sabrina-frause.de/customer_center/user-889924/payment.php
91.218.65.6301 Moved Permanently 162 B URL HTTP/1.1 sabrina-frause.de/customer_center/user-889924/payment.php
IP 91.218.65.6:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert openphish PayPal Inc.
fortinet Phishing
GET /customer_center/user-889924/payment.php HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 10 Dec 2022 03:35:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://sabrina-frause.de/customer_center/user-889924/payment.php
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7061
Expires: Sat, 10 Dec 2022 05:32:49 GMT
Date: Sat, 10 Dec 2022 03:35:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15626
Expires: Sat, 10 Dec 2022 07:55:34 GMT
Date: Sat, 10 Dec 2022 03:35:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 10 Dec 2022 03:33:18 GMT
content-type: application/json
age: 110
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8910
Expires: Sat, 10 Dec 2022 06:03:38 GMT
Date: Sat, 10 Dec 2022 03:35:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dSjCStCiUsxhEv61zfJlORGsjX28hwsqR/hCNPy+a9H1dGtx1bD9df2t1rrD4/wRFz0CzZR+N2c=
x-amz-request-id: ZSSG3KQRHNXGPMYP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 10 Dec 2022 02:48:37 GMT
age: 2791
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 107c0b3f8839495a4aa9db0fdf437e19
82044e7fde58cdb61343d1819a0355cc98688cab
70e2099ae0b5ac6114874032e25cc9404e2ace9fd458f0f56c413ffc28801be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70E2099AE0B5AC6114874032E25CC9404E2ACE9FD458F0F56C413FFC28801BE4"
Last-Modified: Thu, 08 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5749
Expires: Sat, 10 Dec 2022 05:10:57 GMT
Date: Sat, 10 Dec 2022 03:35:08 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:08 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/payment.php
91.218.65.6200 OK 971 B URL HTTP/2 sabrina-frause.de/customer_center/user-889924/payment.php
IP 91.218.65.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash efbfe6bb297f6f6b15c1d6ddaa068788
a97cc420f1c47c51bd8e202d1b180f9b083605cb
3dbf3ae04377da03ed0eef9d5f6a6f972abdfdcb60854599ff430e73f0b8ca5f
Analyzer Verdict Alert openphish PayPal Inc.
fortinet Phishing
GET /customer_center/user-889924/payment.php HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:08 GMT
content-type: text/html; charset=UTF-8
content-length: 971
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.3.1.js
69.16.175.42200 OK 80 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.js
IP 69.16.175.42:0
Hash 9fd458b477c45f28862c10eeee99263f
bcfceda34c540b9957758de619b288362188bb0b
ef82ed7916ef7c6cb059d150c8b1e102c57e0e174ea6a1dfbcd0c286c465ba0f
GET /jquery-3.3.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 03:35:09 GMT
content-encoding: gzip
content-length: 80268
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-42587"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670643309.dop232.sk1.t,1670643309.cds201.sk1.hn,1670643309.cds214.sk1.c
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/navbar_left.png
91.218.65.6200 OK 21 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/navbar_left.png
IP 91.218.65.6:0
File type PNG image data, 544 x 41, 8-bit/color RGB, non-interlaced\012- data
Hash 96f86c5e5d9ef8d429a4608d06291bdb
16b796ec0250c14cfbd08df926eead0c028c0158
5812a60e42b9fd810e1d70aeb92ef6e4a18e62c3c26321c98847a77445243322
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/navbar_left.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 21250
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-5302"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/menu.png
91.218.65.6200 OK 16 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/menu.png
IP 91.218.65.6:0
File type PNG image data, 35 x 44, 8-bit/color RGB, non-interlaced\012- data
Hash ca6ae3afc19005e82a40107fc2cb0c2a
50d0ccb2b382580c29d813b2119fe19f138d62ad
5451c5093db2801baff748a7e9b283909c1527bf57b68997ebabe363bfc723e3
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/menu.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 15927
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-3e37"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/footer_left.png
91.218.65.6200 OK 16 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/footer_left.png
IP 91.218.65.6:0
File type PNG image data, 433 x 22, 8-bit/color RGB, non-interlaced\012- data
Hash 5fd5269b539f9681c0e620f7fde4c33a
3f0572a20430c6ab0073ebd42ba67be977e2b140
1e0e9ae43f66ce234a3a58a0177df426e53a0258521383f695306f9316f500c7
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/footer_left.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 15865
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-3df9"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/navbar_right.png
91.218.65.6200 OK 17 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/navbar_right.png
