cloud.blacksebo.de/
144.202.15.240301 Moved Permanently 162 B IP 144.202.15.240:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 09:30:15 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://cloud.blacksebo.de/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12078
Expires: Thu, 01 Dec 2022 12:51:33 GMT
Date: Thu, 01 Dec 2022 09:30:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5899
Cache-Control: max-age=95963
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 09:30:15 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 12:09:38 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 09:18:08 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 727
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15055
Expires: Thu, 01 Dec 2022 13:41:10 GMT
Date: Thu, 01 Dec 2022 09:30:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JfgNlVu4b+QJ1UW1f2YkEAVWfwrUu1USD05J+gm4c2UwAiC8VWiW1ZTgzw/489qbf9CUcZDGcnI=
x-amz-request-id: KQ1NQ0KH67580MRM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 08:46:12 GMT
age: 2643
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4754ec239641335494638fd411b75270
a604143483e0cd1127a595292fb0fef5a4c8e15e
41233c8d3d87fca6bc96439824de21f62d8423f0f4d4635c554d704c59b7632c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41233C8D3D87FCA6BC96439824DE21F62D8423F0F4D4635C554D704C59B7632C"
Last-Modified: Tue, 29 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 01 Dec 2022 15:30:16 GMT
Date: Thu, 01 Dec 2022 09:30:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 09:08:56 GMT
cache-control: public,max-age=3600
age: 1280
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
cloud.blacksebo.de/
144.202.15.240302 Found 0 B IP 144.202.15.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Thu, 01 Dec 2022 09:30:16 GMT
content-type: text/html; charset=UTF-8
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-security-policy: default-src 'self'; script-src 'self' 'nonce-N01lQlQ2THpkSDZzUUFYNmRBTW5qTi9SU29jdG4xYmx4bEV5cmNYMVpGMD06dVpmQ1BQS1hPQTd1TFVTWU1VUVd6YlNoSHJKOTlCZTg5MlZZekkyL0FROD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
set-cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; path=/; secure; HttpOnly; SameSite=Lax
oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; path=/; secure; HttpOnly; SameSite=Lax
__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
location: https://cloud.blacksebo.de/index.php/login
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5943
Cache-Control: max-age=90938
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 09:30:16 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:45:54 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
cloud.blacksebo.de/index.php/login
144.202.15.240200 OK 4.2 kB URL HTTP/2 cloud.blacksebo.de/index.php/login
IP 144.202.15.240:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5016)
Hash 3890e2a820739ae2efd5e7c06e42bbe7
c36813f6ebfd8daf0cb17ba7fdc47815385ea602
4556266645bb013b243de3e04a8d64fee277fb1e256b9c6665848e10af7e43e7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/login HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:16 GMT
content-type: text/html; charset=UTF-8
content-length: 4220
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
x-request-id: Y4h0KPCVMqy3NqvHXBM@dgAAAAM
content-encoding: gzip
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src data: 'self';child-src 'self';frame-ancestors 'self';form-action 'self'
feature-policy: autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GY8qE081ONeWixwdGlrDjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZuL1ikDLB/ZLUpQ37w0MqpNNUNk=
cloud.blacksebo.de/index.php/js/core/merged-template-prepend.js?v=5cf32ef3-25
144.202.15.240200 OK 3.1 kB URL HTTP/2 cloud.blacksebo.de/index.php/js/core/merged-template-prepend.js?v=5cf32ef3-25
IP 144.202.15.240:0
Hash 9ea2faef93a66a111807bd8427636654
e82570c5ce89397158d7ad34b0f628f57ef439bd
5a714ea86f3ce9eb59a67cd96e45939d55e0563ff848718beacdfd28f30fab03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/js/core/merged-template-prepend.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
content-length: 3054
cache-control: max-age=31536000, immutable
x-request-id: Y4h0Kd3D18-NpcgsvURqHQAAAAE
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
content-disposition: inline; filename="merged-template-prepend.js.gzip"
content-encoding: gzip
expires: Fri, 01 Dec 2023 09:30:17 +0000
pragma: cache
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
last-modified: Wed, 22 Jun 2022 14:04:13 GMT
etag: "644fb010b3e0bb70f0b9eef1078ea2d9"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
X-Firefox-Spdy: h2
cloud.blacksebo.de/index.php/apps/theming/image/logo?useSvg=1&v=25
144.202.15.240200 OK 63 kB URL HTTP/2 cloud.blacksebo.de/index.php/apps/theming/image/logo?useSvg=1&v=25
IP 144.202.15.240:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (16217)
Hash 58afa937d0819afa37b89c92dfd0c490
bd941158d861698e389bcb90ba99eb45d93a609a
e38f30b103ab1b94769a6eaed1bcb9612ad206c818dbe4e1e7b75f5069782105
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/apps/theming/image/logo?useSvg=1&v=25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: image/svg+xml
content-length: 62698
cache-control: private, max-age=3600, must-revalidate
x-request-id: Y4h0KR7mHp-7REHMQGE0tAAAAAI
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src data: 'self';child-src 'self';frame-ancestors 'self';form-action 'self'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
content-disposition: attachment; filename="logo"
pragma: private
expires: Thu, 01 Dec 2022 10:30:17 +0000
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
last-modified: Thu, 19 Dec 2019 01:11:56 GMT
etag: "4e227993d59a734684449281e60deaf1"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
X-Firefox-Spdy: h2
cloud.blacksebo.de/dist/core-login.js?v=5cf32ef3-25
144.202.15.240200 OK 630 kB URL HTTP/2 cloud.blacksebo.de/dist/core-login.js?v=5cf32ef3-25
IP 144.202.15.240:0
File type Unicode text, UTF-8 text, with very long lines (65456)
Size 630 kB (629837 bytes)
Hash 580fe1c115cb8f5f7db6d9339595d641
c3f515c642872604d27ccc0a5223df659870a324
76aef99eebead184f777ae901422f7c7f3273d9e805872e9d2302599cd4bff7f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /dist/core-login.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 14:02:59 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b32113-1c910"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/index.php/apps/theming/image/logo?v=25
144.202.15.240200 OK 63 kB URL HTTP/2 cloud.blacksebo.de/index.php/apps/theming/image/logo?v=25
IP 144.202.15.240:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (16217)
Hash 58afa937d0819afa37b89c92dfd0c490
bd941158d861698e389bcb90ba99eb45d93a609a
e38f30b103ab1b94769a6eaed1bcb9612ad206c818dbe4e1e7b75f5069782105
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/apps/theming/image/logo?v=25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: image/svg+xml
content-length: 62698
cache-control: private, max-age=3600, must-revalidate
x-request-id: Y4h0KfCVMqy3NqvHXBM@eAAAAAM
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src data: 'self';child-src 'self';frame-ancestors 'self';form-action 'self'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
content-disposition: attachment; filename="logo"
pragma: private
expires: Thu, 01 Dec 2022 10:30:17 +0000
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
last-modified: Thu, 19 Dec 2019 01:11:56 GMT
etag: "4e227993d59a734684449281e60deaf1"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Thu, 01 Dec 2022 13:32:39 GMT
Date: Thu, 01 Dec 2022 09:30:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Thu, 01 Dec 2022 13:32:39 GMT
Date: Thu, 01 Dec 2022 09:30:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Thu, 01 Dec 2022 13:32:39 GMT
Date: Thu, 01 Dec 2022 09:30:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: 2711a135-b390-43ef-9e95-92438058bc27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz81FIpIAMFs9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-742f7f293df074340ab6a217;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ygs-Qd7UU_k4t4_breZTyqkHqGjJzlH1UMa9ncww5_IGpJ1n781jfg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:51:55 GMT
age: 41903
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jM-fTqLsmU3c_gc9Wle-lvCwXelA9Sid9axtzJQDsfOHv23yUbKsBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:43:35 GMT
age: 38803
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 41898
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 9e243a73-18ff-4abf-9b9c-442719960125
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpppFXjoAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bca3-47620f39181264772d2fb52d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:13:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _v5hatZyEWVRB4Tebygbb-QfE02oaFxE8CRfQsUY7I_ektxE3YeIpw==
via: 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:08:01 GMT
age: 58937
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 42168
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 52332
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cloud.blacksebo.de/index.php/apps/theming/icon?v=25
144.202.15.240200 OK 29 kB URL HTTP/2 cloud.blacksebo.de/index.php/apps/theming/icon?v=25
IP 144.202.15.240:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 12d44c0d720ff7f38830a7e485ed9a57
48a09750314c56fc303d23683c0782a8adeea9ae
a164f563b308dcb5f5473ae5d2e18f78940b95b29ccd6c2ced7bcfcfed104c66
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/apps/theming/icon?v=25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:18 GMT
content-type: image/png
content-length: 29017
cache-control: private, max-age=86400, must-revalidate
x-request-id: Y4h0KknxSb5-KxD2ItHNKAAAAAU
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
content-disposition: inline; filename="touchIcon-core"
pragma: private
expires: Fri, 02 Dec 2022 09:30:18 +0000
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
last-modified: Mon, 10 Oct 2022 22:39:11 GMT
etag: "31548afa8c6f9edd57a9327e9aa0de38"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
X-Firefox-Spdy: h2
cloud.blacksebo.de/index.php/apps/theming/favicon?v=25
144.202.15.240200 OK 464 kB URL HTTP/2 cloud.blacksebo.de/index.php/apps/theming/favicon?v=25
IP 144.202.15.240:0
File type PNG image data, 1698 x 1698, 8-bit/color RGBA, non-interlaced\012- data
Size 464 kB (464325 bytes)
Hash b940fb12e9e260745a138e1408f8c948
c7bd2b986640894e8f1bf0a0e88d54b168fadf4b
775e57dcec85641014d6750739ae4d6173ebca3eff24cd09094eec70a42325b8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/apps/theming/favicon?v=25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:18 GMT
content-type: image/x-icon
content-length: 464325
cache-control: private, max-age=86400, must-revalidate
x-request-id: Y4h0KijcFbzEx96@zk0QbwAAAAg
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
content-disposition: inline; filename="favicon.png"
pragma: private
expires: Fri, 02 Dec 2022 09:30:18 +0000
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
last-modified: Mon, 10 Oct 2022 22:39:09 GMT
etag: "843e13cbd2544c148ac48f57c1d5eb18"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
X-Firefox-Spdy: h2
cloud.blacksebo.de/core/img/loading-dark.gif
144.202.15.240200 OK 4.7 kB URL HTTP/2 cloud.blacksebo.de/core/img/loading-dark.gif
IP 144.202.15.240:0
File type GIF image data, version 89a, 32 x 32\012- data
Hash 7446c22d8ed8b7b4641adc5dc30f39d2
1ccb798de57db7a5d8996c3eac5ffc3c6b0c5147
93b795ec06aebf7141dbfb46cf6fa51fb964d2a5c0646303eb135b38d007a0a9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /core/img/loading-dark.gif HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:19 GMT
content-type: image/gif
content-length: 4683
last-modified: Wed, 22 Jun 2022 14:02:17 GMT
cache-control: max-age=15778463, immutable
etag: "62b320e9-124b"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
cloud.blacksebo.de/core/img/actions/toggle.svg
144.202.15.240200 OK 308 B URL HTTP/2 cloud.blacksebo.de/core/img/actions/toggle.svg
IP 144.202.15.240:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (307)
Hash d4dfeb8d8847da5d714a6a1c537a70e4
23e8f1d322347c4a0f690f005c4efb14accbf888
f93b7b94742bc8efa1b9c5bceae34be32a053af36727972ed3f7cd0fecb339b5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /core/img/actions/toggle.svg HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:19 GMT
content-type: image/svg+xml
content-length: 308
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
x-accel-version: 0.01
last-modified: Wed, 22 Jun 2022 14:02:18 GMT
etag: "134-5e209c8fb955c"
accept-ranges: bytes
cache-control: max-age=15778463, immutable
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2
cloud.blacksebo.de/core/img/actions/confirm-white.svg?v=2
144.202.15.240200 OK 405 B URL HTTP/2 cloud.blacksebo.de/core/img/actions/confirm-white.svg?v=2
IP 144.202.15.240:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (404)
Hash e06eff833cd2ee48a2f293b6f832e744
e3dbc308964e6bd10e0c8bd3e835436092a6cbcc
b8219e8f0ef3404d35b41a25f4c090df62e95a12cbc5f6452edc89ac3d3fed80
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /core/img/actions/confirm-white.svg?v=2 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloud.blacksebo.de/core/css/guest.css?v=5cf32ef3-25
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:19 GMT
content-type: image/svg+xml
content-length: 405
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
x-accel-version: 0.01
last-modified: Wed, 22 Jun 2022 14:02:18 GMT
etag: "195-5e209c8fc7fbc"
accept-ranges: bytes
cache-control: max-age=15778463, immutable
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabcce497-e838-40ff-ab98-af5f631b766f.jpeg
34.120.237.76200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabcce497-e838-40ff-ab98-af5f631b766f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5469e846da1e0f21cfc480f56a656a6
b3eaec75f854d22cd1dcd6aa42e37f6d0df50036
d5701207a8b6b358359ebfd85a6916af7a3abf79acba235bf7d4131b0bc2e9b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabcce497-e838-40ff-ab98-af5f631b766f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 2382
x-amzn-requestid: 7279ff68-1e32-4c57-9b9d-f5803a19e8e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cJYQuEmEIAMFkeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63806d9e-2cf28dc150b53b9f3c60bb4c;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 07:24:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UaUyc03Gw0P7G_7gjAyp-c3XxjIDbllO7lmG_8UWVCuBP4WgEgSydQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 14:26:41 GMT
age: 68623
etag: "b3eaec75f854d22cd1dcd6aa42e37f6d0df50036"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cloud.blacksebo.de/dist/core-files_fileinfo.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/dist/core-files_fileinfo.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /dist/core-files_fileinfo.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
x-accel-version: 0.01
last-modified: Wed, 22 Jun 2022 14:02:59 GMT
etag: W/"2eb-5e209cb72a117"
cache-control: max-age=15778463, immutable
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/dist/accessibility-accessibilityoca.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/dist/accessibility-accessibilityoca.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /dist/accessibility-accessibilityoca.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 14:02:59 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b32113-9c2"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/apps/files_rightclick/js/files.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/apps/files_rightclick/js/files.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /apps/files_rightclick/js/files.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 14:02:37 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b320fd-12a5"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/index.php/core/js/oc.js?v=5cf32ef3
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/index.php/core/js/oc.js?v=5cf32ef3
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/core/js/oc.js?v=5cf32ef3 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
x-request-id: Y4h0KKx5CHVlp11DF7p5@wAAAAQ
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
content-disposition: inline; filename=""
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/dist/core-main.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/dist/core-main.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /dist/core-main.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:16 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 14:02:59 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b32113-219cb"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/index.php/apps/theming/styles?v=25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/index.php/apps/theming/styles?v=25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php/apps/theming/styles?v=25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: text/css;charset=UTF-8
cache-control: private, max-age=86400, must-revalidate
x-request-id: Y4h0KS5WX3lhYaydRf3qewAAAAY
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
x-robots-tag: none
content-disposition: inline; filename="d71e-014c-theming.css"
pragma: private
expires: Fri, 02 Dec 2022 09:30:17 +0000
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Oct 2022 04:22:53 GMT
etag: W/"c699c66f94047ab82cabd790c4f65353"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.1.13, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/apps/files_rightclick/js/script.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/apps/files_rightclick/js/script.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /apps/files_rightclick/js/script.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 14:02:37 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b320fd-3a17"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/apps/theming/js/theming.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/apps/theming/js/theming.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /apps/theming/js/theming.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
x-accel-version: 0.01
last-modified: Wed, 22 Jun 2022 14:02:41 GMT
etag: W/"3c-5e209ca607538"
cache-control: max-age=15778463, immutable
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/core/css/guest.css?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/core/css/guest.css?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /core/css/guest.css?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:16 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 14:02:18 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b320ea-546c"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/dist/core-common.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/dist/core-common.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /dist/core-common.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:16 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 14:02:59 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b32113-8a8456"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/dist/core-files_client.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/dist/core-files_client.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /dist/core-files_client.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 14:02:59 GMT
cache-control: max-age=15778463, immutable
etag: W/"62b32113-2f59"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/dist/files_sharing-main.js?v=5cf32ef3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/dist/files_sharing-main.js?v=5cf32ef3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /dist/files_sharing-main.js?v=5cf32ef3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:17 GMT
content-type: application/javascript
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
x-accel-version: 0.01
last-modified: Wed, 22 Jun 2022 14:02:59 GMT
etag: W/"173-5e209cb746638"
cache-control: max-age=15778463, immutable
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
cloud.blacksebo.de/apps/files_rightclick/css/app.css?v=198068b3-25
144.202.15.240200 OK 0 B URL HTTP/2 cloud.blacksebo.de/apps/files_rightclick/css/app.css?v=198068b3-25
IP 144.202.15.240:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /apps/files_rightclick/css/app.css?v=198068b3-25 HTTP/1.1
Host: cloud.blacksebo.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: oc_sessionPassphrase=SjXQ53Ty5%2F%2BTwrB0BGHH6XaFClCTCMcWuiuL3iA5fgPQ%2Fy1k8N2PHG2w0faIRG999m2KnHRNNYf30NE9ErVKb3WXR2zqDYIBiOEjwoMh2RgX1WDhQXjwWGae4fllwiIk; oclmr2rlbn6w=jno2c1lhdvbehpfhank10sggee; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 09:30:16 GMT
content-type: text/css
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
x-accel-version: 0.01
last-modified: Wed, 22 Jun 2022 14:02:37 GMT
etag: W/"19c-5e209ca24e323"
cache-control: max-age=15778463, immutable
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2