firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 09:10:02 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sCVljmwb9pyzah7PjqFQEg840566NPw6eiOkwsM6iyqCJNjXx2PGzA==
Age: 2127
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7464
Expires: Thu, 08 Sep 2022 11:49:53 GMT
Date: Thu, 08 Sep 2022 09:45:29 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WJ1MBojDhS_Vg5VKKSzwph7F0CCKqehmL5aLWi7oXF1l_eFb1Yosog==
age: 21535
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 699785a6102f3557d8e66a2bdfbb6e05
a3e3fa7ef8312262d1d85797f17bb6c95783df11
4adf6349c5bd2c22d9c21dcc82f4efc03e9b961eea6a2be8f13f5edb44493f4c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4ADF6349C5BD2C22D9C21DCC82F4EFC03E9B961EEA6A2BE8F13F5EDB44493F4C"
Last-Modified: Tue, 06 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 08 Sep 2022 15:45:29 GMT
Date: Thu, 08 Sep 2022 09:45:29 GMT
Connection: keep-alive
web8538.web07.bero-webspace.de/gif/
109.71.253.24200 OK 14 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19277)
Hash d8de4ccc7b160f5732ea6062e7ead1c4
d995a2bde96ad2194587c9ab2e0ad0637dfe10f3
71505fa6541a570677087111efb1ce793960ae65efba3b46bc8bcd36de7761c6
Analyzer Verdict Alert fortinet Phishing
GET /gif/ HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: text/html; charset=UTF-8
content-length: 13966
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.30, PleskLin
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 08 Sep 2022 09:38:18 GMT
Expires: Thu, 08 Sep 2022 10:06:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PCX8qH1LnyVWxaPzKGfmUxqOA7RFikE-3QuVDwia1GOcCw5UjZR7Mg==
Age: 431
web8538.web07.bero-webspace.de/gif/sca/sca-login
109.71.253.24200 OK 32 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/sca-login
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (12078), with CRLF, LF line terminators
Hash 7cf341175a491faa97107abcdbbb6eb1
3e4c3598dc9d26faf7b6946851bf480d2c96f00b
ad7211417c487fff828204d17b260de32dbfecb1f34ec4cefec332174f912aed
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/sca-login HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/octet-stream
content-length: 31550
last-modified: Wed, 06 Jul 2022 14:38:22 GMT
etag: "62c59e5e-7b3e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/plx.check.js
109.71.253.24200 OK 209 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/plx.check.js
IP 109.71.253.24:0
Hash 65a7d1a66a5b6f665f49900274e318e8
ed2a23b7c7bd5ec1e42127e381cd5089b88bc2a7
61b441852598829f84cc6605312cf152c2b5f74c05721f0e689daac188a4b929
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/plx.check.js HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/javascript
content-length: 209
x-accel-version: 0.01
last-modified: Wed, 06 Jul 2022 23:25:54 GMT
etag: "195-5e32b4a590480-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/proxyid.js.download
109.71.253.24200 OK 220 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/proxyid.js.download
IP 109.71.253.24:0
Hash cf3fdcb6394ca0e8e3572fb475e9e6a1
cb675d9ac518343f4875920256f1c624712bdf2e
fcd6504c3c6c1d1f3a2eea7953420cff9ab77162edded72d2e27c391f5d46f69
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/proxyid.js.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/javascript
content-length: 220
x-accel-version: 0.01
last-modified: Wed, 06 Jul 2022 14:38:34 GMT
etag: "f2-5e323ec74ee80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/saved_resource
109.71.253.24200 OK 8.0 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/saved_resource
IP 109.71.253.24:0
File type ASCII text, with very long lines (662)
Hash 43e4cd4d0d896cc2c4c1b724ce008764
b6df31b85bd329a6f026c41795c2ac83ad9dab87
91dd5858585bcafd085ed3c7dbe9f3eb2329dc380b8a58caf174036c7a204349
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/saved_resource HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/octet-stream
content-length: 7969
last-modified: Wed, 06 Jul 2022 14:38:24 GMT
etag: "62c59e60-1f21"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/collectddna.js.download
109.71.253.24200 OK 1.5 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/collectddna.js.download
IP 109.71.253.24:0
Hash d666afb2c4c0aac07bc6a49d8d78fae3
e8996ca1f59380fe6a67b3d46d2b3321aad0fba8
7e00604be5f97aaa7081d204dc0b09a1a11687096050e567138782b181f52fcd
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/collectddna.js.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:32 GMT
etag: W/"62c59e68-d13"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-MHW4QGN&l=global_layer
142.250.74.72200 OK 116 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MHW4QGN&l=global_layer
IP 142.250.74.72:0
File type Unicode text, UTF-8 text, with very long lines (64384)
Size 116 kB (115488 bytes)
Hash 95d4ea4aa2482474fa1357cd2a80842e
61661b595b7c1b56f283f1589e79dbc193cb8ff1