IP 91.218.65.6:0
File type PNG image data, 158 x 41, 8-bit/color RGB, non-interlaced\012- data
Hash e2891638e5150b86d8c3516e00a85d30
4c41543bb1910877f272bccb4beb26d3601ff1f8
02e8a72978e221c647617d1f685d3b64148be9af17de79a6b5480881796a726c
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/navbar_right.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 17108
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-42d4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/footer_mobile.png
91.218.65.6200 OK 3.3 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/footer_mobile.png
IP 91.218.65.6:0
File type PNG image data, 289 x 63, 8-bit/color RGB, non-interlaced\012- data
Hash d30925dc30b52a0028348d652f9f815e
c4189b67b184aac5fa9893422e3dd1e7b89dbc34
2632e34bbee9d1d553acd997d88ddfcc1b3e4abee4773461cca5fc9219c24bf9
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/footer_mobile.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 3307
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-ceb"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/hi.png
91.218.65.6200 OK 24 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/hi.png
IP 91.218.65.6:0
File type PNG image data, 363 x 111, 8-bit/color RGB, non-interlaced\012- data
Hash 4392f00e1da5e87e92ded00fc359841e
64a3e0def36a74b5a78f23033c8da1a20ad5fcce
83006a5570b882f9f96aee17a857cc841289ab5f50dbf9295ef338ebb6346ac7
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/hi.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 23456
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-5ba0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/footer_right.png
91.218.65.6200 OK 15 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/footer_right.png
IP 91.218.65.6:0
File type PNG image data, 206 x 14, 8-bit/color RGB, non-interlaced\012- data
Hash 9167bda1ce4f65532410288a4522b691
2200700345617d7c1a223e3c9a7a736500f33b40
dbf0e36666ea77a358df4eb443445c1748efe82ac15aba0f6db1773029e47639
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/footer_right.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 15157
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-3b35"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/alert.png
91.218.65.6200 OK 16 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/alert.png
IP 91.218.65.6:0
File type PNG image data, 29 x 37, 8-bit/color RGB, non-interlaced\012- data
Hash 7fa7a4c293fc2e8003ff6428e5a895f7
f5ca276d116b5fa6dbb76f5eef73c42c9062ad08
dac379e43ea0acff3f1086bda0f9a3566d33268a60240cd5e2f7b7cc12f95108
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/alert.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 15642
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-3d1a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/ppl.png
91.218.65.6200 OK 16 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/ppl.png
IP 91.218.65.6:0
File type PNG image data, 30 x 43, 8-bit/color RGB, non-interlaced\012- data
Hash c5ca8c4a501be85d67a46143b31ea287
2a26c69dd7fb5e87037b8add40af2295b56f59a5
c3ef1e965e9850cd326346f4dc50ecf19e3b4c17546c1662d0feab53e6048c98
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/ppl.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 15718
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-3d66"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/payForGood.png
91.218.65.6200 OK 3.0 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/payForGood.png
IP 91.218.65.6:0
File type PNG image data, 163 x 103, 8-bit/color RGB, non-interlaced\012- data
Hash 31ddd2af4926440e116bd21d29fbaca9
96b008c2fa4bf4bf7855b027097fb9163b9453f3
82896aab441fabdbec8ba90abc9f3ff6b2eaedbb51dbea775d2ef0537de548bd
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/payForGood.png HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/png
content-length: 3046
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-be6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/jquery.creditCardValidator.js
91.218.65.6200 OK 2.9 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/jquery.creditCardValidator.js
IP 91.218.65.6:0
Hash 8d7d75aeb867172e55c43b722ddd9f26
f0a83b2ebcb3e69acf198e0de321177fd47e6933
ef5dc59a65348420383d9ed9a38c517a25ad60c4ffc1697439320eb0545ea157
Analyzer Verdict Alert openphish PayPal Inc.
fortinet Phishing
GET /customer_center/user-889924/assets/jquery.creditCardValidator.js HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: W/"63939e5d-21b1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/validator.js
91.218.65.6200 OK 764 B URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/validator.js
IP 91.218.65.6:0
File type ASCII text, with CRLF line terminators
Hash c0486b3fff080162419518902d6eafe0
fa8603502e5fe6a0775fa3e9f5a0bddece87e27a
ecf7f07054696e35396e24ec7409b2bdfffbd97b51a39f81e5892c7e850ddafd
Analyzer Verdict Alert openphish PayPal Inc.
fortinet Phishing
GET /customer_center/user-889924/assets/validator.js HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: W/"63939e5d-664"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/PayPalSansBig-Regular.woff2
151.101.130.133200 OK 39 kB URL HTTP/2 www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/PayPalSansBig-Regular.woff2
IP 151.101.130.133:0
File type Web Open Font Format (Version 2), TrueType, length 39021, version 1.0\012- data
Hash d0a5bb7474c5ba21d9421664de706740
2b042c505ce2e2228f358a4185346071380e419a
2351bbc39303736cd3a670db10427adc13c256dd6b639f0545bfd104947d3427
GET /ui-web/paypal-sans-big/1-0-0/PayPalSansBig-Regular.woff2 HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sabrina-frause.de
Connection: keep-alive
Referer: https://sabrina-frause.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
etag: "60271d64-986d"
last-modified: Sat, 13 Feb 2021 00:29:24 GMT
paypal-debug-id: 6fff1bab5d46a
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000006fff1bab5d46a-e832fc1341ce9753-01
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 10 Dec 2022 03:35:09 GMT
x-served-by: cache-sjc10047-SJC, cache-bma1673-BMA
x-cache: HIT, HIT
x-cache-hits: 12791, 1
x-timer: S1670643309.182787,VS0,VE1
x-content-type-options: nosniff
access-control-allow-origin: *
content-type: application/font-woff2
strict-transport-security: max-age=31557600
content-length: 39021
X-Firefox-Spdy: h2
www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/PayPalSansBig-Medium.woff2
151.101.130.133200 OK 40 kB URL HTTP/2 www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/PayPalSansBig-Medium.woff2
IP 151.101.130.133:0
File type Web Open Font Format (Version 2), TrueType, length 39929, version 1.0\012- data
Hash a30bc5198198423c0d0e7d13dccb4a4c
8bd4e61ceaae9758ed8507a729af95a32a07ef70
707b984c5c13152e4eaff00bb6000a9e3050a0a086030d2a25525c8dd2bd536e
GET /ui-web/paypal-sans-big/1-0-0/PayPalSansBig-Medium.woff2 HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sabrina-frause.de
Connection: keep-alive
Referer: https://sabrina-frause.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public,max-age=3600
etag: "60271d64-9bf9"
last-modified: Sat, 13 Feb 2021 00:29:24 GMT
paypal-debug-id: 53e5f05930c47
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 10 Dec 2022 03:35:09 GMT
x-served-by: cache-sjc10063-SJC, cache-bma1673-BMA
x-cache: HIT, HIT
x-cache-hits: 9299, 1
x-timer: S1670643309.184889,VS0,VE1
x-content-type-options: nosniff
access-control-allow-origin: *
content-type: application/font-woff2
strict-transport-security: max-age=31557600
content-length: 39929
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 03:33:13 GMT
age: 116
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/pp_favicon_x.ico
91.218.65.6200 OK 5.4 kB URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/pp_favicon_x.ico
IP 91.218.65.6:0
File type MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel\012- data
Hash e1528b5176081f0ed963ec8397bc8fd3
ff60afd001e924511e9b6f12c57b6bf26821fc1e
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
Analyzer Verdict Alert openphish PayPal Inc.
