bilet365.de/
301 Moved Permanently 162 B IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 00:43:04 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://bilet365.de/
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5163
Expires: Fri, 23 Sep 2022 02:09:07 GMT
Date: Fri, 23 Sep 2022 00:43:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 00:14:06 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -5HKwRvpctAmck-EUXIbPMCQ0-aSBIqFml_W89DmkGEltRp9lc3lkg==
Age: 1738
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 22 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iDnYLlSSF5G_izMfYb2DHWdpNmjVTmxGwKCJFKkWhZFgWYoGeKMsDA==
age: 72470
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 419b2c39f2b10a56020ce18771b5ee84
41468c3b2397b5e3e6826071f5fbe404c07d7073
2b515692886ffbf8276617380c7d7b59a098c75e40f54ad15dc15023395fb9d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B515692886FFBF8276617380C7D7B59A098C75E40F54AD15DC15023395FB9D0"
Last-Modified: Thu, 22 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 23 Sep 2022 06:43:04 GMT
Date: Fri, 23 Sep 2022 00:43:04 GMT
Connection: keep-alive
bilet365.de/
200 OK 7.1 kB IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
Hash af47fe5e6879cc48a858d5d0d21cfc31
9ecf07cff027c06b7a934c8e4c241cdc38c1dd74
728ce2eafc257ef49a2b6b0c54dfb5f7216e0774e508eb7a38eb0108d44f1c86
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/html; charset=UTF-8
content-length: 7090
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: deniz, PleskLin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 75a6c13f18620214e5e013385d752044
174c34759a1e50884846a2505f0be16c285d75cc
fe6fcbbe324ceefc1e833208faedaeae6934b34f868690e5ad4676b02c0b3bf0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 00:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
200 OK 556 B URL HTTP/2 www.google.com/recaptcha/api.js
IP
File type ASCII text, with very long lines (850), with no line terminators
Hash 27b68162c75bebb4dacf518c46e974d5
99abc7e3e02891bec5de3dda3cb18a6f865f82bc
93415a1ed398b656767f092c53ca274ad9ae9c8cb0672831fa3c4ab275f994d1
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 23 Sep 2022 00:43:04 GMT
date: Fri, 23 Sep 2022 00:43:04 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f4589cef50f0426b60bf56a1fadb93a5
7db92337dc8c6161e31f89f49db18c4cd22b871f
db8b6e5f5a4e43b9e8e835e9434f0f94ead7965c04dc4641dad639ac778d8215
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 00:43:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bilet365.de/css/font-awesome.css
200 OK 25 kB URL HTTP/2 bilet365.de/css/font-awesome.css
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (305)
Hash 63fd3e73cfc124eaf652bb6fda44097d
7635698011dfbc72836262076f235811161ca004
f5b49529ed3d6c1dbc8bf1b8d05afba725cc9cc723b26df2c2b529b36515f2d2
GET /css/font-awesome.css HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/css
content-length: 25202
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-6272"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/css/icomoon.css
200 OK 11 kB URL HTTP/2 bilet365.de/css/icomoon.css
IP
ASN #24940 Hetzner Online GmbH
File type troff or preprocessor input, ASCII text, with very long lines (321)
Hash d72a01a75b66ec69b3dc87201b7e70c0
fc3a60381170f6c4e90e095cfdc61451a126a92e
cdbb3a64f7fd7b606f09deb055a964a52810931b38c4d356be1d193b9153ffb3
GET /css/icomoon.css HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/css
content-length: 10871
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-2a77"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/css/mystyles.css
200 OK 4.9 kB URL HTTP/2 bilet365.de/css/mystyles.css
IP
ASN #24940 Hetzner Online GmbH
Hash 8e99522ec145a2091596728d03db9f1a
084be2c49664294cf6249651af06c3e9ffe9d3da
2059ce261ff51395e93e666e1f649585dd030a17dc45573e79bc00092a4bc6db
GET /css/mystyles.css HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/css
content-length: 4855
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-12f7"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 00:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 00:13:10 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9n4KI7Pm-I56US2Pl-VMzS5yAIACJLgJ2pnb1SPnebYPW2A20nQO9A==
Age: 2382
bilet365.de/css/schemes/scarlet.css
200 OK 23 kB URL HTTP/2 bilet365.de/css/schemes/scarlet.css
IP
ASN #24940 Hetzner Online GmbH
File type CSV text\012- assembler source, ASCII text
Hash 6cff39a7241fe05bf39d979b8a38b562
c5a4ea893d2910b12a8bea2c626149649fa2c7c2
8a40c2a471bdb2cdbedf8db753943d866db31ad39cb885eb28708bb3a2701d37
GET /css/schemes/scarlet.css HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/css
content-length: 22652
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-587c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/css/bootstrap.css
200 OK 111 kB URL HTTP/2 bilet365.de/css/bootstrap.css
IP
ASN #24940 Hetzner Online GmbH
File type assembler source, ASCII text, with very long lines (540)
Size 111 kB (110637 bytes)
Hash d88575e8dc25d75487140aacb342b329
e510f8071aad24ec82604ad3d80fea3eb1e6b445
68f2ac2226e08110480533b35a4b26a4e9d1b35425bf00ad751009a105a7870e
GET /css/bootstrap.css HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/css
content-length: 110637
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-1b02d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/slimmenu.js
200 OK 5.5 kB URL HTTP/2 bilet365.de/js/slimmenu.js
IP
ASN #24940 Hetzner Online GmbH
Hash 9b18ee74214e863835f1f1a042f43184
1f95d2667038aa883ff2abc83bd44cf6a757849e
5a53ff437ecbe37b9d04ddf2ba68a684c94a63aefdd1563de508a7e9dd261370
Analyzer Verdict Alert fortinet Phishing
GET /js/slimmenu.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 5539
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-15a3"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/jquery.weatherflat.js
200 OK 6.9 kB URL HTTP/2 bilet365.de/js/jquery.weatherflat.js
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (593)
Hash f8c5896cf2038dfa747faf07348ead26
2db0c2f199ca59437732e3bb61f2b352ed5b080a
e26157e414b287c994899564e45f10dfbf07afba41bc026c4b2c0290b006ff7c
Analyzer Verdict Alert fortinet Phishing
GET /js/jquery.weatherflat.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 6907
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-1afb"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/bootstrap.js
200 OK 55 kB URL HTTP/2 bilet365.de/js/bootstrap.js
IP
ASN #24940 Hetzner Online GmbH
Hash 29724242aec89eedf25322ce0a3de85d
ad908c44f33e31904135058382addbf2fcf9ecb6
8cae902fe1f03cf6a0ee86e31e88dafe959bf5c60e74ceec887c67de603bd3f9
Analyzer Verdict Alert fortinet Phishing
GET /js/bootstrap.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 54989
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-d6cd"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/css/styles.css
200 OK 280 kB URL HTTP/2 bilet365.de/css/styles.css
IP
ASN #24940 Hetzner Online GmbH
File type assembler source, ASCII text
Size 280 kB (279795 bytes)
Hash 6e9a7d639b8ad07c13f1a2f959beb1cf
7684f43341aa6cf29dcdeec45929bd1be0a416f4
69b1085e270b29f28813a22e1da1fab4ff60cbacb11bcee6cc6ad891a423e6a8
GET /css/styles.css HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/css
content-length: 279795
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-444f3"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/css/weather.css
200 OK 2.3 kB URL HTTP/2 bilet365.de/css/weather.css
IP
ASN #24940 Hetzner Online GmbH
Hash be8520437ca0e606e7193d7c073d13bd
1454ac5883cf9489a9441865a6d6493f0f82bf41
afbbbc2cfd906b816a1a980d8c2f1b3e80ed37994af8099d0e93f11233f08be0
GET /css/weather.css HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/css/mystyles.css
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: text/css
content-length: 2275
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-8e3"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/bootstrap-timepicker.js
200 OK 40 kB URL HTTP/2 bilet365.de/js/bootstrap-timepicker.js
IP
ASN #24940 Hetzner Online GmbH
Hash 10dbce8a4f440687bba0649be1d5abef
bb6768f49781691c33fe67288598e75c0454a6c3
2c3555ea8345be5be508c8c803ad9da8e91d30a4940cfa3aa847251f8c7ab4b0
Analyzer Verdict Alert fortinet Phishing
GET /js/bootstrap-timepicker.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 39580
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-9a9c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/icheck.js
200 OK 17 kB IP
ASN #24940 Hetzner Online GmbH
Hash 45ee9538d3f50cbe3e4660c133e65db7
ff256df9d4e2988046cbf30229efdda096c74a35
597a241707eacbd553260b2e8bf10afdb6c74356aa2b8d154c64da072b5ac56e
Analyzer Verdict Alert fortinet Phishing
GET /js/icheck.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 17445
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-4425"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/typeahead.js
200 OK 51 kB URL HTTP/2 bilet365.de/js/typeahead.js
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (553)
Hash e81a79a7c2f05791d55f79a626332c44
a44e5496d71abf30e6febdbe04719aa200bdc0ce
993201a45e529f5eb269e04b9248f4495faa5ac213902ea575ff96a46f9c0b50
Analyzer Verdict Alert fortinet Phishing
GET /js/typeahead.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 51261
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-c83d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/owl-carousel.js
200 OK 53 kB URL HTTP/2 bilet365.de/js/owl-carousel.js
IP
ASN #24940 Hetzner Online GmbH
Hash cc4b902aff93502714963fac8c1d2356
16d400adf747f95bf7ff2a716bbc7fcb050da9ee
f8e79da5ad632bf87cfc4e9110e333ff6e8745c165dd93d2d6bacd3a1f170def
Analyzer Verdict Alert fortinet Phishing
GET /js/owl-carousel.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 52859
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-ce7b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/fitvids.js
200 OK 3.2 kB URL HTTP/2 bilet365.de/js/fitvids.js
IP
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash 2c30eb5d785f3a923b2549a3d89ad077
f5fbf83b0723ae789ff39a72f2ea1647597b33a4
8fd25f8158b0deceb583fd4a5cf7d1ea5783852c90bef1341c05bf0b4896035b
Analyzer Verdict Alert fortinet Phishing
GET /js/fitvids.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 3169
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-c61"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/custom.js
200 OK 23 kB IP
ASN #24940 Hetzner Online GmbH
Hash 8c3b2012cff799c2d12c65e40913f2f2
54386035b2f0eff2a45969d193b56a3c27c4d8a6
737e11ca8519cc68079cfd50c27996e469bcc87110526a0146fd871929db7229
Analyzer Verdict Alert fortinet Phishing
GET /js/custom.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 22876
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-595c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/bootstrap-datepicker.js
200 OK 66 kB URL HTTP/2 bilet365.de/js/bootstrap-datepicker.js
IP
ASN #24940 Hetzner Online GmbH
Hash 57c6e8e7e1fdcb75f509ba4292a140c9
63d3be079d3931a79efc659fe81de4fde8263b5b
b82ad29ea6f28bb13e639aa12f3e0e9613a417fe452ab0f4d7c8e67e30ac6ea9
Analyzer Verdict Alert fortinet Phishing
GET /js/bootstrap-datepicker.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 65655
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-10077"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/bootstrap-validation.js
200 OK 111 kB URL HTTP/2 bilet365.de/js/bootstrap-validation.js
IP
ASN #24940 Hetzner Online GmbH
File type exported SGML document, ASCII text, with very long lines (33667), with CRLF line terminators
Size 111 kB (110947 bytes)
Hash bb99b3180f88f3670522603d957db516
d280086b1d7c9af0e8675d90e018bd91ac0db82b
500e7bcad11c48c93b147f9bb8f9c710319e171d50957b5db6acba9fe42f0a1a
Analyzer Verdict Alert fortinet Phishing
GET /js/bootstrap-validation.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 110947
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-1b163"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/img/logo3.png
200 OK 27 kB URL HTTP/2 bilet365.de/img/logo3.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 257 x 57, 8-bit/color RGBA, non-interlaced\012- data
Hash f3e6b56a77f8d7a235ea8fe8748aba19
9fb1f40e50978ed5f10e5109c3e367f6dea9246f
c2d88aec40c07f7c5932ae3d45755793ade93aa7ae451d3c53b60af1ecc8d976
GET /img/logo3.png HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: image/png
content-length: 26620
last-modified: Wed, 15 Nov 2017 22:41:01 GMT
etag: "5a0cc27d-67fc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/img/ERV_Logo.gif
200 OK 5.1 kB URL HTTP/2 bilet365.de/img/ERV_Logo.gif
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 369 x 170\012- data
Hash 8c7bb2bbef954f204603434176b64282
0a2806f96a87b1eafc54d763cfe0ecafa6b71d60
f98cc246bed01b69035ffe789c81d19af4f2846401d07d25597f5ae753fddf0e
GET /img/ERV_Logo.gif HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: image/gif
content-length: 5118
last-modified: Sun, 03 Sep 2017 09:28:02 GMT
etag: "59abcb22-13fe"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/img/standard_ani.gif
200 OK 5.6 kB URL HTTP/2 bilet365.de/img/standard_ani.gif
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 230 x 60\012- data
Hash 84a00cff430841f265743de312e14396
792756d49d58b341c548907129f8a58f52db82ac
c5c1d1e1fed475dd557c45b0b1496a861493028491a961665360207e985820f6
GET /img/standard_ani.gif HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: image/gif
content-length: 5576
last-modified: Sun, 03 Sep 2017 09:27:44 GMT
etag: "59abcb10-15c8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/img/logo-invert.png
200 OK 6.0 kB URL HTTP/2 bilet365.de/img/logo-invert.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 180 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash ea0e80f21fff67e1253526aff4c84ced
49e9561a62c6981066cc1fdbbc6070f71b791e1e
b52f2e9c27f48d162ec08b175142302d253a0cee38fe19fbfc45ef066eee6585
GET /img/logo-invert.png HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: image/png
content-length: 5995
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-176b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/js/nicescroll.js
200 OK 146 kB URL HTTP/2 bilet365.de/js/nicescroll.js
IP
ASN #24940 Hetzner Online GmbH
Size 146 kB (145959 bytes)
Hash cafbf2b87e571f51a6747dfd51fffc81
c6cf67a20938187ab85179b269dd21f6a629c7ed
03b4e44c9b96d41dfa48f5ad8c4824e9ebcae00afa891357c64c8e7ab61b0cf7
Analyzer Verdict Alert fortinet Phishing
GET /js/nicescroll.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 145959
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-23a27"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/online.jpg
200 OK 389 kB IP
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=19, manufacturer=Canon, model=Canon EOS 5D Mark III, xresolution=270, yresolution=278, resolutionunit=2, software=Paint.NET v3.5.10, datetime=2014:12:10 17:28:32], baseline, precision 8, 2398x1172, components 3\012- data
Size 389 kB (389267 bytes)
Hash e851305b20894a94d3afda0bc38d04bf
1132eda926c7bdce5c963a433848fcdd03e70d37
5723c262c7e85841ced80d5826beb768c401f9d97e8e0cfef882bd9c9f031e2b
GET /online.jpg HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:05 GMT
content-type: image/jpeg
content-length: 389267
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-5f093"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
bilet365.de/fonts/fontawesome-webfont.woff?v=4.0.3
200 OK 84 kB URL HTTP/2 bilet365.de/fonts/fontawesome-webfont.woff?v=4.0.3
IP
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format, TrueType, length 83760, version 1.0\012- data
Hash fdf491ce5ff5b2da02708cd0e9864719
7f2f3c55c2de192387c351b995115f6b79e09173
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
Analyzer Verdict Alert fortinet Phishing
GET /fonts/fontawesome-webfont.woff?v=4.0.3 HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bilet365.de/css/font-awesome.css
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:05 GMT
content-type: application/font-woff
content-length: 83760
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-14730"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 86624f45fb3b7126dbe002f69c94dd86
30bcf274db5037122f989fb25dbf1e72c9ec417b
2cc9600578cf057dc499835773fb495caa60ac154c4945f0fc1f2b31d43f5502
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2123
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 00:43:05 GMT
Last-Modified: Fri, 23 Sep 2022 00:07:42 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 088fd54c49c3761d7537bd8ceadf8af4
c450a99446fadeaa81f2426367b7d200d11ef67d
9e171b74ae7c3f96a03cf14f423b05ab0ad7329844061b9200d81f6bc381a561
