firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 17 Sep 2022 09:11:16 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zZJnMuIkGtU8uAHECwpWP_u-tDvliGiykCKIAB1gU0yVmx_-vwrZhw==
Age: 909
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b0d651d83075c7a68e3c6a9204226150
294785e3f3a67cdd5f1a530b83a2cbd2c2cc0665
17cbb43fd6662576ba3fe8e06cf44247c903c1313cc419053599c41e286a2442
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17CBB43FD6662576BA3FE8E06CF44247C903C1313CC419053599C41E286A2442"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6014
Expires: Sat, 17 Sep 2022 11:06:39 GMT
Date: Sat, 17 Sep 2022 09:26:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 17 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 677Hpq16l6N1hRwQOd7tBv8BfEN-cw1nGnz0UR4PRejkiUhqRBh0Hw==
age: 21343
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6c10c61b0c23205bc5fd217193bb17f
f5e642d47d74dce8adc4b768ff53efa29f4b674b
31fdbf8ed16d475cf4e1af29a0fb6f8b833c05f83c4fd4817073d3838dbdae20
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31FDBF8ED16D475CF4E1AF29A0FB6F8B833C05F83C4FD4817073D3838DBDAE20"
Last-Modified: Fri, 16 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 17 Sep 2022 15:26:26 GMT
Date: Sat, 17 Sep 2022 09:26:26 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/
109.71.253.24200 OK 14 kB URL HTTP/2 web8624.web07.bero-webspace.de/
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19277)
Hash d8de4ccc7b160f5732ea6062e7ead1c4
d995a2bde96ad2194587c9ab2e0ad0637dfe10f3
71505fa6541a570677087111efb1ce793960ae65efba3b46bc8bcd36de7761c6
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET / HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/html; charset=UTF-8
content-length: 13966
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.30, PleskLin
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/saved_resource
109.71.253.24200 OK 8.0 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/saved_resource
IP 109.71.253.24:0
File type ASCII text, with very long lines (662)
Hash 43e4cd4d0d896cc2c4c1b724ce008764
b6df31b85bd329a6f026c41795c2ac83ad9dab87
91dd5858585bcafd085ed3c7dbe9f3eb2329dc380b8a58caf174036c7a204349
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/saved_resource HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/octet-stream
content-length: 7969
last-modified: Wed, 06 Jul 2022 14:38:24 GMT
etag: "62c59e60-1f21"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/sca-login
109.71.253.24200 OK 32 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/sca-login
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (12078), with CRLF, LF line terminators
Hash 7cf341175a491faa97107abcdbbb6eb1
3e4c3598dc9d26faf7b6946851bf480d2c96f00b
ad7211417c487fff828204d17b260de32dbfecb1f34ec4cefec332174f912aed
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/sca-login HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/octet-stream
content-length: 31550
last-modified: Wed, 06 Jul 2022 14:38:22 GMT
etag: "62c59e5e-7b3e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/plx.check.js
109.71.253.24200 OK 209 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/plx.check.js
IP 109.71.253.24:0
Hash 65a7d1a66a5b6f665f49900274e318e8
ed2a23b7c7bd5ec1e42127e381cd5089b88bc2a7
61b441852598829f84cc6605312cf152c2b5f74c05721f0e689daac188a4b929
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/plx.check.js HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/javascript
content-length: 209
x-accel-version: 0.01
last-modified: Wed, 06 Jul 2022 23:25:54 GMT
etag: "195-5e32b4a590480-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5d12cc59489773babbc650161772d674
6fa23d626e8a64d98e59984567cd4dc42c648833
f43eae2b85acffc988fbc2c97e18ae1c013217db2cbe24df14dd3b8c35d0ff27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 09:26:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
web8624.web07.bero-webspace.de/sca/zero.png
109.71.253.24200 OK 68 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/zero.png
IP 109.71.253.24:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
Analyzer Verdict Alert openphish International Card Services B.V
GET /sca/zero.png HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: image/png
content-length: 68
x-accel-version: 0.01
last-modified: Wed, 06 Jul 2022 14:38:46 GMT
etag: "44-5e323ed2c0980"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/proxyid.js.download
109.71.253.24200 OK 220 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/proxyid.js.download
IP 109.71.253.24:0
Hash cf3fdcb6394ca0e8e3572fb475e9e6a1
cb675d9ac518343f4875920256f1c624712bdf2e
