Report - web9236.web07.bero-webspace.de/

Report Overview

Submitted URL
web9236.web07.bero-webspace.de/
IP
109.71.253.24
ASN
#44486 SYNLINQ
Submitted
2022-12-02 05:59:14
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
72

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
web9236.web07.bero-webspace.de	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	944 kB	109.71.253.24
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.149.83.187
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	37 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V
2022-12-01	medium	web9236.web07.bero-webspace.de/	International Card Services B.V

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	web9236.web07.bero-webspace.de/	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4?	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/?	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/login/SunOT-Regular.ttf	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/login/SunOT-Light.ttf	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/core/token/core_token.js	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/core/form/core_form.js	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/login/form/form.js?v=63899429162c0	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js	Phishing
2022-12-02	medium	web9236.web07.bero-webspace.de/login/token/token.js?v=63899429162c2	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-08	2023-03-08
Pretty URL web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:30 Last Seen2023-03-08 14:31:30 Times Seen1 Hash be7563bc111a2be2a49c6b1343526dac 95cafa38138d1a42a43e6d88b7bd85590f17b6db f0b2ed4dccffba844aa7d9a008655c9bff186bf968bb3146bd9ac4308122ea68 Loading...

	web9236.web07.bero-webspace.de/	102 B	2023-03-08	2023-03-08
Pretty URL web9236.web07.bero-webspace.de/ IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:30 Last Seen2023-03-08 14:31:30 Times Seen1 Hash 65647d7c93d5450518b5bd8ba5213f98 3fe686d8cf98fe0da23d62f393398b1792412489 aa7eb6d830fdad7541047be4336d4c316c654c8c5d3c37260ca3fc58fb6b8215 Loading...

	web9236.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-04-19
Pretty URL web9236.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-19 13:17:46 Times Seen60875 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	web9236.web07.bero-webspace.de/core/token/core_token.js	10 kB	2023-03-07	2023-03-29
Pretty URL web9236.web07.bero-webspace.de/core/token/core_token.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:34 Last Seen2023-03-29 23:56:29 Times Seen3 Hash c48841dcc4322612cd937798b776ea70 d5edd1020b77223a5f96a020c0562dd529356af0 d05bf4c1a69179a0bbe6dc276d45bcb5f57d6a109817fa16e599e9cdb94e5cd1 Loading...

	web9236.web07.bero-webspace.de/core/form/core_form.js	38 kB	2023-03-07	2023-03-29
Pretty URL web9236.web07.bero-webspace.de/core/form/core_form.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:34 Last Seen2023-03-29 23:56:29 Times Seen3 Hash fd39e1c6bf1125d9a82509539176f060 ba8d4483a081dafe740b3a8ff27c548503d3458d 7855e0dfde6f6eded3c59b5b7073627ef8f5307cac11c971e3618108765cfc52 Loading...

	web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?	468 B	2023-03-08	2023-03-08
Pretty URL web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/? IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:30 Last Seen2023-03-08 14:31:30 Times Seen1 Hash 2a728df8d859125dbb53175d4cfca43f 6f4f36edc719b94e22230d0ff055de5ad7b415fd 4dbf7b97008f43eb9c177528e33eb6fccc147a56be882906c85be58982b267a7 Loading...

	web9236.web07.bero-webspace.de/login/form/form.js?v=63899429162c0	3.1 kB	2023-03-07	2024-04-09
Pretty URL web9236.web07.bero-webspace.de/login/form/form.js?v=63899429162c0 IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:34 Last Seen2024-04-09 18:16:13 Times Seen265 Hash 0410329bbea4ef934e13e41ff067fbd5 6f9b4e2ee9373e2bbc4fe86937b97ce4003825b5 907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f Loading...

	web9236.web07.bero-webspace.de/login/token/token.js?v=63899429162c2	1.3 kB	2023-03-07	2024-04-09
Pretty URL web9236.web07.bero-webspace.de/login/token/token.js?v=63899429162c2 IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:34 Last Seen2024-04-09 18:16:13 Times Seen189 Hash e5c4349c160d44d04059860eed06c149 3bb2cf98c490b8c81796d2308bdc11993dd90290 4990eba8e4dc4cb12cba3e92aad405f4a41a7d60146b85e0b7857502eb53a293 Loading...

	web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-08	2023-03-08
Pretty URL web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:30 Last Seen2023-03-08 14:31:30 Times Seen1 Hash 5e855f7eae3866db2d07f7df24eed1aa a16ac72e170c33bf5f5a485fff81b4975ecc5326 44fe914d6f6e49451aca0e16277f4879644104f2a044c06580ee93f623ba9eb6 Loading...

	web9236.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js	17 kB	2023-03-07	2024-04-09
Pretty URL web9236.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-04-09 18:16:12 Times Seen660 Hash e0ae48c8ebbe57edeacb5b02f16d0df9 0c5a29a88add39486162e0c16f23e2e06fc7842e 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896 Loading...

HTTP Transactions (41)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9027
Expires: Fri, 02 Dec 2022 08:29:30 GMT
Date: Fri, 02 Dec 2022 05:59:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c332174db3d26afe220e1da534de3264
ac4a4fd86854229f98e5f8816edcc5aac6e83124
d8eedb05e2ef980021b88448146985a24716c112819128f766b291d4138dd425

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8EEDB05E2EF980021B88448146985A24716C112819128F766B291D4138DD425"
Last-Modified: Thu, 01 Dec 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13101
Expires: Fri, 02 Dec 2022 09:37:24 GMT
Date: Fri, 02 Dec 2022 05:59:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6767
Expires: Fri, 02 Dec 2022 07:51:50 GMT
Date: Fri, 02 Dec 2022 05:59:03 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 427
Cache-Control: max-age=103156
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 05:59:03 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:38:19 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: JxExJYMQWrf62XGa2eMuyUUwCpn630EP4RlyQMgPsd7cpAY6iCr3lMvDnwj0Jjl/5L3cDOT8khg=
x-amz-request-id: 0WKY4PNK1V0TVQ5H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 05:45:59 GMT
age: 784
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 05:18:11 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2452
alt-svc: clear
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/

109.71.253.24

200 OK

447 B

URL HTTP/2
web9236.web07.bero-webspace.de/
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
447 B (447 bytes)
Hash
6e8eb892019abdd334166acdcd8fd736
e4b66ba522831fd1616c78a61c8fed068398624f
66ebb62b2d04ecdbdb09293f85f02afe7c1d7bfc834b2fb38a9c870a1aa75aa8

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:03 GMT
content-type: text/html; charset=UTF-8
content-length: 447
set-cookie: real=OK
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 05:11:15 GMT
cache-control: public,max-age=3600
age: 2869
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 423
Cache-Control: max-age=98088
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 05:59:04 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:13:52 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.83.187

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.83.187:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: x8Ls0uc52CFba4s7e9GIHw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fzd38IGLL9a/RbXCeefwFrihfkI=

web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4?

109.71.253.24

301 Moved Permanently

362 B

URL HTTP/2
web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4?
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
362 B (362 bytes)
Hash
a74cfd353781d17e9a8dbf57e7951d15
93e2b3a6e566749186715375329d06df4e993847
b1e4a07f0c38b1e6820fadf1ab6d09db3cd85c65eac57540a48891fc343bbaf1

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /d4ff14bb262cfb2a6ffa32574d4445e4? HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 02 Dec 2022 05:59:04 GMT
content-type: text/html; charset=iso-8859-1
content-length: 362
location: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/?
x-powered-by: PleskLin
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/?

109.71.253.24

302 Found

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/?
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /d4ff14bb262cfb2a6ffa32574d4445e4/? HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web9236.web07.bero-webspace.de/
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/html; charset=UTF-8
content-length: 0
set-cookie: bid=d4ff14bb262cfb2a6ffa32574d4445e4; expires=Sun, 01-Jan-2023 05:59:05 GMT; Max-Age=2592000; path=/
location: login/?
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?

109.71.253.24

200 OK

9.0 kB

URL HTTP/2
web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3394)
Size
9.0 kB (8992 bytes)
Hash
ee3f25ddb47a37d8a69475d0db7bd551
60ef222f5fef7a41dcbb8af71f74c028890c7ce8
0756d6b07fd4d1c047ebd73e341c4eabb89779b29f84719be90161d426e3f1cf

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /d4ff14bb262cfb2a6ffa32574d4445e4/login/? HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web9236.web07.bero-webspace.de/
Connection: keep-alive
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/html; charset=UTF-8
content-length: 8992
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/form/css.css

109.71.253.24

200 OK

145 B

URL HTTP/2
web9236.web07.bero-webspace.de/login/form/css.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
145 B (145 bytes)
Hash
61a43eecdddced679f8b5297e126b11d
e8777ed70ebe441e57776d63b3303b1df3517fe1
41688ac24b1a4f995fdbbfce3c62536ddf15fbba98b943d34b5c8b950757418b

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /login/form/css.css HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/css
content-length: 145
x-accel-version: 0.01
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: "f0-5b7b768a38b80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/favicon.ico

109.71.253.24

404 Not Found

3.0 kB

URL HTTP/2
web9236.web07.bero-webspace.de/favicon.ico
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
3.0 kB (2974 bytes)
Hash
41e6dc9fd0526bddb5c60e477f006d87
0cbf20f62e9425afc9e7034ef4fdc6974f825e01
40618429082ec9e731445e0668945189546a1c019c889cb3dce0aeefbd8f0b4a

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/
Cookie: real=OK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 02 Dec 2022 05:59:04 GMT
content-type: text/html
last-modified: Thu, 01 Dec 2022 03:49:48 GMT
etag: W/"328-5eebc1cd7745f"
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/SunOT-Regular.ttf

109.71.253.24

200 OK

86 kB

URL HTTP/2
web9236.web07.bero-webspace.de/login/SunOT-Regular.ttf
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
TrueType Font data, 15 tables, 1st "FFTM", 24 names, Macintosh\012- data
Size
86 kB (86304 bytes)
Hash
6150bb0f5b1e975bc0b616b61845f49c
4ea5afcef3164f6dbae351f9d12c13ad9514fd92
69e81e13ae217c9a436756a0f91d43af57f3adb823ea36f94d33f03cb4694981

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /login/SunOT-Regular.ttf HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/login/styles.css
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: font/ttf
content-length: 86304
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: "5fed163e-15120"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/core/form/core_form.css

109.71.253.24

200 OK

12 kB

URL HTTP/2
web9236.web07.bero-webspace.de/core/form/core_form.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
12 kB (11789 bytes)
Hash
de4df425c5aac43bb8f59c0c175ee42f
05370b735f6b9566a16facdf4fb1f86f20b8def3
18ed8055a8d54e2e87ee588fa706907f381b40cbfc6b0cf3f3026975e14d1236

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /core/form/core_form.css HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/css
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-ae6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/SunOT-Light.ttf

109.71.253.24

200 OK

86 kB

URL HTTP/2
web9236.web07.bero-webspace.de/login/SunOT-Light.ttf
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
TrueType Font data, 15 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size
86 kB (86500 bytes)
Hash
fc9b52707830de91489044be4726abc6
f3eddc426afe06abde7ab9b9426b41944da24171
75af6860450b2595cd18ebad00dbf3927d9e494dfdbd12ceefcec15b2c03d84e

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /login/SunOT-Light.ttf HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/login/styles.css
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: font/ttf
content-length: 86500
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: "5fed163e-151e4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/main-ics.css

109.71.253.24

200 OK

42 kB

URL HTTP/2
web9236.web07.bero-webspace.de/login/main-ics.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (41648 bytes)
Hash
5c86216291b7e7caa5a6cdb267fae4b5
324c36d48042282324417c5975d093175dea2feb
abc2a39ea8472a86683238c7edd909b615d78c4a7e43dcaa701d4f857d384adc

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /login/main-ics.css HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/css
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-3aa00"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/core/token/core_token.js

109.71.253.24

200 OK

26 kB

URL HTTP/2
web9236.web07.bero-webspace.de/core/token/core_token.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
26 kB (26132 bytes)
Hash
6f4db52ef3f62b76648e2b946061c6f2
ec3f4e388d844847a05ab2052ad02f8f06602f8e
7326d2f3d19f6070437f550222eb3e473f05ee7739b8702931a78011737286b6

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /core/token/core_token.js HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: application/javascript
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-28ce"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/core/form/core_form.js