fortinet Phishing
GET /customer_center/user-889924/assets/pp_favicon_x.ico HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: image/vnd.microsoft.icon
content-length: 5430
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: "63939e5d-1536"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3161
Cache-Control: max-age=109467
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 03:35:09 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:59:36 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.216.88.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.88.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Mh/iM06+6HqhGz2v7Kjl8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hcjNcFt+uBavUlVI4R9RiwVS5Dc=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9108
Expires: Sat, 10 Dec 2022 06:06:59 GMT
Date: Sat, 10 Dec 2022 03:35:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9108
Expires: Sat, 10 Dec 2022 06:06:59 GMT
Date: Sat, 10 Dec 2022 03:35:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15e70ae6d020b468c84816939a4329aa
be4d2e27d7d6041b17a4f3490126e4b73c68b8c1
188259d91d75505f7ee2253f80075b56174569b669ad17adbd88a06759a5f5aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5702
x-amzn-requestid: 0bd029d4-2c3b-4c62-ba67-4e28de3c0c6d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWF2woAMFq8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-34d8de9e4505e5d214083b44;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: D-fEO-tBlvb1MMkHZSTJahhy4g1M5EPn_EyqRxbEbpG54dH2fgZ9gg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:47:58 GMT
age: 20833
etag: "be4d2e27d7d6041b17a4f3490126e4b73c68b8c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c3a6c54-dd12-46c8-8acb-7c425ab40af5.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c3a6c54-dd12-46c8-8acb-7c425ab40af5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 052b61a3bd1c839e1f5ce37834cad817
1fbbf8fb328a1406904d6346004e2c89c6ba2419
96dcb266eaec98f6305071598df3b49ca93234e0e8b1c8c9801a1a99d7f5c817
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c3a6c54-dd12-46c8-8acb-7c425ab40af5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7811
x-amzn-requestid: dc97f86e-a29c-4139-887a-e775a0327280
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eK4EH_oAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa45-3a38086160ac180b3f8cf5d8;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TM_0Q_GmJDuXth6JpRvm_JAZXwT-xFZEjzuMeIzfzBu1J5jQ_Tng9A==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:15:38 GMT
etag: "1fbbf8fb328a1406904d6346004e2c89c6ba2419"
content-type: image/jpeg
age: 19173
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8caef8f-937f-4132-9440-daa516389582.png
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8caef8f-937f-4132-9440-daa516389582.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a0cb823bf2991a7047962ee388f00dc0
4a0377cd21b6ab69f7e45392a547c9846e607464
86e8e629ffd2efe7c4c86a7e140412dae81a35376cb7f03ee511c6e1d023c788
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8caef8f-937f-4132-9440-daa516389582.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9948
x-amzn-requestid: 0b1400a6-7791-468f-a1d5-b46836e7b164
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMEGNZoAMF7ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4d-124f9a6f03db01a67784657f;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oTKfu5W6CwOWjb8xOm9ZTu_X_w4JXU7uz4BstlwXZ9k8strPr9H4vg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:53:22 GMT
age: 20509
etag: "4a0377cd21b6ab69f7e45392a547c9846e607464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 73316
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a81548132f6f176f60e4fc278114ff84
3f330d6c27242cc3d65b975ab4a1c39b08fb69de
82095572be60a13b933293fa38a956e366a854becc5532dfccbf5893366ab702
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7535
x-amzn-requestid: 9c904976-42b9-40c9-aefa-201f0f84358f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMUHw7IAMFSng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-3a601e621f9f31c7509f4e52;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXI46ZBJB6-LoLmfPuwmnQV9lamFDrpOdrgRXopTz7fGgwDYYGmT9A==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:53:07 GMT
age: 20524
etag: "3f330d6c27242cc3d65b975ab4a1c39b08fb69de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3481e34b-ab9e-46b1-acd8-f9e532860477.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3481e34b-ab9e-46b1-acd8-f9e532860477.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3acf5a494a6bb8b26858974ede70a33
4bccc3032f7427d881a49250e576c05dd7d5614f
786db0da1198986aeba9aa420a7c89b5b27a09bc48c3806769342159f116705d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3481e34b-ab9e-46b1-acd8-f9e532860477.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12047
x-amzn-requestid: 87cb3342-c784-4ea1-a96e-d1e581a86bea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czqP1Fd0IAMFdww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63915731-178eb2960448312e146f5bd4;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 03:17:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BjbkkmxxwK9xut7yloGC9fRwhMLQRtfcU1JWiyqAUfMNk-WPQab1Cg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:03:10 GMT
age: 19921
etag: "4bccc3032f7427d881a49250e576c05dd7d5614f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/bulma.min.css
91.218.65.6200 OK 0 B URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/bulma.min.css
IP 91.218.65.6:0
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/bulma.min.css HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: text/css
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: W/"63939e5d-26c34"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/style.css
91.218.65.6200 OK 0 B URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/style.css
IP 91.218.65.6:0
Analyzer Verdict Alert openphish PayPal Inc.
GET /customer_center/user-889924/assets/style.css HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: text/css
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: W/"63939e5d-3c22"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
sabrina-frause.de/customer_center/user-889924/assets/Xwanted.js
91.218.65.6200 OK 0 B URL HTTP/2 sabrina-frause.de/customer_center/user-889924/assets/Xwanted.js
IP 91.218.65.6:0
Analyzer Verdict Alert openphish PayPal Inc.
fortinet Phishing
GET /customer_center/user-889924/assets/Xwanted.js HTTP/1.1
Host: sabrina-frause.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sabrina-frause.de/customer_center/user-889924/payment.php
Cookie: PHPSESSID=onn26kqng7qtr00qtb7qtfrov9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:09 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 20:45:17 GMT
etag: W/"63939e5d-ba3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2