firefox.settings.services.mozilla.com/v1/
54.230.111.7200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6ni_kBV2hOPOIXsS5QzHyfa-4N4FcEOd35Dxy_u4zoiDp-EwKFIrqQ==
Age: 102711
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7725
Expires: Thu, 06 Oct 2022 22:27:54 GMT
Date: Thu, 06 Oct 2022 20:19:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ab7d8709d334de0e46dcb86aabfbff1
f221138a8ad9d0bfa3c054370dcdb363a67dc310
b91d37f606eaf448b9c7dfc05566a11de004ce44503409e1a776288ee2622805
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15065
Expires: Fri, 07 Oct 2022 00:30:14 GMT
Date: Thu, 06 Oct 2022 20:19:09 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: E1QZH3YrWd0hr2fsFpczk68lHPioDrA1J3BkPbJhYtzga6gL/EYZ30YMAoC8/7afoB9sjz60UPQ=
x-amz-request-id: R3YEYHCVJE4V40MG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 19:58:52 GMT
age: 1217
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b648245efb72cd69e4ebd87e5ca135fa
33c6267fe9557226e509f288215cc9f4f78c037a
7c880f741a77fa51863b9cc00e32579e197aeeb91767e5f8b15a79a2eb36f734
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C880F741A77FA51863B9CC00E32579E197AEEB91767E5F8B15A79A2EB36F734"
Last-Modified: Wed, 05 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Fri, 07 Oct 2022 02:18:11 GMT
Date: Thu, 06 Oct 2022 20:19:09 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/onjuist.php
109.71.253.24200 OK 25 kB URL HTTP/2 web8787.web07.bero-webspace.de/onjuist.php
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (25513)
Hash 62e2fde725d958b8770ea82a022452cf
db03b6d31da22f2ea77e9f2c00e5ae7422dd4604
d0a5d4cd41c2a85a2b9b4e78c5a3bd4513b0ec3e978bfc470c7768d86d3f6a5c
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /onjuist.php HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:09 GMT
content-type: text/html; charset=UTF-8
content-length: 24682
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.32, PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource
109.71.253.24200 OK 1.5 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource
IP 109.71.253.24:0
Hash ce3962ff61c64d30be05d0f57e8bf3d0
948c113428bd8e071c89fbcbe0cbd1f303b4207d
54f983fd69daf585022ea02914e6bbbec2fee235b78ddfaf0874e96f39462e87
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/octet-stream
content-length: 1463
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: "633dc679-5b7"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/js
109.71.253.24200 OK 98 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/js
IP 109.71.253.24:0
File type ASCII text, with very long lines (2127)
Hash 4fcf33a7bfcedeb356402b3dcb8a7941
e52add890e8b9486cafdcf737737f873b2fddf2d
b2e61bfff0b05ab82eddd27e37e0bbcd067980982ecb72284afae5c576792c0a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/js HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/octet-stream
content-length: 98236
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: "633dc677-17fbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/static/t-mobile-logo.svg
20.56.240.229200 OK 243 B URL HTTP/2 www.t-mobile.nl/Assets/static/t-mobile-logo.svg
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 548720ab0e5bf4372a45ffe8b48db416
0283a50ccce31e104e679ee254154de8be9e2317
ff94370a161bbc40727c4313fe5e68fa0842835a0a80b6773b7ce69339e3f19d
GET /Assets/static/t-mobile-logo.svg HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: image/svg+xml
content-length: 243
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=26235fe3b1d7620aa1d9659efb6a96ec; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=26235fe3b1d7620aa1d9659efb6a96ec; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/456228845279132
109.71.253.24200 OK 261 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/456228845279132
IP 109.71.253.24:0
File type ASCII text, with very long lines (64471)
Size 261 kB (260964 bytes)
Hash 9eb15265ebeec54fad2c80298b8b5989
dcaf33bd450152f7c6f5bdc5c61dfd112ed0f6c1
667b0a2734580b913c271c71708d39c2fb527a79edd19f1ba4d4de26c382203d
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/456228845279132 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/octet-stream
content-length: 260964
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: "633dc66f-3fb64"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
20.56.240.229200 OK 240 B URL HTTP/2 www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 02c9f01b4726c74fa72f55c79eb3b4b7
fe7cbf43d20ee438193e98d3b3fcbf591665714f
d0166f644d8d61d76ae32bb06d71231f23d8447dc3e9e329ce98e65624e12648
GET /Assets/static/t-mobile-logo-white.svg HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: image/svg+xml
content-length: 240
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/
cache-control: max-age=31536000
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/saved_resource(1)
109.71.253.24200 OK 82 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/saved_resource(1)
IP 109.71.253.24:0
File type HTML document, ASCII text, with very long lines (558)
Hash a2a82860a6ff16765a4e5302b7df6ef8
e119c23241e2e865362a7d93e77652cc03fb2867
e900793533d5a24861457658acd88eefaf284309e5e5f8a049b9468af341abf2
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/saved_resource(1) HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/octet-stream
content-length: 81728
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "633dc67a-13f40"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/j.php
109.71.253.24200 OK 2.0 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/j.php
IP 109.71.253.24:0
File type ASCII text, with very long lines (2535)
Hash 68252acac8879c2fa1189d45b23b5ed6
f2a407e2ea95c719885c231c9ddd8b20f36740df
ac0866f3eabac6c7a50864fe3de79c0339c1cc984a0141bc06502a4c75ba7539
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/j.php HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html; charset=UTF-8
content-length: 2007
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.32, PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/0
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/0
IP 109.71.253.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/0 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-length: 0
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: "0-5ea4d5d1b73ea"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/SsoKeepAlive.aspx
109.71.253.24200 OK 665 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/SsoKeepAlive.aspx
IP 109.71.253.24:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c9e7bbf8e4f0db12c1fb302ff61d97a7
4e7702417228017514c7299c72f56ad46102ba55
d2edd898d01f9497f81b4433d604796a1f459c3356c8359d510f304d3b95c2ec
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/SsoKeepAlive.aspx HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-length: 665
x-accel-version: 0.01
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: "299-5ea4d5dd0e810"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/DesignSystem(1)
109.71.253.24200 OK 348 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/DesignSystem(1)
IP 109.71.253.24:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size 348 kB (348290 bytes)
Hash 5ed26472aae9352ec68755a632b0a3b3
b1cbe2999805d548e6aed30a242c51bed4c42099
fb2ecc31750ea9a875e1514cd687bb6cd381c7079efeceee8a3c0c08115f75c5
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/DesignSystem(1) HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/octet-stream
content-length: 348290
last-modified: Wed, 05 Oct 2022 18:01:22 GMT
etag: "633dc672-55082"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.7200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 06 Oct 2022 19:29:41 GMT
Expires: Thu, 06 Oct 2022 20:07:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jGS52_rrR21lKJPCpVpYQOu8AVqlSBlAJJo7sMtZXoCfXtguMrk51g==
Age: 2969
web8787.web07.bero-webspace.de/Tmob/piwik.js.download
109.71.253.24200 OK 24 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/piwik.js.download
IP 109.71.253.24:0
Hash 6b440140e8e22e9ef50b8cf3c49a43e4
40c3fcbf8a9699b8eb007ff263e46e4eb4b439de
e8b368757d244e39630c3d271d537bc24607d8a67ffe3807c8bfc93d97682aab
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/piwik.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:29 GMT
etag: W/"633dc679-11b60"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6223
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:10 GMT
Last-Modified: Thu, 06 Oct 2022 18:35:27 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
web8787.web07.bero-webspace.de/Tmob/uwt.js.download
109.71.253.24200 OK 2.3 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/uwt.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (5160), with no line terminators
Hash 580231b7289f224ee2a9b1fca80fa48c
df7b8c721bdea8a0d17b376e0eddc73ed9f6e8e5
c5fe4909970e18557a6ef74d03738ef36dd8c54831f396e4a78b6d5c3dc54942
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/uwt.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:34 GMT
etag: W/"633dc67e-1428"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 892af9380f4e26ded86f0d891577e478
e5fea912a2be7f4a8892b405e1c9989c3990a327
050f2d72053d81b7584dd08beaa1f0977882f0e0258429ba0ceffc658e0d5050
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 20:19:10 GMT
Last-Modified: Thu, 06 Oct 2022 18:45:56 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 05twuPMlG_Dghx4HRtg4-zD7VbC4WiiWsfas7nkER_2FgFF34I7SxQ==
Age: 5594
web8787.web07.bero-webspace.de/Tmob/f.txt
109.71.253.24200 OK 3.4 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f.txt
IP 109.71.253.24:0
File type ASCII text, with very long lines (2786)
Hash e94ea73a121b885d07536714619b9c63
8de67784a774e3669bdf0148738433a0df186eba
d016b35ef82eff845223eeeac616959809684f94248f219566d748e8984510f9
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f.txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:24 GMT
etag: W/"633dc674-1f15"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/insight.min.js.download
109.71.253.24200 OK 2.3 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/insight.min.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (4321)
Hash d44e07d69083550111f66c9a02e4533d
5c14156a33f7491be49fb26d4ef43b22aa927dc0
aeefc4ec2fcaf42c07fabbf02c71655595a705c97674ac1d7ed138efaeb34a6d
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/insight.min.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: W/"633dc677-10e2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/linkid.js.download
109.71.253.24200 OK 22 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/linkid.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (1335)
Hash 0b32ae3004d7d9c17fed88d539dd7e60
46a04cfaca984eae03ab98d0cb683d65c18cf37b
33ca12c95dec9f5b1d9eaa80d49ba01bcdfb2fd989134b8c405cecb745789960
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/linkid.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:27 GMT
etag: W/"633dc677-621"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-bold.woff2
109.71.253.24200 OK 43 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-bold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 43420, version 1.0\012- data
Hash 0995525e8fccca524b245e828f6032d2
5021ac4ae3272367246e030fd48cc1fc43711c9e
9e748f9462ea64f78d1b928c4f6f71d430e1f78ec324e6f725994dc95199912a
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-bold.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: font/woff2
content-length: 43420
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a99c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/tmobile.js.download
109.71.253.24200 OK 167 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/tmobile.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (14577)
Size 167 kB (166581 bytes)
Hash f585907e438e5914d9f372cfd66f830d
3d6a7cb8c2f85741b28c94be397f6c12ea9afa1d
3e584296d6e84010bb549cc01389aa72c11a92b698d8bd4a67893a5c8768502e
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/tmobile.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:34 GMT
etag: W/"633dc67e-22fa1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-regular.woff2
109.71.253.24200 OK 42 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-regular.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 42484, version 1.0\012- data
Hash b98e83c526edfde70471d7ffaec30bd5
42cc68a16b2906a1a9d54d99ff70ea13a83a8cda
ce0c7cdaa1383a3289869599a393ce7654c81d779f1b1a5b86535fcfe1d71dfb
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-regular.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: font/woff2
content-length: 42484
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a5f4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-medium.woff2
109.71.253.24200 OK 43 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-medium.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 43424, version 1.0\012- data
Hash 75f1236f41f04366b0831c6214d88e60
9a93a0336fea9ef4e15882a4855e228763481ce5
726419fe5c7c9ac329980a8ca1c940ecf108d83ec2f9a5f9246a2028dbc314f9
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-medium.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: font/woff2
content-length: 43424
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-a9a0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleneo-extrabold.woff2
109.71.253.24200 OK 45 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleneo-extrabold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 45280, version 1.0\012- data
Hash 0cd6336ea943729127d85cf7fb0dd221
bdc2b0a4caece4f1d934828a74806f2a84c7ffac
764e82bdd36d6484aaee4d1bdcdaf19f0bab21ca54c134c87e544196e1781e8f
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/teleneo-extrabold.woff2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: font/woff2
content-length: 45280
last-modified: Wed, 05 Oct 2022 18:01:33 GMT
etag: "633dc67d-b0e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/pastease.js.download
109.71.253.24404 Not Found 392 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/pastease.js.download
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8b93754bf8caf3519b9f5eb8b525695
ad6c31b3efb94a133f1ed4a6552a247069e13571
cd6f3a82983acf54031ec2ae35e9f8d209b1ce017b5fc3ec6c230bbad1fd6ed4
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/pastease.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
109.71.253.24200 OK 12 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 11452, version 1.0\012- data
Hash 10f73228373cb0aab0b046cd73773f8d
e619917e1aec14c58baf4c2e88565105a50baa61
ba734482c11fc34553bb4938ac10b2a7be4cae10200ff112369fd41b9a7edb01
GET /Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: font/woff2
content-length: 11452
last-modified: Wed, 05 Oct 2022 18:01:32 GMT
etag: "633dc67c-2cbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
img.en25.com/i/elqCfg.min.js
104.110.12.118200 OK 2.2 kB URL HTTP/1.1 img.en25.com/i/elqCfg.min.js
IP 104.110.12.118:0
File type ASCII text, with very long lines (6080), with no line terminators
Hash 653932b9065b662394993fd19677a932
854c6c3b96fc647f07bf9a1698387d1253bcb61c
ba8a6983167c051ebdd701cb59293a88346b84f2a9802f59ecc75ca49f383a7d
GET /i/elqCfg.min.js HTTP/1.1
Host: img.en25.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/x-javascript
Last-Modified: Tue, 12 Jul 2022 22:09:35 GMT
Accept-Ranges: bytes
ETag: "a2d639123c96d81:0"
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: no-store
Expires: Thu, 06 Oct 2022 20:19:10 GMT
Date: Thu, 06 Oct 2022 20:19:10 GMT
Content-Length: 2183
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5eee2baed68ec922370bd283860860fd
7d1e7dfdb9577dcd11587bb162e17c56eaf8e4c4
7931afabb9286276c385564aa73ed67927d31e12ab35eb92da84048a7896f27d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 0d82dd0666d9050c03ca7bd37dbc80e9
21774e61901e247a76755d915ac24c39ddbbf276
0a567164eadcc6de3089cb7d9177520b451eece345311b0e0277ca9adb370b83
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:19:10 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 06:14:34 GMT
Expires: Thu, 13 Oct 2022 06:14:33 GMT
Etag: "21774e61901e247a76755d915ac24c39ddbbf276"
Cache-Control: max-age=553522,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75611728ab5e1bfa-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67b8f29c7fe36a4eead85f82855bc0c2
2c18e7c8d2808aaca655d773a3ae5de2a3d5e279
e146960305c92bc09b85c3e1d3bbcefe014e9b74f689a9ed548dab504b71d2fd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:10 GMT
Server: ECS (amb/6B9E)
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 35332e1785672c1b3368d1c162a94f89
c68c00583ac9abe3f464d37b639f18085ab2641e
860eb928c196bc8047f92df32b5729aee0b0dd4f287fad1337ef9bc43fa9ca2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1085
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:10 GMT
Last-Modified: Thu, 06 Oct 2022 20:01:06 GMT
Server: ECS (amb/6B9E)
X-Cache: HIT
Content-Length: 727
founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=308&optin=disabled&firstPartyCookieDomain=founders.t-mobile.nl
192.29.192.112302 Found 296 B URL HTTP/1.1 founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=308&optin=disabled&firstPartyCookieDomain=founders.t-mobile.nl
IP 192.29.192.112:0
ASN #31898 ORACLE-BMC-31898
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d756e8200d6e67858a128ea9e0d1b126
3dddf94b2cbf14f82cb4056fb3409e9440d93604
5bce4aac66260990eb8a7bc55fb478a2da12f9d9e59072fc8160185422ab4245
GET /visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=308&optin=disabled&firstPartyCookieDomain=founders.t-mobile.nl HTTP/1.1
Host: founders.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=308&optin=disabled&elq1pcGUID=405AA3F3B9934394B6085F349260CF51
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Thu, 06 Oct 2022 20:19:10 GMT
Content-Length: 296
web8787.web07.bero-webspace.de/Tmob/survey_tmnl_zakelijk.js.download
109.71.253.24200 OK 1.3 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/survey_tmnl_zakelijk.js.download
IP 109.71.253.24:0
File type HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash 704a6590ffe65db814eebb205940bd8c
0de197a83d3b83f7af3144ebc07fd17337844b27
280c9cb1fd1285c7d5c5ff6f82cb5faca3802bea2a5298f9f6662e20c25c226c
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/survey_tmnl_zakelijk.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:31 GMT
etag: W/"633dc67b-122e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=308&optin=disabled&elq1pcGUID=405AA3F3B9934394B6085F349260CF51
192.29.192.112200 OK 49 B URL HTTP/1.1 founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=308&optin=disabled&elq1pcGUID=405AA3F3B9934394B6085F349260CF51
IP 192.29.192.112:0
ASN #31898 ORACLE-BMC-31898
File type GIF image data, version 89a, 1 x 1\012- data
Hash dbefe00673f01d8b0f2791f3e30565cc
6b3227ad1a39504f155cb0117293a44ab3cbec3a
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
GET /visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=308&optin=disabled&elq1pcGUID=405AA3F3B9934394B6085F349260CF51 HTTP/1.1
Host: founders.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web8787.web07.bero-webspace.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: image/gif
Expires: -1
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Set-Cookie: ELOQUA=GUID=405AA3F3B9934394B6085F349260CF51; domain=t-mobile.nl; expires=Mon, 06-Nov-2023 21:19:10 GMT; path=/
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Thu, 06 Oct 2022 20:19:10 GMT
Content-Length: 49
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash db49968cf340bbccb3bb2b2a3ba6a03f
170e219d68fa0c9fc22a7e4e5f48c57d4774507e
ed2d38010ef90d172fd90945188896647502ab30b8e51c4610583f8fe1a6a026
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 20:19:11 GMT