109.71.253.24

200 OK

105 kB

URL HTTP/2
web9236.web07.bero-webspace.de/core/form/core_form.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (19542)
Size
105 kB (105017 bytes)
Hash
12d6def13e05a776fc8c4731b1acccfa
9c1193b975bd0938beb953bdb9458f327085ea22
84a5e64bf27722b251848e7f1ea4f4085627ae37a427cd641d74fb27cee49411

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /core/form/core_form.js HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: application/javascript
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-9277"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/favicon-144x144-withoutlines.png

109.71.253.24

200 OK

5.5 kB

URL HTTP/2
web9236.web07.bero-webspace.de/login/favicon-144x144-withoutlines.png
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced\012- data
Size
5.5 kB (5528 bytes)
Hash
75d0a29d4d1a08405f39799bcb986e63
da64454d7277c531786146796026f49f89e9d4db
1a99f7b02b4517fa7e085315d99cdc0b9e13b0b1c904c683679a05de7a7d1a63

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /login/favicon-144x144-withoutlines.png HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: image/png
content-length: 5528
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: "5fed163e-1598"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/form/newloader.gif

109.71.253.24

200 OK

557 kB

URL HTTP/2
web9236.web07.bero-webspace.de/login/form/newloader.gif
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
GIF image data, version 89a, 480 x 480\012- data
Size
557 kB (557122 bytes)
Hash
ef8d4e6b20b0cf0d68713fb2f6069042
d62bb4b1a169c88879de3bd2f5c4292b6259a952
32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /login/form/newloader.gif HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: image/gif
content-length: 557122
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: "5fed163e-88042"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3643
Expires: Fri, 02 Dec 2022 06:59:49 GMT
Date: Fri, 02 Dec 2022 05:59:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3643
Expires: Fri, 02 Dec 2022 06:59:49 GMT
Date: Fri, 02 Dec 2022 05:59:06 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4840 bytes)
Hash
60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 29415
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 29350
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743620&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1669960743621

109.71.253.24

200 OK

4.9 kB

URL HTTP/2
web9236.web07.bero-webspace.de/home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743620&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1669960743621
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text, with no line terminators
Size
4.9 kB (4891 bytes)
Hash
f342c9b926edcacb06fa8db6a7ce5dd4
edb165002c78dd124fa054c4396d35347ab8ff23
afd0d64c217f415d73ad6a1d8c5dc42602436e7c85dc46c8fb99020ab86049e3

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743620&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1669960743621 HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:06 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11402 bytes)
Hash
1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 29253
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6564 bytes)
Hash
58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 30259
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:20:09 GMT
age: 81537
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/bower_components/font-awesome/css/font-awesome.min.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/bower_components/font-awesome/css/font-awesome.min.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/css
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-7918"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/form/form.js?v=63899429162c0

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/login/form/form.js?v=63899429162c0
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /login/form/form.js?v=63899429162c0 HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: application/javascript
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-bf7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: application/javascript
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-15283"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: application/javascript
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-4298"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743620&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1669960743624
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743620&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1669960743624 HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:10 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/index.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/login/index.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /login/index.css HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/css
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-62a4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/styles.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/login/styles.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /login/styles.css HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: text/css
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-720a3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/login/token/token.js?v=63899429162c2

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/login/token/token.js?v=63899429162c2
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V
fortinet	Phishing

HTTP Headers

GET /login/token/token.js?v=63899429162c2 HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:05 GMT
content-type: application/javascript
last-modified: Thu, 31 Dec 2020 00:07:26 GMT
etag: W/"5fed163e-509"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9236.web07.bero-webspace.de/home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743622&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1669960743623

109.71.253.24

200 OK

0 B

URL HTTP/2
web9236.web07.bero-webspace.de/home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743622&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1669960743623
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	International Card Services B.V

HTTP Headers

GET /home.php?pl=token&link=icsmailseekbv&bid=d4ff14bb262cfb2a6ffa32574d4445e4&callback=jQuery32106309394964064792_1669960743622&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1669960743623 HTTP/1.1
Host: web9236.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9236.web07.bero-webspace.de/d4ff14bb262cfb2a6ffa32574d4445e4/login/?
Cookie: real=OK; bid=d4ff14bb262cfb2a6ffa32574d4445e4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:59:06 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations