Overview

URL web8713.web07.bero-webspace.de/PAGINA-HOME/
IP109.71.253.24
ASNSYNLINQ
Location Germany
Report completed2022-09-28 21:13:50 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/ International Card Services B.V
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/ Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/plx.check.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/proxyid.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/collectddna.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/analytics.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/icons.woff Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/8574.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/ics-icons.woff2 Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/SunOT-SemiBold.ttf Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/SunOT-Light.ttf Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/sunot-bold-webfont.woff2 Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/webfiles/1580357904717/media/theme/ics-nl/js (...) Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/conversion_async.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/jquery-1.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/main_002.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/a Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/gtm_002.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/gtm.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/polyfills.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/runtime.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/arcotfpcollect.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/main.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/fbevents.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/modernizr.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (21)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-28 04:42:17 UTC 142.250.74.72
mnemonic passive DNS 8602056.fls.doubleclick.net (1) 0 2018-11-15 10:57:07 UTC 2022-09-24 08:12:38 UTC 142.250.74.70 Domain (doubleclick.net) ranked at: 2267
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.49
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-09-28 16:15:39 UTC 93.184.220.29
mnemonic passive DNS adservice.google.com (1) 76 2021-02-20 16:10:48 UTC 2022-09-28 19:38:50 UTC 216.58.207.194
mnemonic passive DNS www.facebook.com (1) 99 2017-01-30 05:00:00 UTC 2022-09-28 04:43:36 UTC 31.13.72.36
mnemonic passive DNS www.icscards.nl (1) 863706 2013-12-19 13:25:00 UTC 2022-09-28 07:54:25 UTC 185.195.93.72
mnemonic passive DNS adservice.google.no (1) 96969 2017-09-26 14:23:08 UTC 2022-09-28 04:36:51 UTC 142.250.74.130
mnemonic passive DNS w.usabilla.com (1) 3254 2019-05-09 06:41:07 UTC 2022-09-28 19:13:48 UTC 34.254.43.202
mnemonic passive DNS firefox.settings.services.mozilla.com (1) 867 2020-05-28 17:26:30 UTC 2022-09-28 12:06:36 UTC 143.204.55.36
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.76.226
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-09-28 04:37:32 UTC 31.13.72.12
mnemonic passive DNS icscards.nl (1) 366859 2015-01-29 11:49:51 UTC 2022-09-28 20:03:06 UTC 185.195.93.72
mnemonic passive DNS d6tizftlrpuof.cloudfront.net (1) 0 2020-12-16 21:09:58 UTC 2022-09-28 16:08:12 UTC 54.230.245.35 Unknown ranking
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-28 04:39:06 UTC 64.233.165.156
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.100
mnemonic passive DNS web8713.web07.bero-webspace.de (29) 0 2022-09-28 01:47:50 UTC 2022-09-28 15:35:20 UTC 109.71.253.24 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (10) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS www.google-analytics.com (2) 40 2012-10-03 01:04:21 UTC 2022-09-28 14:54:21 UTC 142.250.74.174


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 109.71.253.24

Date UQ / IDS / BL URL IP
2022-12-09 17:45:50 +0000
0 - 0 - 6 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 16:09:26 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 16:09:25 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 14:36:28 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/946272c (...) 109.71.253.24
2022-12-09 14:09:46 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/946272c (...) 109.71.253.24

Last 5 reports on ASN: SYNLINQ

Date UQ / IDS / BL URL IP
2022-12-09 17:45:50 +0000
0 - 0 - 6 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 16:31:09 +0000
0 - 0 - 2 sabrina-frause.de/customer_center/user-258347 91.218.65.6
2022-12-09 16:09:26 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 16:09:25 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 14:36:28 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/946272c (...) 109.71.253.24

Last 5 reports on domain: bero-webspace.de

Date UQ / IDS / BL URL IP
2022-12-09 17:45:50 +0000
0 - 0 - 6 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 16:09:26 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 16:09:25 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/cefb1a0 (...) 109.71.253.24
2022-12-09 14:36:28 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/946272c (...) 109.71.253.24
2022-12-09 14:09:46 +0000
0 - 0 - 4 web9254.web07.bero-webspace.de/a1b2c3/946272c (...) 109.71.253.24

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-27 00:17:26 +0000
0 - 0 - 29 urldefense.com/v3/__https:/tinyurl.com/cdk4aw (...) 52.204.90.22
2022-11-26 17:55:43 +0000
0 - 0 - 28 web9199.web07.bero-webspace.de/aanmelden/ 109.71.253.24
2022-11-26 17:55:25 +0000
0 - 0 - 28 tinyurl.com/cdk4awhj 104.20.138.65
2022-11-07 14:22:38 +0000
0 - 0 - 24 17811-4378.s3.webspace.re/ 91.218.65.6
2022-11-06 14:20:44 +0000
0 - 0 - 4 tinyurl.com/8v9ezs7t 172.67.1.225


JavaScript

Executed Scripts (34)


Executed Evals (14)

#1 JavaScript::Eval (size: 165, repeated: 1) - SHA256: a9642ff9a5eab0edf4e047a63f242250b65c439386415100fefce52969978ee6

                                        (function() {
    var a = google_tag_manager["GTM-MHW4QGN"].macro(9),
        b = google_tag_manager["GTM-MHW4QGN"].macro(10);
    return "(not set)" !== a ? a : "(not set)" !== b ? b : "(not set)"
})();
                                    

#2 JavaScript::Eval (size: 166, repeated: 1) - SHA256: 4a47d58236154709ff32cfc37bf7e80abff1c0ff5b257e9914ba200ed86594b4

                                        (function() {
    var a = google_tag_manager["GTM-MHW4QGN"].macro(16),
        b = google_tag_manager["GTM-MHW4QGN"].macro(17);
    return "(not set)" !== a ? a : "(not set)" !== b ? b : "(not set)"
})();
                                    

#3 JavaScript::Eval (size: 23, repeated: 1) - SHA256: a43996c7c354c4b5bf038ea622f19cc05a9f1a50f2212217d6f69a16080d9ca5

                                        delete obj.userLanguage
                                    

#4 JavaScript::Eval (size: 279, repeated: 1) - SHA256: 4b6c45229d7a07624176686d83150bd0832ffe30be6052b3792a8c3db9107472

                                        (function() {
    try {
        var c = google_tag_manager["GTM-MHW4QGN"].macro(11),
            b = -1 < c.indexOf("@") ? !0 : !1;
        if (!b)
            for (var d = RegExp("(?:\x26|\\?)(?:username|password)\x3d([^\x26]+)", "gi"), a; a = d.exec(c);) a.shift(), a.forEach(function(a) {
                b = b || "unauthenticated" !== a
            });
        return b
    } catch (e) {
        return !0
    }
})();
                                    

#5 JavaScript::Eval (size: 123, repeated: 1) - SHA256: 855ec6f069e993eed5835a468756e652837fa191595a3d16ec085f1d4fcaa44b

                                        (function() {
    var b = google_tag_manager["GTM-PVW329"].macro(13),
        a = google_tag_manager["GTM-PVW329"].macro(14);
    return a ? a : b
})();
                                    

#6 JavaScript::Eval (size: 25, repeated: 1) - SHA256: 67899a50d2cf0cf399c816b9584d61715f51828ab6a3605a67331cde8779f2ca

                                        delete obj.UpdateInterval
                                    

#7 JavaScript::Eval (size: 24, repeated: 1) - SHA256: c305f420288c47aa66df970a6c243b77777903eebedd59b9f67b1ece1ab023da

                                        delete obj.FontSmoothing
                                    

#8 JavaScript::Eval (size: 121, repeated: 1) - SHA256: d66c33b48718c6b87703459e4737b281580d97514056833d87254be2cc16a2c3

                                        (function() {
    var b = google_tag_manager["GTM-PVW329"].macro(6),
        a = google_tag_manager["GTM-PVW329"].macro(7);
    return a ? a : b
})();
                                    

#9 JavaScript::Eval (size: 279, repeated: 1) - SHA256: e9f1ad5dd7d8b80fa11c9c22aa2aa4c11b50b2dfde8538836b101e5c8b026ebb

                                        (function() {
    try {
        var c = google_tag_manager["GTM-MHW4QGN"].macro(18),
            b = -1 < c.indexOf("@") ? !0 : !1;
        if (!b)
            for (var d = RegExp("(?:\x26|\\?)(?:username|password)\x3d([^\x26]+)", "gi"), a; a = d.exec(c);) a.shift(), a.forEach(function(a) {
                b = b || "unauthenticated" !== a
            });
        return b
    } catch (e) {
        return !0
    }
})();
                                    