Last-Modified: Thu, 06 Oct 2022 19:20:56 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2kLIomZUOLA6kB_du5wBJTkMuTqUSGOSiDtuvwvT-ujFNek1IyhQJg==
Age: 3495
6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1381&prev=1665087635153&luid=2bb365fe-8908-3db2-6c1b-c6819b1caec8&rnd=27684
18.158.197.63200 OK 34 B URL HTTP/2 6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1381&prev=1665087635153&luid=2bb365fe-8908-3db2-6c1b-c6819b1caec8&rnd=27684
IP 18.158.197.63:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
GET /image.aspx?url=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1381&prev=1665087635153&luid=2bb365fe-8908-3db2-6c1b-c6819b1caec8&rnd=27684 HTTP/1.1
Host: 6004843.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:11 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=5iTEZftE9F0E3isLtHsU2WwiX0spz6CvM3WInHLPdoXe/19W1T6t45L3UabK8v/px8e2Px3ZhVguxXH31Vko6A2NgZjBk1fyejNJsqJo/Gr0yG0zShUr4Lp//YJ5; Expires=Thu, 13 Oct 2022 20:19:11 GMT; Path=/
AWSALBCORS=5iTEZftE9F0E3isLtHsU2WwiX0spz6CvM3WInHLPdoXe/19W1T6t45L3UabK8v/px8e2Px3ZhVguxXH31Vko6A2NgZjBk1fyejNJsqJo/Gr0yG0zShUr4Lp//YJ5; Expires=Thu, 13 Oct 2022 20:19:11 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Thu, 06 Oct 2022 20:19:11 UTC
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/tag-14d9bf68ae50819ee752a3d54c2baff7.js.download
109.71.253.24404 Not Found 774 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/tag-14d9bf68ae50819ee752a3d54c2baff7.js.download
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b7e87bac9675721f224f86dc5e7d49c7
9dad22e34267befa806016cc6d367333b8bc695b
aeb3b8b6f18eebc4769984c626cd9111fd85fb2de3e9062c9a594f934cc8f877
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/tag-14d9bf68ae50819ee752a3d54c2baff7.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2; bc_tstgrp=1; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
globessl.ocsp.sectigo.com/
172.64.155.188200 OK 472 B URL HTTP/1.1 globessl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash d0b3813c1c7b0f5ea1dcab4b474397b2
d930174415918ceb10fc1ba3c7bddcf41cc2ca1b
6b66aa809ba66d61d2bca51a7199d3e45d7bfb4a97a202a366b2f2b2b901154c
POST / HTTP/1.1
Host: globessl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:19:11 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 11:03:27 GMT
Expires: Mon, 10 Oct 2022 11:03:26 GMT
Etag: "d930174415918ceb10fc1ba3c7bddcf41cc2ca1b"
Cache-Control: max-age=311655,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756117284cdf0afe-OSL
www.t-mobile.nl/Assets/Icons/favicon-196x196.png
20.56.240.229200 OK 16 kB URL HTTP/2 www.t-mobile.nl/Assets/Icons/favicon-196x196.png
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced\012- data
Hash d7d78ef91cb5d6bb980fbd6a7c56967f
e4723fa7917e47974e499ed60794e7f460052944
fd4baf2fba1106e46df6e5fccb130d95a5097d414bff1f4f1d86c2c48b373bf0
GET /Assets/Icons/favicon-196x196.png HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=8f3fdf3a50e0d539d73523d2abcd63ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:11 GMT
content-type: image/png
content-length: 16259
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/Icons/favicon-16x16.png
20.56.240.229200 OK 353 B URL HTTP/2 www.t-mobile.nl/Assets/Icons/favicon-16x16.png
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 5b6ecdca49f836b8b107f22fcc4a9aa0
541307d5bbd92e81a63817f67d2584baf6e90541
86fd31831eeb75a2d2efe569da286f8d766004bc433681b94f897e3e0d72527a
GET /Assets/Icons/favicon-16x16.png HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=8f3fdf3a50e0d539d73523d2abcd63ac
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:11 GMT
content-type: image/png
content-length: 353
last-modified: Mon, 19 Sep 2022 07:02:18 GMT
accept-ranges: bytes
etag: "0f96cc1f5cbd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/ec.js.download
109.71.253.24200 OK 4.6 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/ec.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (523)
Hash 3218ba60de2c47bce2a4d5f0fbd5dfb2
bbca20f7840ce9ca7bc54fd585c3bec49b92fb95
e30a6a4e01dd5962d07362d45620aa6a42f7b2fcc727aba08decd38cd968b349
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/ec.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:22 GMT
etag: W/"633dc672-adb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ecc594c8ad8a58175abca6f74592cad0
bc3eb5409877f214ca5d45c39d39754fd80997ae
4376e30946f541ed958cbbff449d18b6acb24608aa48fa078440cb99291dc7d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6395
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Last-Modified: Thu, 06 Oct 2022 18:32:36 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 38c8ed81c69d2af0003394c9fb9274c5
a71c6fb6d685275f8a8c7d9d87860df08a450038
fdff30d374603ecd62c6d244a1175731787725dba48777122802055969be28f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: WTBx2uc4HwL7SgZVYzIRJKfU15GG+4E2/24UIe0NPIS4WhI82zGXsDQV2bXdtU4q+vLPZTAKTE8M6SywByj8WQ==
content-length: 26840
x-fb-trip-id: 1904183273
date: Thu, 06 Oct 2022 20:19:11 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tracking001.piwikpro.com/piwik.js
52.166.179.92200 OK 36 kB URL HTTP/2 tracking001.piwikpro.com/piwik.js
IP 52.166.179.92:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 7f267a7a3b82524d2291c8bc66916e38
b2ff24ddb302c56a02e4e98fc6e144a9feee4187
f931fa646235730e51155b5e3b4a7f5aacbd72d141754f1a6c91e1107e96ea36
GET /piwik.js HTTP/1.1
Host: tracking001.piwikpro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:11 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 08:51:54 GMT
vary: Accept-Encoding
etag: W/"6253ec2a-11e9b"
expires: Fri, 07 Oct 2022 02:19:11 GMT
cache-control: max-age=21600
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
web8787.web07.bero-webspace.de/Tmob/tag-14d9bf68ae50819ee752a3d54c2baff7.js.download
109.71.253.24404 Not Found 412 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/tag-14d9bf68ae50819ee752a3d54c2baff7.js.download
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d2293b463a987cfb635411b479b614d2
c19fe779052b52b0d2d8a61e3b1d66ba82d92db0
f27a05aaa4a5074778853c99a8bea7fd5fa7d69d38ed0d8445a5cadcd2c3dc9b
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/tag-14d9bf68ae50819ee752a3d54c2baff7.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
216.58.211.2200 OK 3.2 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (2812)
Hash 4d25fcd5db1b3e587056df29eceda987
f39f02656e6d83d8c5d56d9a2dc7dd503c8dfb08
c1ea615501bde8bb26af7731ca7118379c587f2f799c13d7b76b11434b502ffc
GET /pagead/js/r20210414/r20110914/elements/html/omrhp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 3181
x-xss-protection: 0
date: Thu, 06 Oct 2022 20:18:51 GMT
expires: Thu, 20 Oct 2022 20:18:51 GMT
cache-control: public, max-age=1209600
etag: 10699485926258732851
content-type: text/javascript; charset=UTF-8
age: 20
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ecc594c8ad8a58175abca6f74592cad0
bc3eb5409877f214ca5d45c39d39754fd80997ae
4376e30946f541ed958cbbff449d18b6acb24608aa48fa078440cb99291dc7d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6395
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Last-Modified: Thu, 06 Oct 2022 18:32:36 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 353ce4e81504d2240062a7337955063e
a2b01ba15a69103f9b38fdd3dc3d99585693d374
e4b24ff6405455705ecc84db9b88e4b493cca4aead9e85452cd272885d613aa4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:19:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210414.07366&adurl=
142.250.74.34200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210414.07366&adurl=
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210414.07366&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 20:19:11 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 06-Oct-2022 20:34:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 06 Oct 2022 20:19:11 GMT
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:19:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
web8787.web07.bero-webspace.de/Tmob/elqCfg.min.js.download
109.71.253.24200 OK 2.0 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/elqCfg.min.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (6080), with no line terminators
Hash af0efcbc69a6ce1ccfc7a7f86d13ed29
48106d1316f37cb7f7cb569c6b8f5dc0b5032d31
7bac7005c1e2a1d843a9dcdaa78ceb7b6300ede83572efe432ae50d2eded9750
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/elqCfg.min.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-17c0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
216.58.207.195200 OK 42 B URL HTTP/2 www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 216.58.207.195:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 20:19:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f9371f81e2eeeead7fe351a49f3b1c40
ae23d6c6c57dd7cf568c3a74594c377b7bb7df43
03c4ba0faa3199d061d1bb37df5d48ba6d81f77a83e243922075efc4d4acf456
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 05cdf02bcbbeed0122679c1118a350ce
b5311d6866b69206bec8f67a19cfeeefed233ef1
4b7235ec2ca2295957e75e79fdc718fbacc13bfd5674d1aeb7cbe5bed9fe9ead
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
web8787.web07.bero-webspace.de/Tmob/analytics.js.download
109.71.253.24200 OK 68 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/analytics.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (1325)
Hash c7194f88b683f843afd06e0646fb5e55
99f860a822599ffcab903a720b46f8f3e8bbeaf7
2e1bfcc37c985187897786744f2ac6e15ccef50d90586ac9c397af1e18bd6374
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/analytics.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:19 GMT
etag: W/"633dc66f-be77"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9af8f77271c0e690e9e16aa0eaf74ee2
55dbe79b278130d3d7aadc5e65d0145717a5ab37
70d1811348837e459897bb24afedfc721ac95bd06d81b7830aa0f4adca1418ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:19:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.7882692853208693
34.96.102.137200 OK 35 B URL HTTP/2 dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.7882692853208693
IP 34.96.102.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /v.gif?cd=0&a=545796&d=web8787.web07.bero-webspace.de&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.7882692853208693 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:11 GMT
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
expires: Mon, 10 Jan 2005 00:00:01 GMT
pragma: no-cache
x-content-type-options: nosniff
content-length: 35
server: gnv1c
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cacheorcheck.mopinion.com/survey/public/json-config?key=a4f465257753401a1c8f2a108a7336c7b48f0d28&domain=t-mobile.mopinion.com&withBase=true
54.230.111.57200 OK 27 kB URL HTTP/2 cacheorcheck.mopinion.com/survey/public/json-config?key=a4f465257753401a1c8f2a108a7336c7b48f0d28&domain=t-mobile.mopinion.com&withBase=true
IP 54.230.111.57:0
Hash ea7239e9edb8b8c170a1348f598734b8
7b1a6c214c9931e93695aed8286bc1416d21ae44
4c211fdab8facdc01352688f71bae6483a4c53dceaaa199b744483dc6cb6c646
GET /survey/public/json-config?key=a4f465257753401a1c8f2a108a7336c7b48f0d28&domain=t-mobile.mopinion.com&withBase=true HTTP/1.1
Host: cacheorcheck.mopinion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
date: Thu, 06 Oct 2022 15:09:37 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Last-Modified,X-Frame-Options,Strict-Transport-Security,X-Content-Type-Options,X-XSS-Protection,Server,Origin,Accept,Accept-Version,Content-Length,Content-MD5,Content-Type,Date,X-Api-Version,X-Response-Time,X-PINGOTHER,X-CSRF-Token,Authorization
access-control-allow-methods: *
access-control-expose-headers: X-Api-Version, X-Request-Id, X-Response-Time
cache-control: public, max-age=86400
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Thu, 06 Oct 2022 13:16:56 GMT
x-powered-by: Mopinion.com
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: P5BNBYBvc97TFPNtkckQkngXY3H6yAstf3ndqPaqRdZ9l_MkEgmxvQ==
age: 18574
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&rl=&if=false&ts=1665087551675&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665087551674.1164898768&it=1665087551391&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&rl=&if=false&ts=1665087551675&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665087551674.1164898768&it=1665087551391&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&rl=&if=false&ts=1665087551675&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1665087551674.1164898768&it=1665087551391&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Thu, 06 Oct 2022 20:19:11 GMT
X-Firefox-Spdy: h2
collect.mopinion.com/assets/surveys/2.0/js/survey.min.js?d=30032020
52.211.127.124200 OK 68 kB URL HTTP/2 collect.mopinion.com/assets/surveys/2.0/js/survey.min.js?d=30032020
IP 52.211.127.124:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 486e28c3e91c5c5cc520e1d286718215
5f62b4feac777afb03149baeddf1e80f81cbfef1
93f904aec327c84849c3bd6390aa2904f895bc95d568cb7741d167a9769b7a72
GET /assets/surveys/2.0/js/survey.min.js?d=30032020 HTTP/1.1
Host: collect.mopinion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:11 GMT
content-type: application/javascript
set-cookie: AWSALB=FHXHrPqllta5gu6XaSriNn898xmZAnOMO/SlA3OF4jARf7wZWDSwtlECKSkdQBPX4DbWetahkqsbamrBF6W8sZZDTALNoioDlJQe3c93Z2k27zAbMEFmN3smr5ZF; Expires=Thu, 13 Oct 2022 20:19:11 GMT; Path=/
AWSALBCORS=FHXHrPqllta5gu6XaSriNn898xmZAnOMO/SlA3OF4jARf7wZWDSwtlECKSkdQBPX4DbWetahkqsbamrBF6W8sZZDTALNoioDlJQe3c93Z2k27zAbMEFmN3smr5ZF; Expires=Thu, 13 Oct 2022 20:19:11 GMT; Path=/; SameSite=None; Secure
server: nginx
last-modified: Thu, 01 Sep 2022 10:22:04 GMT
vary: Accept-Encoding
etag: W/"631087cc-3fe10"
expires: Thu, 13 Oct 2022 20:19:11 GMT
cache-control: max-age=604800
content-encoding: gzip
access-control-allow-headers: Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Content-Encoding
content-security-policy: default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
x-content-security-policy: default-src 'self' data: *.mopinion.com *.mopinion.nl; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' storage.googleapis.com widget-backend.groovehq.com groove-widget-production.s3.amazonaws.com d2wy8f7a9ursnm.cloudfront.net *.google-analytics.com *.googletagmanager.com api.officedron.es js.stripe.com m.stripe.com *.mopinion.com *.mopinion.nl cdnjs.cloudflare.com ajax.googleapis.com ipinfo.io www.google-analytics.com dev.visualwebsiteoptimizer.com pi.pardot.com app.getbeamer.com static.getbeamer.com cdn.heapanalytics.com heapanalytics.com *.smartlook.com *.smartlook.cloud cdn.mxpnl.com cdn4.mxpnl.com code.highcharts.com youtube.com www.youtube.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.mopinion.nl *.mopinion.com app.getbeamer.com heapanalytics.com; img-src 'self' data: blob: *.mopinion.com *.mopinion.nl *.amazonaws.com *.google-analytics.com *.apple.com *.google.com *.google.nl *.google.de *.google.fr *.google.co.uk *.google.se *.google.com.au *.google.ca *.google.be *.google.it *.google.ie *.google.is *.google.dk *.google.no *.google.ch *.google.at mopinion-visual-feedback.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com/efm/ q.stripe.com www.google-analytics.com dev.visualwebsiteoptimizer.com *.doubleclick.net app.getbeamer.com heapanalytics.com; media-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.mopinion.com fonts.gstatic.com gstatic.mopinion.com heapanalytics.com; connect-src 'self' api.stripe.com m.stripe.com api.officedron.es *.mopinion.com api.trello.com app.asana.com freegeoip.net www.googleapis.com *.google-analytics.com *.doubleclick.net backend.getbeamer.com sentry.io *.ingest.sentry.io heapanalytics.com *.smartlook.com *.smartlook.cloud *.mixpanel.com cdn.mxpnl.com; frame-src 'self' youtube.com www.youtube.com player.vimeo.com groove-widget-production.s3.amazonaws.com js.stripe.com app.getbeamer.com changelog.mopinion.com; object-src 'none'; worker-src blob:
x-permitted-cross-domain-policies: none
referrer-policy: same-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
bat.bing.com/p/action/5318565.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/5318565.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5318565.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=1A62F5EFC65669FD2838E7DAC70168F3; domain=.bing.com; expires=Tue, 31-Oct-2023 20:19:11 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 02E68589C3DF4BE9A21C52D6C3EEBDFD Ref B: OSL30EDGE0311 Ref C: 2022-10-06T20:19:11Z
date: Thu, 06 Oct 2022 20:19:11 GMT
X-Firefox-Spdy: h2
cacheorcheck.mopinion.com/survey/public/emoji?blockId=3432&domain=t-mobile.mopinion.com
54.230.111.57200 OK 1.6 kB URL HTTP/2 cacheorcheck.mopinion.com/survey/public/emoji?blockId=3432&domain=t-mobile.mopinion.com
IP 54.230.111.57:0
File type JSON data\012- , ASCII text, with very long lines (6720), with no line terminators
Hash 335b2bbe92d3314e3a8c4ca191625dcd
353190d5641745677464170333b1439f12080cd2
31411b84e1c6b054237978bfc6005be9f89ef652ff0634d25dacd8efe31ff4f0
GET /survey/public/emoji?blockId=3432&domain=t-mobile.mopinion.com HTTP/1.1
Host: cacheorcheck.mopinion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Wed, 05 Oct 2022 20:54:26 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Expose-Headers,Cache-Control,Last-Modified,X-Frame-Options,Strict-Transport-Security,X-Content-Type-Options,X-XSS-Protection,Server,Origin,Accept,Accept-Version,Content-Length,Content-MD5,Content-Type,Date,X-Api-Version,X-Response-Time,X-PINGOTHER,X-CSRF-Token,Authorization
access-control-allow-methods: *
access-control-expose-headers: X-Api-Version, X-Request-Id, X-Response-Time
cache-control: public, max-age=86400
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
last-modified: Wed, 05 Oct 2022 20:54:26 GMT
x-powered-by: Mopinion.com
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: onKWBY3jptQM26hzOf2Up2Jbu7OPvVlyEE5tBJz-a2UuOLKpqa92yg==
age: 84285
X-Firefox-Spdy: h2
fonts.mopinion.com/css?family=Open+Sans
143.198.251.116200 OK 614 B URL HTTP/1.1 fonts.mopinion.com/css?family=Open+Sans
IP 143.198.251.116:0
ASN #14061 DIGITALOCEAN-ASN
Hash 03befa07f84e85bf3095beb63d3d2df5
f5ff5f73fc079fb1339877977f5d7fcf5e8309a5
4747317fb2b637a11ffdfba41de03f8a46ab79ab526fee2af6276ade0909ac53
GET /css?family=Open+Sans HTTP/1.1
Host: fonts.mopinion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:12 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding,Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 06 Oct 2023 20:19:12 GMT
cache-control: max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: gzip
transfer-encoding: chunked
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://fonts.mopinion.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 18:53:39 GMT
expires: Tue, 03 Oct 2023 18:53:39 GMT
cache-control: public, max-age=31536000
age: 264333
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 20:19:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11582
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:19:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11582
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:19:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11582
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:19:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11582
Expires: Thu, 06 Oct 2022 23:32:14 GMT
Date: Thu, 06 Oct 2022 20:19:12 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e238ccaa3b9fa88476a8514855e8232f
447cbf348ef10d0136a1811e843c46937defbba1
43dce3c1eb388dfaddca4176acb6eb32f76fc4c03fca18e7a315c9ddb43d2b02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7270