31152ca51990daa3f0e6e5720c39d048888ea30cb9a757789fb17d68e58eb1a3
GET /gtm.js?id=GTM-MHW4QGN&l=global_layer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Sep 2022 09:45:30 GMT
expires: Thu, 08 Sep 2022 09:45:30 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 115488
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 042105f89c8d64b470d84e052cd412d1
a26c7e2559b3760ea2765b16a3f8d1be27f5dcf4
fadb8cdd22f4d7773d5c20d576f6400ab25e20e1efe3e3fe50d2ae39ca6f2725
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4583
Cache-Control: max-age=171458
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:45:30 GMT
Etag: "6319a295-1d7"
Expires: Sat, 10 Sep 2022 09:23:08 GMT
Last-Modified: Thu, 08 Sep 2022 08:06:45 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de50d39318f58f490483c86aecd38e4c
f92177f493cb7bab9c5ce67f6b41f9214920907d
8bca037d0d46ddd72b4c1bbfc2829f96bc9e7bfb28724af3010f1441d14b7180
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:45:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
web8538.web07.bero-webspace.de/gif/sca/main.js(1).download
109.71.253.24200 OK 2.4 MB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/main.js(1).download
IP 109.71.253.24:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 2.4 MB (2440637 bytes)
Hash e1536c8df7642a47faf5e52414e95644
31111ec408192ab9c2eaedd75b8167ef0bd87c72
9b86e530307d396082ae6b004665b4b8a1dc7212f94f41e530c36bcc0cac3d70
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/main.js(1).download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: application/octet-stream
content-length: 2440637
last-modified: Wed, 06 Jul 2022 14:38:44 GMT
etag: "62c59e74-253dbd"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/SunOT-Light.ttf
109.71.253.24200 OK 86 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/SunOT-Light.ttf
IP 109.71.253.24:0
File type TrueType Font data, 15 tables, 1st "FFTM", 28 names, Macintosh\012- data
Hash fc9b52707830de91489044be4726abc6
f3eddc426afe06abde7ab9b9426b41944da24171
75af6860450b2595cd18ebad00dbf3927d9e494dfdbd12ceefcec15b2c03d84e
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/SunOT-Light.ttf HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/sca/styles.css
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: font/ttf
content-length: 86500
last-modified: Wed, 06 Jul 2022 14:39:58 GMT
etag: "62c59ebe-151e4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/sunot-bold-webfont.woff2
109.71.253.24200 OK 25 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/sunot-bold-webfont.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 24800, version 4.66\012- data
Hash 819f042f2484072228ad1cb32902ffd8
22955f1851a789580b5c6136886ff2ceea0726ac
265235296a58d38174ac7198a96e108c4e9c7ceceb0ccb700d352c8b99a7c99d
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/sunot-bold-webfont.woff2 HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/sca/main-ics.css
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: font/woff2
content-length: 24800
last-modified: Wed, 06 Jul 2022 14:41:26 GMT
etag: "62c59f16-60e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/ics-icons.woff2?mrp4y8
109.71.253.24200 OK 6.6 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/ics-icons.woff2?mrp4y8
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 6640, version 1.0\012- data
Hash 63e2cb76dd1d001abe5c22de5d8a0ee8
595bf366b208110a66f257755b861c040d90dd39
26e6a7b3caf0b044980820a1a26cd56a16efad9108fd14e7416bae2a2b76320b
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/ics-icons.woff2?mrp4y8 HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/sca/styles.css
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: font/woff2
content-length: 6640
last-modified: Wed, 06 Jul 2022 14:41:18 GMT
etag: "62c59f0e-19f0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.17.198101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.17.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +OX7TBhJAaH2nYCp0pSM/g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CvruFx0MJLVEe4hSrVahPOQlMmI=
web8538.web07.bero-webspace.de/gif/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb
109.71.253.24200 OK 283 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb
IP 109.71.253.24:0
File type ASCII text, with very long lines (545)
Size 283 kB (282826 bytes)
Hash 3db107422a2a20e84e1842d30ef7aa06
efe9a5d9a37fd55f84ec23dc222c2fe6f54dd032
49646c016f4d29b0499b92cb483ceb98a3170c3aba81ae563acc2961bdc65484
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/sca/saved_resource.html
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: application/octet-stream
content-length: 282826
last-modified: Wed, 06 Jul 2022 14:38:48 GMT
etag: "62c59e78-450ca"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb(1)
109.71.253.24200 OK 53 kB URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb(1)
IP 109.71.253.24:0
