&it=1665087531369&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&rl=&if=false&ts=1665087531488&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665087531487.1396307928&it=1665087531369&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Thu, 06 Oct 2022 20:18:51 GMT
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.9644369216838697
34.96.102.137200 OK 35 B URL HTTP/2 dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.9644369216838697
IP 34.96.102.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.9644369216838697 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
expires: Mon, 10 Jan 2005 00:00:01 GMT
pragma: no-cache
x-content-type-options: nosniff
content-length: 35
server: gnv1c
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:18:52 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.918205629639805
34.96.102.137200 OK 35 B URL HTTP/2 dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.918205629639805
IP 34.96.102.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.918205629639805 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
expires: Mon, 10 Jan 2005 00:00:01 GMT
pragma: no-cache
x-content-type-options: nosniff
content-length: 35
server: gnv1c
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-1208.min.js
151.101.86.137200 OK 12 kB URL HTTP/2 js-agent.newrelic.com/nr-1208.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (31332), with no line terminators
Hash c735cd7fe713b55dd0c4883942c69c47
18d612de412704af277e2aa683e7ce9cad1a07da
3b72e1bc9807808e66e46b42c44dce929d01e63ebe34bc00e3d84acaffd5d94d
GET /nr-1208.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ht37li50OObZwDWXVtfRXNIIbZ7rfPceCb5sunn6AUTfT9T65v85m7us/+lm0DJm4pKntq6z0UQ=
x-amz-request-id: 1Q76YVRTXZP2SZMK
last-modified: Wed, 10 Mar 2021 16:24:28 GMT
etag: "1a71e4208296f97b465116492f59124d"
x-amz-version-id: RGJXhnJ2IqU3nLrOoxetOoKLCG4kx4sX
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 06 Oct 2022 20:18:51 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 13
x-timer: S1665087532.749274,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 11777
X-Firefox-Spdy: h2
bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2486&ck=1&ref=https://web8787.web07.bero-webspace.de/&ap=36&be=1007&fe=2399&dc=1542&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665087529273,%22n%22:0,%22f%22:-7,%22dn%22:68,%22dne%22:129,%22c%22:129,%22s%22:159,%22ce%22:551,%22rq%22:551,%22rp%22:613,%22rpe%22:639,%22dl%22:651,%22di%22:1390,%22ds%22:1541,%22de%22:1548,%22dc%22:2398,%22l%22:2398,%22le%22:2401%7D,%22navigation%22:%7B%7D%7D&fcp=1547&jsonp=NREUM.setToken
162.247.241.2200 OK 77 B URL HTTP/1.1 bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2486&ck=1&ref=https://web8787.web07.bero-webspace.de/&ap=36&be=1007&fe=2399&dc=1542&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665087529273,%22n%22:0,%22f%22:-7,%22dn%22:68,%22dne%22:129,%22c%22:129,%22s%22:159,%22ce%22:551,%22rq%22:551,%22rp%22:613,%22rpe%22:639,%22dl%22:651,%22di%22:1390,%22ds%22:1541,%22de%22:1548,%22dc%22:2398,%22l%22:2398,%22le%22:2401%7D,%22navigation%22:%7B%7D%7D&fcp=1547&jsonp=NREUM.setToken
IP 162.247.241.2:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2486&ck=1&ref=https://web8787.web07.bero-webspace.de/&ap=36&be=1007&fe=2399&dc=1542&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665087529273,%22n%22:0,%22f%22:-7,%22dn%22:68,%22dne%22:129,%22c%22:129,%22s%22:159,%22ce%22:551,%22rq%22:551,%22rp%22:613,%22rpe%22:639,%22dl%22:651,%22di%22:1390,%22ds%22:1541,%22de%22:1548,%22dc%22:2398,%22l%22:2398,%22le%22:2401%7D,%22navigation%22:%7B%7D%7D&fcp=1547&jsonp=NREUM.setToken HTTP/1.1
Host: bam-cell.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:18:52 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 756116b1fc21b4ee-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=c3060f6ce31eaeef; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uUEgQ0mUEnG80j7CWnpbav9hH77mvqFtzK65PvGgJQ6xaL8Z0epA2hiCKP1WM6iJNLPGEjCVhdrnNSohhUG4I8oijUAEFI67WrifAzXjK0bVn3E4BMfxHKo0Jiz3BrZzEEzdj8Dd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19259
Expires: Fri, 07 Oct 2022 01:39:51 GMT
Date: Thu, 06 Oct 2022 20:18:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19259
Expires: Fri, 07 Oct 2022 01:39:51 GMT
Date: Thu, 06 Oct 2022 20:18:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19259
Expires: Fri, 07 Oct 2022 01:39:51 GMT
Date: Thu, 06 Oct 2022 20:18:52 GMT
Connection: keep-alive
web8787.web07.bero-webspace.de/Tmob/insight.min.js.download
109.71.253.24200 OK 9.3 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/insight.min.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (4321)
Hash 71e23e13c44bf1ca3ce4112311b1842a
672ce5463f2e5363e109e563fb0cf868b55437ba
eed0e56f67b4e391b9b6f23648ecb4a8224cd0c5bc4580ba917870a9f79e2e66
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/insight.min.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: W/"633dc677-10e2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e238ccaa3b9fa88476a8514855e8232f
447cbf348ef10d0136a1811e843c46937defbba1
43dce3c1eb388dfaddca4176acb6eb32f76fc4c03fca18e7a315c9ddb43d2b02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7270
x-amzn-requestid: e5d0bb7a-b9d5-49b1-b51c-8db019da641f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQOGEQloAMFjgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfa5a-519d91fb0b83920960da479d;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:42:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: l1HGT5ycH36vVojsOPFptRSU1YJFvLbBsgiWJqzRlRIGgm2o5vf6jg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:58:56 GMT
etag: "447cbf348ef10d0136a1811e843c46937defbba1"
content-type: image/jpeg
age: 80396
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 488ec5b4267ccb1cdc4e6e08556f7f3b
42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88
d9b05fe92962a58b9a8e8dbd4757969aa361be12018107ae649ffcdb8a0f8d84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3430
x-amzn-requestid: 9b3b52d6-08b4-4893-962b-3dfe67e2f11d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjTijF0vIAMFq3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dffa9-0a128734418b6c4d6375e2ac;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 22:05:29 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: G0mKHnEonkmY4EDpNGAbg_DF37oxElJt58Lv6IJ4ro-hiG61wEAqVQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 09:57:45 GMT
age: 37267
etag: "42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/js
109.71.253.24200 OK 11 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/js
IP 109.71.253.24:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2277f8f2d93b4bc3b05d348343177892
531d9e4ec9078cd2d7376a19fcb287084af36c82
62907648de4a2ed390232a71ab7dce49f1e9c3363cde6a2f30ecae10ab67f93a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/js HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/octet-stream
content-length: 98236
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: "633dc677-17fbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dbba56f647bf5989ca51863632bbebfc
26694f34166345ee5693653e0101db6b910e68ba
ec5cc38f2a77e8e655aeeb7a376cf882ccb7163e4ef9d1ce4633ab4754e48765
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4140
x-amzn-requestid: f3cb33c4-26b6-4fd8-9293-dfb42be34600
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjOZiEZ4IAMFvLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df770-424459547db8b3d721d75e54;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:30:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: q70sezhl0h-lASzUDh5_WQ6KraRa3fWYl_tO0iuE0CpbJ5GeiihgMw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
etag: "26694f34166345ee5693653e0101db6b910e68ba"
content-type: image/jpeg
age: 81706
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70ea26af79226e9ff06d6198e2c019dc
ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57
f9393e7b8cbaedc8e1ef87fd89c617cf102f58813d84d866ff68e3124f94d44c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 127bce04-9f75-4bb1-bbe7-33bf1694d96c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmHG5oAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-3896085b3b73ff5403237206;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E4yZTPRLFdK717YfwjOIFOJDi0wYpyA736dQELeM5iPLvGDXBosEWg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 05:04:17 GMT
age: 54875
etag: "ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&f=1&r=0.022078561759742765
34.96.102.137200 OK 0 B URL HTTP/2 dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&f=1&r=0.022078561759742765
IP 34.96.102.137:0
GET /j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&f=1&r=0.022078561759742765 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0, no-cache, must-revalidate
etag: W/"1665079103"
server: gams1
timing-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tracking001.piwikpro.com/piwik.js
52.166.179.92200 OK 0 B URL HTTP/2 tracking001.piwikpro.com/piwik.js
IP 52.166.179.92:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /piwik.js HTTP/1.1
Host: tracking001.piwikpro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:18:51 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 08:51:54 GMT
vary: Accept-Encoding
etag: W/"6253ec2a-11e9b"
expires: Fri, 07 Oct 2022 02:18:51 GMT
cache-control: max-age=21600
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/fbevents.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/fbevents.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/fbevents.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: W/"633dc676-16e78"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/elqCfg.min.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/elqCfg.min.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/elqCfg.min.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-17c0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/15258
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/15258
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/15258 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f(1).txt
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(1).txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(1).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-8e43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f(2).txt
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(2).txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(2).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-9c5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f.txt
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f.txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f.txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:24 GMT
etag: W/"633dc674-1f15"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
GET /Tmob/DesignSystem.css HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: text/css
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-62fc4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/op.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/op.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/op.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:28 GMT
etag: W/"633dc678-1440"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/uwt.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/uwt.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/uwt.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:34 GMT
etag: W/"633dc67e-1428"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/analytics.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/analytics.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/analytics.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: W/"633dc66f-be77"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/tmobile.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/tmobile.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/tmobile.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:34 GMT
etag: W/"633dc67e-22fa1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/siteanalyze_6004843.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/siteanalyze_6004843.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/siteanalyze_6004843.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: W/"633dc67a-2f30"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/gtm.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/gtm.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/gtm.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: W/"633dc676-6f7f5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/DesignSystem(1)
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/DesignSystem(1)
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/DesignSystem(1) HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=n2a0f9770o5mhemepmbunjt1pt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:18:50 GMT
content-type: application/octet-stream
content-length: 348290
last-modified: Wed, 05 Oct 2022 18:01:22 GMT
etag: "633dc672-55082"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2