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3714
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 00:43:05 GMT
Last-Modified: Thu, 22 Sep 2022 23:41:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edd6c63988b69a64a51433c3fd91b0ba
a0a41a5403a2c397d70cfa267c1d6407250df043
c9b1efff4ebf41ad54d3137ee7a93b688c66765df99e387ae730b39abe2f115f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 00:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/de_DE/sdk.js
200 OK 1.7 kB URL HTTP/2 connect.facebook.net/de_DE/sdk.js
IP
File type ASCII text, with very long lines (1961)
Hash cce9125f436444a6bb200d4ac629a578
9e5185a1022eb50e6b64451d5bbccbe653130252
1984142249c9d67b0ba4f6ef9351d3da526188cf399aa2c7c619d124681ab70d
GET /de_DE/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 451c9b2553a87df4299f6fda6d367ac0
etag: "f41e7302ea10f7e3baafcef161ce44ea"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 23 Sep 2022 01:01:33 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: zOkSX0NkRKa7IA1KximleA==
x-fb-debug: yI6WM8GevOULloRbsOt1ALsY5WPNA4CZRNKjqvZ40qKGeoHZatDi3BlqARz5KV0nT+e6hKXbw8ax2nVGW9RU9A==
content-length: 1685
x-fb-trip-id: 1679558926
date: Fri, 23 Sep 2022 00:43:05 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KAMeYp3IBJ8GXZHXAq5U8Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 86dSPKOOKJqpAiIFy7E6OQYLUns=
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
IP
File type ASCII text, with very long lines (581)
Size 158 kB (157726 bytes)
Hash 6519c7c04cf32a57b1c5ee45a73c233e
4939bb921988e9eb13780cc2244f3099776e9bfb
8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b
GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bilet365.de
Connection: keep-alive
Referer: https://bilet365.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 05:37:29 GMT
expires: Thu, 21 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
age: 155136
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 088fd54c49c3761d7537bd8ceadf8af4
c450a99446fadeaa81f2426367b7d200d11ef67d
9e171b74ae7c3f96a03cf14f423b05ab0ad7329844061b9200d81f6bc381a561
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3714
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 00:43:05 GMT
Last-Modified: Thu, 22 Sep 2022 23:41:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash edd6c63988b69a64a51433c3fd91b0ba
a0a41a5403a2c397d70cfa267c1d6407250df043
c9b1efff4ebf41ad54d3137ee7a93b688c66765df99e387ae730b39abe2f115f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 00:43:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.bilet365.de/favicon.ico
200 OK 621 B URL HTTP/2 www.bilet365.de/favicon.ico
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash ed8976814a93d38e67bf45738832b454
3919f3b4cf4c8a5e04b955ccc6581c57bb0c7328
0916761d944590e5c8b810b422fe7498925a5be710e4e08cabde43943a963c6c
GET /favicon.ico HTTP/1.1
Host: www.bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:05 GMT
content-type: image/vnd.microsoft.icon
content-length: 621
x-accel-version: 0.01
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "26d-553944c566d5d"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
connect.facebook.net/de_DE/sdk.js?hash=2f14c4e9df006a6bd1ce0af08fee4137
200 OK 89 kB URL HTTP/2 connect.facebook.net/de_DE/sdk.js?hash=2f14c4e9df006a6bd1ce0af08fee4137
IP
File type ASCII text, with very long lines (18598)
Hash 94ec9b5830b9a803f20fe71167555988
aba1f14c06c02385436cfc0edacdd6f5d1641ea5
373898f8654c88b6ec8321fd2cedf89d414a76090c30fef359677d1def0bee8c
GET /de_DE/sdk.js?hash=2f14c4e9df006a6bd1ce0af08fee4137 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bilet365.de
Connection: keep-alive
Referer: https://bilet365.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6a332789d234534dad26db104b8c6019
etag: "c9917a5b6fb4d65fa9e426535c39c86b"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 22 Sep 2023 20:33:45 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: lOybWDC5qAPyD+cRZ1VZiA==
x-fb-debug: cMIgJoPRD9iYkZoyixFP1xG318VkhzewC0ueWlzJX6Xp7CO7WSabTD1vl1kWKv+hpUw5IS5F3kk6mhFplW+A0w==
content-length: 88868
x-fb-trip-id: 1679558926
date: Fri, 23 Sep 2022 00:43:05 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/v2.9/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df156d6dddd567be%26domain%3Dbilet365.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbilet365.de%252Ffd0ddb32c382be%26relation%3Dparent.parent&container_width=195&href=https%3A%2F%2Fwww.facebook.com%2Fbilet365.de%2F&layout=box_count&locale=de_DE&sdk=joey&share=true&show_faces=false&size=large
200 OK 0 B URL HTTP/2 www.facebook.com/v2.9/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df156d6dddd567be%26domain%3Dbilet365.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbilet365.de%252Ffd0ddb32c382be%26relation%3Dparent.parent&container_width=195&href=https%3A%2F%2Fwww.facebook.com%2Fbilet365.de%2F&layout=box_count&locale=de_DE&sdk=joey&share=true&show_faces=false&size=large
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2.9/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df156d6dddd567be%26domain%3Dbilet365.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbilet365.de%252Ffd0ddb32c382be%26relation%3Dparent.parent&container_width=195&href=https%3A%2F%2Fwww.facebook.com%2Fbilet365.de%2F&layout=box_count&locale=de_DE&sdk=joey&share=true&show_faces=false&size=large HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: Lzaqt+Kggz7FYeDVLOw/oZz5qFVMCq8oSpWV9YDj/3+R2NB0dZWBut2CBjosgQcShwNseItyaOYXUBKCtywarg==
content-length: 0
date: Fri, 23 Sep 2022 00:43:05 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Fri, 23 Sep 2022 03:39:24 GMT
Date: Fri, 23 Sep 2022 00:43:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Fri, 23 Sep 2022 03:39:24 GMT
Date: Fri, 23 Sep 2022 00:43:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Fri, 23 Sep 2022 03:39:24 GMT
Date: Fri, 23 Sep 2022 00:43:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Fri, 23 Sep 2022 03:39:24 GMT
Date: Fri, 23 Sep 2022 00:43:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10578
Expires: Fri, 23 Sep 2022 03:39:24 GMT
Date: Fri, 23 Sep 2022 00:43:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KKYAef15NoI3It5UfVcqhPx50Fr6IK7O2VFasuAILVN9PP8CH1_7Ng==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:58:25 GMT
age: 9881
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b936e90-90ba-49d6-946e-b7cd524d23f9.jpeg
200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b936e90-90ba-49d6-946e-b7cd524d23f9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6243782119c18721ebfb39448a079e32
6131afd540498e8ead1b9937bc953fadbdb164f9
9f70c0b851ea5039eee2edf8d37f447946e2d2783d6ce257c0ccbcf9f262d289
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b936e90-90ba-49d6-946e-b7cd524d23f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7180
x-amzn-requestid: c08a48fa-b734-4ac7-aa76-a1225135b792
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YsS2qHbcIAMFgEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6327fe90-4a5915de1b0da7a07efddf86;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 05:30:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vR0dXVmBUtMyvJBEYJmsekEBRZ0DS4hJQN6JDhTyP6HGf3LsYHN9WQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 09:08:11 GMT
age: 56095
etag: "6131afd540498e8ead1b9937bc953fadbdb164f9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56968ed0-3207-4af0-8229-5f3698c6c55f.jpeg
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56968ed0-3207-4af0-8229-5f3698c6c55f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 61059307f07edc4e2ba9d07a258bca43
370d166426ad83fc04ccb6e300238d8cb6ab644a
55ec802097ab49f275686e99844ff4a3b554c8998213bb9c3f0380709297c55b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56968ed0-3207-4af0-8229-5f3698c6c55f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5936
x-amzn-requestid: 39e79389-c158-4427-aae0-b1d0dc1d0377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VowElZoAMF2Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfd1-2da28eb66f876af76158b090;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -DSp0__jaBzizsfagTtIpwhkPqkvjS1L6T17J0OS5W0QhZww03ywpw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:42:39 GMT
age: 7227
etag: "370d166426ad83fc04ccb6e300238d8cb6ab644a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62dd28d6-72d9-4f9c-8eb7-cc97b6279d6b.jpeg
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62dd28d6-72d9-4f9c-8eb7-cc97b6279d6b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3056431736af42cc145a77dbc77c45a7
977068c1cfdf8dfb64cbe8fb8d917ebc8e3e970e
d299e38c678f4c4548cd2e7cf7ff1b07910b316bfc8b13c492b4fbee0a66b079
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62dd28d6-72d9-4f9c-8eb7-cc97b6279d6b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9892
x-amzn-requestid: c492a572-0b9e-4176-91e9-a11fedf8c06e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8OE7nIAMFwQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0d6e804d4368880535f6c115;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Te1oX4iUxYNB19Uuk39k9DrhHiCVSwnNSpdYQDK_N5AYtXqJIe-ggg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 04:26:52 GMT
age: 72974
etag: "977068c1cfdf8dfb64cbe8fb8d917ebc8e3e970e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 2ff2c324-51c5-484d-b049-3eacbdc1024a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8THHdoAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0f4da4ba2a84679b3fd297fc;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6uqNnpll2kgC_0_t5e9yp0AgFAvprQq_GF_jgwj2sX2TE9S1l023Aw==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 05:29:48 GMT
age: 69198
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bilet365.de/js/jquery.js
200 OK 8.5 kB IP
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7606ff88f05062b66970d9805f38987a
d47db5fcd83023b4a8de40a47d4510e183de387a
20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2
Analyzer Verdict Alert fortinet Phishing
GET /js/jquery.js HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: application/javascript
content-length: 155256
last-modified: Wed, 05 Jul 2017 16:14:44 GMT
etag: "595d1074-25e78"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8822718-7784-42f7-9be3-17d81593a755.jpeg
200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8822718-7784-42f7-9be3-17d81593a755.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b577444b5b0cf15747fe28a9d7f22d53
e6097275af3204124c48aa0d876eba0d18b26e7e
0f57e130b23b87fa4e1f9c2a2beff54f1ca73d87a244442558209e378befef11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8822718-7784-42f7-9be3-17d81593a755.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4999
x-amzn-requestid: 6f7b073e-f199-4bfa-8f9c-6688dbfba15a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn7p7GyRIAMF1EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263fd8-566d8b3c1c25e3fa36259812;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:44:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 67IkCpdOLJbKDPzgrIgyWV4axpopLuln041fPgEQKn0Zc2dvdDHnkA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:54:39 GMT
age: 6514
etag: "e6097275af3204124c48aa0d876eba0d18b26e7e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bilet365.de/get_captcha_Hotel.php
200 OK 0 B URL HTTP/2 bilet365.de/get_captcha_Hotel.php
IP
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /get_captcha_Hotel.php HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: image/png
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: PHP/7.3.20, PleskLin
X-Firefox-Spdy: h2
bilet365.de/get_captcha_MW.php
200 OK 0 B URL HTTP/2 bilet365.de/get_captcha_MW.php
IP
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /get_captcha_MW.php HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: image/png
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: PHP/7.3.20, PleskLin
X-Firefox-Spdy: h2
bilet365.de/get_captcha.php
200 OK 0 B URL HTTP/2 bilet365.de/get_captcha.php
IP
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /get_captcha.php HTTP/1.1
Host: bilet365.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bilet365.de/
Cookie: PHPSESSID=i3hdn96pc2ogm84a0mdt25eitp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 00:43:04 GMT
content-type: image/png
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: PHP/7.3.20, PleskLin
X-Firefox-Spdy: h2
136.243.20.96
23.36.77.32
157.240.200.14
100.20.30.105
93.184.220.29
0.0.0.0