x-amzn-requestid: e5d0bb7a-b9d5-49b1-b51c-8db019da641f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQOGEQloAMFjgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfa5a-519d91fb0b83920960da479d;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:42:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: l1HGT5ycH36vVojsOPFptRSU1YJFvLbBsgiWJqzRlRIGgm2o5vf6jg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:58:56 GMT
etag: "447cbf348ef10d0136a1811e843c46937defbba1"
content-type: image/jpeg
age: 80416
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f(1).txt
109.71.253.24200 OK 24 kB URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(1).txt
IP 109.71.253.24:0
File type ASCII text, with very long lines (2427)
Hash 572017391485966802ae520de06098b9
8d3717aa02d81c4d2ccf23cb2b6c7824ac8ff8b5
cf87fd2eec48bb3328c096875f1de204090b9bfd0a6a0439bfb4356d40d56eb8
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(1).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-8e43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dbba56f647bf5989ca51863632bbebfc
26694f34166345ee5693653e0101db6b910e68ba
ec5cc38f2a77e8e655aeeb7a376cf882ccb7163e4ef9d1ce4633ab4754e48765
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ce3d070-3bf1-47cd-bdd7-2bda7b826976.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4140
x-amzn-requestid: f3cb33c4-26b6-4fd8-9293-dfb42be34600
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjOZiEZ4IAMFvLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df770-424459547db8b3d721d75e54;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:30:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: q70sezhl0h-lASzUDh5_WQ6KraRa3fWYl_tO0iuE0CpbJ5GeiihgMw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
etag: "26694f34166345ee5693653e0101db6b910e68ba"
content-type: image/jpeg
age: 81726
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9e520f87cae411cfc2ed1c8a14184385
69ad212cb7ae309d4f02019552887135bfae67da
723b10bfbcde201b5811e3bd0560f02f90775e4d18b28d19e6c814899f2da71a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7511
x-amzn-requestid: 995b51dd-5484-4b4c-ad40-550f7fd85930
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6uG70IAMFjBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-70f17f6f24dce0003d03902a;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: BddSUzh-PKiFmfw2p9gPW-B0qtrXWxCXfee29Pk-wLqN7RO21Yic6g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
age: 81726
etag: "69ad212cb7ae309d4f02019552887135bfae67da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 488ec5b4267ccb1cdc4e6e08556f7f3b
42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88
d9b05fe92962a58b9a8e8dbd4757969aa361be12018107ae649ffcdb8a0f8d84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3430
x-amzn-requestid: 9b3b52d6-08b4-4893-962b-3dfe67e2f11d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjTijF0vIAMFq3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dffa9-0a128734418b6c4d6375e2ac;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 22:05:29 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: G0mKHnEonkmY4EDpNGAbg_DF37oxElJt58Lv6IJ4ro-hiG61wEAqVQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 09:57:45 GMT
age: 37287
etag: "42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70ea26af79226e9ff06d6198e2c019dc
ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57
f9393e7b8cbaedc8e1ef87fd89c617cf102f58813d84d866ff68e3124f94d44c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 127bce04-9f75-4bb1-bbe7-33bf1694d96c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmHG5oAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-3896085b3b73ff5403237206;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E4yZTPRLFdK717YfwjOIFOJDi0wYpyA736dQELeM5iPLvGDXBosEWg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 05:04:17 GMT
age: 54895
etag: "ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-1208.min.js
151.101.86.137200 OK 12 kB URL HTTP/2 js-agent.newrelic.com/nr-1208.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (31332), with no line terminators
Hash c735cd7fe713b55dd0c4883942c69c47
18d612de412704af277e2aa683e7ce9cad1a07da
3b72e1bc9807808e66e46b42c44dce929d01e63ebe34bc00e3d84acaffd5d94d
GET /nr-1208.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ht37li50OObZwDWXVtfRXNIIbZ7rfPceCb5sunn6AUTfT9T65v85m7us/+lm0DJm4pKntq6z0UQ=
x-amz-request-id: 1Q76YVRTXZP2SZMK
last-modified: Wed, 10 Mar 2021 16:24:28 GMT
etag: "1a71e4208296f97b465116492f59124d"
x-amz-version-id: RGJXhnJ2IqU3nLrOoxetOoKLCG4kx4sX
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 06 Oct 2022 20:19:12 GMT
via: 1.1 varnish
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 4731
x-timer: S1665087553.514753,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 11777
X-Firefox-Spdy: h2
bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNfFoDWVk%3D&rst=3014&ck=1&ref=https://web8787.web07.bero-webspace.de/onjuist.php&ap=379&be=730&fe=2901&dc=1307&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665087549513,%22n%22:0,%22f%22:-31,%22dn%22:49,%22dne%22:51,%22c%22:51,%22s%22:82,%22ce%22:445,%22rq%22:445,%22rp%22:485,%22rpe%22:510,%22dl%22:504,%22di%22:1305,%22ds%22:1306,%22de%22:1310,%22dc%22:2900,%22l%22:2901,%22le%22:2904%7D,%22navigation%22:%7B%7D%7D&fcp=1207&jsonp=NREUM.setToken
162.247.241.2200 OK 77 B URL HTTP/1.1 bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNfFoDWVk%3D&rst=3014&ck=1&ref=https://web8787.web07.bero-webspace.de/onjuist.php&ap=379&be=730&fe=2901&dc=1307&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665087549513,%22n%22:0,%22f%22:-31,%22dn%22:49,%22dne%22:51,%22c%22:51,%22s%22:82,%22ce%22:445,%22rq%22:445,%22rp%22:485,%22rpe%22:510,%22dl%22:504,%22di%22:1305,%22ds%22:1306,%22de%22:1310,%22dc%22:2900,%22l%22:2901,%22le%22:2904%7D,%22navigation%22:%7B%7D%7D&fcp=1207&jsonp=NREUM.setToken
IP 162.247.241.2:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNfFoDWVk%3D&rst=3014&ck=1&ref=https://web8787.web07.bero-webspace.de/onjuist.php&ap=379&be=730&fe=2901&dc=1307&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1665087549513,%22n%22:0,%22f%22:-31,%22dn%22:49,%22dne%22:51,%22c%22:51,%22s%22:82,%22ce%22:445,%22rq%22:445,%22rp%22:485,%22rpe%22:510,%22dl%22:504,%22di%22:1305,%22ds%22:1306,%22de%22:1310,%22dc%22:2900,%22l%22:2901,%22le%22:2904%7D,%22navigation%22:%7B%7D%7D&fcp=1207&jsonp=NREUM.setToken HTTP/1.1
Host: bam-cell.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 20:19:12 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 756117337bd7b518-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=f0653ce1cc83156e; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=raEHt3dTYkZV%2FqxLN5kEY4WmHreIbnAELWsWSuk7HSo%2F91M1IXzTRur42CkM4ZZfH%2F%2FQdbV2a3OzclU8EP6cQIEczkLD1u2Q%2BwSTr6YuzbZSQaStCbFm7ATS7rNN7A62GngFH8wI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 7b162b571ef6118fe39497c215126628
ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f
9858acf478d0fd51529b7d38bbe6151619b7e36e705788067280a2555a896c30
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 06 Oct 2022 20:19:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 06 Oct 2022 00:02:12 GMT
Expires: Fri, 07 Oct 2022 00:02:12 GMT
ETag: "ef513c4dcdaf3462e5a4c861ec342528c3ed1c2f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
web8787.web07.bero-webspace.de/Tmob/f(2).txt
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(2).txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(2).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-9c5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&f=1&r=0.9395159218444818
34.96.102.137200 OK 0 B URL HTTP/2 dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&f=1&r=0.9395159218444818
IP 34.96.102.137:0
GET /j.php?a=545796&u=https%3A%2F%2Fweb8787.web07.bero-webspace.de%2Fonjuist.php&f=1&r=0.9395159218444818 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 20:19:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0, no-cache, must-revalidate
etag: W/"1665079103"
server: gams1
timing-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/gtm.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/gtm.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/gtm.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: W/"633dc676-6f7f5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f(4).txt
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(4).txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(4).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/nr-1208.min.js.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/nr-1208.min.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/nr-1208.min.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/607762952897114
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/607762952897114
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/607762952897114 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/DesignSystem.css
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
GET /Tmob/DesignSystem.css HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/css
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-62fc4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
deploy.mopinion.com/config/u36vubk7nppxq987pbk7kfcdmmlrxxsb3bx
54.230.111.75200 OK 0 B URL HTTP/2 deploy.mopinion.com/config/u36vubk7nppxq987pbk7kfcdmmlrxxsb3bx
IP 54.230.111.75:0
GET /config/u36vubk7nppxq987pbk7kfcdmmlrxxsb3bx HTTP/1.1
Host: deploy.mopinion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://web8787.web07.bero-webspace.de
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
date: Thu, 06 Oct 2022 19:58:07 GMT
server: nginx
cache-control: public, max-age=3600
access-control-allow-headers: Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-powered-by: Pastea.se
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sOe1ERbJc2ziBcXP2a15ocgiXu13NIAo3fiZhgFgepKNTpaE7cyaeQ==
age: 1264
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/15258
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/15258
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/15258 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/5318565
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/5318565
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/5318565 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/49ecee70e8
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/49ecee70e8
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/49ecee70e8 HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/siteanalyze_6004843.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/siteanalyze_6004843.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/siteanalyze_6004843.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:30 GMT
etag: W/"633dc67a-2f30"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/f(3).txt
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/f(3).txt
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/f(3).txt HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/plain
last-modified: Wed, 05 Oct 2022 18:01:23 GMT
etag: W/"633dc673-4aac"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/op.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/op.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/op.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:28 GMT
etag: W/"633dc678-1440"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/fbevents.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/fbevents.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/fbevents.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:26 GMT
etag: W/"633dc676-16e78"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/bat.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/bat.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/bat.js.download HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 18:01:20 GMT
etag: W/"633dc670-7571"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
deploy.mopinion.com/js/pastease.js
54.230.111.75200 OK 0 B URL HTTP/2 deploy.mopinion.com/js/pastease.js
IP 54.230.111.75:0
GET /js/pastease.js HTTP/1.1
Host: deploy.mopinion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
server: nginx
last-modified: Wed, 05 Oct 2022 12:13:02 GMT
access-control-allow-headers: Access-Control-Allow-Origin,X-Requested-With,Cache-Control,token,Content-Type,key,Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-powered-by: Pastea.se
content-encoding: gzip
date: Thu, 06 Oct 2022 15:17:47 GMT
cache-control: public, max-age=86400
etag: W/"6c11-183a8104711"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ASeJdeQZ00_4b4ibVtm4J6bjO5C4E5LrC1UHstX_KmCqDjKnA3svVw==
age: 67936
X-Firefox-Spdy: h2
web8787.web07.bero-webspace.de/Tmob/adsct
109.71.253.24404 Not Found 0 B URL HTTP/2 web8787.web07.bero-webspace.de/Tmob/adsct
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Deutsche Telekom
fortinet Phishing
GET /Tmob/adsct HTTP/1.1
Host: web8787.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8787.web07.bero-webspace.de/onjuist.php
Cookie: PHPSESSID=31njbs5r7hb5l5e7923inmjsn2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 06 Oct 2022 20:19:10 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 17:52:19 GMT
etag: W/"328-5ea4d3cf7899a"
content-encoding: br
X-Firefox-Spdy: h2