#10 JavaScript::Eval (size: 22542, repeated: 1) - SHA256: 61b6b77d03610aefe984258696d1944717969c272e6e477da917d182b2e8bea5

                                        var AWIN = AWIN || {};
AWIN.Tracking = AWIN.Tracking || {};
AWIN.sProtocol = location.protocol == 'https:' ? 'https://' : 'http://';
AWIN.iScriptCount = 0;
AWIN.Tracking.device9Url = 'https://the.sciencebehindecommerce.com/d9core';
AWIN.tldDomains = ["com", "org", "edu", "gov", "uk", "net", "ca", "de", "jp", "fr", "au", "us", "ru", "ch", "it", "nl", "se", "no", "es", "mil", "gw", "ax", "wf", "yt", "sj", "mobi", "eh", "mh", "bv", "ap", "cat", "kp", "iq", "um", "arpa", "pm", "gb", "cs", "td", "so", "aero", "biz", "coop", "info", "jobs", "museum", "name", "pro", "travel", "ac", "ad", "ae", "af", "ag", "ai", "al", "am", "an", "ao", "aq", "ar", "as", "at", "aw", "az", "ba", "bb", "bd", "be", "bf", "bg", "bh", "bi", "bj", "bm", "bn", "bo", "br", "bs", "bt", "bw", "by", "bz", "cc", "cd", "cf", "cg", "ci", "ck", "cl", "cm", "cn", "co", "cr", "cu", "cv", "cx", "cy", "cz", "dj", "dk", "dm", "do", "dz", "ec", "ee", "eg", "er", "et", "eu", "fi", "fj", "fk", "fm", "fo", "ga", "gd", "ge", "gf", "gg", "gh", "gi", "gl", "gm", "gn", "gp", "gq", "gr", "gs", "gt", "gu", "gy", "hk", "hm", "hn", "hr", "ht", "hu", "id", "ie", "il", "im", "in", "io", "ir", "is", "je", "jm", "jo", "ke", "kg", "kh", "ki", "km", "kn", "kr", "kw", "ky", "kz", "la", "lb", "lc", "li", "lk", "lr", "ls", "lt", "lu", "lv", "ly", "ma", "mc", "md", "mg", "mk", "ml", "mm", "mn", "mo", "mp", "mq", "mr", "ms", "mt", "mu", "mv", "mw", "mx", "my", "mz", "na", "nc", "ne", "nf", "ng", "ni", "np", "nr", "nu", "nz", "om", "pa", "pe", "pf", "pg", "ph", "pk", "pl", "pn", "pr", "ps", "pt", "pw", "py", "qa", "re", "ro", "rw", "sa", "sb", "sc", "sd", "sg", "sh", "si", "sk", "sl", "sm", "sn", "sr", "st", "sv", "sy", "sz", "tc", "tf", "tg", "th", "tj", "tk", "tl", "tm", "tn", "to", "tp", "tr", "tt", "tv", "tw", "tz", "ua", "ug", "uy", "uz", "va", "vc", "ve", "vg", "vi", "vn", "vu", "ws", "ye", "yu", "za", "zm", "zw"];
AWIN.twoPartsTldDomains = ["co.bb", "co.ck", "co.cr", "co.in", "co.id", "co.il", "co.jp", "co.nz", "co.za", "co.kr", "co.th", "co.uk", "org.uk", "net.uk", "com.pl", "biz.pl", "net.pl"];
AWIN.Tracking.fingerprinting = function(d9Data) {
    var mtfp = AWIN.Tracking.getQueryVarValue('mtfp', document.location.search.substring(1));
    if (AWIN.Tracking.device9 && mtfp != 'no') {
        window.D9v = d9Data;
        var D9scr = document.createElement('script');
        D9scr.type = 'text/javascript';
        D9scr.id = 'd9tag';
        D9scr.async = true;
        D9scr.src = AWIN.Tracking.device9Url;
        var D9 = document.getElementsByTagName('script')[0];
        D9.parentNode.insertBefore(D9scr, D9)
    }
};
AWIN.Tracking.digestClickId = function(sClickId) {
    var oRegEx = /\d+_\d+_.+/;
    if (!oRegEx.test(sClickId)) {
        return false
    }
    var aParts = sClickId.split('_');
    var oCookie = {};
    oCookie.sName = '_aw_m_' + aParts[0];
    oCookie.sContents = sClickId;
    return oCookie
};
AWIN.Tracking.getQueryVarValue = function(sVarName, sEncodedString) {
    var aVarPairs = sEncodedString.split('&');
    for (var i = 0; i < aVarPairs.length; i++) {
        var aParts = aVarPairs[i].split('=');
        if (sVarName.toLowerCase() == aParts[0].toLowerCase()) {
            return aParts[1]
        }
    }
};
AWIN.Tracking.getAnchorValue = function(regPattern) {
    var sAnchor = document.location.hash.substring(1);
    if (sAnchor) {
        aid = sAnchor.match(regPattern);
        return (aid) ? aid.toString().substr(4) : null
    }
};
AWIN.Tracking.buildQueryString = function(params) {
    var bits = [];
    for (name in params) {
        if (params.hasOwnProperty(name)) {
            bits.push(name + "=" + encodeURIComponent(params[name]))
        }
    }
    return bits.join("&")
};
AWIN.Tracking._getDomain = function() {
    return document.domain
};
AWIN.Tracking._getCookieDomain = function() {
    if (typeof(AWIN.Tracking.cookieDomain) !== 'undefined') {
        return AWIN.Tracking.cookieDomain
    }
    var domain = AWIN.Tracking._getDomain();
    if (domain.split('.').length < 3) {
        return "." + domain
    }
    var twoPartTld = domain.split('.').slice(-2).join('.');
    var index = AWIN.twoPartsTldDomains.indexOf(twoPartTld);
    if (index >= 0) {
        return "." + domain.split('.').slice(-3).join('.')
    }
    var tld = domain.split('.').pop();
    var index = AWIN.tldDomains.indexOf(tld);
    if (index >= 0) {
        return "." + domain.split('.').slice(-2).join('.')
    }
    if (domain.substr(0, 4) == 'www.') {
        return domain.substr(3)
    }
    return "." + domain
};
AWIN.Tracking._getAWCValue = function() {
    var regex = /[\?&]awc=(\d+_(\d+)_[0-9a-f]+)/gi;
    var result, maxTimestamp = 0,
        awc = false;
    while (result = regex.exec(AWIN.Tracking._getBrowserSearchBarUrl())) {
        if (maxTimestamp < result[2]) {
            maxTimestamp = result[2];
            awc = result[1]
        }
    }
    return awc || AWIN.Tracking.getAnchorValue(/awc=[0-9a-z_]+/i)
};
AWIN.Tracking._getAWaidValue = function() {
    var regex = /[\?&]awaid=(\d+)/gi;
    var result = regex.exec(AWIN.Tracking._getBrowserSearchBarUrl());
    var awaid = null;
    if (result) {
        awaid = result[1]
    }
    return awaid
};
AWIN.Tracking._getGCLIDValue = function() {
    var regex = /[\?&]gclid=([0-9a-zA-Z_\-]+)/gi;
    var result = regex.exec(AWIN.Tracking._getBrowserSearchBarUrl());
    var gclid = null;
    if (result) {
        gclid = result[1]
    }
    return gclid
};
AWIN.Tracking._getBrowserSearchBarUrl = function() {
    return document.location.search
};
AWIN.Tracking._getATPValue = function() {
    var queryAtp = AWIN.Tracking.getQueryVarValue('atp', document.location.search.substring(1));
    if (queryAtp) {
        return parseInt(queryAtp)
    }
    var anchorAtp = AWIN.Tracking.getAnchorValue(/atp=[0-9]+/i);
    if (anchorAtp) {
        return parseInt(parseanchorAtp)
    }
    return 0
};
AWIN.Tracking.setCookie = function(sName, sValue, iTimestamp) {
    var oDate = new Date();
    oDate.setTime(oDate.getTime() + (365 * 24 * 60 * 60 * 1000));
    if (iTimestamp) {
        oDate.setTime(iTimestamp * 1000)
    }
    var sExpires = '; expires=' + oDate.toGMTString();
    document.cookie = sName + '=' + sValue + sExpires + '; path=/;domain=' + this._getCookieDomain()
};
AWIN.Tracking.setAWCCookie = function() {
    var sClickId = AWIN.Tracking._getAWCValue();
    var oRegEx = /\d+_\d+_.+/;
    if (!oRegEx.test(sClickId)) {
        return false
    }
    var aParts = sClickId.split('_');
    var sName = '_aw_m_' + aParts[0];
    AWIN.Tracking.setCookie(sName, sClickId);
    if (AWIN.Tracking._getATPValue() > 0) {
        AWIN.Tracking.setCookie('_aw_atp', AWIN.Tracking._getATPValue())
    }
};
AWIN.Tracking.setGCLIDCookie = function() {
    var sClickId = AWIN.Tracking._getGCLIDValue();
    var sAdvertiserId = AWIN.Tracking._getAWaidValue();
    if (sClickId === null || sAdvertiserId === null) {
        return false
    }
    AWIN.Tracking.setCookie('_aw_m_' + sAdvertiserId, 'gclid_' + sAdvertiserId + '_' + sClickId);
    return true
};
AWIN.Tracking.setAidCookie = function() {
    var aid = AWIN.Tracking.getQueryVarValue('xid', document.location.search.substring(1));
    if (!aid) {
        aid = AWIN.Tracking.getAnchorValue(/xid=\d+/)
    }
    if (aid) AWIN.Tracking.setCookie('_aw_xid', aid)
};
AWIN.Tracking.getAffiliateId = function() {
    return AWIN.Tracking.getCookiesAsString(/_aw_xid/)
};
AWIN.Tracking.getSaleChannel = function() {
    if (typeof(AWIN.Tracking.Sale.channel) !== 'undefined') {
        return AWIN.Tracking.Sale.channel
    }
    return ''
};
AWIN.Tracking.cookiesWereSpecifiedByMerchant = function() {
    if (AWIN.Tracking.Sale && AWIN.Tracking.Sale.click) {
        var awcRegex = /\d+_\d+_.+/;
        if (awcRegex.test(AWIN.Tracking.Sale.click)) {
            return true
        }
    }
    return false
};
AWIN.Tracking.getCookiesAsString = function(oRegEx) {
    if (!oRegEx) {
        oRegEx = /_aw_m_\d+/
    }
    var aAwCookies = [];
    var aCookies = document.cookie.split(';');
    for (var i = 0; i < aCookies.length; i++) {
        var aParts = aCookies[i].split('=');
        if (oRegEx.test(aParts[0])) {
            aAwCookies.push(aParts[1])
        }
    }
    var sCookiesString = aAwCookies.toString().replace(' ', '');
    return sCookiesString
};
AWIN.Tracking.getScriptAppendNode = function() {
    var domNodes = ['body', 'head', 'html'];
    for (var i in domNodes) {
        if (document.getElementsByTagName(domNodes[i])[0]) {
            return document.getElementsByTagName(domNodes[i])[0]
        }
    }
};
AWIN.Tracking.frameAppend = function(sFrameSrc) {
    if (document.getElementsByTagName("body")[0]) {
        var iframe = document.createElement("iframe");
        iframe.src = sFrameSrc;
        document.getElementsByTagName("body")[0].appendChild(iframe);
        AWIN.Tracking.hideElement(iframe)
    }
};
AWIN.Tracking.pixelAppend = function(sImageSrc) {
    if (document.getElementsByTagName("body")[0]) {
        var image = document.createElement("img");
        image.src = sImageSrc;
        document.getElementsByTagName("body")[0].appendChild(image);
        AWIN.Tracking.hideElement(image)
    }
};
AWIN.Tracking.scriptAppend = function(sScriptSrc, sScriptContent, sScriptOnLoad, oScriptTagParams) {
    if (sScriptSrc && sScriptContent) {
        return false
    }
    var scriptNode = document.createElement('script');
    scriptNode.type = 'text/javascript';
    scriptNode.id = '_aw_script_' + AWIN.iScriptCount++;
    if (sScriptSrc) {
        scriptNode.src = sScriptSrc
    } else if (sScriptContent) {
        scriptNode.text = sScriptContent
    }
    if (oScriptTagParams) {
        for (name in oScriptTagParams) {
            scriptNode[name] = oScriptTagParams[name]
        }
    }
    if (sScriptOnLoad) {
        scriptNode.onreadystatechange = function() {
            if (scriptNode.readyState == 'complete' || scriptNode.readyState == 'loaded') {
                eval(sScriptOnLoad)
            }
        };
        scriptNode.onload = function() {
            eval(sScriptOnLoad)
        }
    }
    AWIN.Tracking.getScriptAppendNode().appendChild(scriptNode);
    return scriptNode
};
AWIN.scriptsLoader = function(aScripts) {
    aScripts_loop: for (var i = 0; i < aScripts.length; i++) {
        var oScript = aScripts[i];
        for (var j = 0; j < oScript.aRequiredVars.length; j++) {
            try {
                if (typeof(eval(oScript.aRequiredVars[j])) == 'undefined') {
                    throw new Error()
                }
            } catch (oError) {
                continue aScripts_loop
            }
        }
        if (oScript.sUrl) {
            AWIN.Tracking.scriptAppend(oScript.sUrl)
        } else if (oScript.sContents) {
            AWIN.Tracking.scriptAppend(null, oScript.sContents)
        }
    }
};
AWIN.Tracking.saleSubmit = function() {
    if (AWIN.Tracking.iMerchantId < 1) {
        return false
    }
    AWIN.Tracking.Sale.currency = (typeof AWIN.Tracking.Sale.currency != "undefined") ? AWIN.Tracking.Sale.currency : "";
    AWIN.Tracking.Sale.test = (typeof AWIN.Tracking.Sale.test != "undefined") ? AWIN.Tracking.Sale.test : "0";
    AWIN.Tracking.Sale.voucher = (typeof AWIN.Tracking.Sale.voucher != "undefined") ? AWIN.Tracking.Sale.voucher : "";
    AWIN.Tracking.scriptAppend(AWIN.Tracking.buildSaleUrl('js'));
    AWIN.Tracking.BasketImage = new Image(1, 1);
    AWIN.Tracking.BasketImage.src = AWIN.Tracking.buildSaleUrl('ia');
    if (!AWIN.Tracking.cookiesWereSpecifiedByMerchant()) {
        if (AWIN.enhancedTracking && AWIN.enhancedTracking == true && AWIN.Tracking.Sale.pvOnly != 1) {
            AWIN.Tracking.embedIframe("get")
        }
        AWIN.Tracking.fingerprinting({
            AdvID: "1062",
            OrderID: AWIN.Tracking.Sale.orderRef,
            OrderTotal: AWIN.Tracking.Sale.amount,
            SiteID: AWIN.Tracking.iMerchantId,
            TAG: 2
        })
    }
};
AWIN.Tracking.basketSubmit = function() {
    var sWhitespaceRegex = /^\s+|\s+$/g;
    var aLines = document.getElementById('aw_basket').value.split("\n");
    var aEncodedLines = new Array();
    AWIN.Tracking.BasketImages = new Array();
    for (var i = 0; i < aLines.length; i++) {
        var sLine = aLines[i].replace(sWhitespaceRegex, '');
        if (sLine.length > 0) {
            var aLinePieces = sLine.split('|');
            var sNewLine = '';
            for (var j = 0; j < aLinePieces.length; j++) {
                var sLinePiece = aLinePieces[j].replace(sWhitespaceRegex, '');
                sNewLine += sLinePiece.substring(0, 255) + '|'
            }
            aEncodedLines[aEncodedLines.length] = encodeURIComponent(sNewLine.substring(0, sNewLine.length - 1))
        }
    }
    for (var i = 0; i < aEncodedLines.length; i++) {
        if (aEncodedLines[i].length > 0) {
            AWIN.Tracking.BasketImages[i] = new Image(1, 1);
            AWIN.Tracking.BasketImages[i].src = AWIN.sProtocol + 'www.zenaps.com/basket.php?product_line=' + aEncodedLines[i]
        }
    }
};
AWIN.Tracking.getBasketData = function() {
    var products = [];
    if (!document.getElementById('aw_basket')) {
        return products
    }
    var awBasket = document.getElementById('aw_basket').value.split("\n");
    for (var i = 0; i < awBasket.length; i++) {
        if (awBasket[i].length > 0) {
            var pData = awBasket[i].split('|');
            try {
                products.push({
                    "id": pData[3].replace(/^\[|\]$/gi, ''),
                    "name": pData[4].replace(/^\[|\]$/gi, ''),
                    "price": pData[5].replace(/^\[|\]$/gi, ''),
                    "quantity": pData[6].replace(/^\[|\]$/gi, ''),
                    "sku": pData[7].replace(/^\[|\]$/gi, ''),
                    "cg": pData[8].replace(/^\[|\]$/gi, ''),
                    "category": pData[9].replace(/^\[|\]$/gi, '')
                })
            } catch (e) {
                return products
            }
        }
    }
    return products
};
AWIN.Tracking.hideElement = function(element) {
    if (navigator.appName == "Microsoft Internet Explorer") {
        element.style.height = 0;
        element.style.width = 0;
        element.style.visibility = "hidden";
        element.style.display = "inherit";
        element.style.margin = 0;
        element.style.border = 0;
        element.style.padding = 0
    } else {
        element.style.setProperty("height", "0", "important");
        element.style.setProperty("width", "0", "important");
        element.style.setProperty("visibility", "hidden", "important");
        element.style.setProperty("display", "inherit", "important");
        element.style.setProperty("margin", "0", "important");
        element.style.setProperty("border", "0", "important");
        element.style.setProperty("padding", "0", "important")
    }
};
AWIN.Tracking.embedIframe = function(scenario) {
    if (scenario == "set") {
        var src = 'https://www.zenaps.com/alt.php?mid=' + AWIN.Tracking.iMerchantId + '&sv=' + AWIN.Tracking._getAWCValue();
        var atp = parseInt(AWIN.Tracking._getATPValue());
        if (atp > 0) {
            src = src + '|' + atp
        }
    } else {
        var sread = AWIN.Tracking.buildSaleUrl('et');
        var src = 'https://www.zenaps.com/alt.php' + '?mid=' + AWIN.Tracking.iMerchantId + '&gv=2' + "&l=" + escape(sread)
    }
    if (document.getElementsByTagName("body")[0]) {
        var iframe = document.createElement("iframe");
        iframe.src = src;
        iframe.height = "0";
        iframe.width = "0";
        iframe.id = "AW_ALT";
        document.getElementsByTagName("body")[0].appendChild(iframe);
        var element = document.getElementById("AW_ALT");
        AWIN.Tracking.hideElement(element)
    }
};
AWIN.Tracking.buildSaleUrl = function(tagType) {
    var fileExtension = (tagType == 'js') ? 'js' : 'php';
    var cookies = '';
    var atp = '';
    if ((tagType != 'fc') && (tagType != 'et')) {
        cookies = "&cks=" + AWIN.Tracking.sCookiesString;
        var atpId = parseInt(AWIN.Tracking.getCookiesAsString(/_aw_atp/));
        if (atpId > 0) {
            atp = '&atp=' + atpId
        }
    }
    var currentPage = escape(window.location.href);
    if (tagType == 'fc') {
        currentPage = escape(currentPage)
    }
    var pvOnly = '';
    if (AWIN.Tracking.Sale.pvOnly == 1) {
        pvOnly = "&pv=1"
    }
    var url = AWIN.sProtocol + "www.zenaps.com/sread." + fileExtension + "?" + "a=" + AWIN.Tracking.iMerchantId + "&b=" + AWIN.Tracking.Sale.amount + "&cr=" + AWIN.Tracking.Sale.currency + "&c=" + AWIN.Tracking.Sale.orderRef + "&d=" + AWIN.Tracking.Sale.parts + "&vc=" + AWIN.Tracking.Sale.voucher + "&t=" + AWIN.Tracking.Sale.test + "&ch=" + AWIN.Tracking.getSaleChannel() + cookies + "&l=" + currentPage + "&tv=" + "2" + pvOnly + atp + "&tt=" + tagType;
    if (AWIN.Tracking.Sale.custom && (AWIN.Tracking.Sale.custom instanceof Array)) {
        for (var i = 0; i < AWIN.Tracking.Sale.custom.length; i++) {
            var p = i + 1;
            url = url + "&p" + p + "=" + AWIN.Tracking.Sale.custom[i]
        }
    }
    return url
};
AWIN.Tracking.fetchZxParam = function(name) {
    var jsParam = window['zx_' + name];
    var urlParam = AWIN.Tracking.getQueryVarValue('zx_' + name, document.location.search.substring(1));
    var tag = AWIN.Tracking.getXPath('//*[@id="zx_' + name + '"]').next();
    if (tag !== null) {
        jsParam = null;
        var tagParam = tag.innerHTML
    }
    var metaTag = AWIN.Tracking.getXPath('//META[@name="zx:' + name + '"]').next();
    if (metaTag !== null) {
        var metaParam = metaTag.getAttribute('content')
    }
    return jsParam || metaParam || tagParam || urlParam
};
AWIN.Tracking.getXPath = function(expr) {
    if (document.evaluate) {
        return {
            list: document.evaluate(expr, document, null, XPathResult.ANY_TYPE, null),
            next: function() {
                return this.list.iterateNext()
            }
        }
    } else {
        return {
            next: function() {
                return null
            }
        }
    }
};
AWIN.Tracking.run = function() {
    if (AWIN.Tracking.cookiesWereSpecifiedByMerchant()) {
        AWIN.Tracking.sCookiesString = escape(AWIN.Tracking.Sale.click)
    } else {
        AWIN.Tracking.sCookiesString = escape(AWIN.Tracking.getCookiesAsString())
    }
    if (AWIN.Tracking.Sale) {
        AWIN.Tracking.saleSubmit();
        if (document.getElementById('aw_basket')) {
            AWIN.Tracking.basketSubmit()
        }
    }
    if (AWIN.Tracking.aScripts.length > 0) {
        AWIN.scriptsLoader(AWIN.Tracking.aScripts)
    }
    if (AWIN.Tracking._getAWCValue()) {
        AWIN.Tracking.setAWCCookie();
        if (AWIN.enhancedTracking && AWIN.enhancedTracking == true) {
            AWIN.Tracking.embedIframe("set")
        }
        AWIN.Tracking.fingerprinting({
            CampID: "3055",
            CCampID: AWIN.Tracking.iMerchantId,
            ImpID: AWIN.Tracking._getAWCValue(),
            TAG: 1
        })
    } else if (AWIN.Tracking._getGCLIDValue()) {
        AWIN.Tracking.setGCLIDCookie()
    } else {
        AWIN.Tracking.extendAWCookies()
    }
    AWIN.Tracking.setAidCookie()
};
AWIN.Tracking.getAWCookies = function() {
    var oRegEx = /_aw_m_\d+/;
    var oRegExAwc = /\d+_\d+_.+/;
    var aAwCookies = [];
    var aCookies = document.cookie.split(';');
    for (var i = 0; i < aCookies.length; i++) {
        var aParts = aCookies[i].split('=');
        if (oRegEx.test(aParts[0])) {
            if (!oRegExAwc.test(aParts[1])) {
                continue
            }
            aAwCookies.push(aParts)
        }
    }
    return aAwCookies
};
AWIN.Tracking.extendAWCookies = function() {
    var awCookies = AWIN.Tracking.getAWCookies();
    for (var i = 0; i < awCookies.length; i++) {
        var cookieName = awCookies[i][0];
        var cookieValue = awCookies[i][1];
        AWIN.Tracking.setCookie(cookieName, cookieValue, 1);
        var awcParts = cookieValue.split('_');
        var newCookieExpiry = 365 * 24 * 60 * 60 + parseInt(awcParts[1]);
        AWIN.Tracking.setCookie(cookieName, cookieValue, newCookieExpiry)
    }
};
AWIN.Tracking.aScripts = [];
AWIN.Tracking.iMerchantId = 8574;
AWIN.enhancedTracking = true;
AWIN.Tracking.device9 = true;
try {
    AWIN.InputIdentifiers = ["emailAddress_textboxName", "emailAddress"]
} catch (err) {}
var Sha256 = {};
Sha256.hash = function(msg, utf8encode) {
    utf8encode = (typeof utf8encode == 'undefined') ? true : utf8encode;
    if (utf8encode) msg = Utf8.encode(msg);
    var K = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
    var H = [0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19];
    msg += String.fromCharCode(0x80);
    var l = msg.length / 4 + 2;
    var N = Math.ceil(l / 16);
    var M = new Array(N);
    for (var i = 0; i < N; i++) {
        M[i] = new Array(16);
        for (var j = 0; j < 16; j++) {
            M[i][j] = (msg.charCodeAt(i * 64 + j * 4) << 24) | (msg.charCodeAt(i * 64 + j * 4 + 1) << 16) | (msg.charCodeAt(i * 64 + j * 4 + 2) << 8) | (msg.charCodeAt(i * 64 + j * 4 + 3))
        }
    }
    M[N - 1][14] = ((msg.length - 1) * 8) / Math.pow(2, 32);
    M[N - 1][14] = Math.floor(M[N - 1][14]);
    M[N - 1][15] = ((msg.length - 1) * 8) & 0xffffffff;
    var W = new Array(64);
    var a, b, c, d, e, f, g, h;
    for (var i = 0; i < N; i++) {
        for (var t = 0; t < 16; t++) W[t] = M[i][t];
        for (var t = 16; t < 64; t++) W[t] = (Sha256.sigma1(W[t - 2]) + W[t - 7] + Sha256.sigma0(W[t - 15]) + W[t - 16]) & 0xffffffff;
        a = H[0];
        b = H[1];
        c = H[2];
        d = H[3];
        e = H[4];
        f = H[5];
        g = H[6];
        h = H[7];
        for (var t = 0; t < 64; t++) {
            var T1 = h + Sha256.Sigma1(e) + Sha256.Ch(e, f, g) + K[t] + W[t];
            var T2 = Sha256.Sigma0(a) + Sha256.Maj(a, b, c);
            h = g;
            g = f;
            f = e;
            e = (d + T1) & 0xffffffff;
            d = c;
            c = b;
            b = a;
            a = (T1 + T2) & 0xffffffff
        }
        H[0] = (H[0] + a) & 0xffffffff;
        H[1] = (H[1] + b) & 0xffffffff;
        H[2] = (H[2] + c) & 0xffffffff;
        H[3] = (H[3] + d) & 0xffffffff;
        H[4] = (H[4] + e) & 0xffffffff;
        H[5] = (H[5] + f) & 0xffffffff;
        H[6] = (H[6] + g) & 0xffffffff;
        H[7] = (H[7] + h) & 0xffffffff
    }
    return Sha256.toHexStr(H[0]) + Sha256.toHexStr(H[1]) + Sha256.toHexStr(H[2]) + Sha256.toHexStr(H[3]) + Sha256.toHexStr(H[4]) + Sha256.toHexStr(H[5]) + Sha256.toHexStr(H[6]) + Sha256.toHexStr(H[7])
};
Sha256.ROTR = function(n, x) {
    return (x >>> n) | (x << (32 - n))
};
Sha256.Sigma0 = function(x) {
    return Sha256.ROTR(2, x) ^ Sha256.ROTR(13, x) ^ Sha256.ROTR(22, x)
};
Sha256.Sigma1 = function(x) {
    return Sha256.ROTR(6, x) ^ Sha256.ROTR(11, x) ^ Sha256.ROTR(25, x)
};
Sha256.sigma0 = function(x) {
    return Sha256.ROTR(7, x) ^ Sha256.ROTR(18, x) ^ (x >>> 3)
};
Sha256.sigma1 = function(x) {
    return Sha256.ROTR(17, x) ^ Sha256.ROTR(19, x) ^ (x >>> 10)
};
Sha256.Ch = function(x, y, z) {
    return (x & y) ^ (~x & z)
};
Sha256.Maj = function(x, y, z) {
    return (x & y) ^ (x & z) ^ (y & z)
};
Sha256.toHexStr = function(n) {
    var s = "",
        v;
    for (var i = 7; i >= 0; i--) {
        v = (n >>> (i * 4)) & 0xf;
        s += v.toString(16)
    }
    return s
};
var Utf8 = {};
Utf8.encode = function(strUni) {
    var strUtf = strUni.replace(/[\u0080-\u07ff]/g, function(c) {
        var cc = c.charCodeAt(0);
        return String.fromCharCode(0xc0 | cc >> 6, 0x80 | cc & 0x3f)
    });
    strUtf = strUtf.replace(/[\u0800-\uffff]/g, function(c) {
        var cc = c.charCodeAt(0);
        return String.fromCharCode(0xe0 | cc >> 12, 0x80 | cc >> 6 & 0x3F, 0x80 | cc & 0x3f)
    });
    return strUtf
};
Utf8.decode = function(strUtf) {
    var strUni = strUtf.replace(/[\u00e0-\u00ef][\u0080-\u00bf][\u0080-\u00bf]/g, function(c) {
        var cc = ((c.charCodeAt(0) & 0x0f) << 12) | ((c.charCodeAt(1) & 0x3f) << 6) | (c.charCodeAt(2) & 0x3f);
        return String.fromCharCode(cc)
    });
    strUni = strUni.replace(/[\u00c0-\u00df][\u0080-\u00bf]/g, function(c) {
        var cc = (c.charCodeAt(0) & 0x1f) << 6 | c.charCodeAt(1) & 0x3f;
        return String.fromCharCode(cc)
    });
    return strUni
};
var AWIN = AWIN || {};
AWIN.InputIdentifiers = AWIN.InputIdentifiers || [];
(function($xd) {
    $xd.observedInputs = [];
    $xd.autoCompleteChecker = function(inputObject, callback) {
        var lastValue = "";
        var checkValue = function(inputObject) {
            var value = inputObject.value;
            if (value != lastValue) {
                lastValue = value;
                callback(lastValue)
            }
        };
        setTimeout(function() {
            checkValue(inputObject)
        }, 2000)
    };
    $xd.attachOnChangeInput = function(inputObject) {
        inputObject._onchange = inputObject.onchange;
        inputObject.onchange = function(event) {
            $xd.sendHash(this.value);
            if (typeof(this._onchange) === 'function') {
                this._onchange.apply(this, event)
            }
        }
    };
    $xd.isObservedInput = function(inputObject) {
        if (inputObject.type == 'email') {
            return true
        }
        if (inputObject.type != 'email' && inputObject.type != 'text') {
            return false
        }
        if (AWIN.InputIdentifiers.length > 0) {
            var foundById = (AWIN.InputIdentifiers.indexOf(inputObject.id) != -1);
            var foundByName = (AWIN.InputIdentifiers.indexOf(inputObject.name) != -1);
            return (foundById || foundByName)
        }
        return false
    };
    $xd.attachToInputs = function() {
        var inputs = document.getElementsByTagName('INPUT');
        for (var i = 0; i < inputs.length; i++) {
            var input = inputs[i];
            if (!$xd.isObservedInput(input)) {
                continue
            }
            $xd.autoCompleteChecker(input, $xd.sendHash);
            $xd.attachOnChangeInput(input);
            if (input.value != '') {
                $xd.sendHash(input.value)
            }
        }
    };
    $xd.isEmailAddress = function(emailAddress) {
        var emailPattern = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
        return emailPattern.test(emailAddress)
    };
    $xd.sendHash = function(emailAddress) {
        if (!$xd.isEmailAddress(emailAddress) || $xd.hasInputBeenObserved(emailAddress)) {
            return
        }
        var emailAddress = emailAddress.toLowerCase();
        var salt = 'QX4QkKEU';
        var hash = Sha256.hash(emailAddress + salt);
        $xd.pixelCall(hash)
    };
    $xd.hasInputBeenObserved = function(input) {
        if (typeof($xd.observedInputs) === 'undefined') {
            $xd.observedInputs = []
        }
        for (var i = 0; i < $xd.observedInputs.length; i++) {
            if ($xd.observedInputs[i] == input) {
                return true
            }
        }
        $xd.observedInputs[$xd.observedInputs.length] = input;
        return false
    };
    $xd.pixelCall = function(emailHash) {
        var merchantId = AWIN.Tracking.iMerchantId;
        var pixel = new Image(1, 1);
        pixel.src = 'https://www.zenaps.com/a/b.php?merchantId=' + merchantId + '&hash=' + emailHash
    };
    $xd.openIframe = function() {
        if (!document.getElementsByTagName('body')[0] || document.getElementById('AWIN_CDT')) {
            return
        }
        var iframe = document.createElement('iframe');
        iframe.id = 'AWIN_CDT';
        if (typeof(iframe.attachEvent) !== 'undefined') {
            iframe.attachEvent('onload', $xd.attachToInputs)
        } else {
            iframe.onload = $xd.attachToInputs
        }
        iframe.src = 'about:blank';
        document.getElementsByTagName('body')[0].appendChild(iframe);
        var element = document.getElementById('AWIN_CDT');
        AWIN.Tracking.hideElement(element)
    };
    $xd.run = function() {
        $xd.openIframe()
    }
})(AWIN.CrossDeviceTracking = {});
AWIN.CrossDeviceTracking.run();
if (!Array.prototype.indexOf) {
    Array.prototype.indexOf = function(searchElement, fromIndex) {
        var k;
        if (this == null) {
            throw new TypeError('"this" is null or not defined')
        }
        var O = Object(this);
        var len = O.length >>> 0;
        if (len === 0) {
            return -1
        }
        var n = +fromIndex || 0;
        if (Math.abs(n) === Infinity) {
            n = 0
        }
        if (n >= len) {
            return -1
        }
        k = Math.max(n >= 0 ? n : len - Math.abs(n), 0);
        while (k < len) {
            if (k in O && O[k] === searchElement) {
                return k
            }
            k++
        }
        return -1
    }
}
if (AWIN.Tracking.getQueryVarValue('awin_tntc', document.location.search.substring(1)) == 'yes') {
    AWIN.enhancedTracking = true
}
AWIN.Tracking.run();
                                    

#11 JavaScript::Eval (size: 121, repeated: 1) - SHA256: c6253e7b2716a62bcd27656e53cf1c1a49db7d1665f6d0a81fab08ce5f4e5215

                                        (function() {
    var b = google_tag_manager["GTM-PVW329"].macro(1),
        a = google_tag_manager["GTM-PVW329"].macro(2);
    return a ? a : b
})();
                                    

#12 JavaScript::Eval (size: 22, repeated: 1) - SHA256: 08ddcec698d66136eac2c37762bef065b2835fe8ea347aac65137e6acf22051e

                                        delete obj.BufferDepth
                                    

#13 JavaScript::Eval (size: 21, repeated: 1) - SHA256: 48f42ff7e80c8ad9630397c9e4e8077a75004428e460f7dc4eae4d564888906f

                                        delete obj.DeviceXDPI
                                    

#14 JavaScript::Eval (size: 21, repeated: 1) - SHA256: 4889753e95ccdb34497a0faa8c627bb9f79a6911df69c28c4a9026867d7b8038

                                        delete obj.DeviceYDPI
                                    

Executed Writes (3)

#1 JavaScript::Write (size: 99, repeated: 1) - SHA256: 0fb4f882492415ec728b21ee6c9ac60da94a0ebc97485e8e1bfca95daf148d1e

                                        < script src = "/webfiles/1580357904717/media/theme/ics-nl/js/3rdparty/jquery-1.12.0.min.js" > < /script>
                                    

#2 JavaScript::Write (size: 173, repeated: 1) - SHA256: c4b15ac3cff1c3868b0bfd208bad6aca0a7556104b82673a8b5394489a2373fb

                                        < head > < /head><body onload="var d=document;d.getElementsByTagName('head')[0].appendChild(d.createElement('script')).src='https:/ / w.usabilla.com / a1d53d1e874a.js ? lv = 1 '"></body>
                                    

#3 JavaScript::Write (size: 500, repeated: 1) - SHA256: 16a07ce7e4b9037ecb137627727c5f7557f1ff6ad1f7ed3778ecfc3add9891b5

                                        < !DOCTYPE html >
    < html lang = "nl-NL#U" >
    < base href = "https://d6tizftlrpuof.cloudfront.net/live/" > < /base> < title > Usabilla Feedback Button < /title> < style type = 'text/css'
nonce = 'a1d53d1e874a' >
    body {
        background: transparent;padding: 0;margin: 0;text - align: left;
    }
img {
    cursor: pointer;display: block;margin: 0 auto;
} < /style> < body >
    < img src = 'https://d6tizftlrpuof.cloudfront.net/themes/production/icsnederland-button-7ef629548db47bacfbb18b3383223f61.png'
width = '40'
height = '130' / >
    < /body> < /html>
                                    


HTTP Transactions (72)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 20:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lm9QG7ovzlVSMD5TFgs3PNoqqHzk2reIDJNQnYGgkze5xbjFW_Sl9A==
Age: 3479


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7404
Expires: Wed, 28 Sep 2022 23:17:02 GMT
Date: Wed, 28 Sep 2022 21:13:38 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c3g3tS6yZBCy_BP9TNvffNBEp1tBbbXM-7zvbKG0s6se1B1m6dN1XQ==
age: 56712
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BAE717C6C11996C218D4A12EF9B0F91223FC0EC43D6DE9885BA331F7C02E1057"
Last-Modified: Wed, 28 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17749
Expires: Thu, 29 Sep 2022 02:09:27 GMT
Date: Wed, 28 Sep 2022 21:13:38 GMT
Connection: keep-alive

                                        
                                            GET /PAGINA-HOME/ HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:38 GMT
content-length: 16220
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.30, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19360), with CRLF line terminators
Size:   16220
Md5:    0b4a8491e8455ed6d58688dafebaf67f
Sha1:   e5b5cff0286090e851ff2a8ab0609de88ffda13f
Sha256: 557f0fa95fea48a5f0f92a06099cb6a5dd7c1431e81014e3be70352c3591c1a2

Alerts:
  Blocklists:
    - openphish: International Card Services B.V
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:38 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /PAGINA-HOME/SCI/plx.check.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 209
x-accel-version: 0.01
last-modified: Thu, 06 Feb 2020 00:26:40 GMT
etag: "195-59ddd53a1d000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   209
Md5:    65a7d1a66a5b6f665f49900274e318e8
Sha1:   ed2a23b7c7bd5ec1e42127e381cd5089b88bc2a7
Sha256: 61b441852598829f84cc6605312cf152c2b5f74c05721f0e689daac188a4b929

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/proxyid.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 170
x-accel-version: 0.01
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "a4-59d9d19184300-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   170
Md5:    df12345b39e09a10716a3d123eed0456
Sha1:   0eaa13a8a6acb765c1ef90b80827244ae1ec2453
Sha256: c64bd5b1de5bb032bb18fe298f50ab7678848b765b9a81b250444f8506e95f10

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 110845
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "5e3727ac-1b0fd"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1571)
Size:   110845
Md5:    a6de53e4b3f6fda18ee2a9883ada2f2f
Sha1:   4c403c12f363f02a46db9bbafa72d527011e1777
Sha256: 358c3a6c47b288112cef0f6d932d8b7ce82ef30da914bd9bb25611d033a22d22

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/extra-veilig-inloggen.png HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 2604
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "5e3727ac-a2c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 193 x 155, 8-bit/color RGBA, non-interlaced\012- data
Size:   2604
Md5:    d92d46789bd26332413f749c9049025f
Sha1:   bd82a9f760c742e15c609555753f25b7cb24b0a0
Sha256: 23b6fb0108b94d2d81693c51c160e6be5d60855078f0a042a13334e81b79dec9
                                        
                                            GET /PAGINA-HOME/SCI/zero.png HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 68
x-accel-version: 0.01
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "44-59d9d19184300"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size:   68
Md5:    91e42db1c66c0b276abf6234dc50b2eb
Sha1:   c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
Sha256: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
                                        
                                            GET /PAGINA-HOME/SCI/collectddna.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-a89"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2697), with no line terminators
Size:   1197
Md5:    b050dc9207df0306776300fd04a44321
Sha1:   12a8469dcbe9e6496532259f98619ddf0e5b1bca
Sha256: e89ee6e548bb9a2c393374e8842a7a2979baa890d1c92ea99b145ba83f87bc56

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /PAGINA-HOME/SCI/analytics.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-adb6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1490)
Size:   103613
Md5:    acf9b36ae87f0aaa7c412dd02793bd29
Sha1:   d990ff7d295c6484bdcf2438cf8536257d07c35a
Sha256: bde5457ddbf1774be6c933d4d12f48a907993334fcca14eca00139ec1612421b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/icons.woff HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/main-ics.css
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk; _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _gat_UA-63549881-7=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: font/woff
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 11160
last-modified: Tue, 04 Feb 2020 14:24:20 GMT
etag: "5e397e94-2b98"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 11160, version 1.0\012- data
Size:   11160
Md5:    8dc03542a25b5a4e35d7f6d420203e69
Sha1:   d836d4d01e9d719741e86bf521ae2163571f04d8
Sha256: c1f3874cc3f5467a309962d1f127dc7c0f5bfdba58e6084a779d4dacefcefb8d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/8574.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:48:42 GMT
etag: W/"5d8bc49a-402c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16427)
Size:   44004
Md5:    9474973c31a83f044859e0b015e22975
Sha1:   14364e7950cae42ac04be4db5f4843d5b789d9bb
Sha256: 31008a7f56e381ee4145f75c3c1ed8a9c07b46db02735838ed9d1eed285766eb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /gtm.js?id=GTM-MHW4QGN&l=global_layer HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 21:13:39 GMT
expires: Wed, 28 Sep 2022 21:13:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 112546
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (64365)
Size:   112546
Md5:    88886d1f548c220707c12aaacd8e06c3
Sha1:   c0eeb0d497eafab8b43e09b9b4cd1ed10386b94a
Sha256: 614e3d70dcd33a04e533aa1a5a501aef09f3b62339b312f9c0390a7890fd52da
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6319
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:13:39 GMT
Last-Modified: Wed, 28 Sep 2022 19:28:20 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /PAGINA-HOME/SCI/ics-icons.woff2 HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/styles.css
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk; _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _gat_UA-63549881-7=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: font/woff2
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 6640
last-modified: Fri, 31 Jan 2020 23:49:18 GMT
etag: "5e34bcfe-19f0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 6640, version 1.0\012- data
Size:   6640
Md5:    63e2cb76dd1d001abe5c22de5d8a0ee8
Sha1:   595bf366b208110a66f257755b861c040d90dd39
Sha256: 26e6a7b3caf0b044980820a1a26cd56a16efad9108fd14e7416bae2a2b76320b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/SunOT-SemiBold.ttf HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/styles.css
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk; _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _gat_UA-63549881-7=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: font/ttf
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 86288
last-modified: Sun, 02 Feb 2020 19:51:20 GMT
etag: "5e372838-15110"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  TrueType Font data, 15 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size:   86288
Md5:    9895a3dd3b26f35e2096b4434a8ae474
Sha1:   eddb8cacb48cf23ecd4d60ef0701da93e47ae855
Sha256: 21caab764c78b5bef10d7d4d83c1a52c42aed38151c7ba791aad08c2bb416600

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/SunOT-Light.ttf HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/styles.css
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk; _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _gat_UA-63549881-7=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: font/ttf
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 86500
last-modified: Fri, 31 Jan 2020 23:48:46 GMT
etag: "5e34bcde-151e4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  TrueType Font data, 15 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size:   86500
Md5:    fc9b52707830de91489044be4726abc6
Sha1:   f3eddc426afe06abde7ab9b9426b41944da24171
Sha256: 75af6860450b2595cd18ebad00dbf3927d9e494dfdbd12ceefcec15b2c03d84e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/sunot-bold-webfont.woff2 HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/main-ics.css
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk; _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _gat_UA-63549881-7=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: font/woff2
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
content-length: 24800
last-modified: Fri, 31 Jan 2020 23:49:26 GMT
etag: "5e34bd06-60e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 24800, version 4.66\012- data
Size:   24800
Md5:    819f042f2484072228ad1cb32902ffd8
Sha1:   22955f1851a789580b5c6136886ff2ceea0726ac
Sha256: 265235296a58d38174ac7198a96e108c4e9c7ceceb0ccb700d352c8b99a7c99d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /webfiles/1580357904717/media/theme/ics-nl/js/3rdparty/jquery-1.12.0.min.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk; _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _gat_UA-63549881-7=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 28 Sep 2022 01:46:01 GMT
etag: W/"328-5e9b2ec4a5a22"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   841
Md5:    9ea6c89b18f9d220f5bd820dc67304e6
Sha1:   3aa9bf31d8706f9c80637577cfaa072142a2762e
Sha256: 1ab59392022017cb22f64879bb450b4c688b7fb2271d68b4e25e5919c0fec674

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/conversion_async.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:48:42 GMT
etag: W/"5d8bc49a-5f4d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1756)
Size:   9300
Md5:    dc16331e0f40eab39e5d3809ec73d52c
Sha1:   378522342ca09edbd2c50d9524e7283dd310778d
Sha256: e227d34302ce7f81dfd0b987ad2943753dbb3c0fd3bd2e76ec4342dc1e4a6ef8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 20:41:09 GMT
expires: Wed, 28 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 1951
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /r/collect?v=1&_v=j79&aip=1&a=335221003&t=pageview&_s=1&dl=https%3A%2F%2Fweb8713.web07.bero-webspace.de%2FPAGINA-HOME%2F&ul=en-us&de=UTF-8&dt=Inloggen%20-%20Mijn%20ICS%20%7C%20International%20Card%20Services&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=aEBAAQABE~&jid=282281097&gjid=1928489495&cid=440513768.1664399617&tid=UA-63549881-7&_gid=1475561481.1664399617&_r=1&gtm=2wg9i1PVW329&z=1406527324 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-63549881-7&cid=440513768.1664399617&jid=282281097&_gid=1475561481.1664399617&gjid=1928489495&_v=j79&z=1406527324
access-control-allow-origin: *
date: Wed, 28 Sep 2022 21:13:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 418
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   418
Md5:    2060313512af89e6bd5dc80fa4033189
Sha1:   41582383a01d1d34802e7d18f144bf23fe3ef14c
Sha256: bc09dc1302429b51b89c740142b9b8ea21d6c5f4af06b7fb5525e2cf3fe4b11b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: DGJlH9sps8Thlbbd/nRgNzvj6ykogq2pY2G061OhQyux5xlu1SQ7BDoJ+YG3nvLco/Quyk1by7GOmUGCq4yB9A==
content-length: 26840
x-fb-trip-id: 1904183273
date: Wed, 28 Sep 2022 21:13:40 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   26840
Md5:    e1327a02d76346c7e23d114e4e508b30
Sha1:   195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
Sha256: 331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
                                        
                                            GET /PAGINA-HOME/SCI/jquery-1.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-17c52"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32060)
Size:   32742
Md5:    8a777302b46e002c8227670c9581b194
Sha1:   4b55739a163b608494fce750c2a117e0baa5dc75
Sha256: cc453994a7ce8bc7b4ebc64aca8ec436de77f2f65fc0aa051440cf92e4b8a485

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /activityi;src=8602056;type=count;cat=ics_r0;ord=5419974534893;gtm=2wg1m0;auiddc=369082460.1580507037;u1=https%3A%2F%2Ficscards.nl%2Fsca-login%2F%3Fignore;u2=icscards_nl;u3=2;u4=2543;u8=consumer;u10=pageview;~oref=https%3A%2F%2Ficscards.nl%2Fsca-login%2F%3Fignore? HTTP/1.1 
Host: 8602056.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.70
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 21:13:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 404
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 28-Sep-2022 21:28:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (567), with no line terminators
Size:   404
Md5:    c3745516320bd3b37fdc6335a572288a
Sha1:   87121b977cd9294b713585dfa27751c1ed2d0ccb
Sha256: d40202b1ba4dc0c8f7db23cf86189cde9a4f3e27e581f35a90857a4a9a7fd823
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3669
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:13:40 GMT
Last-Modified: Wed, 28 Sep 2022 20:12:31 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4914
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:13:40 GMT
Last-Modified: Wed, 28 Sep 2022 19:51:46 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2944
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:13:40 GMT
Last-Modified: Wed, 28 Sep 2022 20:24:36 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /webfiles/1580357904717/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png HTTP/1.1 
Host: icscards.nl
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.195.93.72
HTTP/1.0 302 Moved Temporarily
                                        
Location: https://www.icscards.nl/webfiles/1580357904717/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png
Connection: Keep-Alive
Content-Length: 0
Set-Cookie: _tpc_persistance_cookie=!QyhL7Wypx6teyCO8EOda6AVGp4P79ev/oWMBn3+9WIskwEVgRwJr7GQDF2rw92zaw5CTXaeNeM53Xd4=; path=/; Httponly; Secure BBN01c5658b=0135ab579ae971f3f72dcf07e0377593084a3061ad13659ff2c6f47e32c44803875bf7814b49a7f4517d43353d15e98fa21a916e2763b24f98d95507405722a800ae9dd959; Path=/; Secure; HTTPOnly
Accept-Encoding: gzip, deflate, br

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-63549881-7&cid=440513768.1664399617&jid=282281097&_gid=1475561481.1664399617&gjid=1928489495&_v=j79&z=1406527324 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web8713.web07.bero-webspace.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         64.233.165.156
HTTP/2 200 OK
content-type: image/gif
                                        
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 28 Sep 2022 21:13:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   7321
Md5:    533af311f14186563a8a645ad803dcd2
Sha1:   a6e061cf68019958b224d031c29abaee40ac4acc
Sha256: bc1f851572546207ed0d3897c106b439a1d67cf0c7094cb8fa66b0b1170aae4b
                                        
                                            GET /ddm/fls/i/src=8602056;type=count;cat=ics_r0;ord=5419974534893;gtm=2wg1m0;auiddc=369082460.1580507037;u1=https%3A%2F%2Ficscards.nl%2Fsca-login%2F%3Fignore;u2=icscards_nl;u3=2;u4=2543;u8=consumer;u10=pageview;~oref=https%3A%2F%2Ficscards.nl%2Fsca-login%2F%3Fignore HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8602056.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.194
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 21:13:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 403
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (566), with no line terminators
Size:   403
Md5:    8747e862216d3bd965e43e463ddb3253
Sha1:   ac7f79d449123a057603741965fed0480f06f5d0
Sha256: d61e73a1fb3453a6a8ac025ab0e974c48d1cb66c2ab89a4624a1e1dccb168ee5
                                        
                                            GET /tr/?id=581814205522419&ev=PageView&dl=https%3A%2F%2Fweb8713.web07.bero-webspace.de%2FPAGINA-HOME%2F&rl=&if=false&ts=1664399617646&cd[apoCode]=undefined&cd[businessLabel]=icscards_nl&cd[businessUnit]=consumer&cd[cookieConsent]=FULL_OPT_IN&cd[js_hitTimestampLocalTime]=2020-01-31T23%3A26%3A11.598%2B01%3A00&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=28&fbp=fb.1.1664399617645.2119017117&it=1664399617578&coo=false&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Wed, 28 Sep 2022 21:13:40 GMT
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:13:40 GMT
Last-Modified: Wed, 28 Sep 2022 19:49:23 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KtB_yJ4zu_pknVP6tktwtEnwT85EHnY1iUlAgQFHDVozbyRq5lPpMA==
Age: 5057

                                        
                                            GET /webfiles/1580357904717/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png HTTP/1.1 
Host: www.icscards.nl
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web8713.web07.bero-webspace.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.195.93.72
HTTP/1.1 200
content-type: image/png;charset=UTF-8
                                        
content-length: 5528
date: Wed, 28 Sep 2022 21:13:39 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-content-type-options: nosniff
cache-control: max-age=31536000
expires: Thu, 28 Sep 2023 21:13:40 GMT
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors www.anwb.nl www.worldcard.nl www.yourmastercard.nl www.icscards.nl *.icscards.nl.cipe.local icscards.nl
strict-transport-security: max-age=31536000; includeSubDomains
Set-Cookie: BIGipServer~ICSDLB02~pool_www.icscards.nl_8016=rd11o00000000000000000000ffff0af4d3d0o8016; path=/; Httponly; Secure _tpc_persistance_cookie=!rlCGk+5yb4GAIQO8EOda6AVGp4P79UBsq7Qs+EbRxARL6jTlpe/SpJWe1KX36JBoMic5LcZ8PpZJ1Rc=; path=/; Httponly; Secure BBN01677320=0135ab579aaed60665ec0362321a21198577023d1f2aa8ba1c0ca6c1690ebb9408e62c637c57111baefba8ac4045e155e0b8c3a8e8967ccc87d0b6828de3d1166a6dc38d45; Path=/; Domain=.www.icscards.nl; Secure; HTTPOnly
Accept-Encoding: gzip, deflate, br


--- Additional Info ---
Magic:  PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced\012- data
Size:   5528
Md5:    75d0a29d4d1a08405f39799bcb986e63
Sha1:   da64454d7277c531786146796026f49f89e9d4db
Sha256: 1a99f7b02b4517fa7e085315d99cdc0b9e13b0b1c904c683679a05de7a7d1a63
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ddm/fls/i/src=8602056;type=count;cat=ics_r0;ord=5419974534893;gtm=2wg1m0;auiddc=369082460.1580507037;u1=https%3A%2F%2Ficscards.nl%2Fsca-login%2F%3Fignore;u2=icscards_nl;u3=2;u4=2543;u8=consumer;u10=pageview;~oref=https%3A%2F%2Ficscards.nl%2Fsca-login%2F%3Fignore HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.130
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 21:13:40 GMT
expires: Wed, 28 Sep 2022 21:13:40 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size:   177
Md5:    9393b28661a65a763699c108887882eb
Sha1:   c237ba6491e6fb9ca57da33dd9d048ca8e86cfda
Sha256: 2bdce28c6fb3cb210861d4aba734ab7aedfc979a8fa273512a61d8cf8afc78b0
                                        
                                            GET /a1d53d1e874a.js?lv=1 HTTP/1.1 
Host: w.usabilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.254.43.202
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Wed, 28 Sep 2022 21:13:40 GMT
content-length: 13223
cache-control: public,max-age=0
content-encoding: gzip
etag: "e255879c516de604cf466269a75d96a1"
pragma: no-cache
x-widget-server: 2.1
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12888)
Size:   13223
Md5:    84863b5c4f3b6a8d84715a6d94202d13
Sha1:   51eb0af294a7105ca2fca6d0bae4b4683d83a133
Sha256: d2bd58b4c153621afc8e80049c24d6d83c421094a698a5bc731839832c965412
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:13:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /themes/production/icsnederland-button-7ef629548db47bacfbb18b3383223f61.png HTTP/1.1 
Host: d6tizftlrpuof.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.35
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 1809
Connection: keep-alive
Date: Mon, 10 Jan 2022 07:30:24 GMT
Last-Modified: Tue, 13 Mar 2018 16:10:27 GMT
ETag: "7ef629548db47bacfbb18b3383223f61"
Cache-Control: max-age=315360000, no-transform, public
x-amz-version-id: uUADb9XCpewO7QYDlgT5DnwG20pU0rFi
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U7I7brSzuyWTyoqd8HVlUGYk6chvAPO4yPTIsaeEpUXuO32nhc7FOw==
Age: 22599797


--- Additional Info ---
Magic:  PNG image data, 80 x 260, 8-bit colormap, non-interlaced\012- data
Size:   1809
Md5:    7ef629548db47bacfbb18b3383223f61
Sha1:   c92146d1f74c6f79b3bf2c5bfe01ac69392bd998
Sha256: 62aa47ada132a4fb2551ef3ab9b39a28fc285e187905d744c8ec52ed83007ef8
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10937
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 21:13:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10937
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 21:13:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10937
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 21:13:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10937
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 21:13:41 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fcxclGRP3zfWwb6opjYU2bL9VAq_mCSNjFtfp9iMLq6tbZu57EDqpQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
age: 84217
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:39:01 GMT
age: 84880
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13213
Md5:    62e68c3cd08dd94d910507512a67e85f
Sha1:   3d4fa8701f17e8818c25584ef5f04bfbee8440cd
Sha256: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 84458
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14464
Md5:    aa5cad224dbddd71881bd07255beb4da
Sha1:   bc214d60be395d4cf753216ff8f9691c33d25e75
Sha256: 82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 84303
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12016
Md5:    4b794c6812cb546de0295e087ebe66a7
Sha1:   a54803cca7d3c509c195f65961e1110c8ec56f55
Sha256: 6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yprErfM7s7P7jJPJT-HQZ2Z_AAN4946Tjwyn1g4r7yiA6IF0yLdQTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 05:22:11 GMT
age: 57090
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7455
Md5:    ea3890e460356d6ecc3ba4e405ac2e9e
Sha1:   b383135e2ebc23fe80eb0d594b198cb8c89327a5
Sha256: 8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
age: 84283
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8500
Md5:    6139c878a7d2bd32c61fc8287996eb5b
Sha1:   9c4692ea64832895fbd107d91f879728b6a440c7
Sha256: 3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
                                        
                                            GET /PAGINA-HOME/SCI/main_002.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-254a40"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/a HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 28 Sep 2022 01:46:01 GMT
etag: W/"328-5e9b2ec4a5a22"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/main-ics.css HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Tue, 04 Feb 2020 14:29:10 GMT
etag: W/"5e397fb6-3b0c7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /PAGINA-HOME/SCI/styles.css HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Tue, 04 Feb 2020 14:19:16 GMT
etag: W/"5e397d64-7226b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /PAGINA-HOME/SCI/gtm_002.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-21ab3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/gtm.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-1d455"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/polyfills.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-1aa67"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/runtime.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-5ab"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/arcotfpcollect.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-8355"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/main.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-2e4c2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/fbevents.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:48:42 GMT
etag: W/"5d8bc49a-1e5e9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/modernizr.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: PHPSESSID=e1n0t5i8pr2fsl1qkivo1ratlk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:13:39 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-5f1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing