web8787.web07.bero-webspace.de/
109.71.253.24301 Moved Permanently 162 B URL HTTP/1.1 web8787.web07.bero-webspace.de/
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET / HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 07 Oct 2022 06:06:29 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://web8787.web07.bero-webspace.de/
firefox.settings.services.mozilla.com/v1/
54.230.111.65200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xA6_vvLQuA04nvPLM8KZTnv42rOphsXW-IC1JdSQzWbZ_7NzgAaYBw==
Age: 137952
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3474
Expires: Fri, 07 Oct 2022 07:04:24 GMT
Date: Fri, 07 Oct 2022 06:06:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ab7d8709d334de0e46dcb86aabfbff1
f221138a8ad9d0bfa3c054370dcdb363a67dc310
b91d37f606eaf448b9c7dfc05566a11de004ce44503409e1a776288ee2622805
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18761
Expires: Fri, 07 Oct 2022 11:19:11 GMT
Date: Fri, 07 Oct 2022 06:06:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GDhEQsKVS2Dbbrwt8eyTZnHcXUJEM3ytyMYK8USv6FH6+rs3mI/YdmJozNL3ezxquxhloRbZ2mcQnCUIfSFYMw==
x-amz-request-id: CKYR1JY3TMCW3PHN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 05:31:04 GMT
age: 2126
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b648245efb72cd69e4ebd87e5ca135fa
33c6267fe9557226e509f288215cc9f4f78c037a
7c880f741a77fa51863b9cc00e32579e197aeeb91767e5f8b15a79a2eb36f734
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C880F741A77FA51863B9CC00E32579E197AEEB91767E5F8B15A79A2EB36F734"
Last-Modified: Wed, 05 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Fri, 07 Oct 2022 12:05:55 GMT
Date: Fri, 07 Oct 2022 06:06:30 GMT
Connection: keep-alive
web8787.web07.bero-webspace.de/
109.71.253.24200 OK 25 kB URL HTTP/2 web8787.web07.bero-webspace.de/
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (25275)
Hash c3ad8bed4be6b88306758a24f449ad6d
2981037a823e0a069f8a6f574f3481461c3b941f
083cc18b9b49d6c87379d3357fb256067f851c626d9ccf7528f6f0a7b90817c0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET / HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/html; charset=UTF-8
content-length: 24808
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.32, PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource
109.71.253.24200 OK 1.5 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource
IP 109.71.253.24:0
Hash ce3962ff61c64d30be05d0f57e8bf3d0
948c113428bd8e071c89fbcbe0cbd1f303b4207d
54f983fd69daf585022ea02914e6bbbec2fee235b78ddfaf0874e96f39462e87
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/octet-stream
content-length: 1463
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: "633dc679-5b7"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/js
109.71.253.24200 OK 98 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/js
IP 109.71.253.24:0
File type ASCII text, with very long lines (2127)
Hash 4fcf33a7bfcedeb356402b3dcb8a7941
e52add890e8b9486cafdcf737737f873b2fddf2d
b2e61bfff0b05ab82eddd27e37e0bbcd067980982ecb72284afae5c576792c0a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/js HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/octet-stream
content-length: 98236
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: "633dc677-17fbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.65200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Fri, 07 Oct 2022 05:29:41 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 07 Oct 2022 06:02:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: O_vy8Y8odXGdBKBEJ0rmqGx-mIY63AnfKtshIoqTqdTpbNNwqWCEhw==
Age: 2209
www.t-mobile.nl/Assets/fonts/teleneo-regular.woff2
20.56.240.229200 OK 42 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-regular.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 42484, version 1.0\012- data
Hash b98e83c526edfde70471d7ffaec30bd5
42cc68a16b2906a1a9d54d99ff70ea13a83a8cda
ce0c7cdaa1383a3289869599a393ce7654c81d779f1b1a5b86535fcfe1d71dfb
GET /Assets/fonts/teleneo-regular.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/x-font-woff2
content-length: 42484
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b76baca110487e4389424f1415b7d570; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b76baca110487e4389424f1415b7d570; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
20.56.240.229200 OK 240 B URL HTTP/2 www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 02c9f01b4726c74fa72f55c79eb3b4b7
fe7cbf43d20ee438193e98d3b3fcbf591665714f
d0166f644d8d61d76ae32bb06d71231f23d8447dc3e9e329ce98e65624e12648
GET /Assets/static/t-mobile-logo-white.svg HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: image/svg+xml
content-length: 240
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/static/t-mobile-logo.svg
20.56.240.229200 OK 243 B URL HTTP/2 www.t-mobile.nl/Assets/static/t-mobile-logo.svg
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 548720ab0e5bf4372a45ffe8b48db416
0283a50ccce31e104e679ee254154de8be9e2317
ff94370a161bbc40727c4313fe5e68fa0842835a0a80b6773b7ce69339e3f19d
GET /Assets/static/t-mobile-logo.svg HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: image/svg+xml
content-length: 243
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-bold.woff2
20.56.240.229200 OK 43 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-bold.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 43420, version 1.0\012- data
Hash 0995525e8fccca524b245e828f6032d2
5021ac4ae3272367246e030fd48cc1fc43711c9e
9e748f9462ea64f78d1b928c4f6f71d430e1f78ec324e6f725994dc95199912a
GET /Assets/fonts/teleneo-bold.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/x-font-woff2
content-length: 43420
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=27ac9f8ee9796a17e1650d46fa7eae9a; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=27ac9f8ee9796a17e1650d46fa7eae9a; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/j.php
109.71.253.24200 OK 2.0 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/j.php
IP 109.71.253.24:0
File type ASCII text, with very long lines (2535)
Hash 68252acac8879c2fa1189d45b23b5ed6
f2a407e2ea95c719885c231c9ddd8b20f36740df
ac0866f3eabac6c7a50864fe3de79c0339c1cc984a0141bc06502a4c75ba7539
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/j.php HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/html; charset=UTF-8
content-length: 2007
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.32, PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/456228845279132
109.71.253.24200 OK 261 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/456228845279132
IP 109.71.253.24:0
File type ASCII text, with very long lines (64471)
Size 261 kB (260964 bytes)
Hash 9eb15265ebeec54fad2c80298b8b5989
dcaf33bd450152f7c6f5bdc5c61dfd112ed0f6c1
667b0a2734580b913c271c71708d39c2fb527a79edd19f1ba4d4de26c382203d
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/456228845279132 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/octet-stream
content-length: 260964
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: "633dc66f-3fb64"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/cs
109.71.253.24200 OK 66 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/cs
IP 109.71.253.24:0
File type ASCII text, with no line terminators
Hash 5745fbf6759e6c2e17a379d6c54aa610
612fb56b2636e1da2f93e94c2e84ace08be5c190
2047b330025aeb9baf6d8899f3c024cfb94b30c2aade6348bc5538c89b1f46bd
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/cs HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-length: 66
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:20 GMT
etag: "42-5ea4d5d2d7531"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource(2)
109.71.253.24200 OK 35 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource(2)
IP 109.71.253.24:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource(2) HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-length: 35
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: "23-5ea4d5dc128e6"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-medium.woff2
20.56.240.229200 OK 43 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-medium.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 43424, version 1.0\012- data
Hash 75f1236f41f04366b0831c6214d88e60
9a93a0336fea9ef4e15882a4855e228763481ce5
726419fe5c7c9ac329980a8ca1c940ecf108d83ec2f9a5f9246a2028dbc314f9
GET /Assets/fonts/teleneo-medium.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/x-font-woff2
content-length: 43424
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=acdccb7780f22517ae04e679b6b982b5; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=acdccb7780f22517ae04e679b6b982b5; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531
20.56.240.229200 OK 12 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 12136, version 1.0\012- data
Hash 11036cec78bf749628348942ead7bbfa
36f72f7382c322809206601977eca37a61139139
fff2eedd42999130d898497fb9da979b7296799f2c3e67f2b025bf9424776ac5
GET /Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/x-font-woff2
content-length: 12136
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=6064f59633d44046b21ff8403ed1b3fe; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=6064f59633d44046b21ff8403ed1b3fe; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-extrabold.woff2
20.56.240.229200 OK 45 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-extrabold.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 45280, version 1.0\012- data
Hash 0cd6336ea943729127d85cf7fb0dd221
bdc2b0a4caece4f1d934828a74806f2a84c7ffac
764e82bdd36d6484aaee4d1bdcdaf19f0bab21ca54c134c87e544196e1781e8f
GET /Assets/fonts/teleneo-extrabold.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/x-font-woff2
content-length: 45280
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=d36bf4ac0d97592799363eebfeeb0b59; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=d36bf4ac0d97592799363eebfeeb0b59; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/DesignSystem(1)
109.71.253.24200 OK 348 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/DesignSystem(1)
IP 109.71.253.24:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size 348 kB (348290 bytes)
Hash 5ed26472aae9352ec68755a632b0a3b3
b1cbe2999805d548e6aed30a242c51bed4c42099
fb2ecc31750ea9a875e1514cd687bb6cd381c7079efeceee8a3c0c08115f75c5
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/DesignSystem(1) HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/octet-stream
content-length: 348290
last-modified: Wed, 05 Oct 2022 18:01:22 GMT
etag: "633dc672-55082"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/SsoKeepAlive.aspx
109.71.253.24200 OK 665 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/SsoKeepAlive.aspx
IP 109.71.253.24:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c9e7bbf8e4f0db12c1fb302ff61d97a7
4e7702417228017514c7299c72f56ad46102ba55
d2edd898d01f9497f81b4433d604796a1f459c3356c8359d510f304d3b95c2ec
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/SsoKeepAlive.aspx HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-length: 665
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "299-5ea4d5dd0e810"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource(1)
109.71.253.24200 OK 82 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource(1)
IP 109.71.253.24:0
File type HTML document, ASCII text, with very long lines (558)
Hash a2a82860a6ff16765a4e5302b7df6ef8
e119c23241e2e865362a7d93e77652cc03fb2867
e900793533d5a24861457658acd88eefaf284309e5e5f8a049b9468af341abf2
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource(1) HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/octet-stream
content-length: 81728
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "633dc67a-13f40"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/pixel.gif
109.71.253.24200 OK 35 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/pixel.gif
IP 109.71.253.24:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Analyzer Verdict Alert openphish Deutsche Telekom
GET /Tmob/pixel.gif HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: image/gif
content-length: 35
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: "23-5ea4d5db6f794"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/0
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/0
IP 109.71.253.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/0 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-length: 0
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: "0-5ea4d5d1b73ea"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/bat.js.download
109.71.253.24200 OK 9.0 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/bat.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (30065), with no line terminators
Hash 856931d0722fd8f8519d9a36af7a61f7
b84af617b145976127a4d3108fd15d58f85c35a7
20f4e52e971e474c2449a7dca79607d37844f14a9263379174716dc1f2cf0bcf
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/bat.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:20 GMT
etag: W/"633dc670-7571"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/password-visible.svg
109.71.253.24200 OK 520 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/password-visible.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (520), with no line terminators
Hash 3e85f308dff85584aa28a6b56bb79446
c5f4f199cbcf5165e311cee561990fed668d3311
b1fe151c052fda7b315efa93296fd926f6c6d817bbb9a92e3639559cd75db033
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/password-visible.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/svg+xml
content-length: 520
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:28 GMT
etag: "208-5ea4d5da999c6"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/help-tip.svg
109.71.253.24200 OK 486 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/help-tip.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (486), with no line terminators
Hash 4d96dbbf6ef6fae6bf73494cd4b5f485
50f7a10deb38af77b4665a915fde6ac311e14e07
87e946f3cf423b9be2b52d90a0a9d4e9f6dd815f964ffd0c0962fb7ca9c1bcaf
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/help-tip.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/svg+xml
content-length: 486
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: "1e6-5ea4d5d8c1f0f"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/t-mobile-logo.svg
109.71.253.24200 OK 455 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/t-mobile-logo.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (455), with no line terminators
Hash 064fbd1126e17c68886137554600bec0
bcb9e3a933f877bce70ec2a084877aeedaa6f3da
c1a60e60a303b0a287c8a32e5538c6d79814c120fbbbdd82e29411272c941590
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/t-mobile-logo.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/svg+xml
content-length: 455
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:32 GMT
etag: "1c7-5ea4d5de24d18"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/service.svg
109.71.253.24200 OK 22 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/service.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (21702), with no line terminators
Hash cf3a634d8ca76c0e96d7c9abadf06767
211868f43b2e3a9fcf180404f06b2baccda04e1b
f04f698de192c79b8710580277c5001e153bfbca997fe9341f4b05b760eed096
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/service.svg HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/svg+xml
content-length: 21702
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "633dc67a-54c6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
109.71.253.24200 OK 12 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 11452, version 1.0\012- data
Hash 10f73228373cb0aab0b046cd73773f8d
e619917e1aec14c58baf4c2e88565105a50baa61
ba734482c11fc34553bb4938ac10b2a7be4cae10200ff112369fd41b9a7edb01
GET /Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: font/woff2
content-length: 11452
last-modified: Wed, 05 Oct 2022 18:01:32 GMT
etag: "633dc67c-2cbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
web8787.web07.bero-webspace.de/Tmob/f(3).txt
109.71.253.24200 OK 50 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(3).txt
IP 109.71.253.24:0
File type ASCII text, with very long lines (12680)
Hash d7724d38d74fde167d99194031a8bc83
f495155cf7428af53ee2c760b61b8a93c945a0e5
23f3310387285637c5cbae3759a53f49bbd7360f885a0dae38efcc1d21756bc3
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(3).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-4aac"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
siteimproveanalytics.com/js/siteanalyze_6004843.js
172.64.142.34200 OK 5.1 kB URL HTTP/2 siteimproveanalytics.com/js/siteanalyze_6004843.js
IP 172.64.142.34:0
File type ASCII text, with very long lines (14675), with no line terminators
Hash 769777d50bb72795a5d8a4836add502d
dc53659c9be64be3d7c21e99027c163ad51a1e89
3e576443bf9986536d87e0acc20d04026c69e5850294126bf4165253fd3c219c
GET /js/siteanalyze_6004843.js HTTP/1.1
Host: siteimproveanalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 5129
x-amz-id-2: Wy2LFq6e+v++iRNtr2dF8uS07R4bU8tY1pJu8SmEsMWKVrxWKNYQDDI3UTlIqtU/THXAkdA3xPU=
x-amz-request-id: BN8NPE1B49ESVGG5
cache-control: max-age=86400, no-transform
content-encoding: gzip
last-modified: Mon, 16 May 2022 09:11:01 GMT
etag: "769777d50bb72795a5d8a4836add502d"
cf-cache-status: HIT
age: 1433
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2Fy6Zim6OiXCE7xBo77HJqSmB36aHW%2FJ9reDHsepqDPfHKHpIflOtIo888hL6GwimRA5gldIZOF0daqj7WB5Zn5R12Bm7%2BjMg7%2B3pw9l3DA3Aos3xdCT9YotYar9v7a2JmKSChZhs6y7QXw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 756473841f9071c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-bold.woff2
109.71.253.24200 OK 43 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-bold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 43420, version 1.0\012- data
Hash 0995525e8fccca524b245e828f6032d2
5021ac4ae3272367246e030fd48cc1fc43711c9e
9e748f9462ea64f78d1b928c4f6f71d430e1f78ec324e6f725994dc95199912a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-bold.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: font/woff2
content-length: 43420
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a99c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-regular.woff2
109.71.253.24200 OK 42 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-regular.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 42484, version 1.0\012- data
Hash b98e83c526edfde70471d7ffaec30bd5
42cc68a16b2906a1a9d54d99ff70ea13a83a8cda
ce0c7cdaa1383a3289869599a393ce7654c81d779f1b1a5b86535fcfe1d71dfb
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-regular.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: font/woff2
content-length: 42484
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a5f4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-extrabold.woff2
109.71.253.24200 OK 45 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-extrabold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 45280, version 1.0\012- data
Hash 0cd6336ea943729127d85cf7fb0dd221
bdc2b0a4caece4f1d934828a74806f2a84c7ffac
764e82bdd36d6484aaee4d1bdcdaf19f0bab21ca54c134c87e544196e1781e8f
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-extrabold.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: font/woff2
content-length: 45280
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-b0e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 800851bd0bc157f97859df6287178eba
f0666aa22764f899d78e2caee9bf37af5d30a531
eb016cda8570419c3a10f768a8aecc6140d4e6efbc3b4a3f81e99a5b5a58570f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 06:06:31 GMT
Last-Modified: Fri, 07 Oct 2022 05:00:31 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fRAOoPb-vIPEOgFM4ZP1h9WC3SObuiJbM7VaQpGPMr02A2FHLj_jhA==
Age: 3960
www.googletagmanager.com/gtm.js?id=GTM-TGH4847
142.250.74.168200 OK 126 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TGH4847
IP 142.250.74.168:0
File type ASCII text, with very long lines (65325)
Size 126 kB (125644 bytes)
Hash 900d69f48cef4feda7492a46c784deac
fca4ddd53dced298bc204c354152adc24f9bbe79
e15d3ebd152e941c2c8de48cc9999840cfc87d4f9a5ff827265c4580c3968580
GET /gtm.js?id=GTM-TGH4847 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 07 Oct 2022 06:06:31 GMT
expires: Fri, 07 Oct 2022 06:06:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 125644
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/survey_tmnl_zakelijk.js.download
109.71.253.24200 OK 1.8 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/survey_tmnl_zakelijk.js.download
IP 109.71.253.24:0
File type HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash 4c755a12459dbf3179a12bd230fae2f0
5982c0b8a5f2a42d62f7fcdc725be34338a54ecd
686fe6942bb543620295449f7658dc05095899e0ebb0dab02b6f3db6ed9cd1c2
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/survey_tmnl_zakelijk.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:31 GMT
etag: W/"633dc67b-122e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
tmobile.blueconic.net/DG/DEFAULT/rest/rpc/890?referer=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-10-07T06%3A06%3A30%2B00%3A00&ts=1665122790909
52.48.232.130200 OK 22 B URL HTTP/2 tmobile.blueconic.net/DG/DEFAULT/rest/rpc/890?referer=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-10-07T06%3A06%3A30%2B00%3A00&ts=1665122790909
IP 52.48.232.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 24d0a027ba0f276ca66203026eecc338
d8d90d5038e96fc52f8f06da5ca5c0d0cb1d927d
2e4f23de4086a47e7d4f246638bbe838e34a17b8de971d719f93ef940ad46f2c
POST /DG/DEFAULT/rest/rpc/890?referer=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-10-07T06%3A06%3A30%2B00%3A00&ts=1665122790909 HTTP/1.1
Host: tmobile.blueconic.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 808
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-length: 22
set-cookie: AWSALB=AKh18QZbFXCI68gq723x4lMomOaTEOO2B75wvm8E7AK7JqfL1pyUTDDB3W1TUVNAUAJa54H9Cui0HDVs19i+qbRHzpGZEgWzoBGo4rd9byqeV+Fr2V7CIib5iVPm; Expires=Fri, 14 Oct 2022 06:06:31 GMT; Path=/
AWSALBCORS=AKh18QZbFXCI68gq723x4lMomOaTEOO2B75wvm8E7AK7JqfL1pyUTDDB3W1TUVNAUAJa54H9Cui0HDVs19i+qbRHzpGZEgWzoBGo4rd9byqeV+Fr2V7CIib5iVPm; Expires=Fri, 14 Oct 2022 06:06:31 GMT; Path=/; SameSite=None; Secure
server: -
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
p3p: policyref="", CP="DSP"
content-encoding: gzip
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.164.56.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.56.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yFRC6m6AUtPG2MKaqg+mGg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ffw8PTDFU3L/hGf8Qk10WVfr160=
web8787.web07.bero-webspace.de/Tmob/f(2).txt
109.71.253.24200 OK 3.2 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(2).txt
IP 109.71.253.24:0
File type ASCII text, with very long lines (2501), with no line terminators
Hash 2908370eaf9dcd9b601cd3451d88ebaa
a618f513d41e9e717d14a4239713f846334093b0
61151fef720bbaf9324a404b221c6c396743be8e5d8b09bc28de050b24e1d158
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(2).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-9c5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource.html
109.71.253.24200 OK 145 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource.html
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5e610eda263540ba05be0d6b5cf807a2
269663c27bdb68d880847d4f7bd4b62796926c93
682e5b3b42807f8a40d9f12d20c12a824dbf1dfcda7fefab7c81a08a35c9bfca
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource.html HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku; bc_tstgrp=10; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1; _ga=GA1.2.917351087.1665122791; _gid=GA1.2.87748264.1665122791
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: text/html
content-length: 145
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "95-5ea4d5dc7917d-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0d82dd0666d9050c03ca7bd37dbc80e9
21774e61901e247a76755d915ac24c39ddbbf276
0a567164eadcc6de3089cb7d9177520b451eece345311b0e0277ca9adb370b83
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 06:06:31 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 06:14:34 GMT
Expires: Thu, 13 Oct 2022 06:14:33 GMT
Etag: "21774e61901e247a76755d915ac24c39ddbbf276"
Cache-Control: max-age=518281,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75647385585bfac8-OSL
web8787.web07.bero-webspace.de/Tmob/uwt.js.download
109.71.253.24200 OK 2.3 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/uwt.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (5160), with no line terminators
Hash a4356df7425a979bff6ce7f5a3e3d46c
15592f053d7c9a3c1d2ca554a1d0aae2011f3fd7
290ba1f0243078d9d2b8eb707468da54e08881eabb48b55ca340efdbd2e76bc4
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/uwt.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:34 GMT
etag: W/"633dc67e-1428"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
globessl.ocsp.sectigo.com/
104.18.32.68200 OK 472 B URL HTTP/1.1 globessl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 5e72cde5dd58be1bffecca0488492c0b
1d66bfb5c1fd710eb55673e0af791198319e037a
c79ba3f047dcf0306a64c23f5c97e883ef343174b4dd80560a81613b6347bb62
POST / HTTP/1.1
Host: globessl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 06:06:31 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 23:03:28 GMT
Expires: Thu, 13 Oct 2022 23:03:27 GMT
Etag: "1d66bfb5c1fd710eb55673e0af791198319e037a"
Cache-Control: max-age=578815,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756473854c4eb50f-OSL
founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=888&optin=disabled&firstPartyCookieDomain=founders.t-mobile.nl
192.29.192.112302 Found 296 B URL HTTP/1.1 founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=888&optin=disabled&firstPartyCookieDomain=founders.t-mobile.nl
IP 192.29.192.112:0
ASN #31898 ORACLE-BMC-31898
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1b4e88f819ae9c70d3083a06397ac65d
4140afbef15d5a12fd285f2ce2c111bb03ab6af8
a6b71e6e75fa40d03ceb41d0acf187ceb4fbccb71298348c7b8244d95b6fb2b3
GET /visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=888&optin=disabled&firstPartyCookieDomain=founders.t-mobile.nl HTTP/1.1
Host: founders.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=888&optin=disabled&elq1pcGUID=B9777B96CE4344919789287E1A417733
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Fri, 07 Oct 2022 06:06:30 GMT
Content-Length: 296
founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=888&optin=disabled&elq1pcGUID=B9777B96CE4344919789287E1A417733
192.29.192.112200 OK 49 B URL HTTP/1.1 founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=888&optin=disabled&elq1pcGUID=B9777B96CE4344919789287E1A417733
IP 192.29.192.112:0
ASN #31898 ORACLE-BMC-31898
File type GIF image data, version 89a, 1 x 1\012- data
Hash dbefe00673f01d8b0f2791f3e30565cc
6b3227ad1a39504f155cb0117293a44ab3cbec3a
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
GET /visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=888&optin=disabled&elq1pcGUID=B9777B96CE4344919789287E1A417733 HTTP/1.1
Host: founders.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web8787.web07.bero-webspace.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: image/gif
Expires: -1
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Set-Cookie: ELOQUA=GUID=B9777B96CE4344919789287E1A417733; domain=t-mobile.nl; expires=Tue, 07-Nov-2023 07:06:31 GMT; path=/
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Fri, 07 Oct 2022 06:06:30 GMT
Content-Length: 49
tracking001.piwikpro.com/piwik.js
52.166.179.92200 OK 24 kB URL HTTP/2 tracking001.piwikpro.com/piwik.js
IP 52.166.179.92:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 5c4a4f0c8d9d6431e2944f7f895ab7ef
f31cb7196393a16f5ce5903012b2572a3c60c9d4
93ff681b9ad7721d7189bb6cac61d9d2ddcf9d2cb2132f47dd8f62735ac201bd
GET /piwik.js HTTP/1.1
Host: tracking001.piwikpro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 08:51:54 GMT
vary: Accept-Encoding
etag: W/"6253ec2a-11e9b"
expires: Fri, 07 Oct 2022 12:06:31 GMT
cache-control: max-age=21600
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 50f387ef1f17f899bae54d88310402f4
ecddb385fa7654035e7934786fec307ed482a7b3
0a101b94ee9ef42f41283a83b6c03e003a18da925543ab116378eb9ae9a4790c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 06:06:31 GMT
Last-Modified: Fri, 07 Oct 2022 05:34:34 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4qu_kYo5sq0HTjnDGvujmiDeMcvty5e3_rgh-828URZmdnsB65EUfw==
Age: 1917
6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1542&prev=1665122796518&luid=182d6d76-f714-a240-6dd3-e558942766c4&rnd=56898
18.158.197.63200 OK 34 B URL HTTP/2 6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1542&prev=1665122796518&luid=182d6d76-f714-a240-6dd3-e558942766c4&rnd=56898
IP 18.158.197.63:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
GET /image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1542&prev=1665122796518&luid=182d6d76-f714-a240-6dd3-e558942766c4&rnd=56898 HTTP/1.1
Host: 6004843.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=Oqdq/qWrDrR9aRyxzLjXuUx/xjKcvYWjjEgTV5w4TY8L5xAxr0GQ5Kk6Xycc/2BkBOWIGrHIjCm68R8HL99ZBedIESYMzOrSjh7o6tPgOFPZWq+XYDFVx57SaPZP; Expires=Fri, 14 Oct 2022 06:06:31 GMT; Path=/
AWSALBCORS=Oqdq/qWrDrR9aRyxzLjXuUx/xjKcvYWjjEgTV5w4TY8L5xAxr0GQ5Kk6Xycc/2BkBOWIGrHIjCm68R8HL99ZBedIESYMzOrSjh7o6tPgOFPZWq+XYDFVx57SaPZP; Expires=Fri, 14 Oct 2022 06:06:31 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Fri, 07 Oct 2022 06:06:31 UTC
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9af8f77271c0e690e9e16aa0eaf74ee2
55dbe79b278130d3d7aadc5e65d0145717a5ab37
70d1811348837e459897bb24afedfc721ac95bd06d81b7830aa0f4adca1418ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 38c8ed81c69d2af0003394c9fb9274c5
a71c6fb6d685275f8a8c7d9d87860df08a450038
fdff30d374603ecd62c6d244a1175731787725dba48777122802055969be28f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=63991
date: Fri, 07 Oct 2022 06:06:31 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ecc594c8ad8a58175abca6f74592cad0
bc3eb5409877f214ca5d45c39d39754fd80997ae
4376e30946f541ed958cbbff449d18b6acb24608aa48fa078440cb99291dc7d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3138
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Last-Modified: Fri, 07 Oct 2022 05:14:13 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
web8787.web07.bero-webspace.de/Tmob/linkid.js.download
109.71.253.24200 OK 17 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/linkid.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (1335)
Hash c68c73247326880b36ccb23c98848aa2
f19cafaf4e8bef510653686203af14c6750fb0dd
11a0393b75c6ba61268d40d61c94d34a78d996a5703c325f05395a4f3714fb21
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/linkid.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: W/"633dc677-621"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
216.58.207.195200 OK 42 B URL HTTP/2 www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 216.58.207.195:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 06:06:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/bat.js
13.107.21.200200 OK 11 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=3B9D5B6E308164D105814958317465F1; domain=.bing.com; expires=Wed, 01-Nov-2023 06:06:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6E529A80091F4786A27BFAF30A911EDF Ref B: OSL30EDGE0120 Ref C: 2022-10-07T06:06:31Z
date: Fri, 07 Oct 2022 06:06:31 GMT
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/Icons/favicon-16x16.png
20.56.240.229200 OK 353 B URL HTTP/2 www.t-mobile.nl/Assets/Icons/favicon-16x16.png
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 5b6ecdca49f836b8b107f22fcc4a9aa0
541307d5bbd92e81a63817f67d2584baf6e90541
86fd31831eeb75a2d2efe569da286f8d766004bc433681b94f897e3e0d72527a
GET /Assets/Icons/favicon-16x16.png HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=8f3fdf3a50e0d539d73523d2abcd63ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/png
content-length: 353
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 36Fv+w24tDPH06iba+BXBx2zaURlelyUgdF0an2JxL97ycUq2IbSFKcegrPB822dVCSWwW1DHeg5wMryd4sAfg==
content-length: 26840
x-fb-trip-id: 1904183273
date: Fri, 07 Oct 2022 06:06:31 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 06:06:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash dc5dd63497fd685bcc74c09cc1e182a4
3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8
9869131e097b3242901f498643d807bcbcc6021223dd9b029a09cdc8325824b4
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 06:06:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 00:03:13 GMT
Expires: Sat, 08 Oct 2022 00:03:13 GMT
ETag: "3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash dc5dd63497fd685bcc74c09cc1e182a4
3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8
9869131e097b3242901f498643d807bcbcc6021223dd9b029a09cdc8325824b4
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 06:06:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 00:03:13 GMT
Expires: Sat, 08 Oct 2022 00:03:13 GMT
ETag: "3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash dc5dd63497fd685bcc74c09cc1e182a4
3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8
9869131e097b3242901f498643d807bcbcc6021223dd9b029a09cdc8325824b4
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 06:06:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 00:03:13 GMT
Expires: Sat, 08 Oct 2022 00:03:13 GMT
ETag: "3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
216.58.207.226200 OK 3.2 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
IP 216.58.207.226:0
File type ASCII text, with very long lines (2812)
Hash 4d25fcd5db1b3e587056df29eceda987
f39f02656e6d83d8c5d56d9a2dc7dd503c8dfb08
c1ea615501bde8bb26af7731ca7118379c587f2f799c13d7b76b11434b502ffc
GET /pagead/js/r20210414/r20110914/elements/html/omrhp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 3181
x-xss-protection: 0
date: Thu, 06 Oct 2022 20:18:51 GMT
expires: Thu, 20 Oct 2022 20:18:51 GMT
cache-control: public, max-age=1209600
etag: 10699485926258732851
content-type: text/javascript; charset=UTF-8
age: 35260
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ecc594c8ad8a58175abca6f74592cad0
bc3eb5409877f214ca5d45c39d39754fd80997ae
4376e30946f541ed958cbbff449d18b6acb24608aa48fa078440cb99291dc7d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3138
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Last-Modified: Fri, 07 Oct 2022 05:14:13 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 07 Oct 2022 04:41:09 GMT
expires: Fri, 07 Oct 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 5122
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210414.28744&adurl=
216.58.211.2200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210414.28744&adurl=
IP 216.58.211.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210414.28744&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Fri, 07 Oct 2022 06:06:31 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 07-Oct-2022 06:21:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 07 Oct 2022 06:06:31 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9af8f77271c0e690e9e16aa0eaf74ee2
55dbe79b278130d3d7aadc5e65d0145717a5ab37
70d1811348837e459897bb24afedfc721ac95bd06d81b7830aa0f4adca1418ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/gtm/js?id=GTM-WD46K5L&t=gtm217&cid=917351087.1665122791&aip=true
142.250.74.174200 OK 44 kB URL HTTP/2 www.google-analytics.com/gtm/js?id=GTM-WD46K5L&t=gtm217&cid=917351087.1665122791&aip=true
IP 142.250.74.174:0
File type ASCII text, with very long lines (2831)
Hash 61663a83687110d37272dbc85e2edbdf
fd07e4c8372b3ec61f83c95062185fc5c35b8522
fc87367428e53d563f9b88e210c630f56cc20366da2ce32c3137b22d12c7326e
GET /gtm/js?id=GTM-WD46K5L&t=gtm217&cid=917351087.1665122791&aip=true HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 07 Oct 2022 06:06:31 GMT
expires: Fri, 07 Oct 2022 06:06:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44330
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=5318565&Ver=2&mid=0d82e87d-a75c-49f4-b1c6-d46360c52eef&sid=3096e420460611ed9602ddbd38f76cb6&vid=30970530460611ed92b727b54bd007ea&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&kw=inloggen,%20inloggen%20beheer,%20zakelijke%20inlog,%20zakelijke%20inlogomgeving,%20inloggen,%20t-mobile%20zakelijk&p=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&r=<=1426&evt=pageLoad&sv=1&rn=7257
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=5318565&Ver=2&mid=0d82e87d-a75c-49f4-b1c6-d46360c52eef&sid=3096e420460611ed9602ddbd38f76cb6&vid=30970530460611ed92b727b54bd007ea&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&kw=inloggen,%20inloggen%20beheer,%20zakelijke%20inlog,%20zakelijke%20inlogomgeving,%20inloggen,%20t-mobile%20zakelijk&p=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&r=<=1426&evt=pageLoad&sv=1&rn=7257
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5318565&Ver=2&mid=0d82e87d-a75c-49f4-b1c6-d46360c52eef&sid=3096e420460611ed9602ddbd38f76cb6&vid=30970530460611ed92b727b54bd007ea&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&kw=inloggen,%20inloggen%20beheer,%20zakelijke%20inlog,%20zakelijke%20inlogomgeving,%20inloggen,%20t-mobile%20zakelijk&p=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&r=<=1426&evt=pageLoad&sv=1&rn=7257 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=09F5B80B0E4B6F6421C3AA3D0FBE6EEE; domain=.bing.com; expires=Wed, 01-Nov-2023 06:06:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A666F93C88874F769BAA4B9E578A6654 Ref B: OSL30EDGE0120 Ref C: 2022-10-07T06:06:31Z
date: Fri, 07 Oct 2022 06:06:31 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 06:06:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.7433450424549858
34.96.102.137200 OK 35 B URL HTTP/2 dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.7433450424549858
IP 34.96.102.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.7433450424549858 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
expires: Mon, 10 Jan 2005 00:00:01 GMT
pragma: no-cache
x-content-type-options: nosniff
content-length: 35
server: gnv1c
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1665122790717&url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1665122790717&url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=&time=1665122790717&url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&1bda74f3-f517-4425-87a1-3858e71ac8ea"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 07-Oct-2023 06:06:31 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2399:u=1:x=1:i=1665122791:t=1665209191:v=2:sig=AQFUk2SYkpiYVLmcbLLQDDU7zevL0-0j"; Expires=Sat, 08 Oct 2022 06:06:31 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-source-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXqa5yCUeyVLgeCO4HLNw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 491358B2EA6C4C11BE6A3DDAA77F8FA6 Ref B: OSL30EDGE0416 Ref C: 2022-10-07T06:06:31Z
date: Fri, 07 Oct 2022 06:06:31 GMT
content-length: 0
X-Firefox-Spdy: h2
bat.bing.com/p/action/5318565.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/5318565.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5318565.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=2A63DEF248AC6C383380CCC449596D08; domain=.bing.com; expires=Wed, 01-Nov-2023 06:06:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2FE1085B21A04F938EE6949D960245B9 Ref B: OSL30EDGE0120 Ref C: 2022-10-07T06:06:31Z
date: Fri, 07 Oct 2022 06:06:31 GMT
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash dc5dd63497fd685bcc74c09cc1e182a4
3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8
9869131e097b3242901f498643d807bcbcc6021223dd9b029a09cdc8325824b4
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 06:06:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 00:03:13 GMT
Expires: Sat, 08 Oct 2022 00:03:13 GMT
ETag: "3b6f4bfcdcf9f30f7932d84bc4f71ebdd60287a8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&rl=&if=false&ts=1665122791902&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665122791901.2051718280&it=1665122791761&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&rl=&if=false&ts=1665122791902&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665122791901.2051718280&it=1665122791761&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&rl=&if=false&ts=1665122791902&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665122791901.2051718280&it=1665122791761&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Fri, 07 Oct 2022 06:06:31 GMT
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.59839864949575
34.96.102.137200 OK 35 B URL HTTP/2 dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.59839864949575
IP 34.96.102.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.59839864949575 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
expires: Mon, 10 Jan 2005 00:00:01 GMT
pragma: no-cache
x-content-type-options: nosniff
content-length: 35
server: gnv1c
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-1208.min.js
151.101.86.137200 OK 12 kB URL HTTP/2 js-agent.newrelic.com/nr-1208.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (31332), with no line terminators
Hash c735cd7fe713b55dd0c4883942c69c47
18d612de412704af277e2aa683e7ce9cad1a07da
3b72e1bc9807808e66e46b42c44dce929d01e63ebe34bc00e3d84acaffd5d94d
GET /nr-1208.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ht37li50OObZwDWXVtfRXNIIbZ7rfPceCb5sunn6AUTfT9T65v85m7us/+lm0DJm4pKntq6z0UQ=
x-amz-request-id: 1Q76YVRTXZP2SZMK
last-modified: Wed, 10 Mar 2021 16:24:28 GMT
etag: "1a71e4208296f97b465116492f59124d"
x-amz-version-id: RGJXhnJ2IqU3nLrOoxetOoKLCG4kx4sX
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 06:06:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 5
x-timer: S1665122792.093555,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 11777
X-Firefox-Spdy: h2
bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2309&ck=1&ref=https://web8787.web07.bero-webspace.de/&ap=36&be=912&fe=2216&dc=1424&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665122789789,%22n%22:0,%22f%22:327,%22dn%22:344,%22dne%22:344,%22c%22:344,%22s%22:373,%22ce%22:572,%22rq%22:572,%22rp%22:623,%22rpe%22:649,%22dl%22:648,%22di%22:1399,%22ds%22:1423,%22de%22:1426,%22dc%22:2214,%22l%22:2215,%22le%22:2218%7D,%22navigation%22:%7B%7D%7D&fcp=1285&jsonp=NREUM.setToken
162.247.241.2200 OK 77 B URL HTTP/1.1 bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2309&ck=1&ref=https://web8787.web07.bero-webspace.de/&ap=36&be=912&fe=2216&dc=1424&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665122789789,%22n%22:0,%22f%22:327,%22dn%22:344,%22dne%22:344,%22c%22:344,%22s%22:373,%22ce%22:572,%22rq%22:572,%22rp%22:623,%22rpe%22:649,%22dl%22:648,%22di%22:1399,%22ds%22:1423,%22de%22:1426,%22dc%22:2214,%22l%22:2215,%22le%22:2218%7D,%22navigation%22:%7B%7D%7D&fcp=1285&jsonp=NREUM.setToken
IP 162.247.241.2:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2309&ck=1&ref=https://web8787.web07.bero-webspace.de/&ap=36&be=912&fe=2216&dc=1424&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665122789789,%22n%22:0,%22f%22:327,%22dn%22:344,%22dne%22:344,%22c%22:344,%22s%22:373,%22ce%22:572,%22rq%22:572,%22rp%22:623,%22rpe%22:649,%22dl%22:648,%22di%22:1399,%22ds%22:1423,%22de%22:1426,%22dc%22:2214,%22l%22:2215,%22le%22:2218%7D,%22navigation%22:%7B%7D%7D&fcp=1285&jsonp=NREUM.setToken HTTP/1.1
Host: bam-cell.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 06:06:32 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7564738adb17b50c-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=b5b67f894399cb1c; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gx2Pdt62MzdAj3LHLK%2FKSR4b5qkpSNzDmeE0rthE%2FJjwbWi9BVUV58b1sdf5HSjN4TYROnACjuU9OSjo6P1PO92tNxvMDap742epe5Db6ehz1aYI2JCJc%2FgpkT7TCGEjmuFJpnjS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&f=1&r=0.1444288192281904
34.96.102.137200 OK 3.1 kB URL HTTP/2 dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&f=1&r=0.1444288192281904
IP 34.96.102.137:0
Hash 5e7a664117eaf4edd2d5cf3396d82183
50acd3d25d40aef00dcafe93046d33efb1241dc8
4e1231e0b0d22fe105bba7be4260040cfa2f7ffd3afc6346f1505256eb3c6b51
GET /j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2F&f=1&r=0.1444288192281904 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 06:06:31 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0, no-cache, must-revalidate
etag: W/"1665079103"
server: gams1
timing-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3376
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 06:06:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3376
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 06:06:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: a9tOPCySPRdXpvJf239ycM7_3PJS7GcITvM52Sxic_FwYr_-n2XQHA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:44:18 GMT
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
age: 30134
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79f3ec27-4efa-459e-a0bf-ae28f5d2dd3d.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79f3ec27-4efa-459e-a0bf-ae28f5d2dd3d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash faa74f37d774e88f35e8d28397e066dc
6864ffbbeba98f1afdcc89c6588a21868bd33b4c
1c2f63843f2699f1c7a1df149d048dcc265387cbac9e6e9ca89ee7487a166ed8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79f3ec27-4efa-459e-a0bf-ae28f5d2dd3d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8239
x-amzn-requestid: 82d6eec9-0b0a-4342-9805-da201179818c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zd9izGiRIAMF_rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633bdc78-4a82b86b2d75b9127b12415b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 07:10:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: d4GkQkVlHcLruEBQvyZ6T5ZSc7quxUully07xJ7_v4X3j2G_l7sbbw==
via: 1.1 0cf6c59c77f0fff670ae085179adc458.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 07:35:13 GMT
age: 81079
etag: "6864ffbbeba98f1afdcc89c6588a21868bd33b4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4572451a09430ca7a9203f14ddc035ba
46e17c44fba23988d7a9d9832c411ba2810136c3
fa54e73c4b32d8e109504ebcd46e4316de8143f44b7eae20a44ba63d14a6f24b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8445
x-amzn-requestid: 7d295b3b-29d6-4b2e-8314-c9055d1def80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmju5FxwoAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4cc5-3f58c18b1159ad512c60422b;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:46:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: DC1ECXhkAhfdrU8ZyMhhDdwydsq4PQfzzGOPd-REjCkCsDbXQLnLiA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:01:57 GMT
etag: "46e17c44fba23988d7a9d9832c411ba2810136c3"
content-type: image/jpeg
age: 29075
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 16339989f5c6c229a3dcc0ed1e52032f
a1ea26d6e4eb4a72cc8c87100b40035dab69d285
16703f888ee6f974bb89e1c4c16a75186b31b64130abcd1a3bcd3741159d912c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13437
x-amzn-requestid: ec801fbc-c339-46ce-ac5f-18d064e5ef21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_HdeoAMFyOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-02b52b770e6e76cf52b26e47;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: Iesqk_XbGiZE-n3mTa1_1WtlXiyEqz-4qfyt3_609O1eujdLcFu3zA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:01:58 GMT
etag: "a1ea26d6e4eb4a72cc8c87100b40035dab69d285"
content-type: image/jpeg
age: 29074
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41249b23-0479-4820-9c68-da428c1d2faa.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41249b23-0479-4820-9c68-da428c1d2faa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash caf0e5e75898e70a4f2caa2a707c7af9
25a573f90d12a42a6e63c65485be5fc325b0bfde
cec7ab3a7f6e02b57ee72ca7eee70c16b9026679aa7cd6c0739669731ccc94d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F41249b23-0479-4820-9c68-da428c1d2faa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8090
x-amzn-requestid: 7aeb8664-0241-40e1-ac8d-aef56b2a1847
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmirBHS9IAMFYKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4b13-19caf51e2f8b7df363293db3;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: -Y3Utot6t5i9ws9JDG4eGGQYEzrN5d48KD9rZ0p1mscrMzOXBTsp1Q==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7f06047c304d80ea094816a27c933914.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:44:25 GMT
etag: "25a573f90d12a42a6e63c65485be5fc325b0bfde"
content-type: image/jpeg
age: 30127
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download
109.71.253.24200 OK 9.6 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download
IP 109.71.253.24:0
Hash 39cf77bd6009d3c538455b3846680278
ad0ed304e5173bdb8f08254c2e4a5032e8fcafa5
792997f1f9a485ca57d274c7899e4f526476bf15ed564a8b74d248c4458b188f
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:32 GMT
etag: W/"633dc67c-26ed0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b023a4a84afaed47d1e899bce859d07d
70d2c1ad3e3635780f816f71a6bf3edba4de2e36
7db44da2fdda18c0e6941098e2758150931b6f2c9147ba45dcf28e5132abcb39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 06:06:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 05:15:18 GMT
Expires: Thu, 13 Oct 2022 05:15:17 GMT
Etag: "70d2c1ad3e3635780f816f71a6bf3edba4de2e36"
Cache-Control: max-age=514721,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7564739e4c33fac8-OSL
opt.objectiveportal.com/pixel.gif?customer=TMO&brand=TMO&domain=NL&process=site&gaid=917351087.1665122791&random=5207951538.422184
195.201.152.90200 OK 35 B URL HTTP/2 opt.objectiveportal.com/pixel.gif?customer=TMO&brand=TMO&domain=NL&process=site&gaid=917351087.1665122791&random=5207951538.422184
IP 195.201.152.90:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /pixel.gif?customer=TMO&brand=TMO&domain=NL&process=site&gaid=917351087.1665122791&random=5207951538.422184 HTTP/1.1
Host: opt.objectiveportal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:35 GMT
content-type: image/gif
content-length: 35
etag: 58635e0f-f662-4f52-a942-871075055d78
set-cookie: op_u_id=5b3f4804-a591-453e-b88e-c00e83c40968; max-age=7776000; path=/; HTTPOnly; SameSite=none; secure
op_s_id=40a6047e-ad9f-4122-9265-4683e5858cae; path=/; HTTPOnly; SameSite=none; secure
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: frame-ancestors *.objectiveportal.com objectiveportal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
referrer-policy: strict-origin-when-cross-origin
pragma: no-cache
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/op.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/op.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/op.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:28 GMT
etag: W/"633dc678-1440"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/siteanalyze_6004843.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/siteanalyze_6004843.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/siteanalyze_6004843.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: W/"633dc67a-2f30"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/ec.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/ec.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/ec.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:22 GMT
etag: W/"633dc672-adb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f.txt
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f.txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f.txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:24 GMT
etag: W/"633dc674-1f15"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/15258
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/15258
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/15258 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f(1).txt
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(1).txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(1).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-8e43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/tmobile.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/tmobile.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/tmobile.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:34 GMT
etag: W/"633dc67e-22fa1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
GET /Tmob/DesignSystem.css HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: text/css
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-62fc4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/fbevents.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/fbevents.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/fbevents.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: W/"633dc676-16e78"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/elqCfg.min.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/elqCfg.min.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/elqCfg.min.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-17c0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/gtm.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/gtm.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/gtm.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: W/"633dc676-6f7f5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/analytics.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/analytics.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/analytics.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: W/"633dc66f-be77"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/insight.min.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/insight.min.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/insight.min.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: W/"633dc677-10e2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/piwik.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/piwik.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/piwik.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: PHPSESSID=23u8n43k7lcj9m2cjeut9istku
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 06:06:30 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: W/"633dc679-11b60"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2