Hash c2e3dd5a6731ab68f051021eff499f4f
6739b37fb552d92db4ca07e5f25e783950b0ec75
552f179b8856e5355d6d5865abf56d10af6a0e698c3a8ea2b5610c459fbe37a3
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb(1) HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/sca/saved_resource.html
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: application/octet-stream
content-length: 53065
last-modified: Wed, 06 Jul 2022 14:38:50 GMT
etag: "62c59e7a-cf49"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/error_docs/styles.css
109.71.253.24200 OK 948 B URL HTTP/2 web8538.web07.bero-webspace.de/error_docs/styles.css
IP 109.71.253.24:0
Hash 0609b582b779b34fac999fc5e728804f
e62f5606ba6e8ed97cd8ab7f867e4e3fafd024e1
c53e939d03cabaa8970cdcb8d3c9fdb7ee26c99ab1cda3a56d043893c5bd09c3
GET /error_docs/styles.css HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/TSPD/?type=21
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: text/css
content-length: 948
last-modified: Mon, 05 Sep 2022 17:03:47 GMT
etag: "a9e-5e7f11021e820-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 619957f6f380ef3ca3da91bbab7790bf
d8ba782a4ed6aa9fa342e0f7072e51cff124b03a
0f58deac92a7076539bc64242e8e2c54f9810f2af65e4d12b93d06b2cd1c0fe0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4123
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:45:30 GMT
Last-Modified: Thu, 08 Sep 2022 08:36:47 GMT
Server: ECS (amb/6BBE)
X-Cache: HIT
Content-Length: 471
www.icscards.nl/webfiles/1656567843470/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png
185.195.93.72200 5.5 kB URL HTTP/1.1 www.icscards.nl/webfiles/1656567843470/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png
IP 185.195.93.72:0
ASN #42649 Baffin Bay Networks AB
File type PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced\012- data
Hash 75d0a29d4d1a08405f39799bcb986e63
da64454d7277c531786146796026f49f89e9d4db
1a99f7b02b4517fa7e085315d99cdc0b9e13b0b1c904c683679a05de7a7d1a63
GET /webfiles/1656567843470/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png HTTP/1.1
Host: www.icscards.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
content-length: 5528
content-type: image/png;charset=UTF-8
date: Thu, 08 Sep 2022 09:45:30 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-content-type-options: nosniff
cache-control: max-age=31536000
expires: Fri, 08 Sep 2023 09:45:30 GMT
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors www.anwb.nl www.worldcard.nl www.yourmastercard.nl www.icscards.nl *.icscards.nl.cipe.local icscards.nl
strict-transport-security: max-age=31536000; includeSubDomains
Set-Cookie: BIGipServer~ICSDLB02~pool_www.icscards.nl_8016=rd11o00000000000000000000ffff0af4d3d0o8016; path=/; Httponly; Secure
_tpc_persistance_cookie=!+AVUYKMULKmC0j28EOda6AVGp4P79aKW2hrgWLTgLdTwjhBmaNzwTrYHF0KwpL4G0ZYG7q24nNGZTIQ=; path=/; Httponly; Secure
BBN01677320=0135ab579a1dafa65be619b45f6cecad776da8747d99a24302a53bb1fbb65e5c01b3496562d339e458238bd3490af46d92ad9d008bbc284920bee533ce1f774626c94ca02c; Path=/; Domain=.www.icscards.nl; Secure; HTTPOnly
Accept-Encoding: gzip, deflate, br
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11141
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:45:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11141
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:45:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11141
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:45:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11141
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:45:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11141
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 09:45:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c870cb13eb9cbc6e3cb66814dc06a157
b469f24dbfe01ee68650ef1b0abd6badb83e3325
d4dc98f6d2d86a94c85056797a4efd9ab938651fb06bf421c661b78a5c9d9319
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4570
x-amzn-requestid: c8acc548-6455-4951-9ca0-245a1c3bdf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VYGwEoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f55-58f59c61714ed9761d39c8b4;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UiG7UKRQy_MGckOpAsfoV4PUZZ2o8ko7Q6hqeYlzo5XS0874Cf2gxQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
etag: "b469f24dbfe01ee68650ef1b0abd6badb83e3325"
content-type: image/jpeg
age: 40345
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 124a0c0a970006aa660031b5e0ec70d9
3dcd7b5ca2cc9ab604df554b341d1e08bffaa3d7
14c5c6aaf110c123037eb860ecc9d386d46af55fe54cb50f9d1ad430f7e0c516
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11972
x-amzn-requestid: e71daf97-7463-492d-b55a-0eab022d8b05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0nI2G1tIAMFk2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311b89e-7d6c6d1769649d371c505453;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 08:02:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fOWoYZ9FyUKt55cLxVvwCBhX0DzsF2yPaX2Y6USE6OZcNFe3lWyOHA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 04:58:50 GMT
age: 17201
etag: "3dcd7b5ca2cc9ab604df554b341d1e08bffaa3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cd778a615e9a4ca3a25119790398434
d6daca74fc85d39274b3c7536f34528bef93ae97
e6b5a7a525e314e09c30985b22da7c34806df09cbe98ad52b00dcbf93a0dc054
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7251
x-amzn-requestid: 26b2021a-4440-47ce-8dba-d971cae60cc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bmHcmoAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-5471edce7de2374c3b8af888;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: d3MrDEyDFDylQKyfxONQ12_7IBvRAg8o0rSZ64WNRGNvDHqQyDmqJA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:16:27 GMT
age: 41344
etag: "d6daca74fc85d39274b3c7536f34528bef93ae97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 036db462684c81e3906433a0d2929eb8
7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d
a252f30f9239f6a343b23c9d3e1d1b7460c5ee5a592d3372bf124760baa6e657
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8246
x-amzn-requestid: d1a11f7f-22b7-4fc1-b33d-402e5bc3af33
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgEx4oAMF-pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7305dd7653fe38c9445e02a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: INlZ1UklE6G7_1AYLBLEjbENrWoRgkYHLiL4w_QVx7tRA3jepd_eXQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d"
content-type: image/jpeg
age: 43016
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 675756a44be6f9bbe341fa4c866c941b
6502050805e53baeb44d82e55d4b15b82e34d2eb
cd1d16b5feefddfd89ac4bfcff21e80c49f07b0428aa57e8de365974f813e755
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8820
x-amzn-requestid: e2c909d0-f781-48e6-805e-a43940e67c4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG_LpG1OIAMF_8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6319124a-37f3458a2905bd947cf01f93;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:51:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: xZfSJCNKiAOumLXDwm496KBZqoY1FtqF6T6GkMAdHCJ3Ikq0brbdjw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:51:13 GMT
age: 42858
etag: "6502050805e53baeb44d82e55d4b15b82e34d2eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca5b5d4ac26d97b5729a30ecdc688bc
3e633bc6c4ab9adfe84899e5209d73bef1d097eb
2c8275d1819d933f86df9685b76aea030842ba5a341c59ea88ffd2da99a5a3d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7885
x-amzn-requestid: 305dc6b7-eb3d-40ad-af89-8b60be935637
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThE3DIAMFRtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7c0b58644e26de7f27c5b388;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ry2D03udnweYHan_7KhC9IDhT01g9_73G40Fa10BdIX21tgK0Cgjiw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "3e633bc6c4ab9adfe84899e5209d73bef1d097eb"
content-type: image/jpeg
age: 43016
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/jquery.min.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/jquery.min.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/jquery.min.js.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:36 GMT
etag: W/"62c59e6c-152b5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/saved_resource.html
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/saved_resource.html
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/saved_resource.html HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: text/html
last-modified: Wed, 06 Jul 2022 14:38:50 GMT
etag: W/"62c59e7a-19a0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/styles.css
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/styles.css
IP 109.71.253.24:0
GET /gif/sca/styles.css HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: text/css
last-modified: Wed, 06 Jul 2022 14:38:28 GMT
etag: W/"62c59e64-78c5d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/runtime.j.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/runtime.j.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/runtime.j.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 17:03:47 GMT
etag: W/"328-5e7f11021e820"
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/polyfills.j.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/polyfills.j.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/polyfills.j.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 17:03:47 GMT
etag: W/"328-5e7f11021e820"
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/runtime.j.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/runtime.j.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/runtime.j.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 17:03:47 GMT
etag: W/"328-5e7f11021e820"
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/TSPD/082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce3?type=13
109.71.253.24404 Not Found 0 B URL HTTP/2 web8538.web07.bero-webspace.de/TSPD/082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce3?type=13
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /TSPD/082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce3?type=13 HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/sca/saved_resource.html
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v; did_proxy=1:zEUeQFVqXRrb1FthfkZ64J1LHpob1ksgZd7jHNpUxXxlq0gz2-i7oZP9U70asvhwgYSKXzVQArfJATAYu8N_bw; BBN00000000100=082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce30855cbc20f07e0006406f45a8c8e207a383bd1ce5dc5c19fb63d9a392305aeef88e2c8281828fae91e85231cba75952302ab1841fe84501eb4c395e1284f8a6f05b1c678e8248bbe251383ed85c32466d66405115faa851c281a7311320575261240acfc9a2abca2dfcd59c97ba61568d4129d873f8d9194e06c96365e0acaffd64c3fd2cfe983d267f5d1c39790212d0d01f5ce582ee5e571d8d9d51900586e0149d9216d8763db98571af0707cf6b78b416543a70fb7ba852ec1299d07b1f9e3946a290de186f9036f17302cc494216e73e91f281313b4320826c7a8a6aef88f57b6b4fc74c166
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 09:45:31 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 17:03:47 GMT
etag: W/"328-5e7f11021e820"
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/modernizr.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/modernizr.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/modernizr.js.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:34 GMT
etag: W/"62c59e6a-5f1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/TSPD/?type=21
109.71.253.24404 Not Found 0 B URL HTTP/2 web8538.web07.bero-webspace.de/TSPD/?type=21
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /TSPD/?type=21 HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 17:03:47 GMT
etag: W/"328-5e7f11021e820"
content-encoding: br
X-Firefox-Spdy: h2
enshom.link/jmkivS
172.67.172.215301 Moved Permanently 0 B IP 172.67.172.215:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /jmkivS HTTP/1.1
Host: enshom.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: text/html; charset=UTF-8
location: https://web8538.web07.bero-webspace.de/gif/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=fa816e9d8d9a9e0785259d023b5a444f; path=/
short_53861=1; expires=Thu, 08-Sep-2022 10:00:29 GMT; Max-Age=900; path=/; HttpOnly
vary: Accept-Encoding
age: 0
via: 1.1 varnish (Varnish/7.1)
x-varnish-cache: MISS
x-varnish: MISS
x-powered-by: Fastest Cache
x-request-id: cee38848a96cc25123013f4a6de1fad1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zt4DXd8MoEh3WCW%2FeWwqVa0N%2FYka6zC0tTeOUEFI%2FHb7q%2B%2BNmLZhBgR30hZqdsvg40qkTbVtiKJbTylX1O3KH4aDORSNVNMey17%2FAupB0WiZEEkJfHMtNWaPNFXsww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7476c064ecfab4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/arcotfpcollect.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/arcotfpcollect.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/arcotfpcollect.js.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:30 GMT
etag: W/"62c59e66-d9fd"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/main.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/main.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/main.js.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:38 GMT
etag: W/"62c59e6e-2f2c6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/main-ics.css
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/main-ics.css
IP 109.71.253.24:0
GET /gif/sca/main-ics.css HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:29 GMT
content-type: text/css
last-modified: Wed, 06 Jul 2022 14:46:22 GMT
etag: W/"62c5a03e-3fc72"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/icons.woff2
109.71.253.24200 OK 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/icons.woff2
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/icons.woff2 HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/sca/main-ics.css
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: font/woff2
content-length: 9840
last-modified: Wed, 06 Jul 2022 14:40:06 GMT
etag: "62c59ec6-2670"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8538.web07.bero-webspace.de/gif/sca/polyfills.j.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8538.web07.bero-webspace.de/gif/sca/polyfills.j.download
IP 109.71.253.24:0
Analyzer Verdict Alert fortinet Phishing
GET /gif/sca/polyfills.j.download HTTP/1.1
Host: web8538.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8538.web07.bero-webspace.de/gif/
Cookie: PHPSESSID=jqmth4d2fm5k81vsl4njauc27v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 09:45:30 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 17:03:47 GMT
etag: W/"328-5e7f11021e820"
content-encoding: br
X-Firefox-Spdy: h2