fcd6504c3c6c1d1f3a2eea7953420cff9ab77162edded72d2e27c391f5d46f69
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/proxyid.js.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/javascript
content-length: 220
x-accel-version: 0.01
last-modified: Wed, 06 Jul 2022 14:38:34 GMT
etag: "f2-5e323ec74ee80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-MHW4QGN&l=global_layer
142.250.74.72200 OK 116 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MHW4QGN&l=global_layer
IP 142.250.74.72:0
File type Unicode text, UTF-8 text, with very long lines (64384)
Size 116 kB (116316 bytes)
Hash 9a969f04e1a0e4ad083123e921046a08
b1489c15d02d8b1f73e1fba92eabeee6d82400e3
ffe13e22a8c15901ce30f547eb11b72a2fcf28bcc2b71a94a71b21c40017014c
GET /gtm.js?id=GTM-MHW4QGN&l=global_layer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 17 Sep 2022 09:26:26 GMT
expires: Sat, 17 Sep 2022 09:26:26 GMT
cache-control: private, max-age=900
last-modified: Sat, 17 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 116316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/arcotfpcollect.js.download
109.71.253.24200 OK 17 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/arcotfpcollect.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (703)
Hash 796db8d77010d9a6d2f4039dd5693f0f
51200df55e9ad993ed3a40faa471ad27d68a0744
d5c2d8a1b8b1fd0f6293f44fc92884c2940e34a456e3724b42ee1aed94092402
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/arcotfpcollect.js.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:30 GMT
etag: W/"62c59e66-d9fd"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/main.js(1).download
109.71.253.24200 OK 2.4 MB URL HTTP/2 web8624.web07.bero-webspace.de/sca/main.js(1).download
IP 109.71.253.24:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 2.4 MB (2440637 bytes)
Hash e1536c8df7642a47faf5e52414e95644
31111ec408192ab9c2eaedd75b8167ef0bd87c72
9b86e530307d396082ae6b004665b4b8a1dc7212f94f41e530c36bcc0cac3d70
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/main.js(1).download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/octet-stream
content-length: 2440637
last-modified: Wed, 06 Jul 2022 14:38:44 GMT
etag: "62c59e74-253dbd"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 17 Sep 2022 09:03:22 GMT
Cache-Control: max-age=3600
Expires: Sat, 17 Sep 2022 09:07:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AcgSpYqzC_Ueddp6UvXA-Oejc0Oli7G7QSCrGWc43vehuz-lI6P8Og==
Age: 1384
web8624.web07.bero-webspace.de/sca/modernizr.js.download
109.71.253.24200 OK 87 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/modernizr.js.download
IP 109.71.253.24:0
File type ASCII text, with very long lines (1428)
Hash 99a7d7bbfc723a5f4462a5ec0fac3dc6
9d5d2e66a3108de6198f7c94783f5ffba20f52c9
a16b1f3f1b7615e54afaa1b4d3f31e9ca5087db10494fedc8d5a271f534b8fee
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/modernizr.js.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:34 GMT
etag: W/"62c59e6a-5f1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/icons.woff2
109.71.253.24200 OK 9.8 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/icons.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 9840, version 1.0\012- data
Hash 9afc5b0d946318dc4574bd8c34b4fb2f
7604ee53d1a8dfb010863eb8db4968b88decd96d
aee0070713b543535d52633e18e27589267fafe5d40479afc8aa301092ba04be
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/icons.woff2 HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/sca/main-ics.css
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: font/woff2
content-length: 9840
last-modified: Wed, 06 Jul 2022 14:40:06 GMT
etag: "62c59ec6-2670"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/SunOT-Light.ttf
109.71.253.24200 OK 86 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/SunOT-Light.ttf
IP 109.71.253.24:0
File type TrueType Font data, 15 tables, 1st "FFTM", 28 names, Macintosh\012- data
Hash fc9b52707830de91489044be4726abc6
f3eddc426afe06abde7ab9b9426b41944da24171
75af6860450b2595cd18ebad00dbf3927d9e494dfdbd12ceefcec15b2c03d84e
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/SunOT-Light.ttf HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/sca/styles.css
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: font/ttf
content-length: 86500
last-modified: Wed, 06 Jul 2022 14:39:58 GMT
etag: "62c59ebe-151e4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/sunot-bold-webfont.woff2
109.71.253.24200 OK 25 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/sunot-bold-webfont.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 24800, version 4.66\012- data
Hash 819f042f2484072228ad1cb32902ffd8
22955f1851a789580b5c6136886ff2ceea0726ac
265235296a58d38174ac7198a96e108c4e9c7ceceb0ccb700d352c8b99a7c99d
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/sunot-bold-webfont.woff2 HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/sca/main-ics.css
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: font/woff2
content-length: 24800
last-modified: Wed, 06 Jul 2022 14:41:26 GMT
etag: "62c59f16-60e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/runtime.j.download
109.71.253.24404 Not Found 87 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/runtime.j.download
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a808e2e2c8e4b13d00af1a52c525875f
82cbaafa21ab6ebb228370d79cbea2d7733bcc8a
bde1471ba7eeeeca302c103d7cdc04901473af9f40a58efd7a440106a433829e
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/runtime.j.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/html
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: W/"328-5e8ce967560bd"
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/ics-icons.woff2?mrp4y8
109.71.253.24200 OK 6.6 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/ics-icons.woff2?mrp4y8
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 6640, version 1.0\012- data
Hash 63e2cb76dd1d001abe5c22de5d8a0ee8
595bf366b208110a66f257755b861c040d90dd39
26e6a7b3caf0b044980820a1a26cd56a16efad9108fd14e7416bae2a2b76320b
GET /sca/ics-icons.woff2?mrp4y8 HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/sca/styles.css
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: font/woff2
content-length: 6640
last-modified: Wed, 06 Jul 2022 14:41:18 GMT
etag: "62c59f0e-19f0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6479
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 09:26:26 GMT
Last-Modified: Sat, 17 Sep 2022 07:38:27 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
web8624.web07.bero-webspace.de/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb
109.71.253.24200 OK 283 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb
IP 109.71.253.24:0
File type ASCII text, with very long lines (545)
Size 283 kB (282826 bytes)
Hash 3db107422a2a20e84e1842d30ef7aa06
efe9a5d9a37fd55f84ec23dc222c2fe6f54dd032
49646c016f4d29b0499b92cb483ceb98a3170c3aba81ae563acc2961bdc65484
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/sca/saved_resource.html
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:27 GMT
content-type: application/octet-stream
content-length: 282826
last-modified: Wed, 06 Jul 2022 14:38:48 GMT
etag: "62c59e78-450ca"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb(1)
109.71.253.24200 OK 53 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb(1)
IP 109.71.253.24:0
Hash c2e3dd5a6731ab68f051021eff499f4f
6739b37fb552d92db4ca07e5f25e783950b0ec75
552f179b8856e5355d6d5865abf56d10af6a0e698c3a8ea2b5610c459fbe37a3
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/082953afa5ab20006f75777cb90662b0ffb28e45a9f164326f7fce4f47eafb4914e54c5ed2b326cb(1) HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/sca/saved_resource.html
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:27 GMT
content-type: application/octet-stream
content-length: 53065
last-modified: Wed, 06 Jul 2022 14:38:50 GMT
etag: "62c59e7a-cf49"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/error_docs/styles.css
109.71.253.24200 OK 948 B URL HTTP/2 web8624.web07.bero-webspace.de/error_docs/styles.css
IP 109.71.253.24:0
Hash 0609b582b779b34fac999fc5e728804f
e62f5606ba6e8ed97cd8ab7f867e4e3fafd024e1
c53e939d03cabaa8970cdcb8d3c9fdb7ee26c99ab1cda3a56d043893c5bd09c3
Analyzer Verdict Alert openphish International Card Services B.V
GET /error_docs/styles.css HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/TSPD/?type=21
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:27 GMT
content-type: text/css
content-length: 948
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: "a9e-5e8ce967560bd-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/styles.css
109.71.253.24200 OK 40 kB URL HTTP/2 web8624.web07.bero-webspace.de/sca/styles.css
IP 109.71.253.24:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 22925103aaf90813aab3157425fe08d1
45fe18f4050499f136dfcdbe8bb6cc7baafd3f2b
1b8619d1db4d8cef64f4196dd06984583a11caffe62108dae2f2831da7b276f1
Analyzer Verdict Alert openphish International Card Services B.V
GET /sca/styles.css HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/css
last-modified: Wed, 06 Jul 2022 14:38:28 GMT
etag: W/"62c59e64-78c5d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3537e81efa8d4d0ddec76096703b5d2e
c590fb660d1737a14666d3fa721892dbf3fbdd1c
7374e55aa8b840f46dab92be7c6b6a2e3842b57e899ec03e136cd09e278f8fe8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6530
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 17 Sep 2022 09:26:27 GMT
Last-Modified: Sat, 17 Sep 2022 07:37:38 GMT
Server: ECS (amb/6BC6)
X-Cache: HIT
Content-Length: 471
www.icscards.nl/webfiles/1656567843470/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png
185.195.93.72200 5.5 kB URL HTTP/1.1 www.icscards.nl/webfiles/1656567843470/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png
IP 185.195.93.72:0
ASN #42649 Baffin Bay Networks AB
File type PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced\012- data
Hash 75d0a29d4d1a08405f39799bcb986e63
da64454d7277c531786146796026f49f89e9d4db
1a99f7b02b4517fa7e085315d99cdc0b9e13b0b1c904c683679a05de7a7d1a63
GET /webfiles/1656567843470/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png HTTP/1.1
Host: www.icscards.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
content-length: 5528
content-type: image/png;charset=UTF-8
date: Sat, 17 Sep 2022 09:26:27 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-content-type-options: nosniff
cache-control: max-age=31536000
expires: Sun, 17 Sep 2023 09:26:27 GMT
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors www.anwb.nl www.worldcard.nl www.yourmastercard.nl www.icscards.nl *.icscards.nl.cipe.local icscards.nl
strict-transport-security: max-age=31536000; includeSubDomains
Set-Cookie: BIGipServer~ICSDLB02~pool_www.icscards.nl_8016=rd11o00000000000000000000ffff0af4d3d0o8016; path=/; Httponly; Secure
_tpc_persistance_cookie=!L0ovcs8Zdnabcfy8EOda6AVGp4P79S3O3Mo+DaZZFtUTVjzkhKG21Be0MP3UR9Pexhf06mxSyuymZdw=; path=/; Httponly; Secure
BBN01677320=0135ab579aec248ee7be672c5bdf32b4c6354992d7f87250701cec3f4c4045adf2b339152d9558ce37f762cae3173aaedce8acb457279f212b733ed9cd158803a66c887411; Path=/; Domain=.www.icscards.nl; Secure; HTTPOnly
Accept-Encoding: gzip, deflate, br
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11180
Expires: Sat, 17 Sep 2022 12:32:48 GMT
Date: Sat, 17 Sep 2022 09:26:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11180
Expires: Sat, 17 Sep 2022 12:32:48 GMT
Date: Sat, 17 Sep 2022 09:26:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35f3deb94b2a985eb02f5a14f033c44f
2076e4cb6faf9a7bf1cbfc8947db9a8550f556bd
1d5c76a54a4ab121ccf5f456516ec99fb7f5129a491e078d97c749b94060970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D5C76A54A4AB121CCF5F456516EC99FB7F5129A491E078D97C749B94060970A"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11180
Expires: Sat, 17 Sep 2022 12:32:48 GMT
Date: Sat, 17 Sep 2022 09:26:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50373a4c-fa87-4ca5-b0b7-67ee2f12abd1.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50373a4c-fa87-4ca5-b0b7-67ee2f12abd1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f108cfb79dd8405677b7406910d11ba5
5ef30af418df5e44a0927361b679b8117c38c473
b4b973702c6c98eaf28345b019c8cf022e8056e07f508e17d156c9e136f11936
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50373a4c-fa87-4ca5-b0b7-67ee2f12abd1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7305
x-amzn-requestid: 15096102-8ffe-47df-bfc7-ff1a1fb9fd1e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YknUqFJmIAMF5Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ec1d-5c5ca26a24f39af979c17495;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:35:25 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5lUx834-NLHpKCxmdiAdNxCXqqNKGcDJlt9wmGR-XxdlroBfwVTrNg==
via: 1.1 e943d5f0cbb0d255d29da0ddf6639ba8.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:41:22 GMT
age: 42306
etag: "5ef30af418df5e44a0927361b679b8117c38c473"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9c807387d303abb2bca1ef14b14c9e26
428fe80d3f35758433a6b2cf25e6bcb5f63a6a63
277a74204dc8bec8a227ca43cdb840b5dda71f74e8aec56606e862e70a5ba19c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaf888ee-3a5f-426b-9b83-8ea161780db3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5234
x-amzn-requestid: 55e23e9a-f85c-42f2-87b6-aff3646bf1fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yknn_EFzoAMF2Ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ec99-62f023426230c7b46116d4b7;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:37:29 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fb2wN0gTI9OKgDghf1u4DKwrADkYcS5_7LIxaLxmbo0OciwezGh_LA==
via: 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:41:22 GMT
etag: "428fe80d3f35758433a6b2cf25e6bcb5f63a6a63"
content-type: image/jpeg
age: 42306
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e43d1ff-79bc-430f-826f-2af5ae602556.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e43d1ff-79bc-430f-826f-2af5ae602556.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d46a910081eb782408f1a2fa3c6aabba
28ac45ef155c66dd79a306f14d3b38f597b6a32e
d5787a6a12d275555c627e3245b37d4e751148345a09d5671b343cfebe7173b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e43d1ff-79bc-430f-826f-2af5ae602556.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: e1ca6cef-c033-4887-80cf-2014ab8e620c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ykn5cEnLIAMFrzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ed09-3afc16cf66fef0e62dd6f3cc;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:39:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BaRpWB_XOMxTJPufnSjd4KSfecRwLe9U5W7uEoXy7pgAa4KSC0n7eg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 22:03:28 GMT
age: 40980
etag: "28ac45ef155c66dd79a306f14d3b38f597b6a32e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14e8614f-d7d5-4a87-adf0-ab2cfcfb023b.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14e8614f-d7d5-4a87-adf0-ab2cfcfb023b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e963daffb462e89d9d67e6193944cc3
ff29c630c2ed8a67fe5cd4622dc9f1d23234b58c
cc24af0aedb89ab059b6706b8e51708547ea2ce2b2c2743425810b44af7c68c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14e8614f-d7d5-4a87-adf0-ab2cfcfb023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5956
x-amzn-requestid: 19032fea-67c3-404f-bf3e-9b436a61a7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeNW4G30oAMFw0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63225c2b-3da099be3781af033658520f;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:56:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iITasHJYVP9sMCE7074VGGXwzKVd-0VdZqWYFuKPSt3G91Tq2vWExA==
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 23:32:44 GMT
age: 35624
etag: "ff29c630c2ed8a67fe5cd4622dc9f1d23234b58c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a22ab7dcdf50f4a297b8e117d336eae
e139a0974317212f094fdbe59e26ca5cf6b9e56d
9b4c23c1bb2e4fcd140ce34bf83f315f09b45202c569cb74113c2e65c4031dcd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd5675c7-5120-4f61-bd91-8c4d9af84130.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7788
x-amzn-requestid: 2cb48f87-8b72-4ff7-b041-a6e704b854a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIP2-HFHoAMFssA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6319935f-693e2f2e5a0bcd9f690f21fa;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 07:01:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 65YRttsQYzjUMMZXrtAFPdgTPNQuRGnLFliXrcoc24iQgrdBCHolNQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 22:31:11 GMT
age: 39317
etag: "e139a0974317212f094fdbe59e26ca5cf6b9e56d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77aee3f-a7fb-4d87-92a7-6b33dd4ebf28.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77aee3f-a7fb-4d87-92a7-6b33dd4ebf28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1b42bfa9fc6593b0444391dc260329a
b9c4cd422b818c859ac6ca928bc9e932a578ce30
89eee7200bf7a8bf100f64aee2208d7852265a85feb133fc87846b15cd96e842
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77aee3f-a7fb-4d87-92a7-6b33dd4ebf28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5983
x-amzn-requestid: ba84a9a2-3ebe-4dc9-9604-98d5cccb4f2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YknUqFxpoAMFrpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324ec1d-55cd6d0a6e39357c226dd21d;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 21:35:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kWRS1NfiK9etmIoDtGu3C6uf8oqrL3r-mkM6BaTFPyNb6z4lYB38pw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 21:53:58 GMT
age: 41550
etag: "b9c4cd422b818c859ac6ca928bc9e932a578ce30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/TSPD/?type=21
109.71.253.24404 Not Found 0 B URL HTTP/2 web8624.web07.bero-webspace.de/TSPD/?type=21
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /TSPD/?type=21 HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 17 Sep 2022 09:26:27 GMT
content-type: text/html
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: W/"328-5e8ce967560bd"
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/TSPD/082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce3?type=13
109.71.253.24404 Not Found 0 B URL HTTP/2 web8624.web07.bero-webspace.de/TSPD/082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce3?type=13
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /TSPD/082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce3?type=13 HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/sca/saved_resource.html
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2; did_proxy=1:zEUeQFVqXRrb1FthfkZ64J1LHpob1ksgZd7jHNpUxXxlq0gz2-i7oZP9U70asvhwgYSKXzVQArfJATAYu8N_bw; BBN00000000100=082953afa5ab2800c33c7cc8e6b3bc13c29c767ddc8eba538cca95beb0c5dc2dd3058e25bdb43216f2cdcfcbda577ce30855cbc20f07e0006406f45a8c8e207a383bd1ce5dc5c19fb63d9a392305aeef88e2c8281828fae91e85231cba75952302ab1841fe84501eb4c395e1284f8a6f05b1c678e8248bbe251383ed85c32466d66405115faa851c281a7311320575261240acfc9a2abca2dfcd59c97ba61568d4129d873f8d9194e06c96365e0acaffd64c3fd2cfe983d267f5d1c39790212d0d01f5ce582ee5e571d8d9d51900586e0149d9216d8763db98571af0707cf6b78b416543a70fb7ba852ec1299d07b1f9e3946a290de186f9036f17302cc494216e73e91f281313b4320826c7a8a6aef88f57b6b4fc74c166
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 17 Sep 2022 09:26:28 GMT
content-type: text/html
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: W/"328-5e8ce967560bd"
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/main-ics.css
109.71.253.24200 OK 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/main-ics.css
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
GET /sca/main-ics.css HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/css
last-modified: Wed, 06 Jul 2022 14:46:22 GMT
etag: W/"62c5a03e-3fc72"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/polyfills.j.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/polyfills.j.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/polyfills.j.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/html
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: W/"328-5e8ce967560bd"
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/saved_resource.html
109.71.253.24200 OK 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/saved_resource.html
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/saved_resource.html HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:27 GMT
content-type: text/html
last-modified: Wed, 06 Jul 2022 14:38:50 GMT
etag: W/"62c59e7a-19a0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/jquery.min.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/jquery.min.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/jquery.min.js.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:36 GMT
etag: W/"62c59e6c-152b5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/webfiles/1656567843470/media/theme/ics-nl/js/3rdparty/jquery.min.js
109.71.253.24404 Not Found 0 B URL HTTP/2 web8624.web07.bero-webspace.de/webfiles/1656567843470/media/theme/ics-nl/js/3rdparty/jquery.min.js
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /webfiles/1656567843470/media/theme/ics-nl/js/3rdparty/jquery.min.js HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/html
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: W/"328-5e8ce967560bd"
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/polyfills.j.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/polyfills.j.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/polyfills.j.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/html
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: W/"328-5e8ce967560bd"
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/runtime.j.download
109.71.253.24404 Not Found 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/runtime.j.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/runtime.j.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: text/html
last-modified: Fri, 16 Sep 2022 17:21:08 GMT
etag: W/"328-5e8ce967560bd"
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/collectddna.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/collectddna.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/collectddna.js.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:32 GMT
etag: W/"62c59e68-d13"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web8624.web07.bero-webspace.de/sca/main.js.download
109.71.253.24200 OK 0 B URL HTTP/2 web8624.web07.bero-webspace.de/sca/main.js.download
IP 109.71.253.24:0
Analyzer Verdict Alert openphish International Card Services B.V
fortinet Phishing
GET /sca/main.js.download HTTP/1.1
Host: web8624.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8624.web07.bero-webspace.de/
Cookie: PHPSESSID=s011g500cu8ahb2ddpshf5ujd2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Sep 2022 09:26:26 GMT
content-type: application/javascript
last-modified: Wed, 06 Jul 2022 14:38:38 GMT
etag: W/"62c59e6e-2f2c6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2